News Roundup — June 26th 2024 edition.

Published in

BCK Security Weekly Newsletter

3 min readJun 27, 2024

This week in cybersecurity, a cyberattack on CDK Global disrupted thousands of US car dealerships, with hackers demanding millions in ransom. A threat actor claimed to have breached Apple, stealing source code. Multi-factor authentication was found insufficient for cloud data protection, and Optus suffered a data breach due to a faulty API. London hospitals postponed surgeries after a ransomware attack.

Change Healthcare and Accenture faced data breaches, while the US sanctioned 12 Kaspersky executives. CDK Global warned customers about threat actors posing as support and faced another attack during recovery. Researchers stole $3 million in crypto from Kraken due to a bug.

A DDoS attack hit Poland’s UEFA Euro opening match, and a UK health club chain experienced a data leak. Julian Assange agreed to plead guilty in a US deal. CISA alerted chemical facilities about Ivanti vulnerabilities, and a new MOVEit bug was disclosed. WordPress plugins were backdoored in a supply chain attack, highlighting ongoing security issues.

CDK Global cyberattack impacts thousands of US car dealerships

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut…

www.bleepingcomputer.com

Threat actor claims to have breached Apple, allegedly stealing source code of several internal…

Notorious threat actor IntelBroker, who previously claimed responsibility for other high-profile data breaches…

9to5mac.com

Multifactor Authentication Is Not Enough to Protect Cloud Data

Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service…

www.darkreading.com

Coding error in forgotten API blamed for massive data breach

Australian telco Optus allegedly left redundant website with poor access controls online for years

www.theregister.com

Almost 200 cancer operations postponed as ransomware group publishes London hospitals data

Health service staff have been "coordinating work across affected services, as well as with neighbouring providers and…

therecord.media

Change Healthcare lists the medical data stolen in ransomware attack

UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change…

www.bleepingcomputer.com

Hacker Leaks Data of 33,000 Accenture Employees in Third-Party Breach

A hacker known as "888" has leaked a file containing the contact and personal details of 32,828 current and former…

hackread.com

Kaspersky's US Customers Face Tight Deadline Following Govt. Ban

After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive…

www.darkreading.com

US sanctions 12 Kaspersky Lab execs for working in Russian tech sector

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned twelve Kaspersky Lab executives for…

www.bleepingcomputer.com

Pornhub prepares to block five more states rather than check IDs

The number of states blocked by Pornhub will soon nearly double.

arstechnica.com

DDoS Attack Targets Poland's UEFA Euro Opening Match

The stream was briefly knocked offline, preventing millions of fans from accessing the game. Poland's head of digital…

www.darkreading.com

Faulty firewall blocked 911 calls throughout Massachusetts for two hours

911 vendor Comtech still investigating why firewall blocked emergency calls.

arstechnica.com

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal…

www.bleepingcomputer.com

UK Health Club Chain 'Total Fitness' Data Leak Exposes KYC and Card Data

Data leak at Total Fitness, a popular UK-based health chain club has exposed its data including half a million images…

hackread.com

WikiLeaks' Assange pleads guilty in deal with U.S. that secures his freedom, ends legal fight

WikiLeaks founder Julian Assange has pleaded guilty to obtaining and publishing U.S. military secrets in a deal with…

www.ctvnews.ca

CISA's high-risk chemical facility data portal breached

Crafty crims broke in but encryption stopped any nastiness

www.theregister.com

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure

The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user…

www.darkreading.com

News Roundup — June 26th 2024 edition.

CDK Global cyberattack impacts thousands of US car dealerships

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut…

Threat actor claims to have breached Apple, allegedly stealing source code of several internal…

Notorious threat actor IntelBroker, who previously claimed responsibility for other high-profile data breaches…

Multifactor Authentication Is Not Enough to Protect Cloud Data

Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service…

Coding error in forgotten API blamed for massive data breach

Australian telco Optus allegedly left redundant website with poor access controls online for years

Almost 200 cancer operations postponed as ransomware group publishes London hospitals data

Health service staff have been "coordinating work across affected services, as well as with neighbouring providers and…

Change Healthcare lists the medical data stolen in ransomware attack

UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change…

Hacker Leaks Data of 33,000 Accenture Employees in Third-Party Breach

A hacker known as "888" has leaked a file containing the contact and personal details of 32,828 current and former…

Kaspersky's US Customers Face Tight Deadline Following Govt. Ban

After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive…

US sanctions 12 Kaspersky Lab execs for working in Russian tech sector

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned twelve Kaspersky Lab executives for…

Pornhub prepares to block five more states rather than check IDs

The number of states blocked by Pornhub will soon nearly double.

DDoS Attack Targets Poland's UEFA Euro Opening Match

The stream was briefly knocked offline, preventing millions of fans from accessing the game. Poland's head of digital…

Faulty firewall blocked 911 calls throughout Massachusetts for two hours

911 vendor Comtech still investigating why firewall blocked emergency calls.

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal…

UK Health Club Chain 'Total Fitness' Data Leak Exposes KYC and Card Data

Data leak at Total Fitness, a popular UK-based health chain club has exposed its data including half a million images…

WikiLeaks' Assange pleads guilty in deal with U.S. that secures his freedom, ends legal fight

WikiLeaks founder Julian Assange has pleaded guilty to obtaining and publishing U.S. military secrets in a deal with…

CISA's high-risk chemical facility data portal breached

Crafty crims broke in but encryption stopped any nastiness

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure

The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user…

Plugins on WordPress.org backdoored in supply chain attack

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP…

Written by BCK Security Inc