Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
Systems that support sales, service, and inventory for more than 15,000 dealerships have been shut off since June 19th in the wake of two separate cyberattacks.
After some dealers resorted to pen and paper to keep going amid reported negotiations between CDK and the BlackSuit ransomware group, Reuters reports restoration work has begun but that it may take “several days.”
The awesome bag company only told us about our data getting breached after Cybernews went public. Why? Peak initially assumed it was a vulnerability, not a breach, and never followed up with Cybernews after plugging the hole. Cybernews never sent Peak the ransom note, both entities confirm to The Verge.
“Simply put, we weren’t aware of the data compromise until [June 4th,]” Peak’s CEO tells me.
A report from 404 Media highlights a new type of bot that gets around Ticketmaster’s queuing system by opening dozens of different browsing sessions on one computer, giving them multiple chances to snag tickets from fans. The mix of bots — and fans — likely contributed to Ticketmaster’s latest crash.
The password manager is finally making it easier for users who’ve forgotten their password, or lost their Secret Key, to regain access to their accounts.
Starting today, users can generate (and make sure to safely store) a recovery code that streamlines the process of recovering their 1Password account. However, the recovery codes will only work for those who still have access to the email address associated with their accounts.
In a statement published yesterday, Stanford University denied it was shuttering the prominent research center studying abuse and disinformation online. In recent months, key staff have departed and others have been told to look for new jobs.
The Internet Observatory is, however, looking for money: Stanford says “founding grants will soon be exhausted” as the center moves under new leadership.
The NHS has now revealed the scope of the damage following the June 3rd cyberattack. In addition to the operations, over 800 outpatient appointments were canceled, and 18 organ transplants were diverted.
“The cyber-attack has had a significant impact on our services, and this is likely to remain the case for some time yet,” say hospital execs.
In the grand scheme of things, there have been far worse security breaches than what Peak Design, the popular camera accessory brand, is currently dealing with.
But if you had any customer service interactions with the company between October 2013 and May 2023, well... everything contained in those tickets was accessed by an unknown third party before the issue was fixed. Not great.
Journalist Veronica de Souza had her phone stolen and immediately replaced it, but the thieves very much wanted her to unlock her old iPhone as it was effectively useless without her password.
So they asked her to unlock. Repeatedly.
According to Forbes, TikTok accounts for Paris Hilton and CNN have been hijacked recently by a “zero-day” attack in the app’s DMs that could be activated simply by opening the message.
TikTok spokesperson Alex Haurek sent us this statement:
Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed.
A blog post says the attack has gone on intermittently for three days, making access to the archives inconsistent. However, founder Brewster Kahle says patrons should worry more about lawsuits from book publishers and the recording industry that “are trying to destroy this library entirely and hobble all libraries everywhere.”
OpenAI says that training of its latest frontier model “has recently begun” — something that’s been rumored for a while — on the path to developing artificial general intelligence (AGI).
Altman and Co have also formed a new Safety and Security Committee to help guide critical decisions for OpenAI projects. This follows the resignation of a key OpenAI researcher over concerns that safety had taken ‘a backseat to shiny products.’
RansomHub is claiming responsibility for an attack earlier this month that forced Christie’s to take its website offline for over a week, according to the New York Times. Hackers are now threatening to release details on the auction house’s wealthy clients in the next few days if it doesn’t comply with demands. A sample has already been released.
The job has never been harder, and the threats have never been stranger.
In response to malware and social engineering attacks that work by snooping notifications or activating screen sharing, Google says Android 15 will hide notifications with one-time passwords (with some exceptions, like wearable companion apps).
They’re also automatically hidden during screen sharing, and developers can enable their apps to check if Google Play Protect is active, or if another app might be capturing the screen during use.
