CDK Attack: Why Contingency Planning Is Critical for SaaS | 'Skeleton Key' Unlocks Malicious Content

Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week. [TechWeb]( Follow Dark Reading: [RSS]( June 27, 2024 LATEST SECURITY NEWS & COMMENTARY [CDK Attack: Why Contingency Planning Is Critical for SaaS Customers]( Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week. [Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content]( Microsoft, OpenAI, Google, and Meta GenAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more. [Apple AirPods Bug Allows Eavesdropping]( The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro. [Fresh MOVEit Bug Under Attack Mere Hours After Disclosure]( The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges. [Kaspersky's US Customers Face Tight Deadline Following Govt. Ban]( After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive any updates or support. [Catching Up on Innovation With NIST CSF 2.0]( The updated framework is an equalizer for smaller organizations to meet the industry at its breakneck pace of innovation. [High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models]( The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache. [30M Potentially Affected in Tickettek Australia Cloud Breach]( In an incident with direct parallels to the recent Ticketmaster compromise, an Aussie live events giant says it was breached via a third-party cloud provider, as ShinyHunters takes credit. [The NYSE's $10M Wake-up Call]( The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Diverse Cybersecurity Workforce Act Offers More Than Diversity Benefits]( Our adversaries certainly have diversity — so cybersecurity teams need it, too. [Securing Customers' Trust With SOC 2 Type II Compliance]( Audit compliance not only demonstrates commitment to data security and privacy but also builds trust with customers and stakeholders. [Key Takeaways From the British Library Cyberattack]( Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks. [MORE]( PRODUCTS & RELEASES [CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed]( [Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organizations Report Cyber Breaches and Incidents]( [Akamai Completes Acquisition of API Security Company Noname]( [Abstract Security Announces General Availability of its AI-Powered Data Streaming Platform for Security]( [FS-ISAC Announces Appointments to Global Board of Directors]( [VicOne Solutions for Detection of Zero-Day Vulnerabilities and Contextualized Attack Paths]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Multifactor Authentication Is Not Enough to Protect Cloud Data]( Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication. LATEST FROM THE EDGE [Is Defense Winning? A Look at Decades of Playing Catch Up]( In this Black Hat USA preview, scholar Jason Healey examines strategies for measuring and shifting the balance of cyber defense LATEST FROM DR TECHNOLOGY [What Building Application Security Into Shadow IT Looks Like]( AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months? LATEST FROM DR GLOBAL ['Snowblind' Tampering Technique May Drive Android Users Adrift]( As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Hunting's Evolution:From On-Premises to the Cloud]( - [The Three-Point Action Plan for new CISOs]( - [Data Protection Essentials: Proactive PII Leak Prevention and Data Mapping for GDPR]( - [Google Threat Intelligence]( - [2024 InformationWeek US IT Salary Report]( - [SecOps Checklist]( - [Purple AI Datasheet]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124270&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_06.27.24&sp_cid=54082&utm_content=DR_NL_Dark%20Reading%20Weekly_06.27.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#17 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)