News & Commentary

CDK Global was hacked… twice…
and the “fun” doesn’t stop there

This is a wild and still-unfolding headline, so bear with me. 😅

Last Tuesday, news broke that CDK Global had been the victim of a cyberattack. CDK Global hosts a platform that 15,000+ car dealerships in North America use to run their business operations, from running employee payroll to managing inventory.

Here’s the thing: For car dealerships to make use of the platform, they have to configure a VPN that stays connected to one of CDK Global’s data centers. And the software itself requires admin privileges to function properly. I think you know where this is going…

In response to the cyberattack, CDK Global shut down a good number of services and two data centers, halting operations for many car dealerships that rely on CDK Global’s software.

Unfortunately, that’s only the beginning…because while CDK Global was actively recovering from the cyberattack, another one hit. 😬 Back to square one with incident response procedures.

And because threat actors never pass up the opportunity to take advantage of a good disaster, they’re now making phone calls to car dealerships, posing as CDK Global officials who need system access.

This story is still developing, so stay tuned.

Tor Browser 13.5 now available

The Android and desktop versions of Tor Browser just got an update to pregame the expected drop of Tor Browser 14 later this year.

Android users will have a more native connection experience easier access to Tor logs, while desktop users will experience better bridge management, improved letterboxing, and more consistent error messages.

(Time to go dark web dumpster diving.)

Kaspersky has been banned in the US

If you rely on Kaspersky for antivirus software, you’re gonna wanna find a replacement by September 29.

The President’s Office announced that Kaspersky will be banned in the US out of security concerns because of the company’s roots in the Russian government. By July 20, Kaspersky won’t be able to onboard new customers based in the US, and by late-September, they won’t be able to provide software updates.

Sponsor

Flare is a continuous threat exposure management platform that automates detection for credentials & high risk technical exposure across the dark and clear web to empower security teams to stay a step ahead of threat actors.

Here’s a list of topics you may see in my feeds soon. 👀

• Impersonating TrustedInstaller (inspired by tiraniddo)

• OAuth Consent Grant Attack

• Thursday, July 11 at 10am MT: Navigating Cyberthreats with John Hammond (PDQ Live)

• August 4 - 8: Hacker Summer Camp. If you see me, please say hi!! (I may have some exciting news to share!)

I recently went to the OpenSauce conference, and it was incredible! I got to meet up with other creators like ThePrimeagen and Pirate Software, and got a picture with my guilty-pleasure comfort-streamer Ludwig.

I also set up a big HP Proliant Server with https://ludus.cloud as a wrapper for Proxmox, and it is super cool — you can define an entire cyber range with just a YAML file and spin up a whole homelab as if it were just simple Docker commands!