An anonymous reader quotes a report from the Associated Press: Car dealerships in North America continue to wrestle with major disruptions that started last week with cyberattacks on a software company used widely in the auto retail sales sector. CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations. For prospective car buyers, that's meant delays at dealerships or vehicle orders written up by hand. There's no immediate end in sight, with CDK saying it expects the restoration process to take "several days" to complete. On Monday, Group 1 Automotive Inc., a $4 billion automotive retailer, said that it continued to use "alternative processes" to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also disclosed that they implemented workarounds to keep their operations going. [...]

Several major auto companies -- including Stellantis, Ford and BMW -- confirmed to The Associated Press last week that the CDK outage had impacted some of their dealers, but that sales operations continue. In light of the ongoing situation, a spokesperson for Stellantis said Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand. A Ford spokesperson added that the outage may cause "some delays and inconveniences at some dealers and for some customers." However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.

Group 1 Automotive Inc., which owns 202 automotive dealerships, 264 franchises, and 42 collision centers in the U.S. and the United Kingdom, said Monday that the incident has disrupted its business applications and processes in its U.S. operations that rely on CDK's dealers' systems. The company said that it took measures to protect and isolate its systems from CDK's platform. All Group 1 U.S. dealerships will continue to conduct business using alternative processes until CDK's dealers' systems are available, the company said Monday. Group 1's dealerships in the U.K. don't use CDK's dealers' systems and are not impacted by the incident. In regulatory filings, Lithia Motors and AutoNation disclosed that last week's incident at CDK had disrupted their operations as well. Lithia said it activated cyber incident response procedures, which included "severing business service connections between the company's systems and CDK's." AutoNation said it also took steps to protect its systems and data -- adding that all of its locations remain open "albeit with lower productivity," as many are served manually or through alternative processes.

Microsoft has received a thumbs-up from iFixit, with a provisional 8 out of 10 for repairability on its latest Surface Pro and Laptop devices. From a report: Despite some issues with software recovery, the devices have been built for hardware repairability. It is quite the turnaround from the days of the first iteration of the Surface Laptop, in which the iFixit team was forced to use a scalpel to get into the device. "This is definitely not going back together without a roll of duct tape," the team observed during the 2017 teardown. In comparison, the team described Microsoft's latest laptop as "an astonishingly repair friendly device."

Where once there might have been glue or fragile clips, there are now screws and even QR codes linking to the service manuals (made available on release day, according to iFixit). Stripping the device is a breeze, assuming the correct tools are used. Microsoft has helpfully provided "Wayfinders" to indicate the type and quantity of screws being used to secure components, meaning that a repairer could even do without the online guides when pulling the hardware apart.

Microsoft has quietly erased instructions for switching to a local account on Windows 11 from its official support website. The move took place between June 12 and June 17, 2024, according to Tom's Hardware. The tech giant has been increasingly pushing users towards Microsoft Account logins, citing benefits like enhanced security and cross-device syncing. While the option to use a local account still exists, this latest development suggests Microsoft is steering users away from it.

America's National Labor Relations Board "has filed a complaint against Amazon..." reports the Verge, "that alleges the company 'unlawfully disciplined and terminated an employee' after they assisted in organizing walkouts last May in protest of Amazon's new return-to-work [three days per week] directives, issued early last year." [T]housands of Amazon employees signed petitions against the new mandate and staged a walkout several months later. Despite the protests and pushback, according to a report by Insider, in a meeting in early August 2023, Jassy reaffirmed the company's commitment to employees returning to the office for the majority of the week.

The NLRB complaint alleges Amazon "interrogated" employees about the walkout using its internal Chime system. The employee was first put on a performance improvement plan by Amazon following their organizing efforts for the walkout and later "offered a severance payment of nine weeks' salary if the employee signed a severance agreement and global release in exchange for their resignation." According to the NLRB's lawyers, all of that was because the employee engaged in organizing, and the retaliation was intended to discourage "...protected, concerted activities...."

The NLRB's general counsel is seeking several different forms of remediation from Amazon, including reimbursement for the employee's "financial harms and search-for-work and work related expenses," a letter of apology, and a "Notice to Employees" that must be physically posted at the company's facilities across the country, distributed electronically, and read by an Amazon rep at a recorded videoconference.
Amazon says their actions were entirely unrelated to the workers activism against their return-to-work policies. An Amazon spokesperson told the Verge that instead, the employee "consistently underperformed over a period of nearly a year and repeatedly failed to deliver on projects she was assigned. Despite extensive support and coaching, the former employee was unable to improve her performance and chose to leave the company."

An anonymous reader shared this report from the Associated Press: An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records. Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services primarily in southeast London...

NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack.

A website and helpline has been set up for patients affected.

The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed."

The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely.

"What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels...

Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members...
OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software.
In less than a month, the mailing list has already grown to over 800 members...

An anonymous reader quotes a report from TechCrunch: A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put up for sale the alleged stolen data from TEG, claiming to have information of 30 million users, including the full name, gender, date of birth, username, hashed passwords, and email addresses. In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customers' data, "which is stored in a cloud-based platform, hosted by a reputable, global third party supplier."

The company said that "no Ticketek customer account has been compromised," thanks to the encryption methods used to store their passwords. TEG conceded, however, that "customer names, dates of birth and email addresses may have been impacted" -- data that would line up with that advertised on the hacking forum. The hacker included a sample of the alleged stolen data in their post. TechCrunch confirmed that at least some of the data published on the forum appears legitimate by attempting to sign up for new accounts using the published email addresses. In a number of cases, Ticketek's website gave an error, suggesting the email addresses are already in use. There's evidence that the company's "cloud-based platform" provider is Snowflake, "which has been at the center of a recent series of data thefts affecting several of its customers, including Ticketmaster, Santander Bank, and others," notes TechCrunch.

"A now-deleted post on Snowflake's website from January 2023 was titled: 'TEG Personalizes Live Entertainment Experiences with Snowflake.' In 2022, consulting company Altis published a case study (PDF) detailing how the company, working with TEG, 'built a modern data platform for ingesting streaming data into Snowflake.'"

An anonymous reader shares a report: Microsoft launched its range of Copilot Plus PCs earlier this week, and they all come equipped with the new dedicated Copilot key on the keyboard. It's the first big change to Windows keyboards in 30 years, but all the key does now is launch a Progressive Web App (PWA) version of Copilot. The web app doesn't even integrate into Windows anymore like the previous Copilot experience did since last year, so you can't use Copilot to control Windows 11 settings or have it docked as a sidebar anymore. It's literally just a PWA. Microsoft has even removed the keyboard shortcut to Copilot on these new Copilot Plus PCs, so WINKEY + C does nothing.

An anonymous reader quotes a report from ZDNet: At SUSECon in Berlin, SUSE, a global Linux and cloud-native software leader, announced significant enhancements across its entire Linux distribution family. These new capabilities focus on providing faster time-to-value and reduced operational costs, emphasizing the importance of choice in today's complex IT landscape. SUSE Linux Enterprise Server (SLES) 15 Service Pack (SP) 6 is at the heart of these upgrades. This update future-proofs IT workloads with a new Long Term Service (LTS) Pack Support Core. How long is long-term? Would you believe 19 years? This gives SLES the longest-term support period in the enterprise Linux market. Even Ubuntu, for which Canonical recently extended its LTS to 12 years, doesn't come close.

You may ask yourself, "Why 19 years?" SUSE General Manager of Business Critical Linux (BCL) Rick Spencer, explained in an interview that the reason is that on 03:14:08 Greenwich Mean Time (GMT, aka Coordinated Universal Time) Tuesday, January 19, 2038, we reach the end of computing time. Well, not really, but Linux, and all the other Unix-based operating systems, including some versions of MacOS, reach what's called the Epoch. That's when the time-keeping code in 32-bit Unix-based operating systems reaches the end of the seconds it's been counting since the beginning of time -- 00:00:00 GMT on January 1, 1970, as far as Linux and Unix systems are concerned -- and resets to zero. Just like the Y2K bug, that means that all unpatched 32-bit operating systems and software will have fits. The Linux kernel itself had the problem fixed in 2020's Linux 5.6 kernel, but many other programs haven't dealt with it. Until then, though, if you're still running SLES 15 SP6, you'll be covered. I strongly suggest upgrading before then, but if you want to stick with that distro to the bitter end, you can. The new SLES also boasts enhanced security features like confidential computing support with encryption in memory, utilizing Intel TDX and AMD SEV processors, along with remote attestation via SUSE Manager. Additionally, SLES for SAP Applications 15 SP6 offers a secure and reliable platform for running mission-critical SAP workloads, incorporating innovations from Trento to help system administrators avoid infrastructure issues.

An anonymous reader shares a report: CDK Global, the company that provides management software for nearly 15,000 car dealerships in North America, is down for a second day following a cyberattack, according to a report from Automotive News. The outage has left car dealerships across North America unable to access the internal systems used to track car sales, view customer information, schedule maintenance, and more.

On Wednesday, CDK Global told dealerships that it's "investigating a cyber incident" and "proactively shut all systems down" while addressing the issue. However, as reported by Automotive News, CDK Global restored its systems shortly after, only to shut them down hours later due to "an additional cyber incident."

Facebook and Instagram users are increasingly turning to small claims courts to regain access to their accounts or seek damages from Meta, amid frustrations with the company's customer support. In several cases across multiple states, Engadget reports, plaintiffs have successfully restored account access or won financial compensation. Meta often responds by contacting litigants before court dates, attempting to resolve issues out of court.

The trend, popularized on social media forums, highlights ongoing customer service issues at the tech giant. Some users report significant financial losses due to inaccessible business-related accounts. While small claims court offers a more accessible legal avenue, Meta typically deploys legal resources to respond to these claims.

European Union officials have delayed talks over proposed legislation that could lead to messaging services having to scan photos and links to detect possible child sexual abuse material (CSAM). From a report: Were the proposal to become law, it may require the likes of WhatsApp, Messenger and Signal to scan all images that users upload -- which would essentially force them to break encryption. For the measure to pass, it would need to have the backing of at least 15 of the member states representing at least 65 percent of the bloc's entire population. However, countries including Germany, Austria, Poland, the Netherlands and the Czech Republic were expected to abstain from the vote or oppose the plan due to cybersecurity and privacy concerns, Politico reports. If EU members come to an agreement on a joint position, they'll have to hash out a final version of the law with the European Commission and European Parliament.

An anonymous reader shares a report: YouTube Premium subscribers who use VPNs are reporting that their plans are being automatically canceled by the Google-owned company, according to multiple subscribers who have posted screenshots and descriptions of the issue on Reddit.

A Google support representative confirmed to PCMag that YouTube has started a crackdown. "YouTube has initiated the cancellation of premium memberships for accounts identified as having falsified signup country information," the Google support agent said via chat message. "Due to violating YouTube's Paid Terms of Service, these users will receive an email and an in-app notification informing them of the cancellation."

Pornhub plans to block access to its website in Indiana, Idaho, Kansas, Kentucky, and Nebraska in response to age verification laws designed to prevent children from accessing adult websites. From a report: The website has now cut off access in more than half a dozen states in protest of similar age verification laws that have quickly spread across conservative-leaning US states. Indiana, Idaho, and Kansas will lose access on June 27th, according to alerts on Pornhub's website that were seen by local news sources and Reddit users; Kentucky will lose access on July 10th, according to Kentucky Public Radio.

The European Union is getting closer to passing new rules that would mandate the bulk scanning of digital messages -- including encrypted ones. On Thursday, EU governments will adopt a position on the proposed legislation, which is aimed at detecting child sexual abuse material (CSAM). The vote will determine whether the proposal has enough support to move forward in the EU's law-making process. From a report: The law, first introduced in 2022, would implement an "upload moderation" system that scans all your digital messages, including shared images, videos, and links. Each service required to install this "vetted" monitoring technology must also ask permission to scan your messages. If you don't agree, you won't be able to share images or URLs.

As if this doesn't seem wild enough, the proposed legislation appears to endorse and reject end-to-end encryption at the same time. At first, it highlights how end-to-end encryption "is a necessary means of protecting fundamental rights" but then goes on to say that encrypted messaging services could "inadvertently become secure zones where child sexual abuse material can be shared or disseminated."

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. From a report: As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft's account security team. Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn't reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it.

AMD said on Tuesday it was looking into claims that company data was stolen in a hack by a cybercriminal organization called "Intelbroker". "The alleged intrusion, which took place in June 2024, reportedly resulted in the theft of a significant amount of sensitive information, spanning across various categories," reports Hackread. From the report: In a recent post on Breach Forums, IntelBroker detailed the extent of the compromised data. The hacker claims to have accessed information related to the following records: ROMs, Firmware, Source code, Property files, Employee databases, Customer databases, Financial information, Future AMD product plans, and Technical specification sheets. The hacker is selling the data exclusively for XMR (Monero) cryptocurrency, accepting a middleman for transactions. He advises interested buyers to message him with their offers.

The reputation of IntelBroker in the cybersecurity community is one of significant concern, given the scale and sensitivity of the targeted entities in previous hacks. The hacker's past exploits include breaches of: Europol, Tech in Asia, Space-Eyes, Home Depot, Facebook Marketplace, U.S. contractor Acuity Inc., Staffing giant Robert Half, Los Angeles International Airport, and Alleged breaches of HSBC and Barclays Bank. Although the hacker's origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the T-Mobile data breaches.

An anonymous reader quotes a report from The Register: Asda is transferring more than 100 internal IT workers to Indian outsourcing company TCS as it labors to meet deadlines to move away from IT systems supported by previous owner Walmart by the end of the year. According to documents seen by The Register, a collective consultation for a staff transfer under TUPE -- an arrangement by which employment rights are protected under UK law -- begins today (June 17). The UK's third-largest supermarket expects affected staff to meet line managers from June 24, while the transfer date is set for September 16. Contractors will be let go at the end of their current contracts. Asda employs around 5,000 staff in its UK offices. Between 130 and 135 members of the IT team have entered the collective consultation to move to TCS.

The move came as private equity company TDR Capital gained majority ownership of the supermarket group. It was acquired from Walmart by the brothers Mohsin and Zuber Issa and TDR Capital in February 2021 at a value of 6.8 billion pounds. The US retail giant retained "an equity investment." Project Future is a massive shift in the retailer's IT function. It is upgrading a legacy ERP system from SAP ECC -- run on-prem by Walmart -- to the latest SAP S/4HANA in the Microsoft Azure cloud, changing the application software, infrastructure, and business processes at the same time. Other applications are also set to move to Azure, including ecommerce and store systems, while Asda is creating an IT security team for the first time -- the work had previously been carried out by its US owner.

Asda signed up to SAP's "RISE" program in a deal to lift, shift, and transform its ERP system -- a vital plank in the German vendor's strategy to get customers to the cloud -- in December 2021. But the project has already been beset by delays. The UK retailer had signed a three-year deal with Walmart in February 2021 to continue to support its existing system, but was forced to renegotiate to extend the arrangement, saying it planned to move away from the legacy systems before the end of 2024. Although one insider told El Reg that deadline was "totally unachievable," the Walmart deal extends to September 2025, giving the UK retailer room to accommodate further delays without renegotiating the contract.

Asda has yet to migrate a single store to the new infrastructure. The first -- Yorkshire's Otley -- is set to go live by the end of June. One insider pointed out that project managers were trying to book resources from the infrastructure team for later this year and into the next, but, as they were set to transfer to TCS, the infrastructure team did not know who would be doing the work or what resources would be available. "They have a thousand stores to migrate and they're going to be doing that with an infrastructure team who have their eyes on the door. They'll be very professional, but they're not going above and beyond and doing on-call they don't have to do," the insider said.

An anonymous reader shares a report: IT asset management platform Lansweeper has dispensed a warning for enterprise administrators everywhere. Exactly how old is that Microsoft SQL Server on which your business depends? According to chief strategy officer Roel Decneut, the biz scanned just over a million instances of SQL Server and found that 19.8 percent were now unsupported by Microsoft. Twelve percent were running SQL Server 2014, which is due to drop out of extended support on July 9 -- meaning the proportion will be 32 percent early next month.

For a fee, customers can continue receiving security updates for SQL Server 2014 for another three years. Still, the finding underlines a potential issue facing users of Microsoft's flagship database: Does your business depend on something that should have been put out to pasture long ago? While Microsoft is facing a challenge in getting users to make the move from Windows 10 to Windows 11, admins are facing a similar but far less publicized issue. Sure, IT professionals are all too aware of the risks of running business-critical processes on outdated software, but persuading the board to allocate funds for updates can be challenging.

Cybercriminals are demanding payments of between $300,000 and $5 million apiece from as many as 10 companies breached in a campaign that targeted Snowflake customers, according to a security firm helping with the investigation. From a report: The hacking scheme has entered a "new stage" as the gang looks to profit from the most valuable information it has stolen, said Austin Larsen, a senior threat analyst at Google's Mandiant security business, which helped lead Snowflake's inquiry. That includes auctioning companies' data on illegal online forums to try to pressure them into making payments, he said.

"We anticipate the actor to continue to attempt to extort victims," Larsen said. Snowflake, a cloud-based data analytics firm, said on June 2 that hackers had launched a "targeted" effort directed against Snowflake users that used single-factor authentication techniques. The company declined to comment on any specific customers.