Automotive

Who:

• Hertz (car rental company)

• Cleo Communications (file transfer vendor)

• Possible link to Clop ransomware gang (Russia-affiliated)

What:

Who: Kia, security researchers, and multiple affected car manufacturers (including Honda, Hyundai, Toyota, Acura, and others).

What: Researchers discovered a security flaw in Kia's web portal that allowed unauthorized access to the internet-connected features of millions of vehicles, enabling hackers to track cars, unlock doors, and start engines.

Impact: The vulnerability posed significant risks, including potential theft of vehicles and personal data, as well as privacy and safety concerns for drivers. While Kia has since patched the flaw, the incident highlights broader security issues across the automotive industry, with multiple manufacturers facing similar vulnerabilities.

Read the full article HERE

Who:

• Victim: Toyota Motor North America (via a third-party entity)

• Perpetrators: A threat actor named ZeroSevenGroup

What:

• Incident: A third-party data breach exposed 240GB of Toyota employee and customer data, including contacts, financial details, and network infrastructure information. The threat actor leaked the stolen data on a hacking forum, claiming it included sensitive credentials and other critical information.

Who:

• CDK Global, a software provider for car dealerships.

• Up to 15,000 car dealerships, including major chains like Asbury, AutoNation, Group 1, Lithia, and Sonic.

What:

• CDK Global reportedly paid a $25 million ransom in Bitcoin after a ransomware attack.