---
title: "Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17, 2024] | DuoCircle"
description: "Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2024/"
---

Quick Answer

Five stories. Self-described researchers at CertiK exploited a flaw in Kraken's deposit system to extract $3 million; Kraken says the bug allowed credit without funds actually moving. CDK Global, the dealer-management software used by 15,000 U.S. car dealerships, was hit by ransomware (BlackSuit), forcing manual operations across the industry. AMD is investigating after the IntelBroker actor advertised stolen employee and product data on a hacking forum. Proofpoint detailed a campaign using fake Chrome, Word, and OneDrive error pages to trick users into pasting PowerShell into the Windows Run dialog, deploying loaders like FakeUpdates. And the Toronto District School Board confirmed a ransomware attack on its testing environment.

Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News \[June 17, 2024\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2024/06/Kraken-Flaw-Heist-CDK-Cyberattack-Hits-AMD-Investigates-Breach---Cybersecurity-News-June-17-2024.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2024%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Kraken%20Flaw%20Heist%2C%20CDK%20Cyberattack%20Hits%2C%20AMD%20Investigates%20Breach%2C%20Cybersecurity%20News%20%5BJune%2017%2C%202024%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2024%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2024%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2024%2F&title=Kraken%20Flaw%20Heist%2C%20CDK%20Cyberattack%20Hits%2C%20AMD%20Investigates%20Breach%2C%20Cybersecurity%20News%20%5BJune%2017%2C%202024%5D "Share on Reddit") [ ](mailto:?subject=Kraken%20Flaw%20Heist%2C%20CDK%20Cyberattack%20Hits%2C%20AMD%20Investigates%20Breach%2C%20Cybersecurity%20News%20%5BJune%2017%2C%202024%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2024%2F "Share via Email") 

![Cybersecurity News](https://media.mailhop.org/duocircle/images/2024/06/Office-365-to-Office-365-migration.jpg) 

Don’t miss out on the latest [cybersecurity](/) scoop of the week! We’ll be covering the $3 million stolen from Kraken, the cyberattack that has affected thousands of **US car dealerships**, the AMD data leakage, fake Chrome errors installing malware on devices, and the cyberattack on the Toronto District School Board. 

## “Researchers” Use Kraken Exchange Flaw to Steal $3 Million in Cryptocurrency

The popular Kraken crypto exchange shared this week that **alleged security researchers** stole $3 million in crypto by exploiting a [zero-day bug](/email-security/unpatched-dogwalk-a-new-microsoft-zero-day-vulnerability/) in its website. 

The hack was disclosed by the Chief Security Officer for Kraken, Nick Percoco, who shared that the security team received a vague [bug report](https://usersnap.com/blog/what-is-a-bug-report/) on 9 June about a zero-day bug that anyone could use to **increase the balances** of their wallets.

_By leveraging this bug, [threat actors](https://securityaffairs.com/164806/hacking/solarwinds-serv-u-cve-2024-28995-exploit.html) could initiate deposits, and even when the deposit failed, they would still receive the funds in their Kraken wallet._ The bug was **isolated and fixed within an hour** by the security team, who also found out that it came from a recent change in the UI (User Interface), which allowed users to deposit funds and use them before clearance.

But by the time the bug was fixed, three individuals had already [exploited it and stolen](https://www.dlnews.com/articles/people-culture/former-mit-students-charged-in-ethereum-blockchain-exploit/) $3 million from the Kraken treasury, one of whom claimed to be a researcher and said he **deposited just $4** to his account to prove that the bug indeed worked and could be misused by threat actors.

This researcher also **refused to return** the $4 or any information regarding the bug and instead demanded a call with the sales reps. Also, he said that he would return the funds once the team provided a speculated amount that the bug could have caused if the [breach](/email-security/microsoft-email-attacks-an-inside-look-at-the-outlook-breach/) went undisclosed.

Kraken termed it “[extortion](https://www.bleepingcomputer.com/news/security/researchers-exploit-kraken-exchange-bug-steal-3-million-in-crypto/),” but has not disclosed the identity of this researcher. They are treating this incident as a **criminal case** and have notified law enforcement authorities.

## CDK Global Cyberattack Affects Thousands of US Car Dealerships

This week, the car dealership [Saas (Software as a Service)](https://www.techtarget.com/searchcloudcomputing/definition/Software-as-a-Service) provider CDK Global was the victim of a significant [cyberattack](https://www.bbc.com/news/articles/cd11v377eywo) and had to **shut down all systems**.

[![Cybercrime Statistics](https://media.mailhop.org/duocircle/images/2024/06/windows-smtp-service.jpg)](https://media.mailhop.org/duocircle/images/2024/06/windows-smtp-service.jpg)

**All of CDK Global’s clients** suffered as they could not run their businesses normally, which includes over 15,000 car dealerships in North America. The organization had to [shut down all IT systems](https://www.nytimes.com/2024/03/05/health/cyberattack-healthcare-cash.html), phones, and applications to contain the attack. The details of the attack have not yet been shared by any spokesperson, but the organization is assessing the impact of the breach.

In the meantime, many employees have started a [subreddit](https://www.reddit.com/r/Justrolledintotheshop/comments/1djn163/comment/l9bssdz/), explaining that all tracking systems for car parts, sales, and even financing are down, so they are **forced to switch** to traditional pen-and-paper systems. Some dealerships even sent the employees home. There has been no official statement at this point, but it looks like a [ransomware attack](/data-privacy/8-most-nefarious-ransomware-attacks-from-2017-to-mid-2023/), and if it is one, it will likely go on for quite some time. 

CDK says they are investigating the [cyber incident](https://edition.cnn.com/2024/06/10/tech/hospital-cyberattack-google-microsoft/index.html) and have shut down most of their systems. _However, CDK phones, DMS, and Digital Retail, along with **Unify and DMS logins are working now** and the organization is_ _[running tests](https://www.reuters.com/technology/cybersecurity/cdk-global-investigating-cyber-incident-briefly-shut-all-systems-2024-06-19/)_ _on other applications._ If found safe, they will be bought back online. 

## AMD Looks Into Breach After Data Appears for Sale on Hacking Forum

In other news, AMD is also investigating a cyberattack after a **hacker put alleged stolen data** from the organization on a [hacking forum](https://techcrunch.com/2024/06/21/hacker-claims-to-have-30-million-customer-records-from-australian-ticket-seller-giant-teg/).

_The threat actor **posted a sample** that contains AMD employee information and financial and [confidential data](https://cybersecuritynews.com/nhs-hospital-attack/) from the organization._ AMD is working with law enforcement and third parties to investigate the incident and find out the significance of the data sample posted online.

[IntelBroker](https://www.tomshardware.com/tech-industry/cyber-security/intelbroker-claims-they-hacked-apple-in-the-same-week-as-amd), the threat actor behind the attack, **posted screenshots** of this stolen data. They did not share how they got to the data but did share that they are selling information from [AMD.com](https://www.amd.com/en.html)’s data breach. The incident was first [reported](https://x.com/DarkWebInformer/status/1802826266355040588) by DarkWebInformer on X, who also shared that the data set includes information about [employee user IDs](https://finance.yahoo.com/news/home-depot-confirms-breach-employee-124700260.html), their first and last names, job functions, emails, employment status, and **business contact numbers**. 

It still remains to be seen if the data is from a new breach or a previous one, but IntelBroker is a major threat actor who also [breached the DC Health Link](https://www.techtarget.com/searchsecurity/news/365535577/DC-Health-Link-breach-caused-by-misconfigured-server) that **exposed personal information** about members and staff of the US House of Representatives. 

## Fake Google Chrome Errors Deceive Users Into Running Harmful Powershell Scripts

_There’s a new malware distribution that uses **fake Google Chrome**, [OneDrive](https://www.infosecurity-magazine.com/news/ta866-target-onedrive-campaign/), and MS Word errors to trick people into running PowerShell fixes that are actually malicious [malware installing scripts](https://cybersecuritynews.com/hackers-leveraging-social-engineering-malware/)._ 

It is being used by many threat actors where the errors prompt the victims to click on a button that will copy a **PowerShell “fix”** and run it on the Run dialog. The campaign was discovered by ProofPoint, who [shared that](https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn) the attack chain is successful as it shows a real problem and solution at the same time, prompting users to take action.

The PowerShell script is malicious indeed and installs **many infamous backgates** like [Matanbuchus](https://gbhackers.com/matanbuchus-malware-weaponizing/), [NetSupport](https://cybersecuritynews.com/beware-of-weaponized-pdfs/), [XMRig](https://cybersecuritynews.com/sysrv-botnet-google-xmrig-spreader/), [Lumma Stealer](https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html), and [DarkGate](https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html). ProofPoint analyzed three different attack chains. In the first one, the threat actors lead the victims to a malicious script hosted on [BSN (Binance Smart Chain)](https://www.binance.com/en/square/post/448884) and show a **fake Google Chrome warning**, prompting the victim to install a [root certificate](https://gcore.com/learning/what-is-a-root-certificate/) by copying the PowerShell script, but when it executes, it downloads the payloads.

_In the other one, the threat actors **use injection** on compromised websites to overlay the fake Google Chrome error._ The third one is email-based, where the threat actors distribute [HTML attachments](https://www.techradar.com/news/html-attachments-are-more-of-a-security-risk-than-ever-heres-what-you-need-to-know) that appear as MS Word documents, and they prompt users to **install “Word Online”** to view them. Here, the PowerShell command downloads and executes MSI or VBS files and installs the Matanbuchus or DarkGate infection on the victim device.

The [different attack patterns](https://news.sophos.com/en-us/2023/08/10/image-spam-attack/) that are being used by the threat actors behind it are highly effective, so you need to keep an eye out for such unsolicited errors and documents and **avoid interacting with them** to stay safe. Ensuring robust [malware protection](/resources/malware-and-its-defense-mechanism) can also help mitigate these risks.

[![Ransomware Attack](https://media.mailhop.org/duocircle/images/2024/06/smtp-service-8669.jpg)](https://media.mailhop.org/duocircle/images/2024/06/smtp-service-8669.jpg)

## Ransomware Attack Targets Toronto District School Board

The TDSB (Toronto District School Board) shared that it **suffered a ransomware attack** this week. 

TDSB is one of Canada’s largest school boards, and the attack was on its [software testing environment](https://www.qamadness.com/knowledge-base/test-environment-what-is-it-and-why-do-we-need-it/). The board notified parents and guardians via [an announcement that](https://www.tdsb.on.ca/home/ctl/Details/mid/43823/itemid/316) an **unauthorized third party** was able to access TDSB’s tech testing environments, and the board is conducting an investigation into the issue to understand the nature of the incident, the impact, and if any information was affected.

All of these systems are operational, and none of them were disrupted, but they were able to contain the attack. They have also notified the police service and are working with third-party cybersecurity experts. TDSB has nearly 40,000 employees and serves about 247,000 students so any [information leak](https://techinformed.com/ransomware-gang-leak-400gb-of-nhs-data-from-london-hospital-hack/) would impact a ton of people. 

There isn’t much information about the breach available but the TDSB says they **will notify all affected individuals** if there’s evidence of a [data breach](https://www.foxnews.com/tech/massive-data-breach-exposes-over-3-million-americans-personal-information-cybercriminals). It’s important to note that they are also focusing on improving their [ransomware protection](/resources/locky-ransomware) measures.

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17, 2024]","description":"Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2024/","datePublished":"2024-06-24T11:19:44.000Z","dateModified":"2025-08-22T11:19:31.000Z","dateCreated":"2024-06-24T11:19:44.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2024/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1230,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/06/Office-365-to-Office-365-migration.jpg","caption":"Cybersecurity News","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2024/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2024/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17, 2024]","description":"Kraken Flaw Heist, CDK Cyberattack Hits, AMD Investigates Breach, Cybersecurity News [June 17.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2024/","datePublished":"2024-06-24T11:19:44.000Z","dateModified":"2025-08-22T11:19:31.000Z","dateCreated":"2024-06-24T11:19:44.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2024/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1230,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/06/Office-365-to-Office-365-migration.jpg","caption":"Cybersecurity News","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```