18-Jan-2025 Otelier Data Breach, PHP Bot Attacks, Trojanized Image Campaigns, and AI Privacy Risks
Welcome to Hacked dAily, the first AI-Driven Cybersecurity Podcast by Cytadel Cyber, where we bring you the most pressing cybersecurity news every day. In today's episode, we start with a massive data breach at Otelier, a travel tech company, exposing the personal details and hotel reservations of potentially millions. The root cause? A simple misconfiguration of their database. Next, we dive into the realm of automated cyber attacks, as Python-based bots exploit vulnerabilities in PHP servers to proliferate illegal online gambling platforms. This highlights a concerning trend of using automation for malicious endeavors. We then explore a novel technique used by cybercriminals: trojanized images. These seemingly harmless images carry hidden malware, showcasing the innovative tactics being deployed to bypass traditional security defenses. In other news, the ransomware gang Inc has taken responsibility for a cyberattack on Taylor Regional Hospital, impacting healthcare operations and illustrating an alarming increase in ransomware assaults on U.S. medical facilities in 2024. Lastly, we address rising cybersecurity threats related to employees inputting sensitive data into generative AI without proper measures, risking data breaches and privacy concerns. Companies are urged to enforce stricter guidelines to safeguard information. Tune in to stay informed and ahead of potential cyber threats. Join us tomorrow for more insights on navigating the ever-evolving digital landscape!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
18 Tammi 3min
17-Jan-2025 TikTok & AliExpress Face Legal Heat, Gmail Users Under Cyber Attack, AI Security Concerns Unveiled
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber. Every day, we delve into the latest developments in the world of cybersecurity to keep you informed and prepared. Today's top story focuses on a major legal battle as a European privacy advocacy group takes on TikTok and AliExpress. These platforms are accused of violating EU privacy laws by allegedly transferring user data to China, raising serious privacy concerns. Next, we cover a sophisticated cyber attack affecting Gmail users. Hackers have found a way to compromise encryption keys, allowing them to access sensitive information. We discuss the implications and urge users to bolster their account security. In another alarming development, 4.2 million internet hosts are vulnerable to hijacking due to bugs in tunneling protocols. This flaw could lead to massive data breaches and disrupted communications, highlighting the urgent need for patches. On a different note, a biotech company agrees to a $7.5 million settlement over a ransomware attack that exposed sensitive data. This settlement aims to compensate those affected by this breach. Lastly, Microsoft researchers reveal that AI technology cannot be entirely secure. Tests on their own AI systems showed inherent vulnerabilities, underscoring the complex security challenges posed by AI advancements. Stay tuned to Hacked dAily for your essential cybersecurity updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
17 Tammi 3min
16-Jan-2025 Quantum Espionage and FortiGate Leaks Dominate Cybersecurity Headlines
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast powered by Cytadel Cyber. Each day, we bring you the latest in cybersecurity news and insights to keep you informed and secure in a rapidly changing digital world. In today's episode, we dive into the shadowy world of quantum espionage, where Russian spies are targeting U.S. university labs to steal cutting-edge quantum computing research. This high-stakes "shadow war" has prompted the CIA and NSA to ramp up cybersecurity efforts to safeguard sensitive breakthroughs from falling into the wrong hands. Next, we discuss the FortiGate device leak, where hackers have exposed configuration files and VPN credentials for 15,000 devices. This incident underscores the critical need for organizations to secure VPN configurations and regularly update hardware to prevent unauthorized access. Then, we cover Salt Typhoon attacks—Chinese cyber campaigns targeting U.S. telecommunications. CISA’s coordinated response highlights the ongoing challenges of securing critical infrastructure against advanced foreign threats, especially in the face of outdated technology vulnerabilities. In other news, the Cl0p ransomware group has exploited a critical flaw in Cleo’s managed file transfer software, affecting at least 66 organizations. Despite an available patch, delayed updates leave many companies at risk, emphasizing the importance of timely patch management. Lastly, we explore AI-focused cybersecurity efforts with a new playbook released by CISA, the FBI, and NSA. This initiative encourages collaboration and information sharing to counter AI-related threats and aligns with recent executive orders on AI security. Stay tuned for tomorrow's episode for more on your daily cybersecurity updates. This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Visit cytadel.co.uk for more information.
16 Tammi 3min
15-Jan-2025 Google OAuth Flaw and FBI's PlugX Takedown Lead Cybersecurity Updates
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast powered by Cytadel Cyber. Each day, we bring you the latest in cybersecurity news and insights to keep you informed and secure in a rapidly changing digital world. In today's episode, we delve into a recent discovery of a security flaw within Google's OAuth system. This vulnerability could allow attackers to exploit abandoned accounts due to weak token management practices. We highlight the critical need for effective token management policies to protect user data. Next, we discuss the FBI's successful operation against PlugX malware. After months of investigation, the agency has eradicated this remote access threat from over 4,250 compromised systems in the U.S., offering enhanced security and peace of mind to thousands of affected users. Then, we cover Snyk's clarification on seemingly malicious packages found on the NPM registry. These packages were part of a controlled research effort to shed light on security vulnerabilities, promoting awareness and better practices in package management. In other news, the UK government is weighing a potential ban on ransomware payments within critical sectors, aiming to stem rising cyber attacks by focusing on prevention and resilience. Lastly, we explore the risks and strategies for securing enterprises as they adopt AI and multicloud infrastructures, emphasizing the importance of robust risk management and cross-department collaboration. Stay tuned for tomorrow's episode for more on your daily cybersecurity updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
15 Tammi 3min
14-Jan-2025 Telefonica, ICAO, Nominet, AWS Ransomware & Microsoft's Human-Centric Security
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. Every day, we bring you the latest news, updates, and insights from the cybersecurity world, ensuring you're up-to-date in this fast-paced digital landscape. In today's episode, we unravel four major stories shaking the cyber world: 1. A significant breach has struck Telefonica’s ticketing system, following an attack by infostealer malware that exploited stolen credentials. This incident emphasizes the critical vulnerabilities organizations face and the necessity to fortify cybersecurity defenses. 2. The International Civil Aviation Organization (ICAO) faces a potential cybersecurity breach from a notorious cybercriminal group, with claims of up to 42,000 sensitive documents being compromised. This event adds to a streak of cyberattacks on UN agencies, urging a call for reinforced security practices. 3. UK Domain Registry Nominet has encountered a cyber threat via a zero-day vulnerability in Ivanti's VPN software, potentially involving Chinese state-sponsored hackers. While no data theft has been confirmed, Nominet is actively enhancing security and investigating the incident alongside experts. 4. In other news, a ransomware group dubbed "Codefinger" has innovated by exploiting Amazon Web Services' SSE-C to encrypt data in Amazon S3 buckets, presenting a novel threat to organizations using AWS. Lastly, Microsoft advocates the irreplaceable role of human ingenuity in red-teaming, crucial for detecting system vulnerabilities despite AI advancements. Tune in tomorrow for more essential updates on Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
14 Tammi 3min
13-Jan-2025 Cybersecurity Breaches: Scholastic & Teton Orthopaedics Hit; WordPress Skimmer Risks
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. Every day, we bring you the latest news, trends, and insights from the cyber world to keep you ahead of the curve. In today's episode: Our top story delves into a disturbing discovery where expired domains are being used to control over 4,000 backdoors on compromised systems. These vulnerabilities put sensitive data at risk as cybercriminals exploit under-the-radar access points. In WordPress news, a new threat has emerged with cybercriminals injecting skimmers directly into database tables. This advanced method bypasses usual detection tactics, making it easier for hackers to siphon off payment details without leaving digital footprints. Next, the infamous hacker known as Furry has infiltrated Scholastic's database, compromising the personal information of 8 million users. Listen as we discuss the implications and the steps Scholastic is taking to address this massive breach. Over in the healthcare sector, Teton Orthopaedics is grappling with a ransomware attack affecting patient data. Discover the ongoing efforts to rectify this nine-month-old security lapse and protect patient confidentiality. Finally, we explore how AI is revolutionizing cybersecurity by mimicking hacker tactics to identify vulnerabilities. This proactive approach is changing the game, making networks more resilient against evolving threats. Stay informed and cyber-savvy with Hacked dAily. Listen now!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
13 Tammi 3min
12-Jan-2025: Phishing Scams, Fake Exploits, and Microsoft's Legal Battle Against Hackers
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber, bringing you the latest news from the cyber world, every day. In today's episode, we delve into some pressing issues within the realm of cybersecurity. Firstly, cyber experts have uncovered a phishing campaign where attackers disguise themselves as CrowdStrike recruiters, distributing malware via fake job offers. This underlines the critical need for vigilance when receiving unsolicited communications. Next, a deceptive GitHub repository claiming to be an LDAPNightmare exploit is instead spreading Infostealer malware, highlighting the abuse of trusted platforms by malicious actors. Users are advised to exercise caution and verify the authenticity of software tools before use. In another significant development, Microsoft is taking legal action against a hacking group accused of misusing Azure's AI for generating harmful content. This lawsuit emphasizes Microsoft's dedication to protecting its customer's data and ensuring the security of its AI services. The American Radio Relay League has become the latest victim of a ransomware attack, causing disruption to its systems. The organization is actively working to restore operations, while the extent of data compromise remains undisclosed. Lastly, new research indicates AI agents may soon outnumber human users across many applications, as AI becomes more embedded in everyday processes, signaling a potential shift in technological interactions. Stay tuned with us as we keep you ahead in the cybersecurity landscape.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
12 Tammi 3min
11-Jan-2025 Apple's USB-C Hack, DOJ on Bitzlato, Microsoft's Outlook Update, AI-Assisted Ransomware
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast crafted by Cytadel Cyber. Join us every day as we uncover the latest cyber threat landscape. In today's top story, Apple's latest innovation, the ACE3 USB-C controller in the iPhone 15 series, faces a security breach. Researchers have hacked through Apple's enhanced defenses using advanced techniques like RF side-channel analysis, challenging the robustness of even top-tier device security. Next, the Department of Justice charges three Russian nationals with operating crypto mixing services linked to large-scale cybercrimes. Bitzlato and Hydra's operations processed billions linked to illicit activities, as legal efforts intensify against cybercrime financing. We also explore Microsoft's decision to automatically install the new Outlook on Windows 10 PCs starting February. Aimed at enhancing user efficiency, this transition reflects Microsoft's goal of unifying and streamlining their productivity tools. On the horizon, the FunkSec group is under the spotlight for employing AI-assisted code in ransomware attacks. Leveraging AI, FunkSec increases attack sophistication and impact, posing significant challenges to cybersecurity defenses worldwide. Finally, a troubling trend emerges as threat actors use AI to bypass multifactor authentication with deepfake tools, compromising account security. As cybercriminals employ advanced AI methods, experts stress the necessity for adaptive security measures to safeguard against evolving threats. Tune in tomorrow for more cutting-edge cybersecurity updates from Hacked dAily. Stay safe online!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
11 Tammi 3min
