14-Oct-2024 Cybersecurity Breaches: OilRig, Casio, Marriott, and RansomHub's Rise

Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. In today's episode, we dive into the freshest reports and updates from the cyber world to keep you ahead of the curve. First up, we're examining potential breaches at Dell, where hackers may have compromised the employee database, putting sensitive personal info at risk. As the investigation unfolds, Dell collaborates with cybersecurity experts to bolster its defenses. Next, GitLab has issued a crucial advisory urging users to update their software immediately. A critical vulnerability allowing unauthorized access to private projects has been identified, threatening data integrity. Stay secure by ensuring your systems have the latest patches installed. Shifting focus to cloud threats, researchers warn of a spike in ransomware attacks leveraging Microsoft’s Azure Storage Explorer. By exploiting Azure blobs, cybercriminals can bypass traditional defenses, highlighting the urgent need for robust cloud security strategies. We also cover rising cases of social engineering, where hackers use psychological tactics to trick victims into sharing login credentials. Cyber resilience and vigilance are key as authorities stress the importance of enhanced security measures. Finally, we close with developments on the Raptor Train botnet, which has infected over 60,000 IoT devices globally. Experts are working tirelessly to dismantle this threat, reinforcing IoT security to combat coordinated cyber-attacks. Stay tuned for daily updates with Hacked dAily, where we secure your world one byte at a time.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

22 Sep 20243min

Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber! Join us for your daily dose of the latest in cybersecurity news and threats. On today's episode, we'll dive into our top stories where North Korean APT groups are bypassing DMARC policies, targeting South Korean entities in a concerning rise of cyber-espionage. This sophisticated infiltration raises questions about the effectiveness of current email security systems against state-sponsored attacks. In another alarming development, a hacker is selling 7 terabytes of customer data from Star Health Insurance on Telegram. This breach highlights significant privacy concerns and underscores the urgent need for stricter data security measures. Ivanti's latest warning sheds light on a newly identified vulnerability in its Cloud Services Appliance. This exploit, allowing unauthorized remote access, is a stark reminder for users to apply urgent patches and reinforce their cybersecurity strategies. Meanwhile, Disney is moving away from Slack after the hacktivist group "NullBulge" compromised their sensitive data. This breach, revealing confidential projects and employee details, underscores the risks of using third-party communication tools and the necessity for robust security protocols. Finally, we'll discuss the growing issue of deepfake videos featuring famous British TV doctors endorsing fake health products. Learn how to spot these deceiving videos amidst increasing digital manipulation. Stay tuned as we unravel these stories and more on Hacked dAily, keeping you ahead in the cybersecurity realm!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

20 Sep 20243min

Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber, your daily digest of top cybersecurity stories from around the globe. In today's episode, we dive into escalating concerns over a sophisticated phishing espionage attack that recently targeted participants at a US-Taiwan defense conference, aiming to breach sensitive defense information. This incident highlights the growing cyber threats impacting international security. Next, we examine the FBI's commendable effort in dismantling a massive botnet of over 260,000 IoT devices linked to Chinese hackers. The operation serves as a stark reminder of the urgent need to secure IoT devices against potential exploitation in large-scale cyberattacks. We also cover the concerning case of a Russian criminal organization demanding a $6 million Bitcoin ransom from the Port of Seattle, following a damaging ransomware attack. The cybercriminals escalated their demands by leaking stolen files, emphasizing the persistent threat faced by infrastructure entities. In other cybersecurity news, GitLab has released a critical security update for its Community and Enterprise Editions to fix a severe vulnerability allowing attackers to bypass SAML authentication. Users are urged to update to safeguard against unauthorized access. Lastly, Christopher Kohls, aka "Mr Reagan," takes a stand against California's new restrictions on political deepfakes, arguing they infringe on free speech rights. This lawsuit stems from a controversy around an AI-generated video of Kamala Harris. Stay tuned for more insights and updates on Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

19 Sep 20243min

Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber. In today's episode, we navigate through a landscape riddled with digital threats, regulatory consequences, and pressing ethical debates. Our top story unfolds in Lebanon, where a devastating cyber attack, allegedly executed by Israel's Mossad, has targeted telecommunications infrastructure, leading to catastrophic consequences including loss of life and mass injuries. This escalation highlights the perilous intersection of cyber and physical warfare amidst the ongoing conflict involving Hezbollah and Iran. Next, we spotlight AT&T's $13 million settlement over a data breach linked to its vendor, sparking widespread concern over cloud security and third-party data handling practices. This settlement aims to address these vulnerabilities and bolster future data protection efforts. In the realm of tech giants, Meta reveals its plan to enhance AI models using public posts from U.K. users. While aimed at improving user experience, this initiative raises significant privacy concerns and sparks a dialogue on the ethics of user data exploitation without explicit consent. Meanwhile, a ServiceNow platform misconfiguration has resulted in sensitive data exposure, urging businesses to re-evaluate their security settings and prevent similar breaches. Finally, we delve into the world of AI-generated images with Taylor Swift’s advocacy on their potential to sway election outcomes, adding a pivotal voice to the conversation on digital ethics and electoral integrity. Stay cyber safe and informed with Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

18 Sep 20243min

Welcome to Hacked dAily, the first AI-driven cybersecurity podcast, by Cytadel Cyber, delivering daily updates on the latest in cybersecurity news. In today's episode, we delve into China's concerns regarding SpaceX's Starlink satellite signals and their potential to track stealth aircraft, possibly undermining existing radar evasion technologies and prompting a strategic reevaluation globally. U.S. authorities issue a critical ransomware warning in response to escalating cyber threats. Meanwhile, Switzerland joins EU security initiatives to bolster its digital defense, and Germany reveals the staggering financial fallout from cybercrime, stressing the economic damage such threats inflict on national economies. In a major cybersecurity breach, hackers from RansomHub have leaked 487 GB of sensitive data from Kawasaki Motors Europe. This incident raises alarms about customer and operational security, as investigations continue to assess the damage and strategize responses. Elsewhere, a Massachusetts accounting firm faces class action lawsuits following a serious data breach that compromised sensitive client information, raising concerns over identity theft and financial fraud, potentially undermining the firm's credibility and client trust. Finally, Chile's Instituto Nacional de Deportes reports a breach affecting over 319,000 accounts, exposing individuals to identity theft and fraud. Measures are underway to address and prevent future incidents. Stay tuned for these stories and more on Hacked dAily, where cybersecurity meets AI innovation.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

17 Sep 20243min

Welcome to Hacked dAily, the first AI-Driven Cybersecurity Podcast created by Cytadel Cyber. Tune in daily for the latest insights on critical cybersecurity threats and breaches affecting the digital world. In today's episode, we explore how cybercriminals are manipulating HTTP headers to enhance large-scale phishing attacks. These attacks are cleverly designed to trick users into revealing sensitive information, highlighting the need for improved security measures and user awareness. Next, we turn our attention to the Medusa ransomware group, which is actively exploiting a critical vulnerability in Fortinet's FortiClient EMS software. The flaw, identified as CVE-2023-48788, allows attackers to execute crippling ransomware attacks, prompting urgent calls for system updates and enhanced defenses. We also discuss 23andMe's $30 million settlement following a class-action lawsuit over privacy breaches. The genetics company faced accusations of mishandling user data, with eligible customers poised to receive compensation for these alleged violations. In other news, rural hospitals face increasing ransomware threats due to inadequate cybersecurity measures compared to larger urban centers. This alarming trend underscores the pressing need for better security protocols in rural healthcare systems. Finally, we delve into a new threat where malware is hijacking browsers to operate in kiosk mode, chiefly targeting Chrome users. This tactic traps victims in a fake web environment, leading to stolen Google credentials and compromised data integrity. Stay informed with Hacked dAily as we keep you abreast of the evolving cybersecurity landscape.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

16 Sep 20243min

Welcome to Hacked dAily, the first-ever AI-driven cybersecurity podcast created by Cytadel Cyber, delivering the latest in digital defenses every day. Today, we dive into a series of alarming breaches and evolving threats that underscore the ever-present cyber risks in our digital world. In our first story, the popular online gaming platform Games Box has confirmed a breach affecting over 1.4 million user accounts. Compromised data includes usernames, encrypted passwords, and email addresses. Affected users are urged to change passwords and watch out for phishing attempts. Next, ecbawm[.]com has reportedly suffered a ransomware attack, with 246GB of data compromised according to the Abyss Onion Dark Web blog. The attackers' claims were highlighted by RedPacket Security, which does not facilitate ransomware distributions. Shifting focus, the Illinois Bone & Joint Institute and Access Sports Medicine & Orthopedics report breaches affecting a combined 270,000 individuals. Both clinics have reinforced security measures and offer complimentary credit monitoring to those impacted. In other unsettling news, the notorious Medusa ransomware now exploits a Fortinet vulnerability, CVE-2023-48788, heightening the risk of stealth attacks. Experts urge immediate action to patch this flaw and safeguard against potential threats. Finally, the cybersecurity community is on edge as Lynx ransomware spreads rapidly, employing sophisticated encryption to evade detection. Efforts to decode its mechanics and prevent further breaches are underway, highlighting the race against time to keep networks secure.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

15 Sep 20243min

Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber, where we bring you the latest insights and updates from the cyber world. Today, we've got some pressing stories to cover. First up, Ivanti has raised alarms about an exploited vulnerability in its cloud appliance, urging immediate patch updates to safeguard against unauthorized system access—emphasizing the critical nature of cloud security. Next, genetic testing company 23andMe has settled a $30 million class-action lawsuit related to a 2023 data breach. Customers alleged genetic data exposure, prompting efforts to boost data protection. In a concerning twist, RansomHub ransomware actors are manipulating Kaspersky's trusted TDSSKiller tool to disable Endpoint Detection and Response systems, illustrating a sophisticated threat that underscores the importance of multi-layered cybersecurity strategies. Switching gears, Kawasaki Motors Europe confirmed a cyberattack by RansomHub in September, causing temporary disruptions. The attackers, demanding a ransom, claim possession of 487 GB of sensitive data. KME reports substantial restoration and ongoing security enhancements. Finally, a cautionary tale: an organization that paid a ransom to the Hazard ransomware group discovered their decryption tool failed, leaving data inaccessible. This case highlights the risks of relying on ransom payments for data recovery. Stay informed and ahead of the curve with Hacked dAily, where cybersecurity news meets AI-driven insights. Join us again tomorrow for your daily dose of cyber updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.

14 Sep 20243min