15-Sep-2024 Cyber Breach Roundup: Games Box, ECBaw, and Lynx Ransomware Threats
Welcome to Hacked dAily, the first-ever AI-driven cybersecurity podcast created by Cytadel Cyber, delivering the latest in digital defenses every day. Today, we dive into a series of alarming breaches and evolving threats that underscore the ever-present cyber risks in our digital world. In our first story, the popular online gaming platform Games Box has confirmed a breach affecting over 1.4 million user accounts. Compromised data includes usernames, encrypted passwords, and email addresses. Affected users are urged to change passwords and watch out for phishing attempts. Next, ecbawm[.]com has reportedly suffered a ransomware attack, with 246GB of data compromised according to the Abyss Onion Dark Web blog. The attackers' claims were highlighted by RedPacket Security, which does not facilitate ransomware distributions. Shifting focus, the Illinois Bone & Joint Institute and Access Sports Medicine & Orthopedics report breaches affecting a combined 270,000 individuals. Both clinics have reinforced security measures and offer complimentary credit monitoring to those impacted. In other unsettling news, the notorious Medusa ransomware now exploits a Fortinet vulnerability, CVE-2023-48788, heightening the risk of stealth attacks. Experts urge immediate action to patch this flaw and safeguard against potential threats. Finally, the cybersecurity community is on edge as Lynx ransomware spreads rapidly, employing sophisticated encryption to evade detection. Efforts to decode its mechanics and prevent further breaches are underway, highlighting the race against time to keep networks secure.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
15 Sep 20243min
14-Sep-2024: Ivanti Urgent Patch, 23andMe Settlement, RansomHub Targets Kaspersky & Kawasaki
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber, where we bring you the latest insights and updates from the cyber world. Today, we've got some pressing stories to cover. First up, Ivanti has raised alarms about an exploited vulnerability in its cloud appliance, urging immediate patch updates to safeguard against unauthorized system access—emphasizing the critical nature of cloud security. Next, genetic testing company 23andMe has settled a $30 million class-action lawsuit related to a 2023 data breach. Customers alleged genetic data exposure, prompting efforts to boost data protection. In a concerning twist, RansomHub ransomware actors are manipulating Kaspersky's trusted TDSSKiller tool to disable Endpoint Detection and Response systems, illustrating a sophisticated threat that underscores the importance of multi-layered cybersecurity strategies. Switching gears, Kawasaki Motors Europe confirmed a cyberattack by RansomHub in September, causing temporary disruptions. The attackers, demanding a ransom, claim possession of 487 GB of sensitive data. KME reports substantial restoration and ongoing security enhancements. Finally, a cautionary tale: an organization that paid a ransom to the Hazard ransomware group discovered their decryption tool failed, leaving data inaccessible. This case highlights the risks of relying on ransom payments for data recovery. Stay informed and ahead of the curve with Hacked dAily, where cybersecurity news meets AI-driven insights. Join us again tomorrow for your daily dose of cyber updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
14 Sep 20243min
13-Sep-2024 Fortinet Data Breach, AI Firms Tackle Deepfakes, London Transit Cyber Attack Arrest
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast created by Cytadel Cyber. Join us as we swiftly dissect today's top stories in the ever-evolving realm of cybersecurity. First on our radar is Fortinet, a well-known cybersecurity firm that has confirmed a data breach after a hacker claimed to have stolen 440GB of data. While the specifics remain undisclosed, this incident spotlights vulnerabilities even among top-tier cybersecurity providers. In London, a 17-year-old suspect was arrested following a cyber attack targeting the city's transport network. The investigation continues as authorities strive to understand the breach's extent and underlying motives. Meanwhile, the White House has orchestrated a partnership with leading AI companies to tackle the issue of deepfake pornography. This collective effort is aimed at reinforcing digital consent and enhancing detection techniques to uphold privacy in the digital era. In other news, the "Socially Savvy Scattered Spider" emerges as a new threat, using advanced phishing techniques against cloud administrators. Organizations are urged to tighten defenses and educate employees on cybercriminal strategies. Lastly, K-Pop stars are facing violations of privacy due to deepfake pornography, prompting an outcry for stricter regulations and advanced protections. As this trend disturbs the entertainment industry, the call for technological safeguards grows louder. Stay tuned as we decode more stories and continue to navigate the cybersecurity landscape. Be informed, stay secure with Hacked dAily.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
13 Sep 20243min
12-Sep-2024: Healthcare Data Breach, Fraud Spike, Pokémon GO Spying Allegations, EU Cyber Laws Boost
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast, brought to you by Cytadel Cyber. Stay updated with the latest cyber news and insights as our AI dissects today's top headlines. Our top story covers a high-profile ransomware case where a major healthcare provider has settled for $65 million following a cyber attack that compromised sensitive patient data. This settlement addresses damages and aims to bolster future cybersecurity measures within the healthcare sector. We're also seeing a spike in fraud and scam complaints this year, as increasing online activities have given scammers new tools and anonymity. Authorities are urging heightened vigilance and the development of stricter legislation to counter these threats. In a unique twist, a Belarusian military official has voiced concerns over Pokémon GO, claiming the game could be exploited for intelligence gathering due to its geolocation features. This raises new questions about the potential national security risks of digital applications. The European Union is taking a stronger stance on cybersecurity with the anticipated rollout of NIS2, DORA, and Tiber-EU, set to enhance security measures and test cyber defenses across various sectors. Lastly, Google Cloud is introducing air-gapped backup vaults to its Backup and Disaster Recovery service to counter ransomware threats. These impenetrable vaults are designed to safeguard data, ensuring its protection by isolating backups from customer projects. Join us daily on Hacked dAily for more up-to-the-minute cybersecurity news and analysis.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
12 Sep 20243min
11-Sep-2024: NoName's RansomHub, Slim CD Breach, SonicWall Exploited & Fake Funeral Scams
Welcome to Hacked dAily, the first AI-Driven Cybersecurity Podcast created by Cytadel Cyber, delivering your daily dose of cyber mayhem updates. In today's top stories, the NoName ransomware gang introduces RansomHub, a new innovation in their cybercrime toolkit, further complicating lives by encrypting files and taking instructions from a command server. Meanwhile, Slim CD's data breach exposes personal and credit card details of 1.7 million users, becoming a festive season for hackers who fancy your information but thankfully skipped on the CVV data. SonicWall's SSLVPN devices face exploitation by ransomware actors who can't resist a good, unpatched vulnerability, prompting users to update or risk donating data to cyber crooks. In other news, fake funeral livestream scams are emerging, taking advantage of grieving individuals by leading them into malware-laden traps instead of virtual memorial services. And finally, a cyber attack on German air traffic control sends authorities into a tailspin, highlighting the vulnerability of even the skies to digital disruption, leaving travelers to ponder the real control behind their flights. Stay tuned for more cybersecurity insights and stories you won't want to miss on Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
11 Sep 20243min
10-Sep-2024: Meta Fixes WhatsApp Flaw, VS Code Exploited, SonicWall Targeted, SLIM CD Data Breach
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. Tune in for today’s top cyber news stories and updates to keep you informed and secure. First up, Meta has swiftly repaired a vulnerability in WhatsApp's "View Once" feature, originally allowing users to store images and videos permanently. This update reinforces privacy for WhatsApp users, so remember to update your app now! Next, a sophisticated cyber campaign by Chinese hackers has come to light, exploiting a vulnerability in Visual Studio Code. By disguising malicious software as legitimate updates, they have targeted organizations in Southeast Asia, highlighting the crucial need for vigilance in software security. Our third story covers the escalating threat from Akira ransomware actors who are exploiting a newly revealed vulnerability in SonicWall’s Secure Mobile Access appliances. This flaw permits remote code execution, urging immediate patching to safeguard against potential network breaches. In other news, a significant breach at Payment Gateway SLIM CD has jeopardized the data of 1.7 million users, leaking sensitive information such as credit card details. SLIM CD is actively enhancing security and collaborating with authorities to handle the breach effectively. Finally, Avis Car Rental has disclosed a security breach that affected 300,000 customers. Hackers accessed private information, prompting Avis to provide free credit monitoring and bolster their security protocols. Stay tuned for tomorrow’s episode of Hacked dAily for more cybersecurity insights and updates. Stay safe and secure!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
10 Sep 20243min
09-Sep-2024: US Targets Cadet Blizzard; Lazarus Group's New Scam; Akira Targets SonicWall Vulnerability
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber. Every day, we delve into the latest cyber threats and unravel the complex digital web of global hacking groups, so you stay informed and secure. In today's episode, we begin with news of a $10 million reward from the U.S. government for information on Cadet Blizzard, a notorious Russian hacking group implicated in a slew of severe cyberattacks. This initiative underscores the urgency of bolstering national and private sector security defenses. Next, we spotlight the Lazarus Group from North Korea, now deploying a deceptive phishing plot against blockchain professionals. By posing as reputable entities, the group aims to access digital assets through malicious fake video apps and job offers. We then explore Akira ransomware's exploitation of a new vulnerability, CVE-2024-40766, in SonicWall's SSLVPN products. This flaw could allow attackers to bypass corporate network security. Experts urge immediate patching to defend against these emerging threats. In other news, the HazardCC hacker group has escalated its email scam operations, targeting individuals and businesses with ransom demands paid in cryptocurrencies. Experts advise ignoring such emails and implementing stronger security measures. Finally, the Fog ransomware group has turned its focus to the financial sector, posing new dangers to banks and financial institutions with its advanced attack techniques, potentially leading to significant fiscal losses and breaches. Stay tuned for more updates as we continue to navigate the ever-evolving landscape of cybersecurity threats.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
9 Sep 20243min
08-Sep-2024 RAMBO Cyber Threat, Sextortion Scams, Major Data Breaches at Connexure and Avis
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast, bringing you the latest in cyber threats and data breaches. Today, we're diving into some of the most pressing cybersecurity stories. First up, we uncover the alarming RAMBO attack, a new cyber method targeting air-gapped computers by extracting data from their RAM using electromagnetic emissions. This novel approach challenges the security of physically isolated systems. Next, we delve into a disturbing twist in sextortion scams. Scammers are now using the names of victims' alleged cheating spouses to blackmail them for cryptocurrency, increasing vigilance among potential targets. In a significant data breach, the personal information of around 1 million Canadians was compromised through an airport parking service, exposing sensitive details. We urge affected individuals to monitor their accounts closely. We also discuss Young Consulting, now Connexure, suffering a massive ransomware attack by the BlackSuit group, compromising 954,177 personal records. The company is responding with strengthened security protocols and offering credit monitoring services to those impacted. Lastly, Avis disclosed a data breach affecting customers, exposing personal data and prompting enhanced security measures to prevent future breaches. Stay tuned for more breaking news in cybersecurity with Hacked dAily.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
8 Sep 20242min
