20-Jan-2025 TikTok Stays, HPE Breach, Sage AI Fix, and OpenAI Security Concerns
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast developed by Cytadel Cyber, delivering essential cyber news every day. Today's episode kicks off with an update on TikTok's status in the United States. Former President Donald Trump has granted an extension, allowing the app more time amidst privacy and national security concerns, while negotiations for compliance with US regulations continue. Next, we delve into a concerning breach at Hewlett Packard Enterprise. Hackers claim to have accessed sensitive data, now up for sale, prompting HPE to investigate and enhance security measures to mitigate potential risks for themselves and their clients. We also discuss the temporary grounding of Sage's AI tool, Copilot, due to detected misbehavior. This pause ensured the system's integrity was restored, with services resuming shortly to support uninterrupted business operations. In our "In Other News" segment, we reflect on the inception of ransomware, tracing back 35 years to the "AIDS Information" attack, highlighting the early days of digital extortion and its evolution into today's formidable ransomware threats. Finally, we explore concerns over OpenAI's ChatGPT crawler, designed for AI training, now potentially exploitable for DDoS attacks. This discovery underscores the urgent need for enhanced security strategies to safeguard against AI misuse. Tune in to stay ahead in the ever-evolving world of cybersecurity.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
20 Jan 3min
19-Jan-2025: TikTok Banned in the US, FTC Orders GM, FBI Security Concerns, PMUSA Ransom Breach
Welcome to Hacked dAily, the first AI-Driven Cybersecurity Podcast by Cytadel Cyber, where we bring you up-to-date news on cybersecurity threats and developments. In today's episode, we delve into the latest and most pressing cyber news worldwide. First, the United States is planning a federal ban on TikTok set for January 2025, following security concerns over data privacy and potential ties to the Chinese government, impacting millions of users and creators. Next, the Federal Trade Commission has ordered General Motors to halt the collection and sale of drivers' personal data. This move aims to bolster consumer privacy protections amid worrying trends in digital data misuse. The FBI has faced a security breach suspected to involve hacked phone logs, underscoring vulnerabilities in its communication systems and pushing for enhanced cybersecurity measures to safeguard sensitive information. In other news, Medusa ransomware has targeted PMUSA, demanding a $1.2 million ransom to avoid leaking sensitive data, highlighting the pressing need for robust security solutions against escalating ransomware threats. Lastly, the 2024 ISC2 Cybersecurity Workforce Study reveals AI has surged as a critical security skill even amidst a shortage of AI expertise. Despite this, layoffs and budget cuts challenge the industry, stressing the importance of problem-solving and communication skills as AI reshapes cybersecurity demands. Stay tuned for daily insights on the ever-evolving cybersecurity landscape with Hacked dAily.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
19 Jan 3min
18-Jan-2025 Otelier Data Breach, PHP Bot Attacks, Trojanized Image Campaigns, and AI Privacy Risks
Welcome to Hacked dAily, the first AI-Driven Cybersecurity Podcast by Cytadel Cyber, where we bring you the most pressing cybersecurity news every day. In today's episode, we start with a massive data breach at Otelier, a travel tech company, exposing the personal details and hotel reservations of potentially millions. The root cause? A simple misconfiguration of their database. Next, we dive into the realm of automated cyber attacks, as Python-based bots exploit vulnerabilities in PHP servers to proliferate illegal online gambling platforms. This highlights a concerning trend of using automation for malicious endeavors. We then explore a novel technique used by cybercriminals: trojanized images. These seemingly harmless images carry hidden malware, showcasing the innovative tactics being deployed to bypass traditional security defenses. In other news, the ransomware gang Inc has taken responsibility for a cyberattack on Taylor Regional Hospital, impacting healthcare operations and illustrating an alarming increase in ransomware assaults on U.S. medical facilities in 2024. Lastly, we address rising cybersecurity threats related to employees inputting sensitive data into generative AI without proper measures, risking data breaches and privacy concerns. Companies are urged to enforce stricter guidelines to safeguard information. Tune in to stay informed and ahead of potential cyber threats. Join us tomorrow for more insights on navigating the ever-evolving digital landscape!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
18 Jan 3min
17-Jan-2025 TikTok & AliExpress Face Legal Heat, Gmail Users Under Cyber Attack, AI Security Concerns Unveiled
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber. Every day, we delve into the latest developments in the world of cybersecurity to keep you informed and prepared. Today's top story focuses on a major legal battle as a European privacy advocacy group takes on TikTok and AliExpress. These platforms are accused of violating EU privacy laws by allegedly transferring user data to China, raising serious privacy concerns. Next, we cover a sophisticated cyber attack affecting Gmail users. Hackers have found a way to compromise encryption keys, allowing them to access sensitive information. We discuss the implications and urge users to bolster their account security. In another alarming development, 4.2 million internet hosts are vulnerable to hijacking due to bugs in tunneling protocols. This flaw could lead to massive data breaches and disrupted communications, highlighting the urgent need for patches. On a different note, a biotech company agrees to a $7.5 million settlement over a ransomware attack that exposed sensitive data. This settlement aims to compensate those affected by this breach. Lastly, Microsoft researchers reveal that AI technology cannot be entirely secure. Tests on their own AI systems showed inherent vulnerabilities, underscoring the complex security challenges posed by AI advancements. Stay tuned to Hacked dAily for your essential cybersecurity updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
17 Jan 3min
16-Jan-2025 Quantum Espionage and FortiGate Leaks Dominate Cybersecurity Headlines
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast powered by Cytadel Cyber. Each day, we bring you the latest in cybersecurity news and insights to keep you informed and secure in a rapidly changing digital world. In today's episode, we dive into the shadowy world of quantum espionage, where Russian spies are targeting U.S. university labs to steal cutting-edge quantum computing research. This high-stakes "shadow war" has prompted the CIA and NSA to ramp up cybersecurity efforts to safeguard sensitive breakthroughs from falling into the wrong hands. Next, we discuss the FortiGate device leak, where hackers have exposed configuration files and VPN credentials for 15,000 devices. This incident underscores the critical need for organizations to secure VPN configurations and regularly update hardware to prevent unauthorized access. Then, we cover Salt Typhoon attacks—Chinese cyber campaigns targeting U.S. telecommunications. CISA’s coordinated response highlights the ongoing challenges of securing critical infrastructure against advanced foreign threats, especially in the face of outdated technology vulnerabilities. In other news, the Cl0p ransomware group has exploited a critical flaw in Cleo’s managed file transfer software, affecting at least 66 organizations. Despite an available patch, delayed updates leave many companies at risk, emphasizing the importance of timely patch management. Lastly, we explore AI-focused cybersecurity efforts with a new playbook released by CISA, the FBI, and NSA. This initiative encourages collaboration and information sharing to counter AI-related threats and aligns with recent executive orders on AI security. Stay tuned for tomorrow's episode for more on your daily cybersecurity updates. This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Visit cytadel.co.uk for more information.
16 Jan 3min
15-Jan-2025 Google OAuth Flaw and FBI's PlugX Takedown Lead Cybersecurity Updates
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast powered by Cytadel Cyber. Each day, we bring you the latest in cybersecurity news and insights to keep you informed and secure in a rapidly changing digital world. In today's episode, we delve into a recent discovery of a security flaw within Google's OAuth system. This vulnerability could allow attackers to exploit abandoned accounts due to weak token management practices. We highlight the critical need for effective token management policies to protect user data. Next, we discuss the FBI's successful operation against PlugX malware. After months of investigation, the agency has eradicated this remote access threat from over 4,250 compromised systems in the U.S., offering enhanced security and peace of mind to thousands of affected users. Then, we cover Snyk's clarification on seemingly malicious packages found on the NPM registry. These packages were part of a controlled research effort to shed light on security vulnerabilities, promoting awareness and better practices in package management. In other news, the UK government is weighing a potential ban on ransomware payments within critical sectors, aiming to stem rising cyber attacks by focusing on prevention and resilience. Lastly, we explore the risks and strategies for securing enterprises as they adopt AI and multicloud infrastructures, emphasizing the importance of robust risk management and cross-department collaboration. Stay tuned for tomorrow's episode for more on your daily cybersecurity updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
15 Jan 3min
14-Jan-2025 Telefonica, ICAO, Nominet, AWS Ransomware & Microsoft's Human-Centric Security
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. Every day, we bring you the latest news, updates, and insights from the cybersecurity world, ensuring you're up-to-date in this fast-paced digital landscape. In today's episode, we unravel four major stories shaking the cyber world: 1. A significant breach has struck Telefonica’s ticketing system, following an attack by infostealer malware that exploited stolen credentials. This incident emphasizes the critical vulnerabilities organizations face and the necessity to fortify cybersecurity defenses. 2. The International Civil Aviation Organization (ICAO) faces a potential cybersecurity breach from a notorious cybercriminal group, with claims of up to 42,000 sensitive documents being compromised. This event adds to a streak of cyberattacks on UN agencies, urging a call for reinforced security practices. 3. UK Domain Registry Nominet has encountered a cyber threat via a zero-day vulnerability in Ivanti's VPN software, potentially involving Chinese state-sponsored hackers. While no data theft has been confirmed, Nominet is actively enhancing security and investigating the incident alongside experts. 4. In other news, a ransomware group dubbed "Codefinger" has innovated by exploiting Amazon Web Services' SSE-C to encrypt data in Amazon S3 buckets, presenting a novel threat to organizations using AWS. Lastly, Microsoft advocates the irreplaceable role of human ingenuity in red-teaming, crucial for detecting system vulnerabilities despite AI advancements. Tune in tomorrow for more essential updates on Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
14 Jan 3min
13-Jan-2025 Cybersecurity Breaches: Scholastic & Teton Orthopaedics Hit; WordPress Skimmer Risks
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. Every day, we bring you the latest news, trends, and insights from the cyber world to keep you ahead of the curve. In today's episode: Our top story delves into a disturbing discovery where expired domains are being used to control over 4,000 backdoors on compromised systems. These vulnerabilities put sensitive data at risk as cybercriminals exploit under-the-radar access points. In WordPress news, a new threat has emerged with cybercriminals injecting skimmers directly into database tables. This advanced method bypasses usual detection tactics, making it easier for hackers to siphon off payment details without leaving digital footprints. Next, the infamous hacker known as Furry has infiltrated Scholastic's database, compromising the personal information of 8 million users. Listen as we discuss the implications and the steps Scholastic is taking to address this massive breach. Over in the healthcare sector, Teton Orthopaedics is grappling with a ransomware attack affecting patient data. Discover the ongoing efforts to rectify this nine-month-old security lapse and protect patient confidentiality. Finally, we explore how AI is revolutionizing cybersecurity by mimicking hacker tactics to identify vulnerabilities. This proactive approach is changing the game, making networks more resilient against evolving threats. Stay informed and cyber-savvy with Hacked dAily. Listen now!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
13 Jan 3min
