15-Jan-2025 Google OAuth Flaw and FBI's PlugX Takedown Lead Cybersecurity Updates
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast powered by Cytadel Cyber. Each day, we bring you the latest in cybersecurity news and insights to keep you informed and secure in a rapidly changing digital world. In today's episode, we delve into a recent discovery of a security flaw within Google's OAuth system. This vulnerability could allow attackers to exploit abandoned accounts due to weak token management practices. We highlight the critical need for effective token management policies to protect user data. Next, we discuss the FBI's successful operation against PlugX malware. After months of investigation, the agency has eradicated this remote access threat from over 4,250 compromised systems in the U.S., offering enhanced security and peace of mind to thousands of affected users. Then, we cover Snyk's clarification on seemingly malicious packages found on the NPM registry. These packages were part of a controlled research effort to shed light on security vulnerabilities, promoting awareness and better practices in package management. In other news, the UK government is weighing a potential ban on ransomware payments within critical sectors, aiming to stem rising cyber attacks by focusing on prevention and resilience. Lastly, we explore the risks and strategies for securing enterprises as they adopt AI and multicloud infrastructures, emphasizing the importance of robust risk management and cross-department collaboration. Stay tuned for tomorrow's episode for more on your daily cybersecurity updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
15 Jan 3min
14-Jan-2025 Telefonica, ICAO, Nominet, AWS Ransomware & Microsoft's Human-Centric Security
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. Every day, we bring you the latest news, updates, and insights from the cybersecurity world, ensuring you're up-to-date in this fast-paced digital landscape. In today's episode, we unravel four major stories shaking the cyber world: 1. A significant breach has struck Telefonica’s ticketing system, following an attack by infostealer malware that exploited stolen credentials. This incident emphasizes the critical vulnerabilities organizations face and the necessity to fortify cybersecurity defenses. 2. The International Civil Aviation Organization (ICAO) faces a potential cybersecurity breach from a notorious cybercriminal group, with claims of up to 42,000 sensitive documents being compromised. This event adds to a streak of cyberattacks on UN agencies, urging a call for reinforced security practices. 3. UK Domain Registry Nominet has encountered a cyber threat via a zero-day vulnerability in Ivanti's VPN software, potentially involving Chinese state-sponsored hackers. While no data theft has been confirmed, Nominet is actively enhancing security and investigating the incident alongside experts. 4. In other news, a ransomware group dubbed "Codefinger" has innovated by exploiting Amazon Web Services' SSE-C to encrypt data in Amazon S3 buckets, presenting a novel threat to organizations using AWS. Lastly, Microsoft advocates the irreplaceable role of human ingenuity in red-teaming, crucial for detecting system vulnerabilities despite AI advancements. Tune in tomorrow for more essential updates on Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
14 Jan 3min
13-Jan-2025 Cybersecurity Breaches: Scholastic & Teton Orthopaedics Hit; WordPress Skimmer Risks
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. Every day, we bring you the latest news, trends, and insights from the cyber world to keep you ahead of the curve. In today's episode: Our top story delves into a disturbing discovery where expired domains are being used to control over 4,000 backdoors on compromised systems. These vulnerabilities put sensitive data at risk as cybercriminals exploit under-the-radar access points. In WordPress news, a new threat has emerged with cybercriminals injecting skimmers directly into database tables. This advanced method bypasses usual detection tactics, making it easier for hackers to siphon off payment details without leaving digital footprints. Next, the infamous hacker known as Furry has infiltrated Scholastic's database, compromising the personal information of 8 million users. Listen as we discuss the implications and the steps Scholastic is taking to address this massive breach. Over in the healthcare sector, Teton Orthopaedics is grappling with a ransomware attack affecting patient data. Discover the ongoing efforts to rectify this nine-month-old security lapse and protect patient confidentiality. Finally, we explore how AI is revolutionizing cybersecurity by mimicking hacker tactics to identify vulnerabilities. This proactive approach is changing the game, making networks more resilient against evolving threats. Stay informed and cyber-savvy with Hacked dAily. Listen now!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
13 Jan 3min
12-Jan-2025: Phishing Scams, Fake Exploits, and Microsoft's Legal Battle Against Hackers
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber, bringing you the latest news from the cyber world, every day. In today's episode, we delve into some pressing issues within the realm of cybersecurity. Firstly, cyber experts have uncovered a phishing campaign where attackers disguise themselves as CrowdStrike recruiters, distributing malware via fake job offers. This underlines the critical need for vigilance when receiving unsolicited communications. Next, a deceptive GitHub repository claiming to be an LDAPNightmare exploit is instead spreading Infostealer malware, highlighting the abuse of trusted platforms by malicious actors. Users are advised to exercise caution and verify the authenticity of software tools before use. In another significant development, Microsoft is taking legal action against a hacking group accused of misusing Azure's AI for generating harmful content. This lawsuit emphasizes Microsoft's dedication to protecting its customer's data and ensuring the security of its AI services. The American Radio Relay League has become the latest victim of a ransomware attack, causing disruption to its systems. The organization is actively working to restore operations, while the extent of data compromise remains undisclosed. Lastly, new research indicates AI agents may soon outnumber human users across many applications, as AI becomes more embedded in everyday processes, signaling a potential shift in technological interactions. Stay tuned with us as we keep you ahead in the cybersecurity landscape.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
12 Jan 3min
11-Jan-2025 Apple's USB-C Hack, DOJ on Bitzlato, Microsoft's Outlook Update, AI-Assisted Ransomware
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast crafted by Cytadel Cyber. Join us every day as we uncover the latest cyber threat landscape. In today's top story, Apple's latest innovation, the ACE3 USB-C controller in the iPhone 15 series, faces a security breach. Researchers have hacked through Apple's enhanced defenses using advanced techniques like RF side-channel analysis, challenging the robustness of even top-tier device security. Next, the Department of Justice charges three Russian nationals with operating crypto mixing services linked to large-scale cybercrimes. Bitzlato and Hydra's operations processed billions linked to illicit activities, as legal efforts intensify against cybercrime financing. We also explore Microsoft's decision to automatically install the new Outlook on Windows 10 PCs starting February. Aimed at enhancing user efficiency, this transition reflects Microsoft's goal of unifying and streamlining their productivity tools. On the horizon, the FunkSec group is under the spotlight for employing AI-assisted code in ransomware attacks. Leveraging AI, FunkSec increases attack sophistication and impact, posing significant challenges to cybersecurity defenses worldwide. Finally, a troubling trend emerges as threat actors use AI to bypass multifactor authentication with deepfake tools, compromising account security. As cybercriminals employ advanced AI methods, experts stress the necessity for adaptive security measures to safeguard against evolving threats. Tune in tomorrow for more cutting-edge cybersecurity updates from Hacked dAily. Stay safe online!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
11 Jan 3min
10-Jan-2025: Espionage in Japan, Google Lawsuit Advances, Mac Malware Surfaces
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber. Tune in to your daily dose of the latest in cybersecurity news. In today's top story, a Chinese advanced persistent threat group has mounted a sophisticated espionage campaign targeting Japan. This operation has compromised sensitive data across sectors such as defense and finance, highlighting the ongoing cybersecurity tensions between the two nations. Meanwhile, a federal judge has allowed a class-action lawsuit against Google to proceed, as users allege privacy violations while browsing in "incognito" mode. Google's failed attempt to dismiss the case brings data privacy issues into the legal spotlight. In the tech world, security researchers have identified a new malware strain, Banshee 2.0, that cleverly uses Apple's encryption methods to bypass Mac's defenses. This threat underscores the challenges in safeguarding devices against sophisticated attacks leveraging legitimate software features. Elsewhere, Slovakia faces its largest cyber-attack to date, with ransomware crippling the National Land Registry Agency's IT systems. This incident reveals vulnerabilities in national infrastructures and the increasing capabilities of international cybercriminals. Finally, our experts discuss the growing role of artificial intelligence in combatting ransomware. By utilizing real-time data analysis and machine learning, AI promises to enhance threat detection and response, fortifying digital security against ever-evolving cyber threats. Join us tomorrow for another briefing on the critical developments in cybersecurity.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
10 Jan 3min
09-Jan-2025: PayPal and Gravy Breaches, Microsoft Battles AI Hackers, Cybersecurity Warnings
Welcome to Hacked dAily, your go-to source for the latest in cybersecurity news, powered by Cytadel Cyber! We're diving into today's top stories to keep you informed and secure. First up, a clever phishing scam is capturing PayPal users off guard. Attackers are sending emails from genuine-looking PayPal addresses, tricking recipients into sharing personal information. Stay alert, check email authenticity, and refrain from clicking dubious links. Next, Gravy Analytics is scrambling after a potential data breach. Millions of users' location data may have been exposed, potentially endangering privacy. This breach highlights the critical importance of data security and regulatory compliance. Meanwhile, scams targeting individuals with fake bank and government officials are escalating. These fraudsters persuade victims to install remote access apps to steal OTPs, compromising bank accounts. Authorities urge you to protect your personal information. In healthcare news, Virtual Private Network Solutions has entered a settlement with the U.S. Department of Health and Human Services following their ninth ransomware-related probe. This underlines the persistent cybersecurity challenges in healthcare, requiring strict adherence to the HIPAA Security Rule. Lastly, Microsoft is cracking down on foreign cybercriminals accused of exploiting their Azure OpenAI services. By suing these actors for breaching multiple laws, Microsoft aims to dismantle their networks and halt harmful AI content. Stay tuned tomorrow for more updates on Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
9 Jan 3min
08-Jan-2025: UK Fights Deepfake Abuse, PowerSchool Data Breach, CISA Warns on Mitel & Oracle
Welcome to Hacked dAily, the first AI-Driven Cybersecurity Podcast brought to you by Cytadel Cyber. Tune in daily for your quick dose of top cybersecurity headlines and insights. In today's episode: The UK government is pushing back against the misuse of digital imaging technology, particularly the creation and spread of sexually explicit deepfakes without consent. The new law aims to safeguard privacy and provide legal avenues to combat non-consensual intimate image abuse. We'll also cover a significant breach involving the PowerSchool platform, compromising data from K-12 schools. The quest to uncover the breach's full implications is underway as officials bolster cybersecurity to protect sensitive data. The Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations to critical vulnerabilities in Mitel and Oracle systems. These security flaws, if unaddressed, could result in unauthorized access and operational disruptions, underscoring the urgent need for system updates. In other news, a ransomware attack on Casio has led to a data breach affecting 8,500 individuals. Casio is collaborating with authorities to strengthen security and inform those impacted. Finally, we explore the growing threat of AI-driven cyberattacks, which are now considered riskier than traditional endpoint threats. As AI evolves, so do the tactics of cybercriminals, urging organizations to innovate their defenses. Stay informed with Hacked dAily—your go-to source for all things cybersecurity.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
8 Jan 3min
