20-Dec-2024: CISA Flags BeyondTrust Flaw; Fortinet and Qualys Warn of Critical Cyber Threats
Dive into today's insights on Hacked dAily, the premier AI-driven cybersecurity podcast by Cytadel Cyber. Our first headline covers the Cybersecurity and Infrastructure Security Agency's (CISA) latest alert regarding a severe vulnerability in BeyondTrust software. The flaw, which impacts BeyondTrust Privilege Management, is reportedly being exploited, urging organizations to strengthen their defenses promptly. Next, we explore the alarming trend of sophisticated malware targeting engineering workstations within operational and industrial control systems. These cyber threats could disrupt vital industrial processes, making it imperative for companies to implement enhanced security measures. Our third story focuses on Fortinet's urgent advisory about a critical vulnerability in its FortiWLM wireless management product. Identified as CVE-2023-29163, this flaw poses a risk of unauthorized access, underscoring the need for immediate patch applications to protect vital network infrastructures. In other news, the cybersecurity community grapples with NotLockBit, a novel ransomware variant capable of wreaking havoc on both macOS and Windows platforms. With advanced capabilities like data exfiltration and self-deletion, it highlights the necessity for robust cybersecurity protocols and regular data backups. Finally, we discuss the transformative impact of AI on phishing scams. AI is making phishing more sophisticated and harder to identify, emphasizing the importance of training and vigilance in spotting inconsistencies and verifying suspicious communications. Join us tomorrow for more cybersecurity updates.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
20 Dec 20243min
19-Dec-2024 Credit Card Breach, Fake CAPTCHAs, and Evolving NodeStealer Threats
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber, where we dive into the critical cyber happenings shaping the digital landscape. Here's what's on our radar today: In a massive breach impacting millions, credit and debit card information of nearly 5 million consumers has been exposed, shedding light on persistent vulnerabilities in financial data security systems. Cybercriminals have upped their game with fake CAPTCHA pages mimicking trusted services such as Google and CloudFlare. These fraudulent pages execute malware through clipboard scripts, threatening user data with infostealers and remote-access trojans. A revamped version of the notorious Python malware, NodeStealer, targets Facebook Ads Manager accounts. This variant aims at data theft and unauthorized ad placements, stressing the need for enhanced cybersecurity measures for social media-reliant businesses. The NCC Group's latest Threat Pulse report reveals the rise of Ymir ransomware, emphasizing a notable collaboration among cybercriminals. Using a single-extortion approach, Ymir poses challenges for detection, with Europe and North America encountering a significant increase in ransomware incidents this November. Lastly, the use of AI by cybercriminals presents a new threat through "white pages," which disguise phishing schemes behind seemingly legitimate content. Leveraging AI-generated material, these pages demonstrate AI's dual potential in both constructive and malevolent applications. Stay tuned daily for essential cybersecurity insights with Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
19 Dec 20243min
18-Dec-2024 Breaches Shake Thai Police, Meta, Microsoft, Telecom Namibia and Protecting AI with Wald.ai
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber. On today's episode, we dive into the latest cyber threats, regulatory actions, and innovations in the industry. First up, Thai police systems are reeling from a cyberattack by the 'Yokai' backdoor. Originating from an unidentified hacker group, this breach exposes vulnerabilities in Thailand's governmental networks, sparking urgent calls for improved digital defenses. In Europe, Meta faces a €251 million fine by the Irish Data Protection Commission following a 2018 breach that compromised data from 29 million accounts. This hefty penalty highlights increasing regulatory scrutiny and long-lasting aftermaths tech giants face over data protection missteps. Across the tech landscape, Microsoft Azure Data Factory is grappling with bugs that threaten cloud infrastructure security. Potentially leading to unauthorized access and disruptions, these issues underscore the pressing need for robust security strategies. Microsoft is currently investigating and working to resolve these vulnerabilities. In other news, the ransomware group Interlock has breached Texas Tech University Health Sciences Center, impacting over 1.46 million patients. Similarly, Telecom Namibia suffers a cyberattack by the Hunters International Ransomware Gang, who leaked sensitive government data after unmet ransom demands. Lastly, Wald.ai has unveiled a new DLP tool to protect AI platforms, marking a significant step in data security for emerging technologies. Tune in tomorrow for the latest in cybersecurity. Stay safe out there!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
18 Dec 20243min
17-Dec-2024 FBI Alerts: HiatusRAT Threat, The Mask Returns, Lumma Infostealer Scams Emerge
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber. Stay tuned for today's top stories on the latest developments and threats in the cyber realm. First, the FBI is alerting organizations about cyberattacks utilizing HiatusRAT malware. This insidious malware targets network devices such as web cameras and DVRs, compromising security and privacy by granting hackers unauthorized access and control. Next, the Mask APT group, also known as Careto, has resurfaced with more advanced malware capable of targeting multiple platforms, including Windows, macOS, and Linux. The sophistication of these attacks poses increased risks to governments and businesses worldwide. In other news, cybercriminals are deploying malicious ads with fake CAPTCHA pages to spread the Lumma infostealer. This tactic deceives users into downloading the malware, leading to the theft of credentials and financial information. Stay vigilant in verifying online security checks to avoid falling prey. Additionally, the US Marshals Service faces a second ransomware attack within two years. This breach underscores the urgent need for enhanced cybersecurity measures to protect sensitive government data. Lastly, beware of a new investment scam leveraging AI and social media ads. These scams utilize fake testimonials and professional profiles to lure unsuspecting investors, emphasizing the importance of verifying investment opportunities. Join us tomorrow for another episode of Hacked dAily. Stay safe, stay secure.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
17 Dec 20243min
16-Dec-2024: Ukrainian Cyber Minors, Kaiser Phished, Clop Hits Cleo, TPU Theft Risks AI Models
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber. Stay updated on the latest in cyber threats and security trends every day. In today's top stories, the Ukraine-Russia conflict takes a disturbing turn as reports surface about Ukrainian minors being recruited for cyber operations. This development raises serious ethical concerns about the involvement of children in war-torn regions. Google's advertising platform becomes a battleground with a new phishing campaign targeting Kaiser Permanente employees. The attackers impersonated the health care company's HR portal and used a fake browser update to deploy the SocGholish malware, highlighting ongoing threats in search ads. Data theft makes headlines again as the Clop ransomware group claims to have infiltrated Cleo company's systems, exfiltrating sensitive information. This incident underscores the growing sophistication of ransomware attacks on businesses. In other news, Rhode Island's RIBridges system faces a ransomware threat, prompting potential data leaks and urging users to enhance their security measures. The state ensures affected households are informed about accessing free credit monitoring. Finally, we address a rising threat to AI industries with 'TPUXtract.' This new vulnerability allows attackers to extract AI models from Tensor Processing Units, emphasizing the urgent need for safeguarding AI intellectual property. Stay tuned for more updates on "Hacked dAily." Protecting your digital world starts with staying informed.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
16 Dec 20243min
15-Dec-2024 Cybersecurity Breaches Hit WordPress, Krispy Kreme, and Starbucks Amid Rising Global Threats
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber, your daily dose of the latest in the fast-evolving world of cybersecurity. In today's episode, we discuss a significant breach affecting WordPress. A supply chain attack has compromised around 390,000 accounts, infiltrating through a third-party component. Users are advised to change their passwords and verify the integrity of their plugins and themes. Next, we delve into Krispy Kreme's recent cyberattack that hit its US online ordering systems. This incident serves as a stark reminder of the importance of robust cybersecurity strategies across all industries. Current investigations are underway, with no confirmation yet on compromised customer data. In international news, the Russian cyber espionage group, Turla, has developed Android spyware targeting Ukrainian users. Disguised as a pro-Ukrainian app, this sophisticated malware reflects the growing complexity of state-sponsored cyber threats. Additionally, a ransomware attack has plagued a critical supplier, affecting operations at Starbucks and major UK supermarkets, resulting in significant supply chain disruptions. Finally, we discuss a survey highlighting AI-enhanced cyberattacks as a major threat to API security. These sophisticated attacks challenge current security frameworks, stressing the need for advanced protection measures. Stay tuned for today's insights and expert analysis on Hacked dAily.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
15 Dec 20243min
14-Dec-2024: PUMAKIT Threat, Cleo MFT Vulnerabilities, Prometheus Weakness, Open Source AI Security
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast brought to you by Cytadel Cyber, unraveling the latest in cyber threats and defenses! In today's episode, we dive into the emergence of PUMAKIT, a new Linux rootkit employing advanced stealth techniques to outsmart existing security measures. Discover how this malware is making waves in the cybersecurity landscape and why experts are on high alert. We also examine the warning from security analysts about an increase in zero-day exploits targeting Cleo Managed File Transfer systems. With potential risks to data integrity and confidentiality, we discuss the urgent need for enhanced defense strategies and patch management for organizations using Cleo’s solutions. In another critical update, our focus shifts to the vulnerabilities in Prometheus. Over 330,000 instances of this open-source monitoring platform are at risk due to default security settings, leaving systems exposed to denial-of-service attacks. Learn why it's essential to implement stringent security practices now. Elsewhere, we reflect on the infamous WannaCry ransomware attack, a stark reminder of the disruptive power of cyber threats and the importance of robust cybersecurity measures. Finally, we explore the collaborative world of open-source generative AI security tools. By embracing community-driven innovation, these tools promise to fortify defenses against AI-generated threats. Stay ahead of threats with Hacked dAily!This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
14 Dec 20243min
13-Dec-2024: FBI Takes Down Rydox Marketplace; Apple Faces Security Flaw; Teams Exploited by Hackers
Welcome to Hacked dAily, the first AI-driven cybersecurity podcast by Cytadel Cyber, bringing you the latest in cyber news and security breakthroughs every day. In today's episode, we cover some of the most pressing issues in the cybersecurity world. First, the FBI has shut down the Rydox Marketplace, a notorious platform for selling personal data, seizing $225,000 in cryptocurrency linked to over 7,600 illicit sales. This operation strikes a major blow against online data trafficking. Next, a newly discovered symlink exploit threatens Apple's TCC privacy framework in iOS and macOS systems, raising alarms about the potential for unauthorized data access by malicious apps without user consent. We also delve into a new "vishing" tactic using Microsoft Teams, where cybercriminals impersonate IT support to install DarkGate malware in corporate systems. This highlights the need for robust security measures in virtual communication tools. In other news, Rutherford County Schools in Tennessee face a ransomware attack with hackers demanding 20 Bitcoin, but school officials refuse to pay, focusing instead on strengthening cybersecurity after staff data appeared on the dark web. Finally, businesses are leveraging AI and open data to better manage third-party risks, improving both security protocols and operational efficiency. Stay tuned for these stories and more tomorrow on Hacked dAily.This episode is sponsored by Cytadel Cyber. Specialist in Ransomware Readiness Assessments, Threat Intel-Led Red Teaming, AI DeepFakes, AI Voice Cloning and AI Vishing Simulations. Cyatdel helps you test your cyber resilience against the threats of today, keeping your data secure. Checkout cytadel.co.uk for more information.
13 Dec 20243min
