Cyber Bites - 7th March 2025 episode artwork

EPISODE · Mar 6, 2025 · 7 MIN

Cyber Bites - 7th March 2025

from Cyber Bites · host Edwin Kwan

* Disney Engineer's Life Destroyed by Malicious AI Download* Global Security Flaw Exposes Sensitive Employee Data and Physical Vulnerabilities* Malicious PyPi Package Pirating Deezer Music for Years* Code Security Remains Crucial, Even in Hardened Environments* Google Introduces AI Scam Detection for Android2025_03_07 - Google Disney Engineer's Life Destroyed by Malicious AI Downloadhttps://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931A former Disney engineer, Matthew Van Andel, had his life turned upside down after downloading a seemingly harmless AI tool from GitHub. The software, intended for creating AI images, contained malware that granted hackers access to his computer and sensitive data.The hackers stole his Disney login credentials, leading to the leak of over 44 million Disney internal slack messages, including customer information, employee passport numbers, and financial data. They also accessed his personal accounts, stealing credit card numbers, leaking his social security number, and even gaining access to his home Ring cameras.Matthew was subsequently fired from Disney after a forensic analysis of his work computer found he had accessed pornographic material, which he denies. He lost his health insurance and $200,000 in bonuses.The incident highlights the dangers of downloading software from untrusted sources and the vulnerability of personal and corporate data to sophisticated cyberattacks. Lot of people think that content from GitHub are trustworthy and they couldn't be more wrong. Matthew's case underscores the importance of strong password security, two-factor authentication, and vigilance against malicious software. He was using 1Password as his password manager but didn't have any 2FA access on it.Global Security Flaw Exposes Sensitive Employee Data and Physical Vulnerabilitieshttps://www.modat.io/post/doors-wide-open-critical-risks-in-amsA widespread security risk has been discovered involving misconfigured and exposed Access Management Systems (AMS) across numerous industries and countries.This exposure has resulted in hundreds of thousands of employee records, including personal identification details, biometric data, photographs, and work schedules, being accessible online. Additionally, the physical security of thousands of organizations has been compromised, allowing potential unauthorized entry into buildings and bypassing physical security measures.The affected sectors include construction, healthcare, education, manufacturing, oil, and government entities, with a high concentration of exposed systems found in European countries, the US, and the MENA region.The consequences of these vulnerabilities range from financial losses and regulatory penalties, such as GDPR fines, to severe breaches leading to identity theft, unauthorized access, and disclosure of confidential business information.The report emphasizes the critical need for organizations to implement robust security measures, including restricting internet access to AMS, regularly updating security patches, changing default credentials, and implementing continuous monitoring to protect sensitive data and maintain physical security.Malicious PyPi Package Pirating Deezer Music for Yearshttps://socket.dev/blog/malicious-pypi-package-exploits-deezer-api-for-coordinated-music-piracyA PyPi package named 'automslc,' downloaded over 100,000 times since 2019, has been pirating music from the Deezer streaming service using hardcoded credentials.The package bypasses Deezer's limitations and downloads full-length, high-quality audio files for offline listening and distribution, violating Deezer's terms of service and copyright laws.Security firm Socket discovered the package, noting that while it functions as a piracy tool, it also utilizes command-and-control infrastructure, potentially turning users into a distributed network.This raises concerns about the potential for the tool to be repurposed for other malicious activities.The package remains available on PyPi at the time of reporting, and users are warned of the legal risks associated with its use.Code Security Remains Crucial, Even in Hardened Environmentshttps://www.sonarsource.com/blog/why-code-security-matters-even-in-hardened-environments/A recent study demonstrates that even in hardened environments with read-only file systems, attackers can exploit file write vulnerabilities in Node.js applications to achieve remote code execution. This is accomplished by manipulating exposed pipe file descriptors, bypassing typical security restrictions.The research highlights the limitations of infrastructure hardening as a sole security measure. Attackers can leverage vulnerabilities in the application's source code, even when the underlying infrastructure is fortified.The attack involves writing crafted data structures to anonymous pipes used by Node.js's event loop, ultimately triggering the execution of arbitrary code. This technique exploits the "everything is a file" philosophy in Unix-based systems and demonstrates the importance of code security.Key findings include:* Bypassing Read-Only Restrictions: Attackers can write to pipe file descriptors, even when the file system is mounted read-only.* Manipulating Event Handlers: Attackers can craft data structures to manipulate Node.js's event handler and execute arbitrary code.* The Importance of Code Security: Infrastructure hardening alone is insufficient; vulnerabilities in the source code must be addressed.This research underscores the need for developers to prioritize code security, even in environments with robust infrastructure hardening. Vulnerabilities at the source code level can be exploited, regardless of other security measures.Google Introduces AI Scam Detection for Androidhttps://security.googleblog.com/2025/03/new-ai-powered-scam-detection-features.htmlGoogle has launched AI-powered scam detection features for Android devices, designed to protect users from conversational fraud. These features target scams that start innocently but escalate into harmful situations, as well as phone call scams using spoofed numbers.Google partnered with financial institutions to develop AI models that can identify suspicious patterns in conversations and provide real-time warnings. These models operate entirely on-device, ensuring user privacy. Users can choose to dismiss or report and block suspicious senders. The feature is enabled by default for conversations with unknown numbers.A similar AI-powered scam detection feature for phone calls is being expanded to English-speaking Pixel 9+ users in the U.S. This feature, which is optional, processes call audio ephemerally and notifies participants when it is active.These developments follow Google's announcement that over one billion Chrome users are using Enhanced Protection mode, which utilizes AI and machine learning to detect phishing, social engineering, and scam techniques. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Episode metadata supplied by the publisher feed · Published Mar 6, 2025

NOW PLAYING

Cyber Bites - 7th March 2025

0:00 7:47

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

CISO Perspectives (public) N2K Networks This season on CISO Perspectives, host Kim Jones explores some of the challenges of leading through uncertainty. We explore the complexity of the changing nature of regulation and working with the federal government, the evolution of privacy and fraud, and how emerging technologies like AI and quantum computing are changing cyber. When you don’t know what questions to ask, you’re afraid to ask, or don’t know who to ask, CISO Perspectives provides the foundation for learning in this brave new world. Guardians Of Innocence Guardians Of Innocence Guardians of Innocence is a powerful and informative podcast designed to equip parents, teachers, and communities with the knowledge and tools needed to protect children from the growing threat of trafficking. Each episode dives deep into the tactics traffickers use to target vulnerable children—both online and in real life—and provides actionable advice on how to recognize the warning signs.Through expert interviews with cyber safety professionals, law enforcement, and survivors, we uncover the latest grooming methods, share real-world stories, and empower listeners to become vigilant guardians of innocence in their own families and communities.Guardians of Innocence is more than just a podcast; it’s a call to action to safeguard our children, raise awareness, and foster a united front against trafficking.Listen. Learn. Protect. Site Bites Carlton Gover Join host Carlton Gover (from A Life In Ruins podcast on the Archaeology Podcast Network) as he brings on a co-host for each season to discuss a single archaeological site. They'll dive into every aspect of a site over the course of the season. Every episode of the season will be released at the same time so you can binge on a quiet Sunday morning or listen when you can. The Cyber Sleuth Show Cyber Social Hub Step into the world of digital forensics, mobile forensics, OSINT, and cybersecurity with The Cyber Sleuth Show! Hosted by Kevin DeLong, this podcast dives deep into the ever-evolving landscape of digital investigations, featuring expert guests, cutting-edge tools, real-world case insights, and, of course, the occasional terrible dad joke.From law enforcement investigators and forensic analysts to OSINT specialists and cybersecurity pros, we uncover the latest trends, techniques, and challenges in the field—giving you the knowledge you need to find the truth behind digital incidents.🔍 Stay ahead of the curve. Stay informed. Stay sleuthing.📢 Join the community! Connect with fellow digital investigators for FREE at CyberSocialHub.com.🎥 Prefer video? Watch the podcast on YouTube: @CyberSocialHub.🚀 Subscribe now and sharpen your investigative skills!

Frequently Asked Questions

How long is this episode of Cyber Bites?

This episode is 7 minutes long.

When was this Cyber Bites episode published?

This episode was published on March 6, 2025.

What is this episode about?

* Disney Engineer's Life Destroyed by Malicious AI Download* Global Security Flaw Exposes Sensitive Employee Data and Physical Vulnerabilities* Malicious PyPi Package Pirating Deezer Music for Years* Code Security Remains Crucial, Even in Hardened...

Can I download this Cyber Bites episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!