Massive Password Attack Hits 2.8 Million Devices

Welcome back to Hacker Hacks your go-to podcast for the latest in cybersecurity! In this episode we unpack major cyber incidents—from government hacks to critical vulnerabilities affecting millions. From SEC’s X account breach to rising cyber threats in India and the latest Apple security fix we’ve got you covered. Stay tuned as we break down what these mean for digital security and privacy.

Man pleads guilty in hack of SEC's X account that claimed approval of bitcoin ETFs

A man pleaded guilty to hacking the SEC’s X (formerly Twitter) account to falsely announce Bitcoin ETF approvals briefly impacting cryptocurrency markets. The case highlights ongoing cybersecurity risks in financial regulation. Meanwhile NBCUniversal’s Cookie Notice explains its use of tracking technologies like cookies beacons and scripts for analytics personalization advertising and security. Users can manage cookie preferences through browser settings mobile options and opt-out tools though disabling them may affect site functionality. The notice also covers cross-device tracking interest-based ads and legal contact details.

Musk's DOGE Pick Led Cybersecurity Cuts at Citrix. Hacks Followed

Elon Musk’s Department of Government Efficiency found an ally in Tom Krause a tech executive now consulting for the U.S. Treasury. Krause also CEO of Cloud Software Group (which owns Citrix Systems) had limited access to Treasury’s payment system before a judge blocked DOGE’s involvement. His cost-cutting at Citrix reportedly influenced by Musk led to cybersecurity reductions resulting in increased cyberattacks. Citrix software is widely used for remote work connecting corporate systems to home devices. Krause’s fiscal role and Citrix’s security issues raise concerns about government efficiency and cybersecurity risks.

US cybersecurity agency places 17 staffers on leave amid election security concerns?

The U.S. Cybersecurity and Infrastructure Security Agency placed 17 staffers on administrative leave raising concerns about election security ahead of the 2024 elections. The affected employees including 10 regional election security specialists previously worked with state and local officials to combat cyber threats and misinformation. The review reportedly focuses on foreign interference and disinformation efforts. Both Republican and Democratic election officials have praised CISA’s role in securing elections. The move comes amid political scrutiny with Trump allies criticizing CISA’s work on election integrity. Despite the staffing changes CISA assured that cybersecurity and physical security services remain available.

QUIC action: patching a broadcast address amplification vulnerability

Cloudflare patched a QUIC broadcast amplification vulnerability discovered by anonymous researchers. The flaw allowed attackers to exploit QUIC’s handshake process by sending a single Initial packet to a broadcast IP address triggering multiple server responses leading to CPU and reflection amplification attacks. QUIC’s default anti-amplification mechanisms failed due to how Cloudflare's infrastructure handled broadcast addresses in anycast networks. Attackers could bypass safeguards causing excessive responses from multiple listener processes. Cloudflare mitigated the issue by disabling broadcast routes in the local routing table preventing UDP-based amplification attacks. The company advises other network administrators to check for similar vulnerabilities.

Critical Password Warning—2.8 Million Devices Used In New Hack Attack?

A massive brute force password attack using 2.8 million compromised devices is targeting Palo Alto Networks Ivanti and SonicWall edge security devices. The attack detected by the Shadowserver Foundation is likely driven by a botnet or residential proxy network. Experts warn that standard password policies are insufficient as even complex passwords can be compromised. To enhance security users should create unique long passphrases avoid reusing passwords enable two-factor authentication and keep software updated. Organizations must enforce strong password policies train employees apply account lockouts and disable former employee accounts immediately.

Cybersecurity incidents surge by 76.25% in 5 yrs, reveals minister in RS?

Cybersecurity incidents in India surged by 76.25% from 2020 to 2024 as revealed by Union Minister Jitin Prasada in the Rajya Sabha. Data from CERT-In shows rising cyber threats with incidents increasing from 1158208 in 2020 to 2041360 in 2024. Ludhiana MP Sanjeev Arora raised concerns about cyberattack trends and resilience in critical sectors during the budget session. The government is implementing policies to ensure a safe open and accountable internet for users.

Spooked by the 2011 PSN Hack, Some PlayStation Customers Want Sony to Say Exactly What Went Wrong With PSN Over the Weekend?

Sony attributed the recent 24-hour PlayStation Network outage to an “operational issue” but provided little detail sparking frustration among users. Many customers recalling the 2011 PSN hack that compromised 77 million accounts are demanding transparency on whether personal data was affected. Sony apologized and offered PlayStation Plus members five extra days of service but concerns remain about future prevention measures. The outage disrupted both online and some single-player games forcing publishers like Capcom and EA to extend in-game events. Sony has yet to elaborate beyond two brief tweets.

Apple releases iOS and iPadOS 18.3.1 to fix a serious vulnerability

Apple has released iOS and iPadOS 18.3.1 to fix a critical security vulnerability that allowed attackers to bypass USB Restricted Mode potentially accessing personal data. The flaw exploited in sophisticated targeted attacks was patched just two weeks after iOS 18.3 launched. Apple emphasized the importance of updates in protecting user devices. Alongside this fix updates were also rolled out for macOS 15 visionOS 2 and watchOS 11 though no specific security patches were mentioned for those systems. Users are encouraged to update their devices via Settings > General > Software Update.

Trade war or not, Canada will keep working with the U.S. on cybersecurity?

Despite rising tensions between Canada and the U.S. cybersecurity cooperation remains strong. Rajiv Gupta head of Canada’s Cybersecurity Centre emphasized the non-partisan nature of cyber defense citing ongoing collaboration with the U.S. Cybersecurity and Infrastructure Security Agency. Public Safety Minister David McGuinty reaffirmed Canada’s trust in its U.S. partners despite geopolitical uncertainties. The centre part of Canada’s Communications Security Establishment supports critical infrastructure security but lacks authority to enforce cyber standards as Bill C-26 stalled. Plans are underway to streamline cybercrime reporting though implementation is delayed until 2026.

That’s a wrap for this episode of Hacker Hacks! Cybersecurity threats are evolving fast and staying informed is key. Don’t forget to update your devices use strong passwords and stay cautious online. If you enjoyed this episode subscribe and share! See you next time—until then stay safe in cyberspace!