Today’s episode is packed with high-impact cybersecurity stories, including an investigation into Chinese AI startup DeepSeek’s possible theft of OpenAI’s IP, a ransomware attack crippling a major energy industry contractor, and a deep dive into critical vulnerabilities you need to patch immediately.
Let’s get started!
The DeepSeek AI Controversy: Did China Steal OpenAI’s IP?
OpenAI is actively investigating DeepSeek, a Chinese AI startup, for potentially training its chatbot using stolen queries from OpenAI’s models. The U.S. company has seen multiple attempts by China-based entities to extract large volumes of data through a process called distillation, which can be used to train competing AI models.
OpenAI, in partnership with Microsoft, has identified and banned multiple accounts involved in suspicious activity.
The potential theft of IP raises serious concerns about China’s long-term strategy to gain economic and technological leverage over the U.S.
Analysts suggest DeepSeek’s chatbot exhibits clear biases and aligns closely with Chinese government narratives, censoring sensitive topics such as Uyghur persecution.
The incident may signal a broader cyber warfare strategy by China, tied to economic competition and diplomatic tensions with the U.S.
If proven, this could lead to significant diplomatic fallout and further sanctions against China, potentially affecting U.S.-China AI trade relations.
Cybersecurity professionals and businesses should be wary of using DeepSeek AI, as it poses a significant risk of data exfiltration to Chinese authorities.
Energy Industry Hit Hard: Ransomware Disrupts Operations for Six Weeks
A major energy industry contractor, Ian Global, suffered a ransomware attack that left them without access to critical business applications for six weeks. While OT (Operational Technology) systems remained intact, IT functions, including financial reporting, were severely impacted.
The attack began on November 25, 2024, and services were only restored this week.
Ian Global provides automation control systems to the U.S. defense sector, raising national security concerns.
No ransomware gang has claimed responsibility, suggesting a potential ransom payment.
If OT systems were compromised, it could have led to catastrophic energy supply disruptions, possibly triggering a declaration of war-level response.
Companies in the energy and critical infrastructure sectors must reassess their cybersecurity posture to prevent similar attacks.
BeyondTrust API Key Attack Impacts U.S. Treasury and Other Clients
BeyondTrust confirmed that 17 customers, including the U.S. Treasury, were affected by a Chinese-linked API key attack. This highly targeted operation leveraged BeyondTrust’s remote support SaaS to access critical data.
China’s cyber espionage strategy prioritizes specific, high-value targets over mass-scale attacks.
Treasury Secretary Janet Yellen publicly condemned the cyber attacks, signaling potential retaliatory measures.
BeyondTrust is working with affected organizations to provide forensic data and mitigate the breach.
Fortinet Zero-Day Exploit Enables Super Admin Access
Fortinet has disclosed a critical zero-day vulnerability (CVE-2024-55591) in FortiOS and FortiProxy that attackers are actively exploiting to gain super admin privileges.
The vulnerability allows remote attackers to send a crafted request via the Node.js WebSocket module to bypass authentication.
Exploited attacks include the creation of admin accounts, VPN access manipulation, and lateral movement within corporate networks.
Arctic Wolf reported an increase in attacks leveraging this exploit against FortiGate firewall devices.
Organizations using Fortinet products should immediately patch their systems and monitor for unusual activity.
Rockwell Automation Patches Critical Industrial Control Vulnerabilities
Rockwell Automation has issued six security advisories detailing vulnerabilities in its FactoryTalk software and industrial controllers:
FactoryTalk View Machine Edition: One critical and one high-severity issue could allow remote arbitrary command execution.
FactoryTalk View Site Edition: Two high-severity vulnerabilities patched.
DataMosaic Private Cloud: Critical SQLite flaw from 2020 still affecting systems.
KEPServerEX: Critical Denial-of-Service flaw exploited at Pwn2Own hacking competition.
Industrial organizations must apply these patches to prevent disruption and potential safety hazards in automated processes.
CenterPoint Energy Data Breach Linked to MOVEit Exploit
CenterPoint Energy has acknowledged that customer data has been leaked in connection with the MOVEit vulnerability exploited last year.
The breach, likely sourced from a third-party vendor, exposed 3 million names and addresses.
Cybercriminals have posted stolen data on underground forums.
Researchers believe the data originated from ClearResult, an energy efficiency consultant using MOVEit software.
The incident highlights the long-term risks of third-party software vulnerabilities.
Apple Devices Vulnerable to New Side-Channel Attacks: SLAP & FLOP
Researchers have uncovered two new CPU-level side-channel attacks affecting Apple devices:
SLAP (Speculation via Load Address Prediction) and FLOP (False Load Output Prediction) can expose sensitive data.
Exploits work on MacBooks (since 2022), iPads, iPhones (since 2021), and newer Mac desktops.
Attackers can steal email content, browsing history, calendar data, and even payment information via Safari and Chrome.
Apple has yet to issue a fix, downplaying the immediate risk.
Action List for Security Teams
Avoid DeepSeek AI: Ensure employees and organizations do not engage with DeepSeek AI applications due to suspected data exfiltration risks.
Patch Fortinet Systems: Immediately apply security updates to protect against the actively exploited zero-day.
Monitor Energy & Industrial System Security: Organizations in critical infrastructure sectors should implement real-time monitoring to detect attacks early.
Reassess SaaS Security Posture: Conduct a security audit of SaaS platforms to detect potential third-party risks (e.g., MOVEit, BeyondTrust).
Apply Rockwell Automation Patches: Industrial organizations should prioritize Rockwell’s latest security updates.
Stay Vigilant Against Side-Channel Attacks: Apple users should stay updated on security advisories and implement mitigations where possible.
Strengthen Ransomware Defense: Energy and industrial organizations should enhance endpoint protection and backup strategies.
That’s a wrap for today’s episode. Thanks for tuning in! Subscribe, like, and share this podcast, and let’s keep the conversation going. Stay cyber safe!
✅ Story Links:
https://www.wsj.com/tech/ai/openai-china-deepseek-chatgpt-probe-ce6b864e?mod=hp_lead_pos2
https://therecord.media/englobal-ransomware-attack-six-weeks-disruption
https://www.cybersecuritydive.com/news/beyondtrust-17-customers-december-cyberattack/738246/
https://therecord.media/texas-utility-firm-investigating-potential-data-leak-moveit-breach
https://www.securityweek.com/new-slap-and-flop-cpu-attacks-expose-data-from-apple-computers-phones/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post