# Hackers On A Train - PSW #883

The world of cybersecurity is always on the move, and this week's episode of Hacker's On A Train brings you the latest news from the front lines. From hypervisors to AI hiring bots, we've got it all covered.

The train is leaving the station, but is it really? The first item on our agenda is a discussion about hypervisors, specifically their ability to protect us from potential threats. A hypervisor is a piece of software that creates and manages virtualized environments for computers. In simple terms, it allows multiple operating systems to run on a single physical machine.

However, as with any complex technology, there are risks involved. While hypervisors do offer protection, they're not foolproof. As our guests pointed out during the episode, no one is completely safe from attack.

The best thing about the Flipper Zero device? Its clones. Yes, you read that right – clones! The Flipper Zero is an open-source USB device designed for security testing and research purposes. And now, thanks to a recent development, users can create their own clones of this device.

But what does this mean for security enthusiasts and researchers? With the ability to create multiple clones, security experts can test their skills without causing any harm to real devices or data.

Another item on our agenda is the use of Flipper Zero as an interrogation tool. This might sound like something out of a sci-fi movie, but it's actually happening in real life.

The idea behind this is that hackers who use malicious software can be tracked down using a device like the Flipper Zero. By analyzing data from the device, security experts can gather clues about the hacker's identity and eventually track them down.

Threats are not limited to commercial or open-source sources. There are also threats emanating from within our own networks.

One such threat is the ongoing issue of FTP (File Transfer Protocol). Despite being an outdated protocol, many organizations still use it for transferring files. However, this makes them vulnerable to attacks from hackers who exploit these weaknesses.

Another pressing concern in cybersecurity is the increasing use of AI-powered drones. While these devices offer many benefits, they also pose a significant threat to national security.

To address this issue, some researchers have been working on developing firmware for Russian drones. This new firmware aims to prevent these drones from being used for malicious purposes.

But what about merging Android and ChromeOS? It might sound like a futuristic concept, but it's actually happening now.

Google has already started integrating elements of ChromeOS into its Android operating system. This move is expected to bring many benefits, including improved security and increased compatibility between devices.

Finally, we need to talk about patching vulnerabilities in software applications. In today's digital world, this is more important than ever.

Citrixbleed, a recently discovered vulnerability in Citrix Virtual Apps, highlights the importance of staying up-to-date with the latest patches. It also serves as a reminder that even the most secure systems can be compromised if we're not vigilant.

Rowhammer, another vulnerability affecting NVIDIA GPUs, shows how quickly threats can emerge and spread.

But it's not all bad news – researchers are working tirelessly to identify and fix these issues before they become major problems.

One such researcher is a former Microsoft employee who was hired by the company to investigate its hiring practices. What he discovered was shocking – Microsoft had been knowingly accepting applications from individuals with ties to the Chinese government.

Another story that caught our attention this week is related to Gigabyte motherboards and UEFI vulnerabilities.

UEFI, or Unified Extensible Firmware Interface, is a protocol used by motherboards to boot systems. However, recent discoveries have shown that these devices can be vulnerable to attacks if not properly secured.

Gigabyte, one of the leading manufacturers of motherboards, has since released patches for these vulnerabilities – but more work needs to be done to ensure the security of these devices.

Finally, we need to talk about McDonald's AI hiring bot. What started as a simple recruitment tool quickly turned into a major controversy when hackers discovered that it was capable of collecting sensitive information from applicants.

The story raises important questions about data protection and how companies handle sensitive information – especially in the age of artificial intelligence.

And that's all for this week's episode of Hacker's On A Train. Thanks for joining us on this journey into the world of cybersecurity!

To stay up-to-date with the latest news and episodes, visit https://www.securityweekly.com/psw.

For show notes, check out https://securityweekly.com/psw-883.

Don't forget to subscribe to our podcast and join the conversation on social media – we can't wait to see what's next in the world of cybersecurity!