This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
182 Comments
Tomi Engdahl says:
Huolestuttava ilmiö rehottaa Facebookissa
https://www.iltalehti.fi/digiuutiset/a/7871a3e6-dae2-4f4a-8382-cfca790a6fce
Kyytipalveluiden kuljettajien ja ruokalähettien käyttäjätilejä kaupitellaan kymmenissä Facebook-ryhmissä. Tilin ostamalla kuka tahansa voi esiintyä esimerkiksi Uberin hyväksymänä kuljettajana tai lähettinä. Yhtiöt yrittävät estää väärinkäytöksiä eri tavoin.
Kuskien ja kuriirien käyttäjätilejä kaupitellaan somessa hyvin avoimesti.
Alustat eivät salli käyttäjätilien jakamista, mutta puuttuminen ei ole helppoa.
Tuore yhdysvaltalaisraportti paljastaa käyttäjätilien kaupittelun laajuuden.
Yhdysvaltalainen uutiskanava CNN uutisoi voittoa tavoittelemattoman Tech Transparency Projectin raportista, joka paljastaa, että jopa täysin julkisissa Facebook-ryhmissä myydään, ostetaan ja vuokrataan muun muassa Uberin kuljettajatilejä.
Yhdessä Uber-tilien vuokraamiseen keskittyvässä kansainvälisessä ryhmässä on yli 22 000 jäsentä. Eräässä ryhmässä Uber Eats -ruoankuljetuspalvelun kuriiritiliä tarjottiin vuokralle 65 dollarilla eli vajaalla 60 eurolla.
Vastaavia Facebook-ryhmiä on raportin mukaan tunnistettu 80 kappaletta, ja niiden yhteenlaskettu jäsenmäärä on peräti 800 000. Monien ryhmien kohdalla niiden tarkoitus käy ilmi suoraan ryhmän nimestä, toisissa toiminta paljastuu vasta lähempää tarkastellessa.
Mustan pörssin ryhmät mahdollistavat alustojen taustatarkastusten ja ajokorttivaatimusten kiertämisen. Tilin ostava tai vuokraava henkilö voi esiintyä palvelun hyväksymänä kuljettajana tai lähettinä, mikä lisää käyttäjiin kohdistuvia riskejä.
‘Incredibly concerning’: Facebook black market groups offer rideshare and delivery driver accounts for sale, researchers say
https://edition.cnn.com/2025/04/14/tech/facebook-groups-buy-sell-uber-doordash-deliveroo-accounts/index.html
New York CNN —
“Need an Uber Eats account in Jacksonville, FL ASAP.” “I have one.”
“Looking for an Uber eats account to rent in Virginia.” “Available.”
Those exchanges were found on a public Facebook group with more than 22,000 members called “UBER ACCOUNT FOR RENT WORLDWIDE.” It’s just one of 80 Facebook groups where users regularly discuss buying, selling and renting driver accounts for Uber, DoorDash and UK-based Deliveroo that were identified in a new report from the non-profit tech watchdog Tech Transparency Project, which CNN received exclusively ahead of its Monday release.
These Facebook “black market groups” could let people bypass those platforms’ background checks and driver’s license requirements to fraudulently pose as a credentialed driver or delivery worker, researchers wrote in the report. And that could create risks for users who rely on safety assurances from apps such as Uber and DoorDash to ride in strangers’ cars or order deliveries to their homes.
“It’s incredibly concerning because part of the reason Uber has been such an attractive tool for women, in particular, is because there’s some sort of semblance of safety when there’s tracking of who this person is … if something were to happen,” said Tech Transparency Project Director Katie Paul. “If that’s not the case, then what’s the point of using this platform?”
Tomi Engdahl says:
The difference between ‘hate speech’ and ‘freedom of speech’
I hold Big Tech’s greed and exploitation of people accountable for the surge in the former – and a clampdown on the latter, writes WeAre8 founder Zoe Kalar: https://www.independent.co.uk/voices/hate-speech-free-speech-online-safety-act-trump-musk-b2734319.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/?fbclid=IwY2xjawJt_YNleHRuA2FlbQIxMQABHv85OLN0gie3JXN-dUbCINvYARuT6AB4pAD5k_BQrdtSq9wIH_WSl-0ieIyl_aem_1EXI05S21xIjYTktolrPcw
Tomi Engdahl says:
SSL/TLS certificate lifespans reduced to 47 days by 2029
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.
The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications.
Its members include major CAs like DigiCert and GlobalSign, as well as browser vendors such as Google, Apple, Mozilla, and Microsoft.
This proposal would gradually reduce the lifespan of certificates over the next four years from its current 398-day lifespan to 47 days in March 2029.
The goal is to minimize risks from outdated certificate data, deprecated cryptographic algorithms, and prolonged exposure to compromised credentials. It also encourages companies and developers to utilize automation to renew and rotate TLS certificates, making it less likely that sites will be running on expired certificates.
Tomi Engdahl says:
https://www.theregister.com/2025/04/15/ec_burner_devices/
EU gives staff ‘burner phones, laptops’ for US visits
That would put America on the same level as China for espionage
Tomi Engdahl says:
https://futurism.com/google-border-surveillance
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
Tomi Engdahl says:
Posti kerää kohta tietojasi uudella tavalla – tarkista asetukset nyt
Posti alkaa kohdentaa mainontaa asiakkailleen.
Posti kerää kohta tietojasi uudella tavalla – tarkista asetukset nyt
https://www.is.fi/digitoday/tietoturva/art-2000011173830.html
Tomi Engdahl says:
https://www.csoonline.com/article/3964668/hackers-target-apple-users-in-an-extremely-sophisticated-attack.html?fbclid=IwY2xjawJu26VleHRuA2FlbQIxMQABHkINNf_YkMNqFPDdATXe-KWCsjdVMnfcwdxlCfCH7QI4zYkKdSHPQdRIpsES_aem_ZKLa5orqI0aE3CCxDNwEjA
Tomi Engdahl says:
Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts
https://www.csoonline.com/article/3964113/whistleblower-alleges-russian-ip-address-attempted-access-to-us-agencys-systems-via-doge-created-accounts.html?fbclid=IwY2xjawJu6ClleHRuA2FlbQIxMQABHlrTSulaImLDZw2aUiLOVI1rnhn_ggG03qC1XKbPdBinevc3ZINXpNjJtRDG_aem_lZwXQ6I_77d17wm5K1pGew
This and other DOGE actions inside National Labor Relations Board systems constituted a “significant cybersecurity breach”, says affidavit sent to Senate Intelligence Committee members.
Tomi Engdahl says:
Google said it suspended 39.2 million advertiser accounts on its platform in 2024 — more than triple the number from the previous year — in its latest crackdown on ad fraud.
By leveraging large language models (LLMs) and using signals such as business impersonation and illegitimate payment details, the search giant said it could suspend a “vast majority” of ad accounts before they ever served an ad.
Read more from Jagmeet Singh here: https://tcrn.ch/42OvAHC
#TechCrunch #technews #artificialintelligence #Google
Tomi Engdahl says:
https://www.facebook.com/share/p/1C1JDxk1DC/
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows [task scheduling service](https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page) that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities.
The issues have been uncovered in a binary named “[schtasks.exe](https://learn.microsoft.com/en-us/windows/win32/taskschd/schtasks),” which enables an administrator to create, delete, query, change, run, and end scheduled tasks on a local or remote computer.
“A [User Account Control] bypass vulnerability has been found in Microsoft Windows, enabling attackers to bypass the User Account Control prompt, allowing them to execute high-privilege (SYSTEM) commands without user approval,” Cymulate security researcher Ruben Enkaoua [said](https://cymulate.com/blog/task-scheduler-new-vulnerabilities-for-schtasks-exe/) in a report shared with The Hacker News.
“By exploiting this weakness, attackers can elevate their privileges and run malicious payloads with Administrators’ rights, leading to unauthorized access, data theft, or further system compromise.”
The problem, the cybersecurity company said, occurs when an attacker creates a scheduled task [using Batch Logon](https://learn.microsoft.com/en-us/windows/win32/taskschd/taskschedulerschema-logontype-simpletype) (i.e., a password) as opposed to an Interactive Token, causing the task scheduler service to grant the running process the maximum allowed rights.
However, for this attack to work, it hinges on the threat actor acquiring the password through some other means, such as cracking an NTLMv2 hash after authenticating against an SMB server or exploiting flaws such as [CVE-2023-21726](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21726).
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/?fbclid=IwZXh0bgNhZW0CMTEAAR4xy1MCUGOVomgZ-f_HeVUNJ24o6Cd3KMqQ21GzMrrIrYkI97Vz8YPKzlrRBw_aem_a7JZ_UTqU_M7Akdhm_EYkA
Tomi Engdahl says:
Anonymous publish Donald Trump file amid hack into Putin’s secret data
https://www.uniladtech.com/news/anonymous-publish-donald-trump-file-putins-secret-data-385573-20250417?utm_source=flipboard&utm_content=topic%2Ftechnology&fbclid=IwY2xjawJvQ3NleHRuA2FlbQIxMQABHj7ZtROgc9WBJg8Jud8o6_XhjZtH-SfXNznXQbiim4oY4T8LNKkhpjBbsW4e_aem_1zuKDBlWK_slw9Zg9b1HDw
Anonymous have been one of the more vocal groups against US President Donald Trump since he returned to office earlier this year, and a recent data dump from the hacking organization has seemingly revealed links to Putin and the Russian government.
Standing, in their own words, for ‘freedom of thought, expression, and privacy’, infamous hacking group Anonymous have been a long time voice against right wing individuals and governments worldwide, with a particular focus on American politics while Donald Trump is in office.
They’ve previously sparred with Trump’s close ally Elon Musk on X at several points, and only recently outlined how Trump’s administration is following plans laid out by ‘Project Russia’ in what would eventually be a breakdown of democracy.
They have seemingly now been proven right in their worries, as data stolen from Putin’s administration reveals what are being called ‘Donald Trump files’, seemingly linking the current president to the Russian government, as reported by Forbes.
The major cyberattack has resulted in around 10 terabytes of data being leaked online, containing information of a large number of Russian businesses, high-ranking and influential individuals, contracts, political information, and more, with it all sorted neatly into folders.
Tomi Engdahl says:
Anonymous Hackers Expose Putin’s Secret Data—Publish Trump File
https://www.forbes.com/sites/zakdoffman/2025/04/18/anonymous-hacks-putins-secret-data-publishes-trump-file/
The Anonymous PR machine is in full flight once again, claiming a new cyberattack on Russia “in defense of Ukraine.” The hacking collective has released a cache of some 10 terabytes, it says, which includes “data on all businesses operating in Russia, all Kremlin assets in the West, pro-Russian officials, Donald Trump, and more.”
Tomi Engdahl says:
I don’t know if it’s actually been debunked as this says
https://www.dailydot.com/debug/anonymous-10tb-leak-russia-trump-debunk/
Tomi Engdahl says:
Suspected 4chan Hack Could Expose Longtime, Anonymous Admins
Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board.
https://www.wired.com/story/2025-4chan-hack-admin-leak/?fbclid=IwY2xjawJvTPNleHRuA2FlbQIxMQABHnVcoOAHnFl2mHY_Uyz1yR8DRsS1s6iqt30l1Fir8Ext3mNapfMF_gjuAPtb_aem_0LKyxH7_u9UNVOuQd61bTw
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/?fbclid=IwY2xjawJvWhdleHRuA2FlbQIxMQABHsXEqdwDBenpdBUs-LxFDO3GVE9a16tLtokoGUKqx9bT9xokj13OYtDIQulQ_aem_idRJhTbCJ4jJtbVgo6rlvw
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/?fbclid=IwY2xjawJvYaRleHRuA2FlbQIxMQABHv9P5VCeABEHLgMiK2mQ2vD04g3qJ181By-amfpNL1LmUTwKQCf3I3LwcU_u_aem_FJwBORQK6FNpiBhi2tubjw
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/
Tomi Engdahl says:
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
“The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication,” Ruhr University Bochum researchers Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk said.
The issue stems from improper handling of SSH protocol messages that essentially permit an attacker to send connection protocol messages prior to authentication. Successful exploitation of the shortcomings could result in arbitrary code execution in the context of the SSH daemon.
Further exacerbating the risk, if the daemon process is running as root, it enables the attacker to have full control of the device, in turn, paving the way for unauthorized access to and manipulation of sensitive data or denial-of-service (DoS).
Tomi Engdahl says:
https://www.paloaltoonline.com/technology/2025/04/12/silicon-valley-crosswalk-buttons-apparently-hacked-to-imitate-musk-zuckerberg-voices/?ICID=ref_fark&fbclid=IwY2xjawJpDQdleHRuA2FlbQIxMQABHmOBAggCtIAIsaczb7gt0Ck_YhKVjnQetJh7gkY-7Qps-HaEWun6SbfY44cV_aem_cqTK4pssAjJPdi7A3Kz12Q
Tomi Engdahl says:
CVE fallout: The splintering of the standard vulnerability tracking system has begun
MITRE, EUVD, GCVE … WTF?
iconJessica Lyons
Fri 18 Apr 2025 // 09:54 UTC
Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.
Earlier this week, the widely used Common Vulnerabilities and Exposures (CVE) program faced doom as the US government discontinued funding for MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute, and promised another 11 months of cash to keep the program going.
Meanwhile, the EU is rolling its own.
The European Union Agency for Cybersecurity (ENISA) developed and maintains this alternative, which is known as the EUVD, or the European Union Vulnerability Database. The EU mandated its creation under the Network and Information Security 2 Directive, and ENISA announced it last June.
The EUVD is similar to the US government’s NVD, or National Vulnerability Database, in that it organizes disclosed bugs by their CVE-assigned unique ID, documents their impact, and links to advisories and patches.
Interestingly, the Euro database also uses its own EUVD IDs to track security bugs as well as CVE-managed identifiers and GSD IDs, the latter of which are issued by the (what appears to be now-defunct) Global Security Database operated by the Cloud Security Alliance.
Although the EUVD has been gestating for nearly a year, the uncertainty around the CVE program is set to push the European effort into the spotlight as a replacement, fallback, or alternative for CVE. ENISA is, we note, a partner of CVE; specifically, it’s a CVE numbering authority.
The EUVD “will hopefully gain more traction so that Europe can achieve self-sustainability in this domain as well,”
https://euvd.enisa.europa.eu/
Tomi Engdahl says:
https://www.theregister.com/2025/04/18/splintering_cve_bug_tracking/?fbclid=IwY2xjawJwFy1leHRuA2FlbQIxMQABHq93uii-2PFT6a6P5laSKaVrByEND68dYgiGLmRfHtXlCQVXY-hmQAjNoDtr_aem_T6SOUX9OcL890yu32mciYA
Tomi Engdahl says:
https://cybersecuritynews.com/critical-pgadmin-vulnerability/#google_vignette
Tomi Engdahl says:
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
Tomi Engdahl says:
Signalgate solved? Report claims journalist’s phone number accidentally saved under name of Trump official
PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more
https://www.theregister.com/2025/04/07/infosec_news_roundup_in_brief/
Tomi Engdahl says:
https://blog.sesse.net/blog/tech/2025-04-05-10-57_cisco_2504_password_extraction.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
Tomi Engdahl says:
https://cybersecuritynews.com/cve-foundation-launched/#google_vignette
Tomi Engdahl says:
If an Android device remains locked for three consecutive days, it will now automatically reboot. Earlier this week, Google introduced this new feature through its Google System Release Notes page. The feature functions similarly to the “Inactivity Reboot” found on iPhone devices.
Read more https://9to5google.com/2025/04/16/android-auto-restart-security/
Tomi Engdahl says:
Pentagon’s ‘SWAT team of nerds’ resigns en masse
Employees of a defense tech unit say they were sidelined by DOGE. “Either we die quickly or we die slowly,” says the director.
https://www.politico.com/news/2025/04/15/pentagons-digital-resignations-00290930?fbclid=IwY2xjawJxgiJleHRuA2FlbQIxMQABHnlHboK4lFDB9Cx3fkj-tanOQoAb1eexNjr8Crwy9nal-XxriKab0mKSaXhS_aem_zOHDAPD1PiK0KqiweAnY2g
Tomi Engdahl says:
https://www.thelondoneconomic.com/news/anonymous-hacks-russia-releasing-terabytes-of-putins-secret-information-392163/?fbclid=IwY2xjawJy9HhleHRuA2FlbQIxMQABHjJqM3pcocQWEV6WjY11jJDDd2_5yoPDtv3FIlYPOLMCBs_esJRthxiVt1jp_aem_mDDWwY_GIiBF7EKUyWMLwQ#3mq4jwtggot2u7oyz6rp7istfg4e8mq6
Tomi Engdahl says:
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation
With 51% of internet traffic now bot-driven and a growing share of it malicious, organizations must prepare for an era of more evasive, AI-assisted automation.
https://www.securityweek.com/bot-traffic-surpasses-humans-online-driven-by-ai-and-criminal-innovation/
Tomi Engdahl says:
Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare
Countries around the world are preparing for greater digital conflict as increasing global tensions and a looming trade war have raised the stakes.
https://www.securityweek.com/countries-shore-up-their-digital-defenses-as-global-tensions-raise-the-threat-of-cyberwarfare/
Tomi Engdahl says:
ICS/OT
Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking
Lantronix’s XPort device is affected by a critical vulnerability that can be used for takeover and disruption, including in the energy sector.
https://www.securityweek.com/lantronix-device-used-in-critical-infrastructure-exposes-systems-to-remote-hacking/
A vulnerability discovered in a Lantronix device that is used worldwide in various critical infrastructure sectors can expose systems to remote hacking.
An advisory published by the cybersecurity agency CISA last week revealed that a critical missing authentication vulnerability has been found in Lantronix XPort, a product that enables remote connectivity and control for devices. The security hole enables an attacker to gain unauthorized access to the device’s configuration interface.
The XPort product is deployed around the world in sectors such as critical manufacturing, transportation systems, water, and energy, according to CISA. The vendor’s website shows that the product is used, among others, for traffic lights, industrial product manufacturing, and surveillance systems.
https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05
Tomi Engdahl says:
Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack
Microsoft security chief Charlie Bell says the SFI’s 28 objectives are “near completion” and that 11 others have made “significant progress.”
https://www.securityweek.com/microsoft-purges-dormant-azure-tenants-rotates-keys-to-prevent-repeat-nation-state-hack/
Tomi Engdahl says:
Security Architecture
Demystifying Security Posture Management
While the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity.
https://www.securityweek.com/demystifying-security-posture-management/
Tomi Engdahl says:
Ionut Ilascu / BleepingComputer:
In a clever attack, hackers were able to send phishing emails that appeared to come from “[email protected]”, after a similar attack on PayPal users in March
Phishers abuse Google OAuth to spoof Google in DKIM replay attack
https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins.
The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials.
The fraudulent message appeared to come from “[email protected]” and passed the DomainKeys Identified Mail (DKIM) authentication method but the real sender was different.
Tomi Engdahl says:
Commonwealth Bank DOWN: Furious customers locked out of their accounts as company urgently investigates nationwide issue
https://www.dailymail.co.uk/news/article-14634529/Commonwealth-Bank-app-outage.html?ito=social-facebook&fbclid=IwZXh0bgNhZW0CMTEAAR7swjUWcYAe_X2mayKTj8-tJRflWDNKHtI1A-ZXxKKLnGryJ8kvI-msRYvdaw_aem_sRvkT2Q0IsCYGxae2mv0FQ
Tomi Engdahl says:
LG:n televisiot vakoilevat pian yksityisasioitasi mainoksien kohdentamiseksi
https://muropaketti.com/?p=845206
Tomi Engdahl says:
Meta kaappaa kohta kuvasi ja päivityksesi – toimi näin, jos haluat estää
Jos et tee mitään, kuvasi ja tekstisi päätyvät opetuskäyttöön.
Meta kaappaa kohta kuvasi ja päivityksesi – toimi näin, jos haluat estää
https://www.is.fi/digitoday/art-2000011183443.html
Meta alkaa käyttää ihmisten tekemien Facebook- ja Instagram-päivitysten sisältöjä tekoälynsä kouluttamiseen.
Jos jaat Instagramissa valokuvan tai julkaiset Facebookissa runon tai kerrot tunnelmistasi, nämä tekijänoikeuttasi mahdollisesti nauttivat teokset ovat jatkossa Metan käytettävissä.
Nyt Meta on alkanut tarjota mahdollisuutta kieltäytyä omien julkaisujen käytöstä tekoälykäyttöön.
Sekä Instagramissa että Facebookissa annetaan ilmoitus, jossa Meta sanoo ”parantavansa tekoälyominaisuuksia sinua varten”.
Ilmoitusta ei kannata sivuuttaa. Sitä klikkaamalla pääsee infosivulle, jossa kerrotaan tietojen käytöstä.
Pitkähkön tekstin viimeiseen kappaleeseen on upotettu linkki, jossa annetaan mahdollisuus vastustaa omien tietojen käyttöä.
Linkki vastustamislomakkeeseen löytyy vastustaa-sanasta Mitä voi tehdä -otsikon alta.
Linkin klikkaaminen johtaa lomakkeelle, jossa pyydetään perusteluja tietojen käytön kieltämiselle.
Meta tuo tekoälyn myös WhatsApp-pikaviestimeensä. Siellä Meta AI -näkyy muun muassa pienenä sinisenä ympyränä uuden keskustelun avaavan napin yläpuolella.
Kyseessä on generatiiviseen tekoälyyn perustuva chatbotti
Tiettävästi Meta ei käytä WhatsAppin EU-käyttäjien tietoja Meta AI:n kouluttamisessa. Chatbotin kanssa käytävät keskustelut siirtynevät kuitenkin Metalle, mutta käyttäjien välinen yksityisviestintä ei.
Tomi Engdahl says:
https://www.securityweek.com/sonicwall-flags-old-vulnerability-as-actively-exploited/
Tomi Engdahl says:
Vulnerabilities
SSL.com Scrambles to Patch Certificate Issuance Vulnerability
A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued.
https://www.securityweek.com/ssl-com-scrambles-to-patch-certificate-issuance-vulnerability/
A domain control validation (DCV) vulnerability has resulted in SSL.com wrongly issuing nearly a dozen digital certificates for seven legitimate domains.
The bug was discovered and reported by a researcher who abused it to obtain a fraudulent certificate for aliyun.com, the official website for Alibaba Cloud, one of the largest cloud companies.
“SSL.com failed to conduct accurate domain validation control when utilizing the BR 3.2.2.4.14 DCV method (Email to DNS TXT Contact). It incorrectly marks the hostname of the approver’s email address as a verified domain, which is completely erroneous,” the researcher noted in a bug report.
https://bugzilla.mozilla.org/show_bug.cgi?id=1961406
Tomi Engdahl says:
Cybercrime
Cyberattack Knocks Texas City’s Systems Offline
The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
https://www.securityweek.com/cyberattack-knocks-texas-citys-systems-offline/
Aliuexel says:
Looking to strengthen your business operations with secure and efficient systems? Check out our latest blog on Custom ERP Software Development – where we dive into how tailored ERP solutions can improve data security, streamline workflows, and support compliance in today’s cyber threat landscape.
Tomi Engdahl says:
Threat Intelligence
Ethical Zero Day Marketplace Desired Effect Emerges From Stealth
Desired Effect provides an ethical vulnerability exchange marketplace to help defenders get ahead of attackers.
https://www.securityweek.com/ethical-zero-day-marketplace-desired-effect-emerges-from-stealth/
Tomi Engdahl says:
Cybercrime
Cyberattack Hits British Retailer Marks & Spencer
British retailer Marks & Spencer has been experiencing certain service disruptions after falling victim to a cyberattack.
https://www.securityweek.com/cyberattack-hits-british-retailer-marks-spencer/
Iconic British retailer Marks & Spencer (M&S) is scrambling to restore services impacted by a cybersecurity incident that occurred over the Easter holiday.
While the company’s online services remained operational, the incident impacted certain store operations, causing delays and frustration among customers.
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced,” M&S said in a filing with the London Stock Exchange.
The company says it has engaged with cybersecurity experts to investigate the incident and relevant authorities have been notified.
“We are taking actions to further protect our network and ensure we can continue to maintain customer service,” M&S also said, without providing further details on the impacted services.
Tomi Engdahl says:
Data Protection
Files Deleted From GitHub Repos Leak Valuable Secrets
A security researcher has discovered hundreds of leaked secrets by restoring files deleted from GitHub repositories.
https://www.securityweek.com/files-deleted-from-github-repos-leak-valuable-secrets/
Security researcher Sharon Brizinov earned $64,000 in bug bounties after finding hundreds of secrets leaking in dozens of public GitHub repositories.
What makes Brizinov’s findings special is that the leaked secrets were found in files that had been deleted from the scanned repositories, which also reveals risks associated with a lack of appropriate actions when dealing with such leaks.
The issue his research brings to the spotlight is that developers may not be aware that Git retains copies of all files within a repository, even if they are no longer available in the working directory.
https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b
Tomi Engdahl says:
Bloomberg:
Hackers have been using hijacked online brokerage accounts in Japan to drive up penny stocks globally in an illicit $700M trading spree since February 2025
Hackers Manipulate Markets in $700 Million Illicit Trading Spree
https://www.bloomberg.com/news/articles/2025-04-23/hackers-manipulate-markets-in-700-million-illicit-trading-spree