Cyber security news May 2025

This posting is here to collect cyber security news in May 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

87 Comments

  1. Tomi Engdahl says:

    Washington Post:
    Investigation: New Orleans police secretly scanned city streets with 200+ facial recognition cameras for two years, seemingly defying a 2022 city ordinance — Following records requests from The Post, officials paused the first known, widespread live facial recognition program used by police in the United States.

    https://www.washingtonpost.com/business/2025/05/19/live-facial-recognition-police-new-orleans/

    Reply
  2. Tomi Engdahl says:

    Major mobile network suffers massive outage in Spain weeks after electricity blackout
    It comes weeks after blackouts caused chaos in the Iberian peninsula
    https://www.independent.co.uk/news/world/europe/phone-network-down-spain-emergency-services-b2754269.html?utm_medium=Social&utm_source=Facebook&fbclid=IwZXh0bgNhZW0CMTEAAR6JHwbnn-0bW-R2jtjXCTuBNbvajjVrebi6VMaIiIhy7b1gjVXUeTVQscbQPA_aem_aThNjtI9rIdM0H3I_s5siQ#Echobox=1747735996

    A nationwide phone network has shut down in Spain just weeks after blackouts brought chaos and heavy financial damage to the country.

    Emergency services in a number of regions had to provide new telephone numbers for those in need, after phone lines collapsed following network upgrades by Telefonica.

    Landline telephones were the worst affected but all voice services by Telefonica appear to have been affected to some extent, according to reports in Spanish media.

    A Telefónica spokesperson said: “We have done some network upgrade work which has affected some companies’ fixed communication services (voice and internet).

    Reply
  3. Tomi Engdahl says:

    NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

    VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.

    https://www.securityweek.com/nato-flagged-vulnerability-tops-latest-vmware-security-patch-batch/

    Broadcom-owned VMware on Tuesday rolled out urgent patches for two sets of flaws that expose its flagship infrastructure software to data leakage, command execution and denial-of-service attacks, with no temporary workarounds available.

    The virtualization technology giant pushed out two separate bulletins documenting at least 7 vulnerabilities in the VMware Cloud Foundation, VMware ESXi, vCenter Server, Workstation, and Fusion product lines.

    The more urgent advisory, VMSA-2025-0009, credits the NATO Cyber Security Centre for reporting three security defects in VMware Cloud Foundation. The highest-rated, CVE-2025-41229, is a directory-traversal issue that scores 8.2/10 on the CVSS scale.

    “A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services,” the company warned.

    VMware also shipped patches for an information-disclosure bug (CVSS 7.5) and a missing-authorisation error (CVSS 7.3) in VMware Cloud Foundation, a product used by enterprises to build and manage private clouds.

    Reply
  4. Tomi Engdahl says:

    Vulnerabilities
    Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers

    The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.

    https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/

    Researchers from CISA and NIST have proposed a new cybersecurity metric designed to calculate the likelihood that a vulnerability has been exploited in the wild.

    Peter Mell of NIST and Jonathan Spring of CISA have published a paper describing equations for what they call Likely Exploited Vulnerabilities, or LEV.

    Thousands of vulnerabilities are discovered every year in software and hardware, but only a small percentage are ever exploited in the wild.

    Knowing which vulnerabilities have been exploited or predicting which flaws are likely to be exploited is important for organizations when trying to prioritize patching.

    Known Exploited Vulnerabilities (KEV) lists such as the one maintained by CISA and the Exploit Prediction Scoring System (EPSS), which relies on data to estimate the probability that a vulnerability will be exploited, can be very useful. However, KEV lists may be incomplete and EPSS may be inaccurate.

    LEV aims to enhance — not replace — KEV lists and EPSS. This is done through equations that take into account variables such as the first date when an EPSS score is available for a specified vulnerability, the date of the most recent KEV list update, inclusion in KEV, and the EPSS score for a given day (measured across multiple days).

    Likely Exploited Vulnerabilities
    A Proposed Metric for Vulnerability Exploitation Probability
    https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.41.pdf

    Reply
  5. Tomi Engdahl says:

    https://www.securityweek.com/hackers-earn-over-1-million-at-pwn2own-berlin-2025/

    Reply
  6. Tomi Engdahl says:

    O2 Service Vulnerability Exposed User Location

    A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses.

    https://www.securityweek.com/o2-service-vulnerability-exposed-user-location/

    Reply
  7. Tomi Engdahl says:

    Useimmista VPN-protokollista löytyy lopulta haavoittuvuuksia
    https://etn.fi/index.php/13-news/17543-useimmista-vpn-protokollista-loeytyy-lopulta-haavoittuvuuksia

    Nykyiset VPN-protokollat, vaikka ne tarjoavat vahvaa salausta tämän päivän standardien mukaan, eivät välttämättä kestä tulevaisuuden kvanttitietokoneiden laskentatehoa. Asiantuntijoiden mukaan kvanttilaskennan kehittyessä suurin osa perinteisistä salausmenetelmistä altistuu ennen pitkää murtamiselle. Tämä on johtanut siihen, että VPN-palveluntarjoajat ryhtyvät toimiin uuden sukupolven uhkia vastaan.

    Yksi alan toimijoista on NordVPN, ja se on vastannut haasteeseen ottamalla käyttöön kvanttiturvallisen salauksen kaikissa sovelluksissaan. Teknologia perustuu standardeihin, joita Yhdysvaltain kansallinen standardointi-instituutti (NIST) on kehittänyt tulevia uhkia varten.

    NordVPN aloitti kvanttiturvallisen teknologian käyttöönoton vuonna 2024 Linux-alustalla osana NordLynx-protokollaa, ja laajensi tuen vuonna 2025 myös Windows-, macOS-, iOS- ja Android-käyttöjärjestelmiin – mukaan lukien älytelevisioalustat.

    Käyttäjät voivat ottaa kvanttiturvallisen salauksen käyttöön NordVPN-sovelluksen asetuksista valitsemalla yhteysasetuksista NordLynx-protokollan. Tällöin kvanttiturvallinen salaus aktivoituu automaattisesti.

    Reply
  8. Tomi Engdahl says:

    William Langley / Financial Times:
    Inside China’s “stolen iPhone building”: electronics traders in Shenzhen describe how even remotely locked stolen iPhones can be stripped and sold at a profit

    Inside China’s ‘stolen iPhone building’
    We track the roaring trade of mobiles grabbed in London and New York, then sold in a single district in Shenzhen
    https://www.ft.com/content/752f84ac-329d-4e10-ae46-7a1c27319498?accessToken=zwAGNZ51SjOwkc91L4SsMp1OENOuRnocJzGUmA.MEYCIQC9EgImlV0WP8_UeYQYrTkYb0liPq5b78n_WtMzW6eNegIhAMFQNDGgX4lNezIkU6ubpHiGb_KJznA15SHI60L9ldap&sharetype=gift&token=1cd32693-d722-4e41-b9f9-7a113fbd9fe4

    In any other neighbourhood, the Feiyang Times building, a drab grey-and-brown tower in southern China, would be most notable for the gaudy, propaganda-plastered columns that line its forecourt.

    But like many of the electronics markets in the labyrinthine malls of Huaqiangbei, the fourth floor of the building has its own specialism: selling second hand iPhones from Europe and the US.

    Many of the phones sold here are legitimate trade-ins, returned by western consumers to network operators or phone shops when upgrading to the latest models.

    But the tower also sits at a location that Apple community message boards, social media commenters and victims of phone theft have identified as China’s “stolen iPhone building”.

    It is one of the most important nodes in a supply chain for second hand technology that starts in the west, travels through wholesalers in Hong Kong and on to markets in mainland China and the global south.

    Online message boards complaining of stolen phones emerging in Shenzhen identify a range of locations in the city. Nearly all of them are either in the Huaqiangbei area, or near the city’s border posts with Hong Kong.

    The UK’s Metropolitan Police warned in February that phone theft in London was a £50mn-a-year industry. The force seized 1,000 stolen devices and made 230 arrests in one week as part of an “intensifying clampdown”. Officials in Paris and New York have also reported rises in phone snatching.

    Huaqiangbei traders say the reason second hand phones end up in Shenzhen is because they can find buyers for every component of a device in the area’s various markets, from screens and circuit boards to chips and copper. There are even traders who will buy up unwanted excess plastic, which can be melted down for use in bottles.

    That means that even phones remotely locked by users in the west can be stripped down into parts and sold at a small profit, they say.

    The Feiyang tower is not the only mall in the district selling second hand phones. Huaqiang Electronics World, Yuanwang Digital Mall and hundreds of hole-in-the-wall shops lining the streets of the 3 sq km area all advertise recycled phones.

    But Feiyang is the one most heavily focused on selling overseas models, according to traders. These have two main attractions over Chinese iPhones: access to global app stores and, in the case of US phones restricted to using SIM cards from specific networks, cheaper prices.

    “There are all kinds [of phones].”

    That likely included phones lost in western countries, he said, adding that even those remotely locked or with uncrackable passcodes had their “market price”.

    Most other sellers are reticent on the provenance of their wares. Six sellers told the Financial Times they did not know how the US iPhones advertised in the glass booths in front of them got there.

    Bilal Khan, a trader from Pakistan hoping to buy 300 iPhones, said he was specifically seeking SIM-locked US phones, which were subject to lower import duties in his home market. Customers in Pakistan used the phones for their cameras, WiFi and gaming functions, rather than mobile data and calling services, he added.

    Munir, another trader who did not want to be identified by his full name, said he was looking to buy 100 to 200 iPhone 13 Pro Max’s, which he could sell on for a profit of about $70 per phone in his home market of Libya.

    But traders on the second floor of the Feiyang mall, who specialise in selling iPhone components, said they bought many of those parts from the sellers on the floors above, especially when they were unable to unlock them themselves.

    Reply
  9. Tomi Engdahl says:

    Kevin Collier / NBC News:
    Matthew Lane, a 19-year-old from Massachusetts, pleads guilty to hacking two US companies and extorting them for ransoms; a source says one firm is PowerSchool — The Massachusetts man agreed to plead guilty to obtaining information from a protected computer and aggravated identity theft.

    19-year-old accused of largest child data breach in U.S. agrees to plead guilty to federal charges
    The Massachusetts man agreed to plead guilty to obtaining information from a protected computer and aggravated identity theft.
    https://www.nbcnews.com/tech/security/alleged-hacker-largest-breach-us-childrens-data-agrees-plead-guilty-rcna207963

    Reply
  10. Tomi Engdahl says:

    Charles Szumski / Euractiv:
    Sweden passes a law criminalizing the purchase of live online sexual performances, including cam shows and sex chats; buying pre-recorded content remains legal — The new law criminalises paid online sexual services, including cam shows and sex chats. — Based on facts, either observed …

    Sweden bans buying OnlyFans content
    The new law criminalises paid online sexual services, including cam shows and sex chats.
    https://www.euractiv.com/section/tech/news/sweden-bans-paid-online-sexual-acts-in-law-targeting-platforms-like-onlyfans/

    Sweden’s parliament has passed a law banning the purchase of sexual performances for viewing online, including those on platforms like OnlyFans, marking a major update to the country’s sex purchase legislation.

    Under the new law, it is illegal to pay someone to perform a sexual act remotely – such as via live video – for the specific purpose of the act being viewed by the buyer. It also criminalises profiting from or promoting others who perform such acts for payment on demand.

    “This is a new form of sex purchase, and it’s high time we modernise the legislation to include digital platforms,” said Social Democrat MP Teresa Carvalho, after the bill was passed by a large majority in parliament.

    While viewing and paying for pre-recorded content remains legal, the law targets live, commissioned interactions, which lawmakers argue blur legal and ethical lines.

    Some OnlyFans creators have criticised the law, saying it harms their livelihoods. Carvalho responded that the law is not aimed at targeting adult content creators, but at protecting young people and vulnerable individuals. She pointed to documented links between online exploitation, human trafficking, drug abuse, and grooming into more severe forms of prostitution.

    The bill was proposed by the parliament’s justice committee and received cross-party backing.

    With this legislation, Sweden positions itself at the forefront of regulating digital sex work, consistent with its broader zero-tolerance stance on prostitution.

    Reply
  11. Tomi Engdahl says:

    https://www.securityweek.com/in-other-news-hackers-not-behind-blackout-ciso-docuseries-dior-data-breach/

    Reply
  12. Tomi Engdahl says:

    GitLab, Atlassian Patch High-Severity Vulnerabilities

    GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.

    https://www.securityweek.com/gitlab-atlassian-patch-high-severity-vulnerabilities/

    Reply
  13. Tomi Engdahl says:

    CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine

    Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.

    https://www.securityweek.com/cisa-says-russian-hackers-targeting-western-supply-lines-to-ukraine/

    Reply
  14. Tomi Engdahl says:

    Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway

    More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.

    https://www.securityweek.com/critical-flaw-allows-remote-hacking-of-automationdirect-industrial-gateway/

    Reply
  15. Tomi Engdahl says:

    Production at Steelmaker Nucor Disrupted by Cyberattack

    American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack.

    https://www.securityweek.com/production-at-steelmaker-nucor-disrupted-by-cyberattack/

    Reply
  16. Tomi Engdahl says:

    Cellcom Service Disruption Caused by Cyberattack

    Wireless carrier Cellcom has confirmed that a week-long widespread service outage is the result of a cyberattack.

    https://www.securityweek.com/cellcom-service-disruption-caused-by-cyberattack/

    Wisconsin telecommunications provider Cellcom has confirmed that a cyberattack is responsible for a service outage it has been dealing with for the past week.

    Both voice and text services have been down for the wireless carrier’s customers in Wisconsin and Upper Michigan, and the company has started to slowly restore some of them over the past couple of days.

    “We experienced a cyber incident. While this is unfortunate, it’s not something we were unprepared for. We have protocols and plans in place for exactly this kind of situation,” Cellcom CEO Brighid Riordan said in a letter (PDF) to customers.

    Reply
  17. Tomi Engdahl says:

    Google DeepMind Unveils Defense Against Indirect Prompt Injection Attacks

    Google DeepMind has developed an ongoing process to counter the continuously evolving threatIndirect prompt injection (IPI) attacks.

    https://www.securityweek.com/google-deepmind-unveils-defense-against-indirect-prompt-injection-attacks/

    Google DeepMind has developed an ongoing process to counter the continuously evolving threat from Agentic AI’s bete noir: adaptive indirect prompt injection attacks.

    Indirect prompt injection (IPI) attacks are a serious threat to agentic AI. They interfere with the inference stage of AI operation – that is, IPI attacks influence the response from the model to the benefit of the attacker. The attacker requires no direct access to the models’ learning data – indeed, the attacker neither has nor needs any knowledge of the internal workings, probabilities, or gradients of the model – but instead relies on agentic AI’s intrinsic ability to autonomously learn from other tools.

    Consider an agentic AI system designed to improve the user’s email operations. Of necessity, the model must have access to and be able to learn from the user’s emails. Here, an IPI attacker can simply embed new instructions in an email sent to the user. Those instructions are learned by the model and can adversely affect the model’s future responses to user requests.

    Reply
  18. Tomi Engdahl says:

    Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers

    Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.

    https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/

    An analysis conducted by researchers at the Norwegian University of Science and Technology Gjøvik and the Delft University of Technology in the Netherlands showed that a significant percentage of the industrial control system (ICS) instances detected by internet scans are actually honeypots.

    The researchers used the Censys search engine to identify internet-exposed ICS. They targeted 17 widely used industrial control protocols and discovered roughly 150,000 devices across 175 countries.

    The researchers then applied various criteria to determine how many of those ICS instances were real and how many were likely or possibly honeypots, decoy systems designed to attract threat actors in an effort to obtain valuable information on attacker tactics, techniques, and procedures (TTPs).

    While Censys was used to collect the data on internet-exposed systems, the researchers noted that their methods can be applied to any source data, including Shodan and independent scanning.

    Their analysis was conducted over a period of one year, between January 2024 and January 2025. In April 2024, they determined that roughly 15% of the ICS devices they were seeing online appeared to be honeypots, and the percentage increased to 25% in January 2025.

    Reply
  19. Tomi Engdahl says:

    Kaikista Intelin prosessoreista löytyi täysin uusi haavoittuvuus
    https://etn.fi/index.php/13-news/17553-kaikista-intelin-prosessoreista-loeytyi-taeysin-uusi-haavoittuvuus

    Tietoturvatutkijat Sveitsin ETH Zürichin yliopistosta ovat löytäneet uuden, vakavan haavoittuvuuden Intelin prosessoreista. Kyseessä on täysin uusi haavoittuvuusluokka, jota kutsutaan nimellä Branch Privilege Injection. Se perustuu tapaan, jolla prosessorit ennakoivat tulevia laskentatehtäviä suorituskyvyn parantamiseksi.

    Tutkijoiden mukaan haavoittuvuus mahdollistaa prosessin välisten suojausten ohittamisen ja koko keskusmuistin sisällön lukemisen pala kerrallaan. Tietojen vuotaminen tapahtuu nopeudella, joka on kaikkea muuta kuin teoreettinen: yli 5000 tavua sekunnissa, käytännössä hyökkääjä voi lukea koko muistin muutamassa minuutissa.

    Haavoittuvuus koskee kaikkia Intelin prosessoreita, jotka on julkaistu vuodesta 2018 lähtien – niin henkilökohtaisissa tietokoneissa, kannettavissa kuin pilvipalvelinten suorittimissa. Tämä tekee uhasta erityisen vakavan erityisesti pilviympäristöissä, joissa useat käyttäjät jakavat saman laitteiston.

    Nanosekuntien mittainen turva-aukko

    Haavoittuvuus syntyy hetkellisesti, kun prosessori vaihtaa käyttäjien välillä. Juuri tässä siirtymässä ennakoivat laskennat voivat antaa hyökkääjälle mahdollisuuden päästä käsiksi toisen käyttäjän tietoihin. Kyse on nanosekunnin mittaisista ajoituksista, joita hyökkääjä voi toistaa yhä uudelleen ja lukea muistia tavu kerrallaan.

    Tutkijoiden mukaan tämä ei ole yksittäinen ohjelmistovirhe, vaan osoitus syvemmistä ongelmista prosessoriarkkitehtuurissa, jotka juontavat juurensa spekulatiivisiin suorituskykytekniikoihin. Vastaavia haavoittuvuuksia ovat aiemmin olleet esimerkiksi Spectre, Meltdown ja Retbleed.

    Intel on jo julkaissut mikrokoodipäivityksiä ongelman korjaamiseksi, ja käyttäjien suositellaan varmistavan, että kaikki käyttöjärjestelmä- ja BIOS-päivitykset on asennettu.

    Reply
  20. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Signal says it will block by default screenshots of its Windows 11 desktop app due to the privacy risks of Microsoft’s Recall; users can enable them in settings — Signal Messenger is warning the users of its Windows Desktop version that the privacy of their messages is under threat by Recall …

    “Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall
    Even after its refurbishing, Recall provides few ways to exclude specific apps.
    https://arstechnica.com/security/2025/05/signal-resorts-to-weird-trick-to-block-windows-recall-in-desktop-app/

    Reply
  21. Tomi Engdahl says:

    Reuters:
    Distributed Denial of Secrets: the TeleMessage hacker stole messages from 60+ US government users spanning about one day ending on May 4, including travel plans

    Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government
    https://www.reuters.com/world/us/hacker-who-breached-communications-app-used-by-trump-aide-stole-data-across-us-2025-05-21/

    Reply
  22. Tomi Engdahl says:

    Sergiu Gatlan / BleepingComputer:
    Maine AG filing: Coinbase says its recent data breach impacted 69,461 individuals; stolen data included government IDs, account info, and personal identifiers

    https://www.bleepingcomputer.com/news/security/coinbase-says-recent-data-breach-impacts-69-461-customers/

    Reply
  23. Tomi Engdahl says:

    Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities

    Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center.

    https://www.securityweek.com/cisco-patches-high-severity-dos-privilege-escalation-vulnerabilities/

    Reply
  24. Tomi Engdahl says:

    Cloud Security
    NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

    VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.

    https://www.securityweek.com/nato-flagged-vulnerability-tops-latest-vmware-security-patch-batch/

    Reply
  25. Tomi Engdahl says:

    Sergiu Gatlan / BleepingComputer:
    Microsoft seizes ~2,300 domains globally to disrupt Lumma’s malware-as-a-service operation, after finding 394,000+ Windows computers infected by Lumma — Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands …

    Lumma infostealer malware operation disrupted, 2,300 domains seized
    https://www.bleepingcomputer.com/news/security/lumma-infostealer-malware-operation-disrupted-2-300-domains-seized/

    Reply
  26. Tomi Engdahl says:

    Eric Geller / Cybersecurity Dive:
    In a joint statement, the US, France, Germany, and eight other countries say Russia has stepped up cyber attacks on firms aiding Ukraine, often via Fancy Bear
    https://www.cybersecuritydive.com/news/russia-hacking-ukraine-aid-logistics-tech-companies-advisory/748723/

    Reply
  27. Tomi Engdahl says:

    Jason Leopold / Bloomberg:
    Sources and docs: a “major lapse” at Thoma Bravo’s Opexus, which helps US agencies manage investigations and FOIA, let two convicted hackers delete databases

    Hack of Contractor Was at Root of Massive Federal Data Breach

    Failures in cybersecurity practices at a software company that helps federal agencies manage investigations and FOIA requests allowed two convicted hackers to delete databases, according to internal documents.

    https://www.bloomberg.com/news/articles/2025-05-21/security-failures-behind-us-contractor-s-data-breach?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTc0NzgzMjU4MCwiZXhwIjoxNzQ4NDM3MzgwLCJhcnRpY2xlSWQiOiJTV0xWU0pEV1gyUFMwMCIsImJjb25uZWN0SWQiOiIyQjE3NzFFOTlEODc0QzRDOTY1Njg1RTZBQkJGM0QwRCJ9.80gcRhIo8feGYPj3TsvjoKwo-250-5xR2xN3wkwikxI&leadSource=uverify%20wall

    Reply
  28. Tomi Engdahl says:

    Wolt: Kaikki ravintolat suljettu
    Wolt-sovelluksessa on laaja vikatilanne.
    https://www.iltalehti.fi/kotimaa/a/782cb1f8-0c20-43b4-93f9-c9b526294a37

    Wolt-sovelluksessa on laaja vikatilanne. Sovellus näyttää, että kaikki ravintolat olisivat suljettu.

    Sovellus ilmoittaa kaikkien ravintoloiden kohdalla, että ne eivät ota tilauksia vastaan juuri nyt

    Reply
  29. Tomi Engdahl says:

    Woltissa oli laaja häiriö
    Wolt-sovelluksessa oli torstaina laaja vikatilanne.
    https://www.iltalehti.fi/kotimaa/a/782cb1f8-0c20-43b4-93f9-c9b526294a37

    Wolt-sovelluksessa oli torstaina laaja vikatilanne noin kello 15 lähtien. Sovellus näytti noin puolen tunnin ajan, että kaikki ravintolat olisivat suljettu.

    Sovellus ilmoitti kaikkien ravintoloiden kohdalla, että ne eivät ota tilauksia vastaan juuri nyt. Ongelma näyttäytyi samanlaisena kaikissa kaupungeissa.

    Sovellus alkoi toimimaan kello 15.30 jälkeen. Woltin viestintäpäällikkö Jenni Jusslin kertoo Iltalehdelle, että häiriön taustalla oli tekninen vika.

    – Sen takia Woltissa oli hetkellinen käyttökatkos. Tilanne on saatu nyt korjattua, Jusslin kertoo.

    Tuore päätös

    Wolt oli aiemmin torstaina esillä medioissa, sillä korkein hallinto-oikeus päätti, että lähetit ovat Woltin työntekijöitä, eivät itsenäisiä yrittäjiä.

    KHO totesi 22. toukokuuta annetussa päätöksessään, että vaikka lähettien työhön liittyy paljon itsenäiseen yrittämiseen liittyviä piirteitä, sen ratkaisemassa asiassa täyttyivät kaikki työsopimuslain mukaiset työsuhteen tunnusmerkit.

    Reply
  30. Tomi Engdahl says:

    Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw

    Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.

    https://www.securityweek.com/akamai-microsoft-disagree-on-severity-of-unpatched-badsuccessor-flaw/

    Reply
  31. Tomi Engdahl says:

    Marks & Spencer Expects Ransomware Attack to Cost $400 Million

    UK retailer Marks & Spencer expects the disruptions caused by the recent cyberattack to continue through July.

    https://www.securityweek.com/marks-spencer-expects-ransomware-attack-to-cost-400-million/

    UK retailer Marks & Spencer (MKS.L) has shared another update on the impact of the recent cyberattack, and the company estimates that the incident will cost it £300 million (roughly $400 million).

    However, M&S pointed out in a filing with the London Stock Exchange that this is expected to be the financial impact on 2025 and 2026 operating profit, but the amount should be “reduced through management of costs, insurance and other trading actions”.

    The cyberattack has caused significant disruptions for the company. The retailer, which has more than 60,000 employees and 500 stores, is now in the process of recovering and restoring its systems.

    Reply
  32. Tomi Engdahl says:

    Security Theater or Real Defense? The KPIs That Tell the Truth

    In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.

    https://www.securityweek.com/security-theater-or-real-defense-the-kpis-that-tell-the-truth/

    Reply
  33. Tomi Engdahl says:

    Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough

    Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.

    https://www.securityweek.com/taming-the-hacker-storm-why-millions-in-cybersecurity-spending-isnt-enough/

    Reply
  34. Tomi Engdahl says:

    From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth

    The 15th edition of NATO’s Locked Shields cyber defense exercise brought together 4,000 experts from 41 countries.

    https://www.securityweek.com/from-60-to-4000-natos-locked-shields-reflects-cyber-defense-growth/

    Reply
  35. Tomi Engdahl says:

    Wired:
    A security researcher finds an exposed Elastic database with 184M records, including login credentials for Apple, Meta, Google, and others; its owner is unknown

    Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
    A trove of breached data, which has now been taken down, includes user logins for platforms including Apple, Google, and Meta. Among the exposed accounts are ones linked to dozens of governments.
    https://www.wired.com/story/mysterious-database-logins-governments-social-media/

    Reply
  36. Tomi Engdahl says:

    Palkkojen maksussa ongelma – Taas
    Kaikki eivät ole saaneet tänään saataviaan sovitusti.
    https://www.iltalehti.fi/digiuutiset/a/8170679c-bf67-4fd2-879d-69f806079e30

    Iltalehden lukijat ovat ilmoittaneet perjantaiaamuna ongelmista palkkojen ja Kelan etuuksien maksuissa. Yhteydenottojen mukaan rahat eivät ole tulleet tileille normaalisti.

    Pankki­ongelmia
    Osa odottelee palkkapäivänsä saamisia.
    https://www.is.fi/digitoday/art-2000011253118.html

    Useat Ilta-Sanomien lukijat raportoivat perjantaiaamuna, etteivät palkat ole siirtyneet pankkitileille. Ongelmista raportoivat useiden eri pankkien asiakkaat.

    Lukijoiden mukaan ongelmia on esimerkiksi S-Pankin, Nordean, Danske Bankin ja Pop Pankin asiakkailla. Osa odottaa palkkapäivänsä saamisia.

    Asiaa puidaan myös sosiaalisessa mediassa. Keskustelun perusteella ongelmia ei kuitenkaan ole ollut kaikilla edellä mainittujen pankkien asiakkailla.

    Häiriön syystä ei ole tarkempaa tietoa. Pankkien mukaan kyse ei ole ainakaan laajasta ongelmasta.

    Nordean viestinnästä kerrottiin, että pankin omat palvelut toimivat normaalisti.

    Reply
  37. Tomi Engdahl says:

    OP: Tee tämä toimenpide, jos et ole jo tehnyt
    Moni on suojannut pankkikorttinsa turvarajalla. Se ei kuitenkaan välttämättä riitä enää tänä päivänä.
    https://www.iltalehti.fi/digiuutiset/a/fc023d70-27fc-4bf8-9753-9af5f78b8f22

    OP:n mukaan valtaosa yhtiön asiakkaista on määritellyt maksukorttiinsa turvarajan, joka rajoittaa vahinkoja siinä tapauksessa, että kortti tai sen tiedot päätyvät vääriin käsiin. OP on kuitenkin huolissaan siitä, että vain hyvin harva on tehnyt saman käyttötililleen.

    Petostorjunnan asiantuntia Maija Ahonen OP Ryhmästä alleviivaa yhtiön tiedotteessa, että turvarajojen asettaminen käyttötilille on tänä päivänä tärkeämpää kuin koskaan aiemmin.

    – Aikaisemmin huijaukset kohdistuivat pääasiassa korttimaksuihin, jolloin opittiin suojaamaan kortit turvarajoilla. Nykyään valtaosa väärinkäytöksistä on tunnusten kalastelua, jossa huijari vie rahat tilisiirtojen avulla, Ahonen sanoo toivoen, että kortin turvarajoja vastaavat rajat asetettaisiin myös tileille.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*