This posting is here to collect cyber security news in May 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in May 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
136 Comments
Tomi Engdahl says:
Nyt tuli kirjaimellisesti sairas huijausviesti
Viesti kehottaa hakeutumaan kiireelliseen hoitoon.
Nyt tuli kirjaimellisesti sairas huijausviesti
https://www.is.fi/digitoday/tietoturva/art-2000011206073.html
Tomi Engdahl says:
Nämä kaikki tietosi Meta kaappaa käyttöönsä – vain hetki aikaa estää
https://www.is.fi/digitoday/tietoturva/art-2000011202349.html
Tomi Engdahl says:
Micah Lee / micahflee:
A hacker breaches TeleMessage, which makes modified versions of apps like Signal used by US officials including JD Vance, leaking some chats, contacts, and more — TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked
The Signal Clone the Trump Admin Uses Was Hacked
https://micahflee.com/the-signal-clone-the-trump-admin-uses-was-hacked/
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.
A hacker has gained access to the Signal message archiving tool which Mike Waltz accidentally revealed to the world.
A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.
The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.
Kevin Breuninger / CNBC:
TeleMessage’s parent company says it is “investigating a potential security incident” and has suspended all of its services “out of an abundance of caution”
Messaging app used by Trump official suspends operations after reported hack
https://www.cnbc.com/2025/05/05/signal-telemessage-hack-trump-waltz.html
Key Points
The messaging app seen being used by President Donald Trump’s former national security advisor, Michael Waltz, is temporarily suspending services following a reported hack.
“Out of an abundance of caution, all TeleMessage services have been temporarily suspended,” a spokesperson for TeleMessage’s parent company, Smarsh, said.
A recent photo of Waltz indicated he was communicating on TeleMessage with Vice President JD Vance, Secretary of State Marco Rubio, director of national intelligence Tulsi Gabbard and special envoy Steve Witkoff.
Tomi Engdahl says:
Matt Burgess / Wired:
Researchers warn that open-source Go serialization tool easyjson, owned by Russia’s VK Group and used by the US DOD and others, poses a national security risk — The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK …
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.
https://www.wired.com/story/easyjson-open-source-vk-ties/
Since Russian troops invaded Ukraine more than three years ago, Russian technology companies and executives have been widely sanctioned for supporting the Kremlin. That includes Vladimir Kiriyenko, the son of one of Vladimir Putin’s top aides and the CEO of VK Group, which runs VK, Russia’s Facebook equivalent that has increasingly shifted towards the regime’s repressive positioning.
Now cybersecurity researchers are warning that a widely used piece of open source code—which is linked to Kiriyenko’s company and managed by Russian developers—may pose a “persistent” national security risk to the United States. The open source software (OSS), called easyjson, has been widely used by the US Department of Defense and “extensively” across software used in the finance, technology, and healthcare sectors, say researchers at security company Hunted Labs, which is behind the claims. The fear is that Russia could alter easyjson to steal data or otherwise be abused.
Tomi Engdahl says:
Geoffrey A. Fowler / Washington Post:
Meta AI brings more privacy risks than ChatGPT and Gemini, building a Memory file including the user’s sensitive personal info, like fertility and payday loans — Meta’s chatbot remembers everything, even what you might not want it to. — Mark Zuckerberg has a new way to invade your privacy: a creepier version of ChatGPT.
https://www.washingtonpost.com/technology/2025/05/05/meta-ai-privacy/
Tomi Engdahl says:
Kommentti: Nordeaan hyökättiin – tiedämme sen, koska viime syksynä tapahtui jotain poikkeuksellista
Suomalaiset osaavat olla herkkänahkaisia joutuessaan vaikuttamisen kohteeksi, kirjoittaa Ilta-Sanomien toimittaja Henrik Kärkkäinen.
Kommentti: Nordeaan hyökättiin – tiedämme sen, koska viime syksynä tapahtui jotain poikkeuksellista
https://www.is.fi/digitoday/tietoturva/art-2000011135639.html
Harald thomos says:
Thanks for the valuable info! Need help with your Netgear Extender setup? We’ll get you connected in no time!
Tomi Engdahl says:
Tivi: Viranomainen alkoi selvittää Postin toimintaa
Viranomainen on saanut useamman yhteydenoton, kertoo Tivi.
Tivi: Viranomainen alkoi selvittää Postin toimintaa
https://www.is.fi/digitoday/tietoturva/art-2000011211446.html
Tomi Engdahl says:
https://www.facebook.com/share/p/16TydARiki/
Law enforcement and school districts across the country are warning about the TikTok challenge, saying it risks posing a major fire hazard.
In Arizona, students at Bullhead City Middle School were briefly evacuated Thursday after a Chromebook laptop computer began emitting smoke in a classroom. Six Chromebooks were also vandalized yesterday and today at Fox Creek Junior High School using the same TikTok challenge methods, though none caught fire.
The so-called “Chromebook Challenge” targets Google’s low-cost laptops since they are widely used in schools and issued to students. But it looks like some kids have been recording themselves deliberately damaging the laptops to take part in the TikTok challenge.
The goal is to cause the Chromebooks to emit sparks or fire by inserting objects, such as a paperclip, pencil lead, or scissors, into the laptop’s charging or USB ports. Google didn’t immediately respond to a request for comment.
#google #chromebookchallenge #tiktokchallenge
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17509-fakeupdates-vaikutti-6-prosentissa-organisaatioita
Tomi Engdahl says:
https://etn.fi/index.php/opinion/17510-selain-on-yritysten-tietoturvan-sokea-piste
Yritykset nojaavat yhä enemmän verkkoselaimiin päivittäisessä työssään, mutta samalla altistuvat vakaville tietoturvauhille. NordLayerin kyberturva-asiantuntijan mukaan perinteiset selaimet muodostavat tietoturvan sokean pisteen, jota on vaikea valvoa ja suojata – erityisesti pienemmissä organisaatioissa, sanoo NordLayerin asiantuntija Edvinas Buinovskis.
Nykyään jopa 80 prosenttia työtehtävistä voidaan hoitaa selaimen kautta. Tämä on lisännyt työn tehokkuutta ja yhteistyömahdollisuuksia, mutta samalla tuonut mukanaan uusia riskejä. Verkkoselaimet eivät ole lähtökohtaisesti suunniteltu yritysturvallisuutta silmällä pitäen, vaan ne on rakennettu käyttäjäystävällisiksi – ja juuri tämä tekee niistä alttiita sekä ulkoisille hyökkäyksille että sisäisille väärinkäytöksille.
Edvinas Buinovskis muistuttaa, että perinteisten selainten rajoittunut näkyvyys tekee niistä houkuttelevan väylän tietovuodoille. Työntekijä voi esimerkiksi siirtää luottamuksellista tietoa yrityksen ulkopuolelle lähettämällä sen henkilökohtaisella sähköpostilla tai lataamalla sen pilvipalveluun – eikä turvallisuustiimi välttämättä koskaan saa tietää asiasta.
Toinen kasvava uhka liittyy selaimeen asennettaviin laajennuksiin. Monet työntekijät asentavat laajennuksia, jotka helpottavat heidän työskentelyään, mutta osa näistä voi olla haitallisia.
Lisäksi yhä useampi työntekijä käyttää työssään luvattomia verkkopohjaisia sovelluksia eli niin sanottua varjotietotekniikkaa. Nämä sovellukset voivat olla epäluotettavia tai sisältää tietoturva-aukkoja, mutta koska niiden käyttö ei välttämättä näy organisaation tietoturvavalvonnassa, niiden aiheuttamat riskit jäävät helposti piiloon.
Lopuksi on huomioitava myös tahalliset sisäiset uhkat. Jos työntekijä toimii vilpillisesti, perinteisen selaimen rajoitettu käyttäjäanalytiikka ja valvonta tekevät hänen toiminnastaan vaikeasti havaittavaa. Tämä voi johtaa siihen, että esimerkiksi kilpailijalle vuotaa liiketoiminnan kannalta arkaluonteista tietoa – eikä siitä jää mitään jälkeä järjestelmiin.
- Yritysten tulisi joko panostaa kattavaan kyberturvastrategiaan tai ottaa käyttöön erityisesti yrityskäyttöön suunniteltuja selaimia, joissa on sisäänrakennetut valvonta- ja turvallisuusominaisuudet, sanoo Buinovskis. Hänen mukaansa myös työntekijöiden tietoturvakoulutus on keskeinen osa suojausta, sillä inhimilliset virheet ovat edelleen yleisin syy tietomurtoihin.
Tomi Engdahl says:
Lauren Goode / Wired:
In the age of deepfakes, some are using tactics like asking rapid-fire questions or sharing code words with each other to verify identity online — As AI-driven fraud becomes increasingly common, more people feel the need to verify every interaction they have online.
Deepfakes, Scams, and the Age of Paranoia
As AI-driven fraud becomes increasingly common, more people feel the need to verify every interaction they have online.
https://www.wired.com/story/paranoia-social-engineering-real-fake/
Tomi Engdahl says:
https://www.securityweek.com/marks-spencer-says-data-stolen-in-ransomware-attack/
Tomi Engdahl says:
Artificial Intelligence
Applying the OODA Loop to Solve the Shadow AI Problem
By taking immediate actions, organizations can ensure that shadow AI is prevented and used constructively where possible.
https://www.securityweek.com/applying-the-ooda-loop-to-solve-the-shadow-ai-problem/
With AI introducing efficiency, automation, and reduced operational costs, organizations are embracing AI tools and technology with open arms. At the user level, more employees resort to personal AI tools to save time, work smarter, and increase productivity. According to a study in October 2024, Seventy-five percent of knowledge workers currently use AI, with 46% stating they would not relinquish it even if their organization did not approve of its use. Organizations are confronting the challenge of shadow AI, as employees utilize unauthorized AI tools without company consent, leading to risks related to data exposure, compliance, and operations.
Applying the OODA Loop to the Shadow AI Dilemma
The OODA loop is a U.S. military mental model that stands for Observe, Orient, Decide, and Act. It is a four-step decision-making framework that collects every piece of data and puts it in perspective to facilitate rapid decision-making regarding a course of action that achieves the best outcome. It’s not a procedure run once; it’s an endless loop where decisions and actions are revised as new feedback and data appear.
Here’s how the OODA loop can be applied to prevent and mitigate shadow AI:
Observe: Detecting Shadow AI
Organizations should have complete visibility of their AI model inventory. Inconsistent network visibility arising from siloed networks, a lack of communication between security and IT teams, and point solutions encourages shadow AI.
Orient: Understanding Context and Impact
With “zero-knowledge threat actors” using AI to conduct attacks on businesses, the barrier to entry for AI-driven cybercrime has been significantly lowered. Combine this with shadow AI that has less oversight and vetted security measures, and it’s a security free fall for organizations. Unsanctioned AI tools make organizations vulnerable to attacks such as data breaches, injecting buggy code into business workflows, or compliance and NDA breaches by inadvertently exposing sensitive information to third-party AI platforms.
Decide: Defining Policies
Organizations must set clearly defined yet flexible policies regarding the acceptable use of AI to enable employees to use AI responsibly. Such policies need to allow granular control from binary approval (approve/not approve AI tools) to more sophisticated levels like providing access based on users’ role and responsibility, limiting or enabling certain functionalities within an AI tool, or specifying data-level approvals where sensitive data can be processed only in approved environments. The policies should adapt to unfolding opportunities and threats and align with the organization’s needs and security priorities.
Act: Enforcing Policies and Monitoring
The final step involves applying the defined policies, monitoring them, and refining them repeatedly based on outcomes and feedback. Effective enforcement must be uniform and centralized, ensuring that all users, networks, and devices adhere to AI governance principles without gaps.
Organizations must evaluate and formally incorporate shadow AI tools offering substantial value to ensure their use in secure and compliant environments. Access controls need to be tightened to avoid unapproved installations; zero trust and privilege management policies can assist in this regard. AI-driven monitoring systems need to be implemented to guarantee continuous monitoring. Real-time feedback loops through these systems can assist organizations in fine-tuning their response mechanisms.
By taking immediate actions, organizations can ensure that shadow AI is prevented and used constructively where possible. Centralized governance, reinforced by automated monitoring and adaptive security policies, will allow organizations to reduce exposure risks while optimizing AI utility.
Tomi Engdahl says:
23andMe, the genetic testing giant once valued in the billions, is now navigating Chapter 11 bankruptcy and notifying millions of current and former customers that they may be eligible to file claims as part of the restructuring process.
The company and 11 of its subsidiaries, including Lemonaid Health and LPRXOne, filed for bankruptcy protection on March 23 of this year in the Eastern District of Missouri.
Customers were alerted Sunday that they have until July 14 to file claims for losses incurred.
Read more from Connie Loizos here: https://tcrn.ch/4m3zS5w
#TechCrunch #technews #23andMe #bankruptcy #biotech
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17527-eu-ryhtyi-julkaisemaan-haavoittuvuuksien-tietokantaa
Tomi Engdahl says:
Niket Nishant / Reuters:
Coinbase says hackers accessed data for a “small subset” of users, but not login credentials, expects to incur $180M-$400M in costs, and refuses a $20M ransom
Coinbase expects up to $400 million hit from cyber attack
https://www.reuters.com/business/coinbase-says-cyber-criminals-stole-account-data-some-customers-2025-05-15/
May 15 (Reuters) – Coinbase (COIN.O)
, opens new tab forecast a hit between $180 million and $400 million from a cyber attack that breached account data of a “small subset” of its customers, sending the crypto exchange’s shares down 3% in premarket trading on Thursday.
The company said it received an email from an unknown threat actor on May 11, claiming to have information about certain customer accounts as well as internal documents.
Tomi Engdahl says:
Johnny Ryan / Irish Council for Civil Liberties:
The Belgian Court of Appeal rules the Transparency & Consent Framework, used by Google, Microsoft, Amazon, and much of the internet, is illegal across Europe — Landmark court decision against “TCF” consent pop ups on 80% of the internet — Google, Microsoft, Amazon, X …
EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis
Landmark court decision against “TCF” consent pop ups on 80% of the internet
https://www.iccl.ie/digital-data/eu-ruling-tracking-based-advertising-by-google-microsoft-amazon-x-across-europe-has-no-legal-basis/
Google, Microsoft, Amazon, X, and the entire tracking-based advertising industry rely on the “Transparency & Consent Framework” (TCF) to obtain “consent” for data processing. This evening the Belgian Court of Appeal ruled that the TCF is illegal. The TCF is live on 80% of the Internet.[1]
Today’s decision arises from enforcement by the Belgian Data Protection Authority, prompted by complainants coordinated by Dr Johnny Ryan, Director of Enforce at the Irish Council for Civil Liberties. The group of complainants are: Dr Johnny Ryan of Enforce, Katarzyna Szymielewicz of the Panoptykon Foundation, Dr Jef Ausloos, Dr Pierre Dewitte, Stichting Bits of Freedom, and Ligue des Droits Humains.
Dr Johnny Ryan said “Today’s court’s decision shows that the consent system used by Google, Amazon, X, Microsoft, deceives hundreds of millions of Europeans. The tech industry has sought to hide its vast data breach behind sham consent popups. Tech companies turned the GDPR into a daily nuisance rather than a shield for people.”
This Belgian enforcement arises from a chain of complaints and litigation across Europe initiated by Dr Ryan in 2018 against Real-Time Bidding (RTB).
Today’s decision confirmed the Belgian Data Protection Authority’s 2022 finding of multiple infringements by the TCF, closely echoing the complainants’ submissions.
For seven years, the tracking industry has used the TCF as a legal cover for Real-Time Bidding (RTB), the vast advertising auction system that operates behind the scenes on websites and apps. RTB tracks what Internet users look at and where they go in the real world. It then continuously broadcasts this data to a host of companies, enabling them to keep dossiers on every Internet user.[2] Because there is no security in the RTB system it is impossible to know what then happens to the data. As a result, it is also impossible to provide the necessary information that must accompany a consent request.[3]
Today’s judgement confirms the Belgian Data Protection Authority’s 2022 decision. It applies immediately across Europe.
Tomi Engdahl says:
Microsoft Cuts Off Access to Bing Search Data as It Shifts Focus to Chatbots
Microsoft is limiting access to tools that boosted its rivals, but larger customers like DuckDuckGo say they won’t be affected.
https://www.wired.com/story/bing-microsoft-api-support-ending/
Tomi Engdahl says:
Joe Tidy / BBC:
Hacking group DragonForce says it stole UK retailer Co-op’s customer data and planned to deploy ransomware, but Co-op quickly shut down its systems, unlike M&S — Co-op narrowly averted being locked out of its computer systems during the cyber attack that saw customer data stolen …
‘They yanked their own plug’: How Co-op averted an even worse cyber attack
https://www.bbc.com/news/articles/cwy382w9eglo
Co-op narrowly averted being locked out of its computer systems during the cyber attack that saw customer data stolen and store shelves left bare, the hackers who claim responsibility have told the BBC.
The revelation could help explain why Co-op has started to recover more quickly than fellow retailer M&S, which had its systems more comprehensively compromised, and is still unable to carry out online orders.
Hackers who have claimed responsibility for both attacks told the BBC they tried to infect Co-op with malicious software known as ransomware – but failed when the firm discovered the attack in action.
Both Co-op and M&S declined to comment.
Tomi Engdahl says:
https://www.cnbc.com/2025/05/15/cyber-firm-proofpoint-to-buy-europes-hornetsecurity-as-it-eyes-ipo.html
Tomi Engdahl says:
EU syyttää Tiktokia digisäädösten rikkomisesta – ei anna tarpeeksi tietoa mainoksista
Komission digiasioista vastaava komissaari Henna Virkkunen sanoo, että Tiktokin mainoskirjasto ei täytä säädöksen vaatimuksia.
EU syyttää Tiktokia digisäädösten rikkomisesta – ei anna tarpeeksi tietoa mainoksista
Komission digiasioista vastaava komissaari Henna Virkkunen sanoo, että Tiktokin mainoskirjasto ei täytä säädöksen vaatimuksia.
https://yle.fi/a/74-20162012
Tomi Engdahl says:
US warns companies around the world to stay away from Huawei chips
US aims to toughen export controls on tech used by China to make AI processors.
https://arstechnica.com/gadgets/2025/05/us-warns-companies-around-the-world-to-stay-away-from-huawei-chips/?fbclid=IwY2xjawKSuxdleHRuA2FlbQIxMQABHnD2PqGLHSS4U9usWJ6p8M0cUkAHWPFl5EJ5HLIXH8qv9m6aAgYX_JeSelNA_aem_vkOMioTn0haRUWOhQZtDxg
President Donald Trump’s administration has taken a tougher stance on Chinese technology advances, warning companies around the world that using artificial intelligence chips made by Huawei could trigger criminal penalties for violating US export controls.
The commerce department issued guidance to clarify that Huawei’s Ascend processors were subject to export controls because they almost certainly contained, or were made with, US technology.
Tomi Engdahl says:
Kaikki meni pieleen Virossa
Historiallinen harjoitus tarjosi viranomaisille paljon pureskeltavaa.
https://www.iltalehti.fi/ulkomaat/a/f3583b85-2e71-4a43-a5b8-35e187127e11
Viron historiallinen väestönvaroitusharjoitus meni monin tavoin mönkään.
Kun sireenien oli määrä alkaa ulvoa kello 15, kolmasosa niistä ei toiminutkaan, yleisradioyhtiö ERR kertoo. Osa testatuista sireeneistä alkoi soida myöhässä, osa ei ollenkaan.
Toimineissakin kovaäänisissä oli ongelmia. Maaleht-viikkolehden mukaan osa virolaisista oli sitä mieltä, että sireenit huusivat turhan hiljaa.
Myös harjoituksesta muistuttaminen epäonnistui. Testistä oli tarkoitus lähettää kaksi muistutustekstiviestiä kaikkiin puhelimiin Virossa. Ensimmäinen muistutusviesti tuli isolle osalle vastaanottajista jopa yli puoli tuntia myöhässä. Lopulta tekstiviestit tavoittivat noin 1,5 miljoonaa laitetta.
Virolaisen Ole valmis -sovelluksen kautta lähetetyt muistutukset jäivät niin ikään huomattavasti aikataulusta.
Haasteista huolimatta viranomaiset saivat harjoituksesta paljon hyviä oppeja jatkoa varten.
– Osa niistä oli odotettuja, osaa meidän täytyä tarkastella hieman tarkemmin.
Testi oli osa Viron historian laajinta Siili-sotaharjoitusta. Siihen osallistuu sotilaita myös Suomesta.
Puutteet Viron valmiusasioissa ovat herättäneet keskustelua varsinkin Venäjän hyökättyä laajamittaisesti Ukrainaan. Viime vuonna Viron hallitus julkaisi erityisen väestönsuojelun toimintasuunnitelman, jolla pyritään valmistautumaan mahdolliseen poikkeustilaan.
Tomi Engdahl says:
Nation-State
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
https://www.securityweek.com/chinese-hackers-hit-drone-sector-in-supply-chain-attacks/
A Chinese threat actor was seen disrupting the drone supply chain in multi-wave attacks against various organizations in Taiwan and South Korea, Trend Micro reports.
Dubbed Earth Ammit and believed to be tied to Chinese APTs, the hacking group was seen launching two attack campaigns between 2023 and 2024, targeting organizations across multiple sectors to compromise trusted supply chains.
Named Tidrone and Venom, the campaigns hit military, heavy industry, software services, satellite, technology, media, and healthcare organizations, using both open source and custom tools to achieve malicious goals.
The Tidrone campaign was initially detailed in September 2024, after the Chinese hackers were seen abusing enterprise resource planning (ERP) software and remote desktop access to deploy the Cxclnt and Clntend backdoors, steal information, and disable security protections.
In a fresh report, Trend Micro explains that the Venom campaign occurred prior to Tidrone, targeting service providers and technology companies in Taiwan, and heavy industry firms in South Korea.
“Earth Ammit’s strategy centered around infiltrating the upstream segment of the drone supply chain. By compromising trusted vendors, the group positioned itself to target downstream customers – demonstrating how supply chain attacks can ripple out and cause broad, global consequences,” Trend Micro notes.
Tomi Engdahl says:
Wille Rydmanilta painava varoitus Tiktokista: ”Jos Suomessa alkaisi samanlainen toiminta”
https://www.iltalehti.fi/politiikka/a/03eeebec-161a-49b5-a830-95c792407e7c
Elinkeinoministeri Wille Rydman otti esille varoittavan esimerkin Tiktokin datakeskuksista.
Rydman viittasi julkaisuissaan helmikuussa julkaistuun Financial Timesin artikkeliin, jossa kerrottiin datakeskusten ”porsaanrei’istä”.
– Kiinalaisia datakeskuksia on maailmalla hyödynnetty kyseenalaisiin tarkoituksiin, kuten artikkelista käy ilmi. Jos Suomessa alkaisi samanlainen toiminta, se voisi vaarantaa monia meille hyvin tärkeitä kaupallisia, teollisia ja poliittisia etuja.
Kiinalaisyrityksiä on kielletty vuodesta 2023 lähtien ostamasta parhaimpia Nvidia-siruja Yhdysvaltojen ulkopuolelta. Yritykset ovat kuitenkin voineet päästä käsiksi siruihin datakeskusten vuokralaisina.
Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email [email protected] to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
https://www.ft.com/content/18b01821-846c-41fe-ba0b-befc2bdf109e
US private equity-backed data centres fuel growth of TikTok’s Chinese owner
Global buyout groups often do not know whether ByteDance uses their facilities to exploit a legal loophole to access chips
Tomi Engdahl says:
Crypto giant Coinbase has confirmed its systems have been breached and customer data, including government-issued identity documents, were stolen.
In a legally required filing with U.S. regulators, Coinbase said a hacker this week told the company that they had obtained information about customer accounts, and demanded money from the company in exchange for not publishing the stolen data.
Read more from Zack Whittaker here: https://tcrn.ch/4j278HG
#TechCrunch #technews #fintech #coinbase #cybersecurity #crypto
Tomi Engdahl says:
Endpoint Security
Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks
Intel, AMD and Arm each published security advisories on Patch Tuesday, including for newly disclosed CPU attacks.
https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-arm-respond-to-new-cpu-attacks/
Chip giants Intel, AMD and Arm each published Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products, including ones related to newly disclosed CPU attacks.
One of the CPU attacks was disclosed this week by researchers at Swiss university ETH Zurich. The researchers discovered a branch privilege injection issue, tracked as CVE-2024-45332, that they claim “brings back the full might of branch target injection attacks (Spectre-BTI) on Intel”.
The researchers claim that while Intel’s Spectre-BTI (aka Spectre v2) mitigations have worked for nearly six years, they have now found a way to break them due to a race condition impacting Intel CPUs.
Spectre-style attacks could allow an attacker who has access to the targeted system to obtain potentially valuable information from memory, such as encryption keys and passwords.
In its advisory, Intel said it’s releasing microcode updates to mitigate CVE-2024-45332, which it described as a sensitive information disclosure issue.
AMD has published an advisory to inform customers that — as stated by the researchers as well — the vulnerability does not impact its CPUs.
Another CPU attack was disclosed this week by researchers at Dutch university VU Amsterdam. Their analysis, dubbed Training Solo, led to the discovery of three new classes of self-training Spectre v2 attacks, which highlight the limitations of domain isolation.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-soon-block-screen-capture-during-meetings/
Tomi Engdahl says:
Critical 10/10 Microsoft Cloud Security Vulnerability Confirmed
https://www.forbes.com/sites/daveywinder/2025/05/11/microsoft-confirms-critical-1010-cloud-security-vulnerability/
It’s not often that a truly critical security vulnerability emerges that hits the maximum Common Vulnerability Scoring System severity rating of 10. This is one of those times.
Microsoft has confirmed multiple vulnerabilities rated as critical and impacting core cloud services, one of which has reached the unwelcome heights of that 10/10 criticality rating. The good news is that none are known to have been exploited in the wild, none have already been publicly disclosed, and as a user, there’s nothing you need to do to protect your environment.
Tomi Engdahl says:
Hidden devices in Chinese solar gear spark U.S. fears of remote shutdowns and power grid sabotage. https://link.ie.social/ERgqOY
Tomi Engdahl says:
https://www.malwarebytes.com/blog/news/2025/04/all-gmail-users-at-risk-by-clever-replay-attack
Tomi Engdahl says:
Beyond Code: How to Create Beautiful Documentation That Developers Actually Love (Best Practices)
#
programming
#
productivity
#
ai
#
tutorial
In the world of software development, documentation often feels like an afterthought – a chore relegated to the end of a sprint, or worse, skipped entirely. Yet, ask any developer about their biggest frustrations, and wading through poor, outdated, or non-existent documentation will invariably rank high. Conversely, encountering clear, concise, and well-structured documentation can feel like finding an oasis in a desert – it accelerates understanding, reduces friction, and ultimately makes the development process more enjoyable and productive.
https://dev.to/therealmrmumba/beyond-code-how-to-create-beautiful-documentation-that-developers-actually-love-best-practices-hc4
Tomi Engdahl says:
https://blog.ret2.io/2025/04/23/pwn2own-soho-2024-diskstation/
Exploiting the Synology DiskStation with Null-byte Writes
Tomi Engdahl says:
https://www.xda-developers.com/set-up-ssh-honeypot-internet-scary/
Tomi Engdahl says:
Linux Security Software Turned Against Users
Security researchers at Sysdig discover threat actors repurposing legitimate open source security tools for cyberattacks, with Chinese-sponsored UNC5174 group leveraging Linux-based VShell and other tools to evade detection.
https://thenewstack.io/linux-security-software-turned-against-users/
Tomi Engdahl says:
‘Rogue’ devices found in Chinese solar inverters raises cybersecurity alarm in Europe
https://www.pv-tech.org/rogue-devices-found-in-chinese-solar-inverters-raises-cybersecurity-alarm-in-europe/
Tomi Engdahl says:
https://www.theregister.com/2025/05/11/cpu_ransomware_rapid7/
Tomi Engdahl says:
https://cybersecuritynews.com/linux-kernels-nftables-vulnerability-poc/
Tomi Engdahl says:
https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/
Tomi Engdahl says:
https://techcrunch.com/2025/05/09/florida-bill-requiring-encryption-backdoors-for-social-media-accounts-has-failed/
Tomi Engdahl says:
As US vuln-tracking falters, EU enters with its own security bug database
EUVD comes into play not a moment too soon
https://www.theregister.com/2025/05/13/eu_security_bug_database/
Tomi Engdahl says:
https://cybersecuritynews.com/webmin-vulnerability-escalate-privileges/
Tomi Engdahl says:
https://www.wired.com/story/easyjson-open-source-vk-ties/
Tomi Engdahl says:
https://www.f-secure.com/fi/router-checker
Tomi Engdahl says:
‘My husband’s been jailed for 10 years over a single tweet – he only has 41 followers’
Ahmed al-Doush, 41, was arrested at King Khalid International Airport in Riyadh, Saudi Arabia, last year as he was preparing to fly home to Manchester with his family, and now faces jail
https://www.mirror.co.uk/news/uk-news/my-husbands-been-jailed-10-35221611?utm_medium=Social&utm_source=Facebook&fbclid=IwY2xjawKXBIVleHRuA2FlbQIxMQABHhBKLokjr-cNsPovC61yyU-L-cW_xZTB4wEz_HeZYbWJe_Fo3zPdLQQLUy-2_aem_WmIhIA6GWDGTT4Vrxt_6-Q#Echobox=1747212884
Tomi Engdahl says:
The 23andMe saga has reached a new stage. After seven million customers had their private and genetic data exposed in a 2023 breach, and the company filed for bankruptcy following a stock price free fall, the company now has new ownership.
Regeneron, a pharmaceutical maker, says that it will “prioritize the privacy, security and ethical use of 23andMe’s customer data,” though the track record of 23andMe doing so is rough. The $256 million offer will be considered by a bankruptcy court June 17.
Get the full rundown on 23andMe’s rise and fall here: https://tcrn.ch/45gPZXl
Tomi Engdahl says:
Incident Response
From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth
The 15th edition of NATO’s Locked Shields cyber defense exercise brought together 4,000 experts from 41 countries.
https://www.securityweek.com/from-60-to-4000-natos-locked-shields-reflects-cyber-defense-growth/
Tomi Engdahl says:
Nation-State
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
https://www.securityweek.com/chinese-hackers-hit-drone-sector-in-supply-chain-attacks/
A Chinese threat actor was seen disrupting the drone supply chain in multi-wave attacks against various organizations in Taiwan and South Korea, Trend Micro reports.
Dubbed Earth Ammit and believed to be tied to Chinese APTs, the hacking group was seen launching two attack campaigns between 2023 and 2024, targeting organizations across multiple sectors to compromise trusted supply chains.
Named Tidrone and Venom, the campaigns hit military, heavy industry, software services, satellite, technology, media, and healthcare organizations, using both open source and custom tools to achieve malicious goals.
The Tidrone campaign was initially detailed in September 2024, after the Chinese hackers were seen abusing enterprise resource planning (ERP) software and remote desktop access to deploy the Cxclnt and Clntend backdoors, steal information, and disable security protections.
In a fresh report, Trend Micro explains that the Venom campaign occurred prior to Tidrone, targeting service providers and technology companies in Taiwan, and heavy industry firms in South Korea.
Tomi Engdahl says:
Lauren Feiner / The Verge:
Trump signs the Take It Down Act, criminalizing the distribution of nonconsensual intimate content and requiring platforms to promptly remove it when notified — The bill sailed through Congress with a focus on deepfakes and other nonconsensual intimate images.
https://www.theverge.com/news/661230/trump-signs-take-it-down-act-ai-deepfakes