This posting is here to collect cyber security news in May 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in May 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
136 Comments
Tomi Engdahl says:
Washington Post:
Investigation: New Orleans police secretly scanned city streets with 200+ facial recognition cameras for two years, seemingly defying a 2022 city ordinance — Following records requests from The Post, officials paused the first known, widespread live facial recognition program used by police in the United States.
https://www.washingtonpost.com/business/2025/05/19/live-facial-recognition-police-new-orleans/
Tomi Engdahl says:
Major mobile network suffers massive outage in Spain weeks after electricity blackout
It comes weeks after blackouts caused chaos in the Iberian peninsula
https://www.independent.co.uk/news/world/europe/phone-network-down-spain-emergency-services-b2754269.html?utm_medium=Social&utm_source=Facebook&fbclid=IwZXh0bgNhZW0CMTEAAR6JHwbnn-0bW-R2jtjXCTuBNbvajjVrebi6VMaIiIhy7b1gjVXUeTVQscbQPA_aem_aThNjtI9rIdM0H3I_s5siQ#Echobox=1747735996
A nationwide phone network has shut down in Spain just weeks after blackouts brought chaos and heavy financial damage to the country.
Emergency services in a number of regions had to provide new telephone numbers for those in need, after phone lines collapsed following network upgrades by Telefonica.
Landline telephones were the worst affected but all voice services by Telefonica appear to have been affected to some extent, according to reports in Spanish media.
A Telefónica spokesperson said: “We have done some network upgrade work which has affected some companies’ fixed communication services (voice and internet).
Tomi Engdahl says:
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
https://www.securityweek.com/nato-flagged-vulnerability-tops-latest-vmware-security-patch-batch/
Broadcom-owned VMware on Tuesday rolled out urgent patches for two sets of flaws that expose its flagship infrastructure software to data leakage, command execution and denial-of-service attacks, with no temporary workarounds available.
The virtualization technology giant pushed out two separate bulletins documenting at least 7 vulnerabilities in the VMware Cloud Foundation, VMware ESXi, vCenter Server, Workstation, and Fusion product lines.
The more urgent advisory, VMSA-2025-0009, credits the NATO Cyber Security Centre for reporting three security defects in VMware Cloud Foundation. The highest-rated, CVE-2025-41229, is a directory-traversal issue that scores 8.2/10 on the CVSS scale.
“A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services,” the company warned.
VMware also shipped patches for an information-disclosure bug (CVSS 7.5) and a missing-authorisation error (CVSS 7.3) in VMware Cloud Foundation, a product used by enterprises to build and manage private clouds.
Tomi Engdahl says:
Vulnerabilities
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.
https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/
Researchers from CISA and NIST have proposed a new cybersecurity metric designed to calculate the likelihood that a vulnerability has been exploited in the wild.
Peter Mell of NIST and Jonathan Spring of CISA have published a paper describing equations for what they call Likely Exploited Vulnerabilities, or LEV.
Thousands of vulnerabilities are discovered every year in software and hardware, but only a small percentage are ever exploited in the wild.
Knowing which vulnerabilities have been exploited or predicting which flaws are likely to be exploited is important for organizations when trying to prioritize patching.
Known Exploited Vulnerabilities (KEV) lists such as the one maintained by CISA and the Exploit Prediction Scoring System (EPSS), which relies on data to estimate the probability that a vulnerability will be exploited, can be very useful. However, KEV lists may be incomplete and EPSS may be inaccurate.
LEV aims to enhance — not replace — KEV lists and EPSS. This is done through equations that take into account variables such as the first date when an EPSS score is available for a specified vulnerability, the date of the most recent KEV list update, inclusion in KEV, and the EPSS score for a given day (measured across multiple days).
Likely Exploited Vulnerabilities
A Proposed Metric for Vulnerability Exploitation Probability
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.41.pdf
Tomi Engdahl says:
https://www.securityweek.com/hackers-earn-over-1-million-at-pwn2own-berlin-2025/
Tomi Engdahl says:
O2 Service Vulnerability Exposed User Location
A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses.
https://www.securityweek.com/o2-service-vulnerability-exposed-user-location/
Tomi Engdahl says:
Useimmista VPN-protokollista löytyy lopulta haavoittuvuuksia
https://etn.fi/index.php/13-news/17543-useimmista-vpn-protokollista-loeytyy-lopulta-haavoittuvuuksia
Nykyiset VPN-protokollat, vaikka ne tarjoavat vahvaa salausta tämän päivän standardien mukaan, eivät välttämättä kestä tulevaisuuden kvanttitietokoneiden laskentatehoa. Asiantuntijoiden mukaan kvanttilaskennan kehittyessä suurin osa perinteisistä salausmenetelmistä altistuu ennen pitkää murtamiselle. Tämä on johtanut siihen, että VPN-palveluntarjoajat ryhtyvät toimiin uuden sukupolven uhkia vastaan.
Yksi alan toimijoista on NordVPN, ja se on vastannut haasteeseen ottamalla käyttöön kvanttiturvallisen salauksen kaikissa sovelluksissaan. Teknologia perustuu standardeihin, joita Yhdysvaltain kansallinen standardointi-instituutti (NIST) on kehittänyt tulevia uhkia varten.
NordVPN aloitti kvanttiturvallisen teknologian käyttöönoton vuonna 2024 Linux-alustalla osana NordLynx-protokollaa, ja laajensi tuen vuonna 2025 myös Windows-, macOS-, iOS- ja Android-käyttöjärjestelmiin – mukaan lukien älytelevisioalustat.
Käyttäjät voivat ottaa kvanttiturvallisen salauksen käyttöön NordVPN-sovelluksen asetuksista valitsemalla yhteysasetuksista NordLynx-protokollan. Tällöin kvanttiturvallinen salaus aktivoituu automaattisesti.
Tomi Engdahl says:
William Langley / Financial Times:
Inside China’s “stolen iPhone building”: electronics traders in Shenzhen describe how even remotely locked stolen iPhones can be stripped and sold at a profit
Inside China’s ‘stolen iPhone building’
We track the roaring trade of mobiles grabbed in London and New York, then sold in a single district in Shenzhen
https://www.ft.com/content/752f84ac-329d-4e10-ae46-7a1c27319498?accessToken=zwAGNZ51SjOwkc91L4SsMp1OENOuRnocJzGUmA.MEYCIQC9EgImlV0WP8_UeYQYrTkYb0liPq5b78n_WtMzW6eNegIhAMFQNDGgX4lNezIkU6ubpHiGb_KJznA15SHI60L9ldap&sharetype=gift&token=1cd32693-d722-4e41-b9f9-7a113fbd9fe4
In any other neighbourhood, the Feiyang Times building, a drab grey-and-brown tower in southern China, would be most notable for the gaudy, propaganda-plastered columns that line its forecourt.
But like many of the electronics markets in the labyrinthine malls of Huaqiangbei, the fourth floor of the building has its own specialism: selling second hand iPhones from Europe and the US.
Many of the phones sold here are legitimate trade-ins, returned by western consumers to network operators or phone shops when upgrading to the latest models.
But the tower also sits at a location that Apple community message boards, social media commenters and victims of phone theft have identified as China’s “stolen iPhone building”.
It is one of the most important nodes in a supply chain for second hand technology that starts in the west, travels through wholesalers in Hong Kong and on to markets in mainland China and the global south.
Online message boards complaining of stolen phones emerging in Shenzhen identify a range of locations in the city. Nearly all of them are either in the Huaqiangbei area, or near the city’s border posts with Hong Kong.
The UK’s Metropolitan Police warned in February that phone theft in London was a £50mn-a-year industry. The force seized 1,000 stolen devices and made 230 arrests in one week as part of an “intensifying clampdown”. Officials in Paris and New York have also reported rises in phone snatching.
Huaqiangbei traders say the reason second hand phones end up in Shenzhen is because they can find buyers for every component of a device in the area’s various markets, from screens and circuit boards to chips and copper. There are even traders who will buy up unwanted excess plastic, which can be melted down for use in bottles.
That means that even phones remotely locked by users in the west can be stripped down into parts and sold at a small profit, they say.
The Feiyang tower is not the only mall in the district selling second hand phones. Huaqiang Electronics World, Yuanwang Digital Mall and hundreds of hole-in-the-wall shops lining the streets of the 3 sq km area all advertise recycled phones.
But Feiyang is the one most heavily focused on selling overseas models, according to traders. These have two main attractions over Chinese iPhones: access to global app stores and, in the case of US phones restricted to using SIM cards from specific networks, cheaper prices.
“There are all kinds [of phones].”
That likely included phones lost in western countries, he said, adding that even those remotely locked or with uncrackable passcodes had their “market price”.
Most other sellers are reticent on the provenance of their wares. Six sellers told the Financial Times they did not know how the US iPhones advertised in the glass booths in front of them got there.
Bilal Khan, a trader from Pakistan hoping to buy 300 iPhones, said he was specifically seeking SIM-locked US phones, which were subject to lower import duties in his home market. Customers in Pakistan used the phones for their cameras, WiFi and gaming functions, rather than mobile data and calling services, he added.
Munir, another trader who did not want to be identified by his full name, said he was looking to buy 100 to 200 iPhone 13 Pro Max’s, which he could sell on for a profit of about $70 per phone in his home market of Libya.
But traders on the second floor of the Feiyang mall, who specialise in selling iPhone components, said they bought many of those parts from the sellers on the floors above, especially when they were unable to unlock them themselves.
Tomi Engdahl says:
Kevin Collier / NBC News:
Matthew Lane, a 19-year-old from Massachusetts, pleads guilty to hacking two US companies and extorting them for ransoms; a source says one firm is PowerSchool — The Massachusetts man agreed to plead guilty to obtaining information from a protected computer and aggravated identity theft.
19-year-old accused of largest child data breach in U.S. agrees to plead guilty to federal charges
The Massachusetts man agreed to plead guilty to obtaining information from a protected computer and aggravated identity theft.
https://www.nbcnews.com/tech/security/alleged-hacker-largest-breach-us-childrens-data-agrees-plead-guilty-rcna207963
Tomi Engdahl says:
Charles Szumski / Euractiv:
Sweden passes a law criminalizing the purchase of live online sexual performances, including cam shows and sex chats; buying pre-recorded content remains legal — The new law criminalises paid online sexual services, including cam shows and sex chats. — Based on facts, either observed …
Sweden bans buying OnlyFans content
The new law criminalises paid online sexual services, including cam shows and sex chats.
https://www.euractiv.com/section/tech/news/sweden-bans-paid-online-sexual-acts-in-law-targeting-platforms-like-onlyfans/
Sweden’s parliament has passed a law banning the purchase of sexual performances for viewing online, including those on platforms like OnlyFans, marking a major update to the country’s sex purchase legislation.
Under the new law, it is illegal to pay someone to perform a sexual act remotely – such as via live video – for the specific purpose of the act being viewed by the buyer. It also criminalises profiting from or promoting others who perform such acts for payment on demand.
“This is a new form of sex purchase, and it’s high time we modernise the legislation to include digital platforms,” said Social Democrat MP Teresa Carvalho, after the bill was passed by a large majority in parliament.
While viewing and paying for pre-recorded content remains legal, the law targets live, commissioned interactions, which lawmakers argue blur legal and ethical lines.
Some OnlyFans creators have criticised the law, saying it harms their livelihoods. Carvalho responded that the law is not aimed at targeting adult content creators, but at protecting young people and vulnerable individuals. She pointed to documented links between online exploitation, human trafficking, drug abuse, and grooming into more severe forms of prostitution.
The bill was proposed by the parliament’s justice committee and received cross-party backing.
With this legislation, Sweden positions itself at the forefront of regulating digital sex work, consistent with its broader zero-tolerance stance on prostitution.
Tomi Engdahl says:
https://www.securityweek.com/in-other-news-hackers-not-behind-blackout-ciso-docuseries-dior-data-breach/
Tomi Engdahl says:
GitLab, Atlassian Patch High-Severity Vulnerabilities
GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.
https://www.securityweek.com/gitlab-atlassian-patch-high-severity-vulnerabilities/
Tomi Engdahl says:
CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine
Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.
https://www.securityweek.com/cisa-says-russian-hackers-targeting-western-supply-lines-to-ukraine/
Tomi Engdahl says:
Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway
More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.
https://www.securityweek.com/critical-flaw-allows-remote-hacking-of-automationdirect-industrial-gateway/
Tomi Engdahl says:
Production at Steelmaker Nucor Disrupted by Cyberattack
American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack.
https://www.securityweek.com/production-at-steelmaker-nucor-disrupted-by-cyberattack/
Tomi Engdahl says:
Cellcom Service Disruption Caused by Cyberattack
Wireless carrier Cellcom has confirmed that a week-long widespread service outage is the result of a cyberattack.
https://www.securityweek.com/cellcom-service-disruption-caused-by-cyberattack/
Wisconsin telecommunications provider Cellcom has confirmed that a cyberattack is responsible for a service outage it has been dealing with for the past week.
Both voice and text services have been down for the wireless carrier’s customers in Wisconsin and Upper Michigan, and the company has started to slowly restore some of them over the past couple of days.
“We experienced a cyber incident. While this is unfortunate, it’s not something we were unprepared for. We have protocols and plans in place for exactly this kind of situation,” Cellcom CEO Brighid Riordan said in a letter (PDF) to customers.
Tomi Engdahl says:
Google DeepMind Unveils Defense Against Indirect Prompt Injection Attacks
Google DeepMind has developed an ongoing process to counter the continuously evolving threatIndirect prompt injection (IPI) attacks.
https://www.securityweek.com/google-deepmind-unveils-defense-against-indirect-prompt-injection-attacks/
Google DeepMind has developed an ongoing process to counter the continuously evolving threat from Agentic AI’s bete noir: adaptive indirect prompt injection attacks.
Indirect prompt injection (IPI) attacks are a serious threat to agentic AI. They interfere with the inference stage of AI operation – that is, IPI attacks influence the response from the model to the benefit of the attacker. The attacker requires no direct access to the models’ learning data – indeed, the attacker neither has nor needs any knowledge of the internal workings, probabilities, or gradients of the model – but instead relies on agentic AI’s intrinsic ability to autonomously learn from other tools.
Consider an agentic AI system designed to improve the user’s email operations. Of necessity, the model must have access to and be able to learn from the user’s emails. Here, an IPI attacker can simply embed new instructions in an email sent to the user. Those instructions are learned by the model and can adversely affect the model’s future responses to user requests.
Tomi Engdahl says:
Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.
https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/
An analysis conducted by researchers at the Norwegian University of Science and Technology Gjøvik and the Delft University of Technology in the Netherlands showed that a significant percentage of the industrial control system (ICS) instances detected by internet scans are actually honeypots.
The researchers used the Censys search engine to identify internet-exposed ICS. They targeted 17 widely used industrial control protocols and discovered roughly 150,000 devices across 175 countries.
The researchers then applied various criteria to determine how many of those ICS instances were real and how many were likely or possibly honeypots, decoy systems designed to attract threat actors in an effort to obtain valuable information on attacker tactics, techniques, and procedures (TTPs).
While Censys was used to collect the data on internet-exposed systems, the researchers noted that their methods can be applied to any source data, including Shodan and independent scanning.
Their analysis was conducted over a period of one year, between January 2024 and January 2025. In April 2024, they determined that roughly 15% of the ICS devices they were seeing online appeared to be honeypots, and the percentage increased to 25% in January 2025.
Tomi Engdahl says:
Kaikista Intelin prosessoreista löytyi täysin uusi haavoittuvuus
https://etn.fi/index.php/13-news/17553-kaikista-intelin-prosessoreista-loeytyi-taeysin-uusi-haavoittuvuus
Tietoturvatutkijat Sveitsin ETH Zürichin yliopistosta ovat löytäneet uuden, vakavan haavoittuvuuden Intelin prosessoreista. Kyseessä on täysin uusi haavoittuvuusluokka, jota kutsutaan nimellä Branch Privilege Injection. Se perustuu tapaan, jolla prosessorit ennakoivat tulevia laskentatehtäviä suorituskyvyn parantamiseksi.
Tutkijoiden mukaan haavoittuvuus mahdollistaa prosessin välisten suojausten ohittamisen ja koko keskusmuistin sisällön lukemisen pala kerrallaan. Tietojen vuotaminen tapahtuu nopeudella, joka on kaikkea muuta kuin teoreettinen: yli 5000 tavua sekunnissa, käytännössä hyökkääjä voi lukea koko muistin muutamassa minuutissa.
Haavoittuvuus koskee kaikkia Intelin prosessoreita, jotka on julkaistu vuodesta 2018 lähtien – niin henkilökohtaisissa tietokoneissa, kannettavissa kuin pilvipalvelinten suorittimissa. Tämä tekee uhasta erityisen vakavan erityisesti pilviympäristöissä, joissa useat käyttäjät jakavat saman laitteiston.
Nanosekuntien mittainen turva-aukko
Haavoittuvuus syntyy hetkellisesti, kun prosessori vaihtaa käyttäjien välillä. Juuri tässä siirtymässä ennakoivat laskennat voivat antaa hyökkääjälle mahdollisuuden päästä käsiksi toisen käyttäjän tietoihin. Kyse on nanosekunnin mittaisista ajoituksista, joita hyökkääjä voi toistaa yhä uudelleen ja lukea muistia tavu kerrallaan.
Tutkijoiden mukaan tämä ei ole yksittäinen ohjelmistovirhe, vaan osoitus syvemmistä ongelmista prosessoriarkkitehtuurissa, jotka juontavat juurensa spekulatiivisiin suorituskykytekniikoihin. Vastaavia haavoittuvuuksia ovat aiemmin olleet esimerkiksi Spectre, Meltdown ja Retbleed.
Intel on jo julkaissut mikrokoodipäivityksiä ongelman korjaamiseksi, ja käyttäjien suositellaan varmistavan, että kaikki käyttöjärjestelmä- ja BIOS-päivitykset on asennettu.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Signal says it will block by default screenshots of its Windows 11 desktop app due to the privacy risks of Microsoft’s Recall; users can enable them in settings — Signal Messenger is warning the users of its Windows Desktop version that the privacy of their messages is under threat by Recall …
“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall
Even after its refurbishing, Recall provides few ways to exclude specific apps.
https://arstechnica.com/security/2025/05/signal-resorts-to-weird-trick-to-block-windows-recall-in-desktop-app/
Tomi Engdahl says:
Reuters:
Distributed Denial of Secrets: the TeleMessage hacker stole messages from 60+ US government users spanning about one day ending on May 4, including travel plans
Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government
https://www.reuters.com/world/us/hacker-who-breached-communications-app-used-by-trump-aide-stole-data-across-us-2025-05-21/
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
Maine AG filing: Coinbase says its recent data breach impacted 69,461 individuals; stolen data included government IDs, account info, and personal identifiers
https://www.bleepingcomputer.com/news/security/coinbase-says-recent-data-breach-impacts-69-461-customers/
Tomi Engdahl says:
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities
Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center.
https://www.securityweek.com/cisco-patches-high-severity-dos-privilege-escalation-vulnerabilities/
Tomi Engdahl says:
Cloud Security
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
https://www.securityweek.com/nato-flagged-vulnerability-tops-latest-vmware-security-patch-batch/
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
Microsoft seizes ~2,300 domains globally to disrupt Lumma’s malware-as-a-service operation, after finding 394,000+ Windows computers infected by Lumma — Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands …
Lumma infostealer malware operation disrupted, 2,300 domains seized
https://www.bleepingcomputer.com/news/security/lumma-infostealer-malware-operation-disrupted-2-300-domains-seized/
Tomi Engdahl says:
Eric Geller / Cybersecurity Dive:
In a joint statement, the US, France, Germany, and eight other countries say Russia has stepped up cyber attacks on firms aiding Ukraine, often via Fancy Bear
https://www.cybersecuritydive.com/news/russia-hacking-ukraine-aid-logistics-tech-companies-advisory/748723/
Tomi Engdahl says:
Jason Leopold / Bloomberg:
Sources and docs: a “major lapse” at Thoma Bravo’s Opexus, which helps US agencies manage investigations and FOIA, let two convicted hackers delete databases
Hack of Contractor Was at Root of Massive Federal Data Breach
Failures in cybersecurity practices at a software company that helps federal agencies manage investigations and FOIA requests allowed two convicted hackers to delete databases, according to internal documents.
https://www.bloomberg.com/news/articles/2025-05-21/security-failures-behind-us-contractor-s-data-breach?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTc0NzgzMjU4MCwiZXhwIjoxNzQ4NDM3MzgwLCJhcnRpY2xlSWQiOiJTV0xWU0pEV1gyUFMwMCIsImJjb25uZWN0SWQiOiIyQjE3NzFFOTlEODc0QzRDOTY1Njg1RTZBQkJGM0QwRCJ9.80gcRhIo8feGYPj3TsvjoKwo-250-5xR2xN3wkwikxI&leadSource=uverify%20wall
Tomi Engdahl says:
Wolt: Kaikki ravintolat suljettu
Wolt-sovelluksessa on laaja vikatilanne.
https://www.iltalehti.fi/kotimaa/a/782cb1f8-0c20-43b4-93f9-c9b526294a37
Wolt-sovelluksessa on laaja vikatilanne. Sovellus näyttää, että kaikki ravintolat olisivat suljettu.
Sovellus ilmoittaa kaikkien ravintoloiden kohdalla, että ne eivät ota tilauksia vastaan juuri nyt
Tomi Engdahl says:
Woltissa oli laaja häiriö
Wolt-sovelluksessa oli torstaina laaja vikatilanne.
https://www.iltalehti.fi/kotimaa/a/782cb1f8-0c20-43b4-93f9-c9b526294a37
Wolt-sovelluksessa oli torstaina laaja vikatilanne noin kello 15 lähtien. Sovellus näytti noin puolen tunnin ajan, että kaikki ravintolat olisivat suljettu.
Sovellus ilmoitti kaikkien ravintoloiden kohdalla, että ne eivät ota tilauksia vastaan juuri nyt. Ongelma näyttäytyi samanlaisena kaikissa kaupungeissa.
Sovellus alkoi toimimaan kello 15.30 jälkeen. Woltin viestintäpäällikkö Jenni Jusslin kertoo Iltalehdelle, että häiriön taustalla oli tekninen vika.
– Sen takia Woltissa oli hetkellinen käyttökatkos. Tilanne on saatu nyt korjattua, Jusslin kertoo.
Tuore päätös
Wolt oli aiemmin torstaina esillä medioissa, sillä korkein hallinto-oikeus päätti, että lähetit ovat Woltin työntekijöitä, eivät itsenäisiä yrittäjiä.
KHO totesi 22. toukokuuta annetussa päätöksessään, että vaikka lähettien työhön liittyy paljon itsenäiseen yrittämiseen liittyviä piirteitä, sen ratkaisemassa asiassa täyttyivät kaikki työsopimuslain mukaiset työsuhteen tunnusmerkit.
Tomi Engdahl says:
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.
https://www.securityweek.com/akamai-microsoft-disagree-on-severity-of-unpatched-badsuccessor-flaw/
Tomi Engdahl says:
Marks & Spencer Expects Ransomware Attack to Cost $400 Million
UK retailer Marks & Spencer expects the disruptions caused by the recent cyberattack to continue through July.
https://www.securityweek.com/marks-spencer-expects-ransomware-attack-to-cost-400-million/
UK retailer Marks & Spencer (MKS.L) has shared another update on the impact of the recent cyberattack, and the company estimates that the incident will cost it £300 million (roughly $400 million).
However, M&S pointed out in a filing with the London Stock Exchange that this is expected to be the financial impact on 2025 and 2026 operating profit, but the amount should be “reduced through management of costs, insurance and other trading actions”.
The cyberattack has caused significant disruptions for the company. The retailer, which has more than 60,000 employees and 500 stores, is now in the process of recovering and restoring its systems.
Tomi Engdahl says:
Security Theater or Real Defense? The KPIs That Tell the Truth
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
https://www.securityweek.com/security-theater-or-real-defense-the-kpis-that-tell-the-truth/
Tomi Engdahl says:
Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough
Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.
https://www.securityweek.com/taming-the-hacker-storm-why-millions-in-cybersecurity-spending-isnt-enough/
Tomi Engdahl says:
From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth
The 15th edition of NATO’s Locked Shields cyber defense exercise brought together 4,000 experts from 41 countries.
https://www.securityweek.com/from-60-to-4000-natos-locked-shields-reflects-cyber-defense-growth/
Tomi Engdahl says:
Wired:
A security researcher finds an exposed Elastic database with 184M records, including login credentials for Apple, Meta, Google, and others; its owner is unknown
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
A trove of breached data, which has now been taken down, includes user logins for platforms including Apple, Google, and Meta. Among the exposed accounts are ones linked to dozens of governments.
https://www.wired.com/story/mysterious-database-logins-governments-social-media/
Tomi Engdahl says:
Palkkojen maksussa ongelma – Taas
Kaikki eivät ole saaneet tänään saataviaan sovitusti.
https://www.iltalehti.fi/digiuutiset/a/8170679c-bf67-4fd2-879d-69f806079e30
Iltalehden lukijat ovat ilmoittaneet perjantaiaamuna ongelmista palkkojen ja Kelan etuuksien maksuissa. Yhteydenottojen mukaan rahat eivät ole tulleet tileille normaalisti.
Pankkiongelmia
Osa odottelee palkkapäivänsä saamisia.
https://www.is.fi/digitoday/art-2000011253118.html
Useat Ilta-Sanomien lukijat raportoivat perjantaiaamuna, etteivät palkat ole siirtyneet pankkitileille. Ongelmista raportoivat useiden eri pankkien asiakkaat.
Lukijoiden mukaan ongelmia on esimerkiksi S-Pankin, Nordean, Danske Bankin ja Pop Pankin asiakkailla. Osa odottaa palkkapäivänsä saamisia.
Asiaa puidaan myös sosiaalisessa mediassa. Keskustelun perusteella ongelmia ei kuitenkaan ole ollut kaikilla edellä mainittujen pankkien asiakkailla.
Häiriön syystä ei ole tarkempaa tietoa. Pankkien mukaan kyse ei ole ainakaan laajasta ongelmasta.
Nordean viestinnästä kerrottiin, että pankin omat palvelut toimivat normaalisti.
Tomi Engdahl says:
OP: Tee tämä toimenpide, jos et ole jo tehnyt
Moni on suojannut pankkikorttinsa turvarajalla. Se ei kuitenkaan välttämättä riitä enää tänä päivänä.
https://www.iltalehti.fi/digiuutiset/a/fc023d70-27fc-4bf8-9753-9af5f78b8f22
OP:n mukaan valtaosa yhtiön asiakkaista on määritellyt maksukorttiinsa turvarajan, joka rajoittaa vahinkoja siinä tapauksessa, että kortti tai sen tiedot päätyvät vääriin käsiin. OP on kuitenkin huolissaan siitä, että vain hyvin harva on tehnyt saman käyttötililleen.
Petostorjunnan asiantuntia Maija Ahonen OP Ryhmästä alleviivaa yhtiön tiedotteessa, että turvarajojen asettaminen käyttötilille on tänä päivänä tärkeämpää kuin koskaan aiemmin.
– Aikaisemmin huijaukset kohdistuivat pääasiassa korttimaksuihin, jolloin opittiin suojaamaan kortit turvarajoilla. Nykyään valtaosa väärinkäytöksistä on tunnusten kalastelua, jossa huijari vie rahat tilisiirtojen avulla, Ahonen sanoo toivoen, että kortin turvarajoja vastaavat rajat asetettaisiin myös tileille.
Tomi Engdahl says:
Francesca Stevens / Bloomberg:
Vietnam orders ISPs to block Telegram over its failure to prevent illegal content and activities, including fraud, drug sales and suspected terrorism on the app
https://www.bloomberg.com/news/articles/2025-05-23/vietnam-takes-steps-to-block-telegram-app-over-illegal-content
Tomi Engdahl says:
S-pankille 7,7 miljoonan euron sakot
S-Pankille on saanut Finanssivalvonnalta 7 670 000 euron yhteisen seuraamusmaksun ja julkisen varoituksen.
https://www.iltalehti.fi/talous/a/161966ed-7615-4984-9a7f-255ac939631e
Finanssivalvonta tiedottaa määränneensä S-Pankki Oyj:lle 7 670 000 euron yhteisen seuraamusmaksun. Syynä tähän ovat laiminlyönnit pankin operatiivisten riskien hallinnassa.
Lisäksi Finanssivalvonta antoi pankille julkisen varoituksen laiminlyönneistä, jotka koskivat vahvaa tunnistamista ja maksutapahtumien toteuttamiseen tarvittavaa maksajan suostumusta.
Laiminlyönnit kävivät ilmi Finanssivalvonnan vuosina 2022–2023 tekemässä tarkastuksessa.
Tästä on kyse
Finanssivalvonnan mukaan operatiivisten riskien hallinnan laiminlyönnit liittyvät turvallisen tietojärjestelmän laiminlyöntiin ja tehokkaan poikkeamien hallintamenettelyn laiminlyöntiin.
Tiedotteen mukaan pankilla ei myöskään ollut riittäviä menetelmiä operatiivisten riskien tunnistamiseksi, arvioimiseksi ja hallitsemiseksi edellä mainituilla osa-alueilla. Lisäksi pankki ei näiltä osin varautunut riittävästi ulkoistamiseen liittyvien riskien toteutumiseen.
Tarkastuksen tavoitteena oli selvittää, onko ICT- ja tietoturvariskien hallinta järjestetty pankissa asianmukaisesti.
– Pankkipalveluiden digitaalinen turvallisuus korostuu Suomessa, jossa asiakaspalvelu on siirtynyt lähes kokonaan mobiili- ja verkkopankkeihin, sanoo Finanssivalvonnan johtaja Tero Kurenmaa tiedotteessa.
– Geopoliittinen tilanne on korostanut valvottavien digitaalisten palveluiden hallinnan merkitystä. ICT- ja kyber- ja ulkoistusriskien valvonta on myös vuonna 2025 yksi Finanssivalvonnan painopistealueista.
S-Pankki Oyj:n määrätyn yhteisen seuraamusmaksun määrä perustui Finanssivalvonnan mukaan kokonaisarviointiin, jossa otettiin huomioon muun muassa laiminlyöntien laatu, laajuus ja kestoaika sekä pankin aiemmat finanssimarkkinoita koskeviin säännöksiin kohdistuneet laiminlyönnit.
Finanssivalvonnan päätös ei ole lainvoimainen. Pankilla on oikeus valittaa päätöksestä Helsingin hallinto-oikeuteen 30 päivän kuluessa päätöksen tiedoksisaannista.
Tomi Engdahl says:
Älytelevisioissa voi piillä vakavia tietoturvariskejä, Traficom varoittaa
https://yle.fi/a/74-20163643
Liikenne- ja viestintävirasto Traficom varoittaa älytelevisioiden vakavista tietoturvariskeistä. Erityisesti tuntemattomien valmistajien edullisissa Android TV -laitteissa voi olla vakavia tietoturvaongelmia.
Osassa laitteista saattaa olla haittaohjelmiin viittaavia ohjelmistoja tai niiden päivitystuessa voi olla puutteita. Traficom kehottaa välttämään tuntemattomia ja epäilyttäviä verkkokauppoja älytelevision hankinnassa.
Tomi Engdahl says:
Nato-harjoitus paljasti, miksi suomalaiset upseerit huomataan heti
Suomi ja muut Venäjän reunavaltiot tiivistävät puolustustaan. Joint Resolve -sotaharjoitus Virossa näytti, miksi suomalaisia halutaan yhä enemmän mukaan Naton ytimiin.
https://yle.fi/a/74-20162687
Tomi Engdahl says:
Halvoissa Android-televisiobokseissa vakavia tietoturvariskejä
https://etn.fi/index.php/13-news/17560-halvoissa-android-televisiobokseissa-vakavia-tietoturvariskejae
Liikenne- ja viestintävirasto Traficom kehottaa kuluttajia olemaan tarkkana Android TV -medialaitteiden hankinnassa. Markkinoilla liikkuu erityisesti tuntemattomien valmistajien edullisia laitteita, joissa on havaittu vakavia tietoturvaongelmia – osa laitteista on jopa sisältänyt haittaohjelmia suoraan pakkauksesta.
Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Roni Kokkola varoittaa, että tällaiset laitteet voivat jäädä kokonaan ilman päivityksiä, sisältää ei-toivottuja ohjelmia tai liittyä osaksi bottiverkkoja, joita voidaan käyttää rikolliseen toimintaan ilman omistajan tietoa.
Tomi Engdahl says:
Näin QR-huijaus toimii
https://etn.fi/index.php/13-news/17561-naein-qr-huijaus-toimii
QR-koodit ovat tulleet osaksi arkea: niitä käytetään ravintolamenuihin tutustumiseen, maksamiseen ja nopeaan kirjautumiseen eri palveluihin. Mutta juuri tämä tuttuus tekee niistä vaarallisia. Rikolliset ovat alkaneet hyödyntää QR-koodeja huijauksiin, joissa ihmiset johdatellaan huomaamatta väärennetyille sivustoille. Näillä sivuilla uhrilta kalastellaan henkilökohtaisia tietoja – kuten pankkitunnuksia – tai pyritään asentamaan haittaohjelmia hänen laitteelleen.
Kyberturvayhtiö Panda Security varoittaa, että QR-huijaukset ovat yleistymässä nopeasti ja muuttumassa entistä taitavammiksi. Erityisen petolliseksi nämä huijaukset tekee se, ettei QR-koodin sisältöä voi nähdä ennen sen skannaamista. Usein koodi näyttää täysin viattomalta – aivan kuten ravintolan menuun johtava linkki.
- Fyysinen ympäristö on tärkeässä roolissa näissä huijauksissa. Rikolliset hyödyntävät todellisia paikkoja ja tilanteita saadakseen ihmiset ansaan, sanoo Panda Securityn kyberturva-asiantuntija Hervé Lambert.
Tomi Engdahl says:
The Signal Clone the Trump Admin Uses Was Hacked
Joseph Cox
Joseph Cox
,
Micah Lee
Micah Lee
·
May 4, 2025 at 6:00 PM
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.
https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/?fbclid=IwY2xjawKdcFNleHRuA2FlbQIxMQABHs6MblF9DPC34fdurjxUn3QkP0oVDOXGiGv0COCF92Y6NevJvsDVfNFTpFGf_aem_g4mLZPtPz8ZFDaL1VX6TYg
Tomi Engdahl says:
Jos reitittimesi toimii näin, ota piuha irti heti
https://www.is.fi/digitoday/tietoturva/art-2000011091095.html
Tomi Engdahl says:
Aftonbladet: Ruotsin puolustusvoimien Youtube-kanavalla hämmentävä näky
https://www.is.fi/digitoday/art-2000011252932.html
Ruotsin puolustusvoimien Youtube-kanava ”Försvarsmakten Inblick” hakkeroitiin torstai-iltana.
Ruotsalaislehti Aftonbladetin mukaan maan viranomaiset ovat vahvistaneet asian.
Tomi Engdahl says:
AI Effect
Walmart AI details leaked during Microsoft Build conference
https://www.cnbc.com/2025/05/21/microsoft-ai-walmart.html?fbclid=IwY2xjawKem-BleHRuA2FlbQIxMQABHuS3HMcrCm8gz3G45zLbOXntIJBcfUCm3QzvJUO82fD7BrlOiRo66gYaYHCY_aem_Ar-ZKSzTom2uepYtdLErzQ
Key Points
Microsoft AI security chief Neta Haiby showed a confidential Teams chat to a room full of people Tuesday night.
The plans showed how Walmart is working with Microsoft on rolling out AI tools.
Protesters with the No Azure for Apartheid group interrupted the Microsoft Build conference, including Haiby’s developer conference session on best security practices.
Microsoft
AI security chief Neta Haiby showed a confidential Teams chat to a room full of people on Tuesday, revealing details from the company’s artificial intelligence plan for Walmart
, according to materials viewed by CNBC.
Protesters interrupted the Microsoft Build session on best security practices and Haiby switched her screen share amid the ruckus, showing that Walmart, one of Microsoft’s most significant customers, was “ready to ROCK AND ROLL with [Microsoft’s] Entra Web and Al Gateway.”
The message, posted by Leigh Samons, a principal cloud solution architect at Microsoft, detailed the process for how Microsoft would go about integrating its technology into Walmart’s processes.
It also said that one of Walmart’s tools needed extra safeguards.
“MyAssistant is one they build that is overly powerful and needs guardrails,”
The tool helps store associates summarize long documents, create new marketing content and more, per the release.
The internal Teams message also cited a “distinguished” AI engineer at Walmart as saying, “Microsoft is WAY ahead of Google with Al Security. We are excited to go down this path with you.”
The Verge was first to report on the AI plans. CNBC has reached out to Microsoft and Walmart for comment.
The protest singled out Sarah Bird, Microsoft’s head of responsible AI who was part of the Build panel with Haiby.
Tomi Engdahl says:
A massive 1.2 billion user record database was scraped from the Meta-owned Facebook by abusing one of the social media platform’s application programming interfaces (APIs), attackers claim.
#dataleak #privacy
Learn more:https://cnews.link/facebook-leak-exposes-users-hackers-claim/
Tomi Engdahl says:
This AI read company emails and threatened to expose an engineer’s affair. https://link.ie.social/g1emAd
Tomi Engdahl says:
Volkswagen app hacked
German carmaker Volkswagen recently patched vulnerabilities in its My Volkswagen application. The flaws could have allowed an attacker to obtain other users’ information, including vehicle location, engine health, fuel stats, tyre pressure, and geofencing controls, as well as personal information such as home address, phone number, email address, driving license, and service history. The researcher who found the security holes has published a blog post detailing his findings. Contacted by SecurityWeek, Volkswagen said the issues only impacted the app used in India and pointed out that there was no evidence of exploitation in the wild.
https://www.securityweek.com/in-other-news-volkswagen-app-hacked-dr32-sentenced-new-ot-security-solution/
Hacking My Car, and probably yours— Security Flaws in Volkswagen’s App
https://loopsec.medium.com/hacking-my-car-and-probably-yours-security-flaws-in-volkswagens-app-24b34c47ba89