This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in August 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
251 Comments
Tomi Engdahl says:
Hakkeri paljastaa, miten liikennevalot voi pakottaa vihreiksi – Onnistuu reilun 200 euron laitteella
Kahden sadan Flipper Zero -hakkerityökalua voi käyttää liikennevalojen hakkerointiin. Hakkeri paljasti Youtubeen ladatulla videolla miten laitetta voisi käyttää punaisten muuttamiseen vihreäksi.
https://www.iltalehti.fi/autouutiset/a/735ba1ce-3d9e-4856-90e8-87d8afcc4776
Hakkerin linkkuveitseksikin kutsuttua Flipper Zero -laitetta voi käyttää hakkeroimaan liikennevalot, joissa on käytössä hälytys- tai viranomaisajoneuvojen käyttämä infrapunatutka. Laite on myynnissä 229 euron hintaan.
Youtuben käyttäjä Peter Fairlie kertoo videollaan mitä kaikkea Flipper Zero vaatii liikennevalokomentojen hakkerointiin. Videolla kerrotaan vinkit, kuinka viranomaisten suosimasta Opticom-infrapunalähettimestä voidaan tehdä kotitekoinen versio.
Flipper Zero tunnetaan ensisijaisesti siitä, että sillä voi tulkita radiosignaaleja. Laitteella on onnistuneesti kopioimaan esimerkiksi työpaikkojen kulkulätkiä tai autotallin nosto-ovien langattomia avaimia.
Suurimpana haasteena on, että hakkerointia varten täytyy ensin selvittää liikennevaloja muuttava optinen infrapunasignaali. Tämän jälkeen signaali täytyy asettaa lähetettäväksi laitteen General Purpose I/O (GPIO) -pinneistä korkeatehoisille infrapunaledeille.
Signaalissa lähetetään infrapunasykäysten sarja, samalla logiikalla toimii esimerkiksi television kaukosäädin. Asiasta kertoneen The Driven mukaan Opticomin tapauksessa sarja on useimmiten 14 hertsiä, eli 14 välähdystä sekunnissa.
Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero
There’s innocent tinkering, and then there’s illegal. Guess which category this fits into?
https://www.thedrive.com/news/hacker-uncovers-how-to-turn-traffic-lights-green-with-flipper-zero
We’ve talked about this tiny gadget before: the Flipper Zero. Officially, it’s a $170 tamagotchi-fied hacking gadget with a sub-gigahertz radio and some accessory pins. Unofficially, it’s a menace’s best friend.
Most recently, one tinkerer named Peter Fairlie took to YouTube armed with a Flipper Zero to answer a repeatedly asked question: can the device change a traffic light from red to green? As it turns out, the answer is “yes,” but not in the way you might think.
Perhaps the most well-known branding for these types of devices is called Opticom. Essentially, the tech works by detecting a specific pattern of infrared light emitted by the Mobile Infrared Transmitter (MIRT) installed in a police car, fire truck, or ambulance when the MIRT is switched on. When the receiver detects the light, the traffic system then initiates a signal change as the emergency vehicle approaches an intersection, safely redirecting the traffic flow so that the emergency vehicle can pass through the intersection as if it were regular traffic and potentially avoid a collision.
Because the RF radio in the Flipper won’t work in this scenario, Fairlie instead looks to the device’s General-Purpose Input/Output (GPIO) pins. The Flipper Zero can actually generate electrical pulses to these GPIO pins, and its built-in frequency generator can determine how quickly the pulses are sent. This allows the Flipper to control an external set of infrared LEDs sourced from an old security camera (along with an optocoupler and separate battery pack) by pulsing the lights at 14 Hz—or, 14 cycles per second—effectively mimicking an Opticom transmitter without complex hardware or programming.
One doesn’t necessarily need a Flipper to build one of these devices. Theoretically, the same device could be cobbled together out of custom circuitry. In fact, they have been in the past—see the DIrtY MIRT. But the Flipper packages everything up in an easy-to-use device that can be repurposed for other legitimate shenanigans.
“My video is a proof of concept,” Fairlie said. “I received feedback from a volunteer fire department that was looking for a low-cost solution to equip their personnel with. The 3M OptiCom units that GTT sells to city fire [departments] cost $5,000 each. Not all fire departments have that kind of money to spend on MIRT devices.”
To top it all off, these do-it-yourself MIRTs aren’t guaranteed to work either. Many cities with newer traffic preemption systems configure them so they are encoded and log the vehicle requesting the preemption, as well as when failed and successful preemption attempts are made. But hey, it’s fun to dream about never hitting a red light again, right?
https://web.archive.org/web/20050810073946/https://www.i-hacked.com/index.php?option=content&task=view&id=176
Tomi Engdahl says:
OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail
https://www.securityweek.com/oneflip-an-emerging-threat-to-ai-that-could-make-vehicles-crash-and-facial-recognition-fail/
Researchers unveil OneFlip, a Rowhammer-based attack that flips a single bit in neural network weights to stealthily backdoor AI systems without degrading performance.
Autonomous vehicles and many other automated systems are controlled by AI; but the AI could be controlled by malicious attackers taking over the AI’s weights.
Weights within AI’s deep neural networks represent the models’ learning and how it is used. A weight is usually defined in a 32-bit word, and there can be hundreds of billions of bits involved in this AI ‘reasoning’ process. It is a no-brainer that if an attacker controls the weights, the attacker controls the AI.
A research team from George Mason University, led by associate professor Qiang Zeng, presented a paper (PDF) at this year’s August USENIX Security Symposium describing a process that can flip a single bit to alter a targeted weight. The effect could change a benign and beneficial outcome to a potentially dangerous and disastrous outcome.
Example effects could alter an AV’s interpretation of its environment (for example, recognizing a stop sign as a minimum speed sign), or a facial recognition system (for example, interpreting anyone wearing a specified type of glasses as the company CEO). And let’s not even imagine the harm that could be done through altering the outcome of a medical imaging system.
All this is possible. It is difficult, but achievable. Flipping a specific bit would be relatively easy with Rowhammer.
Tomi Engdahl says:
Chip Programming Firm Data I/O Hit by Ransomware
Data I/O has disclosed a ransomware attack that disrupted the company’s operations, including communications, shipping and production.
https://www.securityweek.com/chip-programming-firm-data-i-o-hit-by-ransomware/
Tomi Engdahl says:
Anatsa Android Banking Trojan Now Targeting 830 Financial Apps
The Anatsa Android banking trojan has expanded its target list to new countries and more cryptocurrency applications.
https://www.securityweek.com/anatsa-android-banking-trojan-now-targeting-830-financial-institutions/
Tomi Engdahl says:
CISA Requests Public Feedback on Updated SBOM Guidance
CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment.
https://www.securityweek.com/cisa-requests-public-feedback-on-updated-sbom-guidance/
Tomi Engdahl says:
Large Interpol Cybercrime Crackdown in Africa Leads to the Arrest of Over 1,200 Suspects
Dubbed Operation Serengeti 2.0, the operation took place between June and August.
https://www.securityweek.com/large-interpol-cybercrime-crackdown-in-africa-leads-to-the-arrest-of-over-1200-suspects/
Tomi Engdahl says:
Password Managers Vulnerable to Data Theft via Clickjacking
A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks.
https://www.securityweek.com/password-managers-vulnerable-to-data-theft-via-clickjacking/
A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks that could lead to the theft of highly sensitive data.
The research was conducted by Marek Tóth and it was presented earlier this month at the DEF CON conference. The researcher has now also published a blog post detailing his findings.
The researcher targeted 1Password, Bitwarden, Dashlane, Enpass, Keeper, LastPass, LogMeOnce, NordPass, ProtonPass, RoboForm, and Apple’s iCloud Passwords, specifically their associated browser extensions.
These browser extensions are very popular. An analysis by the researcher found that they have a total of nearly 40 million active installations, based on data from the official browser extension repositories for Chrome, Edge and Firefox.
Clickjacking is an attack technique in which the attacker tricks the targeted user into clicking on hidden elements on a web page. The attacker sets up a website that contains malicious buttons or other elements that are transparent and placed on top of harmless-looking elements on the page. When the victim visits the attacker’s site and interacts with these harmless-looking elements, they are actually clicking on the malicious element, unknowingly carrying out dangerous actions.
Tóth showed how an attacker can use DOM-based extension clickjacking and the autofill functionality of password managers to exfiltrate sensitive data stored by these applications, including personal data, usernames and passwords, passkeys, and payment card information.
Tomi Engdahl says:
Mishaal Rahman / Android Authority:
Google plans to begin verifying the identity of all developers who distribute apps on Android, even if it’s outside the Play Store, starting September 2026 — Google wants to verify the identity of all developers who distribute apps on Android, even if it’s outside the Play Store
Google wants to make sideloading Android apps safer by verifying developers’ identities
Google wants to verify the identity of all developers who distribute apps on Android, even if it’s outside the Play Store
https://www.androidauthority.com/android-developer-verification-requirements-3590911/
TL;DR
Google will soon verify the identities of developers who distribute Android apps outside the Play Store.
Developers must submit their information to a new Android Developer Console, increasing their accountability for their apps.
Rolling out in phases from September 2026, these new verification requirements are aimed at protecting users from malware by making it harder for malicious developers to remain anonymous.
Eden Allen says:
Just after passing the 47-day SSL validity proposal, the CA/B forum has now published new S/MIME certificate requirements.
https://certera.com/blog/latest-s-mime-baseline-requirements-2025-email-security-is-changing-forever/
The major 3 updates
1: ACME Automation for S/MIME
2: Post-Quantum Cryptography Comes to S/MIME
3: Mandatory Name Attributes in S/MIME Certificates
Tomi Engdahl says:
Organizations Warned of Exploited Git Vulnerability
https://www.securityweek.com/organizations-warned-of-exploited-git-vulnerability/
CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution.
The US cybersecurity agency CISA on Monday warned that a recent vulnerability in Git has been exploited in attacks, urging its immediate patching.
The flaw, tracked as CVE-2025-48384 (CVSS score of 8.1), is described as an arbitrary file write during the cloning of repositories with submodules that use a ‘recursive’ flag.
The issue exists because, when reading configuration values, Git strips trailing carriage return (CR) characters and does not quote them when writing.
Thus, the initialization of submodules with a path containing a trailing CR results in altered paths and in the submodule being checked out to an incorrect location.
“If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout,” Git’s advisory reads.
This allows attackers to manipulate internal submodule paths, which results in Git writing files to unexpected locations and initializing the submodules in these locations.
Shortly after the Git project released patches for CVE-2025-48384 on July 8, Datadog warned that proof-of-concept (PoC) code targeting the bug had been released.
“An attacker can craft a malicious .gitmodules file with submodule paths ending in a carriage return. Due to Git’s config parser behavior, this character may be stripped on read but preserved on write, allowing malicious redirection of submodule contents. When combined with symlinks or certain repository layouts, this can lead to arbitrary writes across the filesystem,” Datadog said.
The security firm warned that attackers can exploit the flaw by creating malicious repositories that, when cloned, would lead to remote code execution.
The vulnerability, however, only affects macOS and Linux systems. Differences in control character usage render Windows machines immune to the security defect. The issue was resolved in Git versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
https://securitylabs.datadoghq.com/articles/git-arbitrary-file-write/
Key points and observations
CVE-2025-48384 is a vulnerability that allows arbitrary file write, and ultimately code execution, on Linux and macOS when using git clone –recursive on a weaponized repository.
The vulnerability can be exploited to write a malicious Git Hook script, resulting in remote code execution (RCE) whenever subcommands like git commit and git merge are run.
On July 8, 2025, Git did a coordinated release of new versions of git to address this vulnerability. Any Git client not running one of the following patched versions should be considered vulnerable: v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
The GitHub Desktop client for macOS is also vulnerable, due to its use of git clone –recursive by default.
The vulnerability has been assigned a CVSS severity score of High (8.1/10).
Working proof-of-concept exploits for this vulnerability are publicly available and have been validated by Datadog security researchers.
Tomi Engdahl says:
Microsoft scales back Chinese access to cyber early warning system
https://www.reuters.com/sustainability/boards-policy-regulation/microsoft-scales-back-chinese-access-cyber-early-warning-system-2025-08-20/
WASHINGTON, Aug 20 (Reuters) – Microsoft (MSFT.O)
, opens new tab said on Wednesday it has scaled back some Chinese companies’ access to its early warning system for cybersecurity vulnerabilities following speculation that Beijing was involved in a hacking campaign against the company’s widely used SharePoint servers.
The new restrictions come in the wake of last month’s sweeping hacking attempts against Microsoft SharePoint servers, at least some of which Microsoft and others have blamed on Beijing. That raised suspicions among several cybersecurity experts that there was a leak in the Microsoft Active Protections Program (MAPP), which Microsoft uses to help security vendors worldwide, including in China, to learn about cyber threats before the general public so they can better defend against hackers.
Tomi Engdahl says:
Nicholas Nehamas / New York Times:
SSA’s chief data officer files a whistleblower complaint that DOGE uploaded a database with every Social Security number ever issued to an insecure cloud server — DOGE team members uploaded a database with the personal information of hundreds of millions of Americans to a vulnerable cloud server …
DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says
https://www.nytimes.com/2025/08/26/us/politics/doge-social-security-data.html?unlocked_article_code=1.hE8.QMzu.MnnCIYsHsahW&smid=nytcore-ios-share&referringSource=articleShare
DOGE team members uploaded a database with the personal information of hundreds of millions of Americans to a vulnerable cloud server, according to the agency’s chief data officer.
Tomi Engdahl says:
Members of the Department of Government Efficiency uploaded a copy of a crucial Social Security database in June to a vulnerable cloud server, putting the personal information of hundreds of millions of Americans at risk of being leaked or hacked, according to a whistle-blower complaint filed by the Social Security Administration’s chief data officer.
The database contains records of all Social Security numbers issued by the federal government. It includes individuals’ full names, addresses and birth dates, among other details that could be used to steal their identities, making it one of the nation’s most sensitive repositories of personal information.
The account by the whistle-blower, Charles Borges, underscores concerns that have led to lawsuits seeking to block young software engineers at the agency built by Elon Musk from having access to confidential government data. In his complaint, Mr. Borges said DOGE members copied the data to an internal agency server that only DOGE could access, forgoing the type of “independent security monitoring” normally required under agency policy for such sensitive data and creating “enormous vulnerabilities.”
Mr. Borges did not indicate that the database had been breached or used inappropriately.
https://www.nytimes.com/2025/08/26/us/politics/doge-social-security-data.html?unlocked_article_code=1.hE8.QMzu.MnnCIYsHsahW&smid=nytcore-ios-share&referringSource=articleShare
Tomi Engdahl says:
https://hackaday.com/2025/08/26/google-will-require-developer-verification-even-for-sideloading/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17824-uusi-tietojenkalastelu-on-pirullinen-huijaus
Kyberturvayhtiö Check Point Research on paljastanut uudenlaisen tietojenkalastelukampanjan, joka on poikkeuksellisen ovela ja kärsivällinen. Kampanjaa kutsutaan nimellä ZipLine, ja se kohdistuu erityisesti yhdysvaltalaisiin teollisuusyrityksiin, mutta toimintamalli on sellainen, että se voisi helposti ulottua myös muualle.
Toisin kuin perinteisissä huijauksissa, joissa hyökkääjä lähestyy suoraan sähköpostilla, tässä taktiikassa aloite tulee uhrilta itseltään. Hyökkääjä täyttää yrityksen verkkosivuilla olevan Contact Us -lomakkeen, jolloin yritys vastaa ja keskustelu alkaa näyttäytyä luontevana liikeneuvotteluna
Tomi Engdahl says:
Zippiin kätketty PowerShell-skripti asentaa MixShell-takaportin, joka toimii täysin muistissa ja kommunikoi komentopalvelimeen salattujen DNS-kyselyiden avulla. Haittaohjelma osaa avata komentokanavia, siirtää tiedostoja ja jopa toimia välityspalvelimena, jolloin hyökkääjät voivat liikkua uhrin verkossa.
https://etn.fi/index.php/13-news/17824-uusi-tietojenkalastelu-on-pirullinen-huijaus
Tomi Engdahl says:
Artificial Intelligence
Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect
AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.
https://www.securityweek.com/hackers-weaponize-trust-with-ai-crafted-emails-to-deploy-screenconnect/
Tomi Engdahl says:
Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign
Google says the hackers systematically exported corporate data, focusing on secrets such as AWS and Snowflake keys.
https://www.securityweek.com/hundreds-of-salesforce-customers-hit-by-widespread-data-theft-campaign/
Tomi Engdahl says:
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor
Google researchers say China-linked UNC6384 combined social engineering, signed malware, and adversary-in-the-middle attacks to evade detection.
https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/
A China-linked cyberespionage group has been hijacking web traffic to infect diplomats and other entities with the PlugX backdoor, Google Threat Intelligence Group (GTIG) reports.
The campaign, attributed to UNC6384 and believed to be associated with Mustang Panda (also tracked as Basin, Bronze President, Earth Preta, Red Delta, and Temp.Hex), was identified in March 2025, disguising the malicious payloads as software or plugin updates.
As part of the attacks, the attackers have used a captive portal redirect (a network setup that first directs to a webpage, such as a login page, before granting internet access) to deliver the StaticPlugin malware downloader, which in turn deploys a loader for the PlugX backdoor in memory.
“This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade detection,” GTIG explained.
The attacks start with the victim’s browser checking if it was behind a captive portal, such as the “gstatic.com” domain hardcoded in Chrome.
Tomi Engdahl says:
Nevada State Offices Closed Following Disruptive Cyberattack
State websites and phone lines were taken offline, but officials say emergency services and personal data remain unaffected.
https://www.securityweek.com/nevada-state-offices-closed-following-disruptive-cyberattack/
Tomi Engdahl says:
PromptLock: First AI-Powered Ransomware Emerges
Proof-of-concept ransomware uses AI models to generate attack scripts in real time.
https://www.securityweek.com/promptlock-first-ai-powered-ransomware-emerges/
AI-powered malware is closer than expected, as the first known ransomware family to rely on AI systems for local operations has been discovered.
According to ESET, which discovered the threat, the AI-powered ransomware is only proof-of-concept (PoC) or work-in-progress for now, but appears to be designed with all the functionality of traditional ransomware.
Dubbed PromptLock, the malware is written in GoLang and relies on OpenAI’s GPT-OSS:20b, an open-weight model that can be used without proprietary restrictions.
The threat, ESET explains in a series of posts on social media, relies on hard-coded prompts to generate Lua scripts on the fly, and uses these scripts to perform operations such as filesystem enumeration, file inspection, data exfiltration, and encryption.
https://bsky.app/profile/esetresearch.bsky.social/post/3lxctuaf4222t
Tomi Engdahl says:
Beyond the Prompt: Building Trustworthy Agent Systems
Building secure AI agent systems requires a disciplined engineering approach focused on deliberate architecture and human oversight.
https://www.securityweek.com/beyond-the-prompt-building-trustworthy-agent-systems/
Tomi Engdahl says:
Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can’t Legally Release His Software
Jason Koebler
·
Aug 27, 2025 at 4:22 PM
A firmware update broke a series of popular third-party exercise apps. A developer fixed it, winning a $20,000 bounty from Louis Rossmann.
https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/
An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it.
Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company’s servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.
In the immediate aftermath of this decision, right to repair advocate and popular YouTuber Louis Rossmann announced a $20,000 bounty through his new organization, the Fulu Foundation, to anyone who was able to jailbreak and unlock Echelon equipment: “I’m tired of this shit,” Rossmann said in a video announcing the bounty. “Fulu Foundation is going to offer a bounty of $20,000 to the first person who repairs this issue. And I call this a repair because I believe that the firmware update that they pushed out breaks your bike.”
App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering.
“It’s like picking a lock, and it’s a lock that I own in my own house. I bought this bike, it was unlocked when I bought it, why can’t I distribute this to people who don’t have the technical expertise I do?” Witherspoon told 404 Media. “It would be one thing if they sold the bike with this limitation up front, but that’s not the case. They reached into my house and forced this update on me without users knowing. It’s just really unfortunate.”
“A lot of people chose Echelon’s ecosystem because they didn’t want to be locked into using Echelon’s app. There was this third-party ecosystem. That was their draw to the bike in the first place,” O’Reilly said. “But now, if the manufacturer can come in and push a firmware update that requires you to pay for subscription features that you used to have on a device you bought in the first place, well, you don’t really own it.”
“I think this is part of the broader trend of enshittification, right?,” O’Reilly added. “Consumers are feeling this across the board, whether it’s devices we bought or apps we use—it’s clear that what we thought we were getting is not continuing to be provided to us.”
Witherspoon says that, basically, Echelon added an authentication layer to its products, where the piece of exercise equipment checks to make sure that it is online and connected to Echelon’s servers before it begins to send information from the equipment to an app over Bluetooth. “There’s this precondition where the bike offers an authentication challenge before it will stream those values. It is like a true digital lock,” he said. “Once you give the bike the key, it works like it used to. I had to insert this [authentication layer] into the code of my app, and now it works.”
Witherspoon says that, basically, Echelon added an authentication layer to its products, where the piece of exercise equipment checks to make sure that it is online and connected to Echelon’s servers before it begins to send information from the equipment to an app over Bluetooth. “There’s this precondition where the bike offers an authentication challenge before it will stream those values. It is like a true digital lock,” he said. “Once you give the bike the key, it works like it used to. I had to insert this [authentication layer] into the code of my app, and now it works.”
Roberto Viola, the developer of a popular third-party exercise app called QZ, wrote extensively about how Echelon has broken his popular app: “Without warning, Echelon pushed a firmware update. It didn’t just upgrade features—it locked down the entire device. From now on, bikes, treadmills, and rowers must connect to Echelon’s servers just to boot,” he wrote. “No internet? No workout. Even basic offline usage is impossible. If Echelon ever shuts down its servers (it happens!), your expensive bike becomes just metal. If you care about device freedom, offline workouts, or open compatibility: Avoid all firmware updates. Disable automatic updates. Stay alert.”
Witherspoon told me that he is willing to talk to other developers about how he did this, but that he is not willing to release the jailbreak on his own: “I don’t feel like going down a legal rabbit hole, so for now it’s just about spreading awareness that this is possible, and that there’s another example of egregious behavior from a company like this […] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to.”
Tomi Engdahl says:
Varo julkisia USB-latauspisteitä
https://etn.fi/index.php/13-news/17828-varo-julkisia-usb-latauspisteitae
Kyberturvallisuuden ratkaisuja kehittävän Arctic Wolfin mukaan niin sanottu juice jacking -hakkerointi eli mehutus on yllättävä tiedonkalastelun muoto. Yhtiö kehottaakin kaikkia varovaisuuteen julkisia latauspaikkoja käyttäessään.
Julkiset USB-liitännöin varustetut latauspaikat ovat yleistyneet viime vuosina valtavasti. Lentokentät, ostoskeskukset, ravintolat ja jopa monet julkiset kulkuneuvot junista linja-autoihin mahdollistavat monien laitteiden lataamisen pelkällä USB-johdolla. Myös hakkerit ovat huomanneet tämän. Tämä mahdollistaa puhelimen hakkeroinnin latauspaikan kautta. Keinoa onkin käytetty hakkerien omiin rikollisiin tarkoituksiin. Houkutus käyttää näennäisesti vaarattoman näköistä latausmahdollisuutta voi altistaa oman älylaitteen haittaohjelmille tai muulle väärinkäytölle.
Ladattavan laitteen virtaa kutsutaan monesti englanniksi juiceksi eli suomennettuna mehuksi. Tästä tulee käsite juice jacking, jota voi suomeksi kutsua vaikkapa mehuttamiseksi. Käytännössä sähkövirran kautta tapahtuva lataus kaapataan ulkopuolisen omaan käyttöön datakaapelin kautta, joka vaarantaa käyttäjän laitteen ja täten myös tietoturvan.
Suomessa mehutus on vielä melko harvinaista, mutta suuremmissa ulkomaisissa kaupungeissa tällaiselle altistuminen on suurempi riski. Etenkin isot käyttäjämäärät houkuttelevat rikollisia uusien mahdollisuuksien äärelle. Vaikka vahvistettuja tapauksia on vielä varsin vähäinen määrä, on tärkeää valistaa kuluttajia tällaisesta riskistä. Latauspaikkoja tulee yhä enemmän julkisiin paikkoihin.
Yksi tämänkaltaisia hakkerointitapoja hidastava seikka on sen suhteellinen tehottomuus suhteessa vaivaan. Latauspaikan muokkaaminen on vaikeaa ja vaatii fyysisiä toimenpiteitä, toisin kuin esimerkiksi verkon yli tapahtuvat tiedonkalasteluyritykset. Ilmiö kuitenkin herättää huolta, sillä ihmisten riippuvuus ladattavista älylaitteista on nousussa. Jopa noin 53 prosenttia eurooppalaisista käyttää älypuhelintaan ensisijaisena viihde- ja työvälineenä matkustaessaan.
On myös tärkeä ymmärtää vaarantuneen latauspaikan riskit. Suurimpia näistä ovat hakkerin pääsy henkilökohtaisiin tietoihin, kuten yhteystietoihin, valokuviin, sähköposteihin ja salasanoihin. Lisäksi hakkeri voi halutessaan asentaa haitta- tai vakoiluohjelmia tai vaihtoehtoisesti lukita laitteen ja vaatia lunnaita sen avaamiseksi.
Toimenpiteet mehutuksen varalle ovat melko yksinkertaisia. Latauksessa voi käyttää esimerkiksi pelkkää lataamiseen tarkoitettua kaapelia, joka estää tiedonsiirron usb-väylästä. Vaihtoehtoisesti puhelinta voi ladata omasta varavirtalähteestä tai pistorasiasta puhelimen omaa laturia käyttämällä. Erityisesti sellaisia usb-latauspaikkoja kannattaa välttää, joissa näkyy irrallisia johtoja tai joissa latauspaikan kansi on irrallaan. Myös erikseen hankittava datablokkerilaite kaapelin ja latauspaikan välissä estää tiedonsiirron.
Tomi Engdahl says:
Joseph Menn / Washington Post:
The FBI and agencies in the UK, Canada, and others warn that a Chinese hacking campaign targeting US telecoms has expanded to 80 countries and 200+ US companies — The advisory shows global resolve against a hacking campaign that exceeds accepted norms for snooping.
https://www.washingtonpost.com/technology/2025/08/27/fbi-advisory-china-hacking-expansion/?pwapi_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZWFzb24iOiJnaWZ0IiwibmJmIjoxNzU2MjY3MjAwLCJpc3MiOiJzdWJzY3JpcHRpb25zIiwiZXhwIjoxNzU3NjQ5NTk5LCJpYXQiOjE3NTYyNjcyMDAsImp0aSI6ImZjMWYyYzY2LTk4YjEtNDUxYi1hZTcxLWI4N2RjYzc5ZGUxZSIsInVybCI6Imh0dHBzOi8vd3d3Lndhc2hpbmd0b25wb3N0LmNvbS90ZWNobm9sb2d5LzIwMjUvMDgvMjcvZmJpLWFkdmlzb3J5LWNoaW5hLWhhY2tpbmctZXhwYW5zaW9uLyJ9.zpBA4U4N4wSNuM9CvN3k5E8Ui3gR33klubbOQ8ku-qU
Tomi Engdahl says:
David DiMolfetta / Nextgov/FCW:
Sources and docs: a Russia-based Yandex employee maintains open-source tool fast-glob, embedded in 30 US DOD software packages and downloaded 70M times per week
Report: Russia-based Yandex employee oversees open-source software approved for DOD use
https://www.nextgov.com/cybersecurity/2025/08/report-russia-based-yandex-employee-oversees-open-source-software-approved-dod-use/407703/
The package is listed inside Platform One’s Iron Bank, a vetted Defense Department software repository, people familiar say.
A Russia-based Yandex employee is the sole maintainer of a widely used open-source tool embedded in at least 30 pre-built software packages in the Department of Defense, raising potential risks of covert data exfiltration through sensitive digital tools used by the U.S. military, according to research first seen by Nextgov/FCW.
The tool, dubbed fast-glob, helps software developers operate on groups of files without having to write extra code, making it the preferred method for quickly searching and organizing project files.
It’s used in over 5,000 projects worldwide and is downloaded some 70 million times per week, according to the findings out Wednesday from software supply chain security firm Hunted Labs.
The maintainer is listed as Denis Malinochkin. As of publishing time, there is no known malicious code inside fast-glob, according to Hayden Smith, a Hunted Labs co-founder, who added that Malinochkin appears innocuous, though his standing as the only maintainer of the popular software package raises red flags.
“A project that is that popular should not be maintained by just one person,” he said. “[Even] if you take all the geolocation and geopolitical atmospherics and you remove those … having a solo maintainer for a project you critically depend on is extremely risky.”
The DOD’s Office of the Chief Information Officer, which advises the defense secretary on information technology, was alerted to the matter about three weeks ago, Smith added. Nextgov/FCW has reached out to the DOD, the Defense Information Systems Agency and Defense Counterintelligence and Security Agency for comment.
The fast-glob package is listed inside Platform One’s Iron Bank, the Pentagon’s vetted repository of software building blocks used by the U.S. military’s software developers and contractors to craft digital tools and applications, according to multiple people familiar with the matter. The people were granted anonymity to be candid about its use inside DOD software systems.
Yandex is a major Russian technology company that has been found to have extensive ties to the Kremlin and has promoted misinformation about Russia’s war in Ukraine.
In an email sent to Nextgov/FCW, Malinochkin said that he has been developing and maintaining fast-glob for over seven years, which began prior to his employment at Yandex. He said the tool’s source code is fully open and auditable by potential users and that its development or support has never been a part of his professional duties in his current job.
“Nobody has ever asked me to manipulate fast-glob, introduce hidden changes to the project, or collect and share system data. I believe that open source is built on trust and diversity,” he wrote.
In July, Secretary of Defense Pete Hegseth signed a memorandum directing the Defense Department to “not procure any hardware or software susceptible to adversarial foreign influence that presents risk to mission accomplishment and must prevent such adversaries from introducing malicious capabilities into the products and services that are utilized by the department.”
That memo came after ProPublica reported Microsoft had relied on China-based engineers to support its cloud services for the DOD. Microsoft has since severed those arrangements.
Open-source projects rely on contributions from community members to keep them updated with patches. The updates are often discussed on forums with volunteer software maintainers.
Historically, community practices have operated under the premise that all contributors are benevolent. That notion was challenged last February when a user dubbed “Jia Tan” tried to quietly plant a backdoor into XZ Utils, a file transfer tool used in several Linux builds that power software in leading global companies.
“If you’re a nation state … you have a bunch of stuff that you’re doing fast, but you have other stuff that you’re doing very methodically, slowly or positioning strategically.” said George Barnes, the former deputy director of the National Security Agency.
Russia’s state-centered economy also allows the Kremlin to compel firms to act on behalf of the nation’s interest, including the use of hacking and disinformation campaigns. Yandex is one of several major domestic tech companies that the Russian government can heavily rely on, Barnes said.
“This piece of code has no known vulnerabilities. It’s ubiquitously leveraged and used globally, and it happens to have one maintainer sitting in Russia, and the [maintainer] might be totally fine,” he added, but “that situation subordinates him to a legal framework that’s not in his control.”
Chinese, Russian and North Korean-affiliated hackers are covertly working to insert backdoor hijacks and exploits into major publicly-available software used by countless organizations, developers and governments around the world, according to findings from Strider Technologies released earlier this month.
Russia has continued broad cyber activities despite recent U.S. efforts to bring the Kremlin to the negotiating table with Ukraine.
Tomi Engdahl says:
Reuters:
German media: German banks blocked €10B+ in PayPal payments on August 25 over fraud concerns; PayPal says a temporary service interruption affected transactions
German banks halted 10 billion euros in PayPal payments on fraud concerns, says newspaper
https://www.reuters.com/business/finance/german-banks-halted-10-billion-euros-paypal-payments-fraud-concerns-says-2025-08-27/
BERLIN, Aug 27 (Reuters) – German banks blocked PayPal (PYPL.O), opens new tab payments totalling more than 10 billion euros ($11.7 billion) over fraud concerns, the Sueddeutsche Zeitung newspaper reported on Wednesday, without specifying its sources.
Tomi Engdahl says:
China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years
https://www.securityweek.com/chinas-salt-typhoon-hacked-critical-infrastructure-globally-for-years/
China-linked APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveillance reach.
The China-linked cyberespionage group known as Salt Typhoon has been compromising backbone and edge routers globally for persistent access to networks across multiple industries, government agencies in the US and allied countries warn.
Also tracked as GhostEmperor, Operator Panda, RedMike, and UNC5807, the threat group has been conducting cyberespionage operations in the US, Australia, Canada, New Zealand, and UK, and across other regions for over half a decade, the agencies note in a joint advisory.
Blamed for multiple intrusions at telecom companies in the US and Canada, and for the hacking of a US National Guard unit, Salt Typhoon has been busy targeting government, telecom, transportation, lodging, and military infrastructure networks globally since at least 2021, the advisory reads.
The APT’s operations have been linked to China-based companies such as Sichuan Juxinhe Network Technology Co. Ltd. (sanctioned by the US), Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd., known for providing cyber products and services to the Chinese intelligence.
“The data stolen through this activity against foreign telecommunications and Internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targets’ communications and movements around the world,” the advisory reads.
Salt Typhoon has exploited known vulnerabilities in Cisco (CVE-2018-0171, CVE-2023-20198, and CVE-2023-20273), Ivanti (CVE-2024-21887), and Palo Alto Networks (CVE-2024-3400) products for initial access, but has not targeted zero-day flaws.
Tomi Engdahl says:
CrowdStrike to Acquire Onum to Fuel Falcon Next-Gen SIEM With Real-Time Telemetry
CrowdStrike says the acquisition will bring valuable technology to enhance its Falcon Next-Gen SIEM.
https://www.securityweek.com/crowdstrike-to-acquire-onum-to-fuel-falcon-next-gen-siem-with-real-time-telemetry/
Tomi Engdahl says:
Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack
https://www.securityweek.com/hackers-target-popular-nx-build-system-in-first-ai-weaponized-supply-chain-attack/
With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft.
Hackers stole thousands of credentials in a fresh supply chain attack targeting JavaScript developers that use the popular Nx build system package.
With over 4 million weekly downloads, Nx is an open source, technology-agnostic build platform that allows developers to manage codebases at scale.
As part of the newly uncovered supply chain attack, dubbed s1ngularity, hackers stole an Nx NPM token allowing them to publish malicious versions of the package to the registry.
At the root of the attack was a vulnerable workflow introduced on August 21, which could be used for code injection, the Nx maintainers explain.
Although the bug was reverted in the master branch almost immediately after found maliciously exploitable, a threat actor used it in a pull request to a fork to the nrwl/nx repository, targeting an outdated branch to trigger the issue and steal a GITHUB_TOKEN that has read/write repository permissions.
The GITHUB_TOKEN was then used to trigger the publish.yml workflow, which contained the NPM token used to publish multiple malicious versions of Nx and supporting plugin packages. Users of the Nx Console IDE extension were also affected, even if they did not have workspaces using Nx.
Malicious versions of Nx and some supporting plugins were published
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c
Tomi Engdahl says:
Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect
https://www.securityweek.com/hackers-weaponize-trust-with-ai-crafted-emails-to-deploy-screenconnect/
AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Filing: credit reporting giant TransUnion discloses a data breach affecting 4.4M+ customers’ personal info but claims “no credit information was accessed” — Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information.
TransUnion says hackers stole 4.4 million customers’ personal information
https://techcrunch.com/2025/08/28/transunion-says-hackers-stole-4-4-million-customers-personal-information/
Tomi Engdahl says:
Newsmax confirmed Monday it will pay $67 million to settle Dominion Voting Systems’ defamation case arguing the conservative news network knowingly made false claims about Dominion’s voting machines, the latest in a string of high-dollar settlements paid out by companies who falsely linked voting machines to fraud in the 2020 election—just as President Donald Trump continues to push the claims.
Newsmax Settles With Dominion Voting Systems—Owes $67 Million For Claiming 2020 Election Fraud
https://www.forbes.com/sites/alisondurkee/2025/08/18/newsmax-settles-with-dominion-voting-systems-owes-67-million-for-claiming-2020-election-fraud/?utm_source=facebook&utm_medium=social&utm_campaign=forbes&utm_term=se-staff&fbclid=IwdGRjcAMg3uNleHRuA2FlbQIxMQABHqvLTJtduc5lZzPsge0B5tYmHQfpNmychYN00qkGKxD1oIV7Yk_v9iQviAd7_aem_q1BFZxdQMUnFQrZ5eyU9BA
Newsmax confirmed Monday it will pay $67 million to settle Dominion Voting Systems’ defamation case arguing the conservative news network knowingly made false claims about Dominion’s voting machines, the latest in a string of high-dollar settlements paid out by companies who falsely linked voting machines to fraud in the 2020 election—just as President Donald Trump continues to push the claims.
Key Facts
Newsmax said it will pay $67 million to Dominion Voting Systems in installments over the next three years—far lower than the $1.6 billion the voting machine company sought in damages when it initially sued Newsmax in 2021.
Dominion sued Newsmax alleging the right-wing news network pushed claims tying the company’s voting machines to election fraud despite knowing those claims were false, one of a number of lawsuits brought by Dominion and rival voting company Smartmatic following the 2020 election.
The case had been set to go to trial, with the Delaware judge overseeing the case finding in April that Newsmax made false claims about Dominion and broadcast information about the voting company that “would likely cause reasonable viewers to think significantly less favorably about Dominion than if the viewers knew the truth.”
Newsmax said Monday it still denies its reporting was defamatory, claiming its reporting was “fair” and “balanced” and the network “believed it was critically important for the American people to hear both sides of the election disputes that arose in 2020.”
The network decided to settle the case because it determined the court overseeing the case “would not provide a fair trial wherein the company could present standard libel defenses to a jury,” Newsmax claimed Monday.
The settlement comes after Newsmax also settled Smartmatic’s case against the news network in September 2024 for an undisclosed amount, which was later revealed to be $40 million.
Big Number
More than $800 million. That’s how much Dominion has won as a result of settlements in its defamation cases, including the voting company’s $787.5 million settlement with Fox News.
News Peg
News of the multimillion-dollar settlement came hours after President Donald Trump continued to assert claims about voting machines being tied to election fraud, despite those claims repeatedly proven as false. The president claimed on Truth Social on Monday he would “lead a movement” against mail-in ballots and some voting machines, which he claimed without evidence are “Highly ‘Inaccurate,’ Very Expensive, and Seriously Controversial.”
Tomi Engdahl says:
Earlier
https://markets.businessinsider.com/news/stocks/dominion-voting-systems-investor-profit-return-fox-news-defamation-lawsuit-2023-4
Tomi Engdahl says:
Tämä on uusi huijaus, jossa käytetään väärennettyjä puhelinnumeroita, ja se on jo vaatinut uhreja: syyllisiä ovat Googlen tekoälyn tulokset.
https://tiedonhaku.fi/2025/08/21/tama-on-uusi-huijaus-jossa-kaytetaan-vaarennettyja-puhelinnumeroita-ja-se-on-jo-vaatinut-uhreja-syyllisia-ovat-googlen-tekoalyn-tulokset/
Väärin valittu tekoälyn puhelinnumero voi johtaa suureen petokseen.
Jopa teknisesti osaavimmat ihmiset voivat joutua verkkohuijauksen uhreiksi. Yksi tällaisista ihmisistä on Alex Rivlin, kiinteistönvälittäjä Las Vegasista, joka tuli tahattomasti upean uuden huijausjärjestelmän uhriksi. Hänen tapauksensa, jonka The Washington Post paljasti, herättää huolta siitä, miten uusia tekoälytyökaluja, kuten Google-yhteenvedot, käytetään vanhojen huijausjärjestelmien elvyttämiseen.
Huijaus alkoi yksinkertaisesta tehtävästä. Yksinkertaisesta hausta, jolla haluttiin varata kuljetus Euroopan-risteilylle. Kun Alex Rivlin etsi Royal Caribbeanin asiakaspalvelun numeroa Googlesta, vastaus tuli suoraan hakukoneen tekoälyltä – puhelinnumero kyltissä. Hän ei tiennyt, että numero ei kuulunut risteily-yhtiölle, vaan huijareille.
Tomi Engdahl says:
Verkkoasioinnin tietoturva on ajastaan jäljessä – Pahin skenaario on pankin ja mobiilivarmenteen yhdistelmä
https://www.tivi.fi/uutiset/a/b0294089-e30f-4546-8693-19adedd5e216
Verkkopankkien käyttäjiltä huijataan miljoonia, eivätkä pankkien omat valvontajärjestelmät pysy kehityksen perässä. Pahimmillaan uhrit menettävät eläkesäästönsä klikattuaan kerran väärää osoitetta.
Tomi Engdahl says:
Google issues warning to billions of Gmail users over password hack
Cyber criminals known as ‘ShinyHunters’ have previously targeted AT&T Wireless, Microsoft, Santander and Ticketmaster
https://www.independent.co.uk/tech/gmail-password-update-google-hack-b2814152.html
Tomi Engdahl says:
https://cybersecuritynews.com/internet-archive-abused/
Tomi Engdahl says:
https://thehackernews.com/2025/08/mixshell-malware-delivered-via-contact.html
Tomi Engdahl says:
https://cybersecuritynews.com/bing-ads-deploy-weaponized-putty/
Tomi Engdahl says:
https://cybersecuritynews.com/azures-default-api-connection-vulnerability/
Tomi Engdahl says:
Artificial Intelligence
PromptLock: First AI-Powered Ransomware Emerges
Proof-of-concept ransomware uses AI models to generate attack scripts in real time.
https://www.securityweek.com/promptlock-first-ai-powered-ransomware-emerges/
Tomi Engdahl says:
Cybercrime
VerifTools Fake ID Operation Dismantled by Law Enforcement
Authorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts.
https://www.securityweek.com/veriftools-fake-id-operation-dismantled-by-law-enforcement/
Tomi Engdahl says:
Uncategorized
Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign
Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration.
https://www.securityweek.com/google-confirms-workspace-accounts-also-hit-in-salesforce-salesloft-drift-data-theft-campaign/
Tomi Engdahl says:
Uncategorized
In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks
Noteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across multiple phases of malicious attacks.
https://www.securityweek.com/in-other-news-iranian-ships-hacked-verified-android-developers-ai-used-in-attacks/
Tomi Engdahl says:
Lue tiivistelmä
Googlen Discover-palvelu suosittelee suomalaisille epäilyttäviä sivustoja, jotka johtavat huijauksiin.
Tiedonhaku.fi-sivusto sisältää huonoa suomen kieltä ja linkkejä sijoitushuijaussivustoille.
Google sanoo tutkineensa sivuja, mutta ei ole löytänyt palveluissaan näytettäviä mainoksia.
Kyberturvallisuuskeskuksen asiantuntija neuvoo jättämään kyseenalaiset suositukset huomiotta.
Älä mene tälle sivustolle, jota Google sinulle suosittelee – vakava vaara
https://www.is.fi/digitoday/tietoturva/art-2000011446382.html
Tomi Engdahl says:
It’s no longer a hypothetical: Anthropic has discovered a hacker using its AI chatbot to plan and execute a large-scale data extortion campaign that targeted 17 organizations last month.
Read more at PCMag
bit.ly/462n0FQ
Anthropic Warns of Hacker Weaponizing Claude AI Like Never Before
The hacker ‘used AI to what we believe is an unprecedented degree’ by harnessing Claude to automate large parts of the data extortion campaign, Anthropic says.
https://uk.pcmag.com/ai/159759/anthropic-warns-of-hacker-weaponizing-claude-ai-like-never-before?fbclid=IwVERDUAMisXtleHRuA2FlbQIxMAABHrA56_3ddpHCBl-kKcw_WeQdPb58aws_XmAsoPqfhZi1DlyAzevrVdjAYY0w_aem_wx9RunK7D61DM9FH8g85vw
Tomi Engdahl says:
https://aardwolfsecurity.com/cloudflare-crush-a-record-breaking-ddos-attack/
“Cloud Platform Exploitation Highlights Infrastructure Risks”. I kinda figured everybody was on this ship already. In fact it’s the perfect platform from which to launch. Of course, if things worked like they should then the owners of these cloud accounts would be notified that they have nasties.
Imagine what a PITA it would be to have to compromise hundreds of cloud accounts just to blow it all on one DDOS attack!
TLDR: Cloudflare successfully defended against a record-breaking 11.5 terabits per second DDoS attack that lasted just 35 seconds. The massive UDP flood originated primarily from compromised resources on Google Cloud Platform and set a new industry high for network bandwidth consumed by malicious traffic.
Tomi Engdahl says:
Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps
https://www.bleepingcomputer.com/news/security/cloudflare-blocks-record-breaking-115-tbps-ddos-attack/?fbclid=IwdGRjcAMkDChleHRuA2FlbQIxMQABHubu1AT74LPycuQ9zKsaQ9Sh65JIdz9UT5BgcYSenj8DX–yg5GaifoGmqBU_aem_7LMDl2yk4tNB0k3SD87CEQ
Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps).
In volumetric DDoS attacks, attackers overwhelm the target with massive amounts of data, consuming the bandwidth or exhausting system resources, leaving legitimate users with no access to the targeted servers and services.
“Cloudflare’s defenses have been working overtime. Over the past few weeks, we’ve autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps,” the company said in a Tuesday tweet.
Tomi Engdahl says:
Kuluvan vuoden lokakuu on tietoturvassa ja IT:ssä merkittävä siksi, että laajalti käytössä olevan käyttöjärjestelmä Microsoftin Windows 10:n tuki päättyy 14. lokakuuta.
Mitä tuen päättyminen tarkoittaa yrityksille käytännössä?
https://nerdynet.com/windows-10-tuki-paattyy-lokakuussa-miksi-deadline-koskettaa-jokaista-yritysta/?utm_source=meta&utm_medium=social&utm_campaign=030725