Cyber security news September 2025

This posting is here to collect cyber security news in September 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

63 Comments

  1. Tomi Engdahl says:

    Judge Gives Humiliating Punishment to Lawyers Caught Using AI in Court
    Cruel and unusual — and probably completely justified.
    https://futurism.com/judge-humiliating-punishment-lawyers-using-ai

    AI tools have become a hit with lawyers. But judges have shown they have little patience for when their experiments with the tech go wrong.

    When combing over a document submitted by two defense lawyers from the firm Cozen O’Connor, district judge David Hardy found at least 14 citations of case law that appeared to be fictitious, Reuters reported. Others were misquoted or misrepresented.

    After being confronted, the two defense lawyers soon pleaded guilty: one of them had used ChatGPT to draft and edit the document.

    Where other judges have sanctioned lawyers for committing similar sins, judge Hardy offered a humiliating ultimatum last week that’s borderline cruel and unusual.

    The two stooges could pay $2,500 each in monetary sanctions, face removal from the case, and be referred to the state bar.

    Or, instead, they could swallow their pride and write to their former law school deans and bar officials explaining how they screwed up — plus volunteer to speak on topics like AI and professional conduct.

    In their shoes, we’d opt for option c): disappear off the face of the Earth.

    The Cozen pair were representing Uprise, an internet service provider. The law firm apologized to the judge and explained that an associate Daniel Mann accidentally filed an early and uncorrected draft that was made with the help of ChatGPT, according to the reporting. Mann was fired, but the other lawyer, Jan Tomasik, appears to have stayed on.

    Judge Hardy’s punishment may have been unorthodox, but he’s far from the only one to take punitive action against lazy lawyers that don’t double check their AI homework. After lawyers from the large law firm Morgan & Morgan apologized for submitting AI-hallucinated case law in a suit against Walmart, the judge slapped on thousands of dollars in fines, after deciding not to pursue more severe punishment. (The firm later sent out a panicked company-wide email where it warned about the shortcomings of AI but still, questionably, praised its usefulness.)

    There are countless similar stories. The plot usually is that the lawyers use a large language model to help cite relevant case law. But AI being AI, it invents cases out of thin air, or misrepresents them, or mishes and mashes real cases together.

    Reply
  2. Tomi Engdahl says:

    CrowdStrike Infested With “Self-Replicating Worms”
    “I would think of this attack as a ‘living’ thing almost, like a virus.”
    https://futurism.com/crowdstrike-infested-self-replicating-worms

    Reply
  3. Tomi Engdahl says:

    Burger King hacked, attackers ‘impressed by the commitment to terrible security practices’ — systems described as ‘solid as a paper Whopper wrapper in the rain,’ other RBI brands like Tim Hortons and Popeyes also vulnerable
    News
    By Mark Tyson last updated September 7, 2025
    Fast food firm quickly fixed vulnerabilities of whopping proportions, but didn’t acknowledge the white-hat hackers.
    https://www.tomshardware.com/tech-industry/cyber-security/burger-king-hacked-digital-platform-as-solid-as-a-paper-whopper-wrapper-in-the-rain-easy-security-bypass-exploited-catastrophic-vulnerabilities-also-worked-on-other-rbi-brands-like-tim-hortons-and-popeyes

    Reply
  4. Tomi Engdahl says:

    Moni tekee yksinkertaisen virheen, jonka takia Whatsapp-keskustelut voivat päätyä tuntemattoman käsiin
    Digitaaliseen turvallisuuteen perehtynyt Jyväskylän yliopiston lehtori Panu Moilanen ohjeistaa Whatsappin käyttäjiä suojaamaan käyttäjä­tilinsä.
    https://yle.fi/a/74-20179983

    Reply
  5. Tomi Engdahl says:

    Massive “Great Firewall of China” data leak reveals surveillance tech Silk Road
    https://cybernews.com/security/china-great-firewall-leak-exposes-global-exports/

    Reply
  6. Tomi Engdahl says:

    Arkime: Open-source network analysis and packet capture system
    Arkime is an open-source system for large-scale network analysis and packet capture. It works with your existing security tools to store and index network traffic in standard PCAP format, making it easy to search and access.
    https://www.helpnetsecurity.com/2025/09/15/arkime-open-source-network-analysis-packet-capture-system/

    Reply
  7. Tomi Engdahl says:

    Kiinan uusi vientituote on digitaalinen keskitysleiri
    Pentti Perttula
    Julkaistu 12.09.2025 | 07:20
    Päivitetty 12.09.2025 | 09:13
    Kiina
    Järjestelmä mahdollistaa tiedon ja henkilöiden seurannan verkossa, verkkosivustojen sulkemisen ja VPN-työkalujen estämisen.
    https://www.verkkouutiset.fi/a/kiinan-uusi-vientituote-on-digitaalinen-keskitysleiri/#fb485f67

    Reply
  8. Tomi Engdahl says:

    https://mobiili.fi/2025/09/05/wi-fi-reitittimille-uusi-merkinta-tarkea-erityisesti-alykodin-kannalta/

    Reply
  9. Tomi Engdahl says:

    I Built a $20,000 Military Router for $106.23
    https://www.youtube.com/watch?v=ofR7GFNZzJY

    Reply
  10. Tomi Engdahl says:

    https://www.ft.com/content/2a3242d4-ba06-40a6-84f3-ab6b15dc18f3

    Reply
  11. Tomi Engdahl says:

    https://effi.org/avoin-kirje-henna-virkkuselle-20250911/

    Reply
  12. Tomi Engdahl says:

    Mikko Hyppönen: rajoitettu käyttöjärjestelmä tuo turvaa
    https://etn.fi/index.php/13-news/17918-mikko-hyppoenen-rajoitettu-kaeyttoejaerjestelmae-tuo-turvaa

    Suomalainen tietoturva-asiantuntija Mikko Hyppönen nousi lavalle Black Hat -konferenssissa ja muistutti, että kyberturvallisuus on paradoksaalisessa tilanteessa. – Turvallisuus on parempi kuin koskaan, vaikka se ei siltä tunnu, Hyppönen sanoi todennäköisesti viimeisessä Black Hat keynotessaan.

    Hyppösen mukaan suurin yksittäinen tietoturvainnovaatio viimeisen 15 vuoden aikana on ollut rajoitetumpien käyttöjärjestelmien, kuten iOS:n ja Androidin, läpimurto. Modernit älypuhelimet ja pelikonsolit toimivat esimerkkeinä siitä, miten käyttöjärjestelmien rajaukset suojaavat käyttäjää. Xbox One on ollut markkinoilla yli vuosikymmenen, mutta sille ei ole vieläkään kehitetty toimivaa jailbreakia. – Jos fyysinen pääsy koneeseen tarkoittaa yleensä sitä, että peli on menetetty, Xbox on vastaesimerkki. se on lukittu Windows-tietokone, jota ei ole onnistuttu murtaa, Hyppönen totesi.

    Rajoitetut järjestelmät eivät kuitenkaan tarkoita täydellistä suojaa. Hyppönen nosti esimerkiksi Pegasus-haittaohjelman, jota käytetään valtiollisiin tiedusteluoperaatioihin. Sen hinta voi nousta satoihin tuhansiin dollareihin kohdetta kohti. – Se on kallis ja rajattu ase. Rikollisilla ei Pegasusta ole. Eivätkä useimmat meistä ole sadantuhannen dollarin arvoisia.

    Konferenssipuheessaan Hyppönen korosti, että suurin muutos viime vuosina on ollut ransomware-jengien nousu miljardiluokan liiketoiminnaksi

    Reply
  13. Tomi Engdahl says:

    Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack
    Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware
    https://www.theregister.com/2025/09/17/ddr5_dram_rowhammer/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*