Cyber Security news March 2026

This posting is here to collect cyber security news in March 2026.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

133 Comments

  1. Tomi Engdahl says:

    https://www.tradingview.com/news/cointelegraph:077d8119f094b:0-sweden-probes-reported-leak-of-e-government-platform-source-code/

    Reply
  2. Tomi Engdahl says:

    Another Self-Own
    Iran Is Bombing Data Centers in Retaliation
    Not the data centers!
    https://futurism.com/artificial-intelligence/iran-bombing-data-centers?fbclid=IwdGRjcAQjS-ZjbGNrBCNJzmV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHrin0dAZWlj6bruwx3FWcQH99klI2125G4XYzE9Ayd6p1u5gQwchgxKqgGyu_aem_EJCs3QLAhD7MCGwLYWzfGQ

    Earlier this week, Iranian drones hit three Amazon Web Services (AWS) facilities in the United Arab Emirates and Bahrain, triggering global outages in online services. Experts believe the strikes were the first instance of American big tech companies being targeted in a military operation.

    The strikes caused “structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage,” the tech giant admitted in a March 2 update.

    Iranian Revolutionary Guard-affiliated news claimed that Iran had targeted both Amazon and Microsoft facilities, as the Financial Times reports, though the latter has yet to experience any outages in the region.

    The incidents highlight how data centers have become major targets on the battlefield.

    Reply
  3. Tomi Engdahl says:

    Criminals hijack thousands of devices to create never-before-seen cyber weapon
    Victims of the KadNap botnet are spread throughout the world
    https://www.independent.co.uk/tech/security/cyber-weapon-kadnap-botnet-hijack-malware-b2937703.html?fbclid=IwdGRjcAQjnfFjbGNrBCOdx2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHqZTwkpuDIV1avqUqsu8NJzOsHbznGSfTLZAHQlPvU74atTJoZCh_dz6P4TW_aem_ExFLMquL6xY8iwhhC7ZFIw

    Criminals have secretly hijacked more than 14,000 devices worldwide in order to carry out attacks that are almost impossible to protect against, security researchers have warned.

    The majority of devices infected by the sophisticated new malware, dubbed ‘KadNap’, are Asus routers, which are being used to route malicious traffic to carry out large-scale cyberattacks.

    “Threat actors are building large-scale botnets specifically designed to hijack devices in this growing pool of targets, using them to route traffic and evade detection by network security systems.”

    Reply
  4. Tomi Engdahl says:

    Hirvittävä datamurtoepäily Ruotsissa: Koko valtion lähdekoodi varastettiin, ihmisten tiedot jo myynnissä
    Bytetobreach-ryhmän kerrotaan olevan tämän lisäksi myös Viking Linen tietomurron takana.
    https://www.iltalehti.fi/ulkomaat/a/950c9723-ed2b-4fbb-8752-c0c5e70cdebc

    Suuria määriä arkaluonteista tietoa Ruotsin valtion IT-järjestelmistä on päätynyt pimeään verkkoon, uutisoivat Expressen ja Dagens Nyheter. Lehtien mukaan tietoihin kuuluisi muun muassa lähdekoodia, salasanoja ja salausavaimia.

    Kyberturvallisuustiedon mukaan hakkeriryhmä, joka kutsuu itseään ByteToBreachiksi, onnistui murtautumaan IT-konsulttiyritys CGI Swedenin järjestelmiin ja varasti Ruotsin sähköisen hallinnon alustan lähdekoodin. Ryhmä on julkaissut lähdekoodin ilmaiseksi, mutta myy erikseen tietokantoja, joissa on kansalaisten henkilötietoja ja sähköisiä allekirjoitusasiakirjoja.

    Ryhmän kerrotaan olevan myös Viking Linen tietomurron takana.

    Kyberturvallisuusjärjestö International Cyber Digest kuvaili vuotoa “vakavaksi paljastukseksi” Ruotsin digitaalisten palveluiden turvallisuudelle.

    CGI:n mukaan tietoturvapoikkeama havaittiin kahdella Ruotsissa sijaitsevalla sisäisellä testipalvelimella.

    – Palvelimet eivät ole tuotantokäytössä, vaan niitä käytetään testaukseen, joka liittyy rajatulle asiakasjoukolle toimitettuun palveluun. Poikkeaman yhteydessä myös järjestelmä, joka sisälsi sovelluksen lähdekoodin vanhemman version, on ollut ulkopuolisten saavutettavissa, yritys kertoo tiedotteessaan.

    Reply
  5. Tomi Engdahl says:

    Kyberturvallisuusasiantuntijat varoittavat, että murto voi heikentää luottamusta Ruotsin digitaalisiin turvallisuus- ja tunnistusjärjestelmiin.

    Reply
  6. Tomi Engdahl says:

    https://www.iltalehti.fi/digiuutiset/a/3c0c65ff-5239-489d-92e7-5e0bd8edfed0

    Totolink X5000R -reitittimestä on löytynyt haavoittuvuus, joka mahdollistaa laitteiden kaappaamisen. Laitetta myydään Gigantin verkkokaupassa.

    Reply
  7. Tomi Engdahl says:

    https://www.iltalehti.fi/digiuutiset/a/a93aadb9-b9df-474c-88fe-20dfc439e45d

    Karanteeni-ilmoitus voi säikäyttää – On hyvin tärkeää, että tiedät, mistä on kyse

    Reply
  8. Tomi Engdahl says:

    Switzerland built a secure alternative to BGP. The rest of the world hasn’t noticed yet
    SCION: Proven in banking and healthcare, slow to spread everywhere else
    https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/

    Feature BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.

    For four decades, it has done exactly that. It has also, throughout those four decades, been exploited, misconfigured, and abused in ways that were predictable from the start. Route hijacks reroute traffic through hostile networks. Route leaks knock services offline. Nation-state cyber crews weaponize BGP to intercept communications at scale. These are not theoretical threats. They are documented, recurring events, and they remain possible today for one simple reason: BGP has no native way to verify that a network claiming to own a block of addresses actually does.

    A series of patches and extensions like Resource Public Key Infrastructure (RPKI), BGPsec, and RPKI-based Route Origin Authorization (ROA) have been layered over the original protocol in an attempt to address the worst of these vulnerabilities. They help at the margins. They do not solve the underlying problem.

    There is, however, a system that does, or at least claims to. SCION, which stands for Scalability, Control, and Isolation On Next-Generation Networks, is an internet routing architecture developed at ETH Zürich. Unlike the patches applied to BGP, SCION does not attempt to retrofit security onto a 40-year-old foundation. It replaces the foundation entirely. That redesign is the life’s work of Adrian Perrig, professor of computer science at ETH Zürich and the principal architect of SCION.

    Reply
  9. Tomi Engdahl says:

    Tekoäly tekee kyberuhkista työläämpiä – pian puolet selvitystyöstä liittyy AI:hin
    https://etn.fi/index.php/13-news/18675-tekoaely-tekee-kyberuhkista-tyoelaeaempiae-pian-puolet-selvitystyoestae-liittyy-ai-hin

    Tekoälyn nopea yleistyminen ei näy kyberturvassa pelkästään uusina uhkina, vaan ennen kaikkea kasvavana työmääränä. Analyytikkoyhtiö Gartner ennustaa, että vuoteen 2028 mennessä jopa puolet yritysten tietoturvapoikkeamien selvitystyöstä kohdistuu tekoälysovelluksiin liittyviin tapauksiin.

    Kyse ei ole siitä, että tekoäly aiheuttaisi puolet kaikista kyberuhkista. Gartnerin mukaan muutos näkyy erityisesti siinä, kuinka työläitä AI:hin liittyvät tapaukset ovat. Kun perinteinen tietoturvapoikkeama voidaan usein rajata ja korjata nopeasti, tekoälysovelluksiin liittyvät ongelmat ovat monimutkaisempia ja vaativat enemmän analyysiä.

    - AI kehittyy nopeasti, mutta monia erityisesti räätälöityjä sovelluksia otetaan käyttöön ennen kuin ne on testattu kunnolla. Ne ovat monimutkaisia, dynaamisia ja vaikeita suojata ajan mittaan, toteaa Gartnerin analyytikko Christopher Mixter.

    Tekoälysovellukset tuovat mukanaan uudenlaisia riskejä. Näihin kuuluvat esimerkiksi prompt injection -hyökkäykset, datan väärinkäyttö sekä tilanteet, joissa malli paljastaa arkaluonteista tietoa. Lisäksi AI-järjestelmät kytkeytyvät usein useisiin muihin järjestelmiin, mikä kasvattaa hyökkäyspintaa ja tekee ongelmien juurisyiden selvittämisestä hankalaa.

    Reply
  10. Tomi Engdahl says:

    ALERT – A new flaw in #Ubuntu 24.04+ lets attackers gain full root access from low privileges.

    By timing system cleanup, they replace a snap directory and execute code as root—no user action required.

    Exploit steps and patched versions → https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html

    Reply
  11. Tomi Engdahl says:

    A Magecart skimmer hid its payload in a favicon’s EXIF metadata, never entering the codebase.

    A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser.

    No repo changes. No scan alerts. Payment data was exfiltrated at checkout.

    Loader chain and why static tools missed it → https://thehackernews.com/2026/03/claude-code-security-and-magecart.html

    Reply
  12. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18675-tekoaely-tekee-kyberuhkista-tyoelaeaempiae-pian-puolet-selvitystyoestae-liittyy-ai-hin

    Reply
  13. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18687-tutkimus-paljastaa-kansanedustajien-saehkoepostikaeytaennoeissae-vakavia-puutteita

    Reply
  14. Tomi Engdahl says:

    https://hackaday.com/2026/03/20/google-unveils-new-process-for-installing-unverified-android-apps/

    Reply
  15. Tomi Engdahl says:

    Open Season
    Iran Declares Google and Microsoft to Be Military Targets
    “The Americans should await our countermeasure and our painful response.”
    https://futurism.com/robots-and-machines/iran-google-microsoft-targets?fbclid=IwdGRjcAQrJS9jbGNrBCslJWV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHoQwjlOBjKDnqkcXFqYx-mUB4QYoAbBbhxLCj06c_oM5ZJqp9TnYKVJ0zG37_aem_oalkeZEe5i1AA7iUqhDDiA

    Reply
  16. Tomi Engdahl says:

    https://cybernews.com/security/cisa-urgent-microsoft-intune-security-warning/

    Reply
  17. Tomi Engdahl says:

    https://www.helpnetsecurity.com/2026/03/20/new-infosec-products-of-the-week-march-20-2026/

    Reply
  18. Tomi Engdahl says:

    Big tech companies step in to support the open source security ecosystem
    Backed by new funding commitments from major technology players, open source security efforts are moving beyond threat identification toward practical solutions for defenders.
    https://www.helpnetsecurity.com/2026/03/18/linux-foundation-open-source-security-12-5-million-funding/

    Reply
  19. Tomi Engdahl says:

    AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
    https://thehackernews.com/2026/03/ai-flaws-in-amazon-bedrock-langsmith.html

    Reply
  20. Tomi Engdahl says:

    https://arstechnica.com/security/2026/03/researchers-disclose-vulnerabilities-in-ip-kvms-from-4-manufacturers/

    Reply
  21. Tomi Engdahl says:

    Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway
    One Microsoft product was approved despite years of concerns about its security.
    https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/?utm_source=facebook&utm_medium=social&utm_campaign=dhfacebook&utm_content=null&fbclid=IwdGRjcAQpDrZjbGNrBCkOs2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHtE67CArJGBga79EyB5_XQpyz2f6hZbhIXHEd0OYedTrLaqO_nD6lOdPf_OD_aem_hMU4lQKuM98DkX5J94y-Hw

    Reply
  22. Tomi Engdahl says:

    Yes, Honey
    If You’re a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
    Coming to bed dear?
    https://futurism.com/future-society/tech-workers-honey-trap

    Forget malware. The latest and greatest threat to national cybersecurity comes with a smile and an apparent romantic preference for schlubby tech workers.

    At least, that’s according to The Times: the British newspaper reported this week that China and Russia are deploying their finest babes to seduce tech industry professionals throughout the western world to gain valuable secrets, a practice it calls “sex warfare.”

    The Times cites a slew of “industry insiders” who warned about sophisticated plots involving young women charming Silicon Valley workers into giving up previous insider info — in some cases, allegedly even going as far as to build loving families with their victims.

    “It’s the Wild West out there,” one insider declared.

    Though it’s possible that some foreign operatives are playing these incredible long cons, consider us skeptical. Technically referred to as a “honey trap,” the accusation has its roots in Cold War-era propaganda, where rumors of KGB vixens trained in the arts of seduction spread far and wide, fueled by literature like James Bond and no small number of sensational CIA memoirs.

    In The Times‘ reporting, it’s not always clear whether sources’ accusations are grounded in fact or are more of a hunch.

    Reply
  23. Tomi Engdahl says:

    OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert
    https://venturebeat.com/security/openclaw-can-bypass-your-edr-dlp-and-iam-without-triggering-a-single-alert

    An attacker embeds a single instruction inside a forwarded email. An OpenClaw agent summarizes that email as part of a normal task. The hidden instruction tells the agent to forward credentials to an external endpoint. The agent complies — through a sanctioned API call, using its own OAuth tokens.

    The firewall logs HTTP 200. EDR records a normal process. No signature fires. Nothing went wrong by any definition your security stack understands.
    That is the problem. Six independent security teams shipped six OpenClaw defense tools in 14 days. Three attack surfaces survived every one of them.

    Reply
  24. Tomi Engdahl says:

    Hirvittävä datamurtoepäily Ruotsissa: Koko valtion lähdekoodi varastettiin, ihmisten tiedot jo myynnissä
    Bytetobreach-ryhmän kerrotaan olevan tämän lisäksi myös Viking Linen tietomurron takana
    https://www.iltalehti.fi/ulkomaat/a/950c9723-ed2b-4fbb-8752-c0c5e70cdebc

    Reply
  25. Tomi Engdahl says:

    Tietoturvakartoitus paljastaa suomalaisyritysten kompastuskivet
    Yleisimmät tietoturvapoikkeamat johtuvat identiteettien luvattomasta käytöstä, mutta ennaltaehkäisevissä tietoturvakartoituksissa puutteita ilmenee usein tiedon hallinnan osa-alueella. Kartoituksia tekevä asiantuntija tuntee suomalaisyritysten ongelmakohdat.
    https://www.dna.fi/yrityksille/blogi/-/blogs/tietoturvakartoitus-paljastaa-suomalaisyritysten-kompastuskivet

    Reply
  26. Tomi Engdahl says:

    Self Own
    Skeptic Builds “Havana Syndrome”-Style Device, Tests It on Himself, Suffers Grim Consequences
    One-shotted by the brain scrambler.
    https://futurism.com/science-energy/weapon-havana-syndrome-scientist

    Reply
  27. Tomi Engdahl says:

    Cyberattack leaves Maine drivers with breathalyzer test systems unable to start vehicles
    https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

    Reply
  28. Tomi Engdahl says:

    https://wgme.com/news/local/cyberattack-leaves-maine-drivers-with-breathalyzer-test-systems-unable-to-start-vehicles-oui-intoxalock?fbclid=IwdGRjcAQtDJBleHRuA2FlbQIxMQBzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR5_zkr6TnIprju6CyIb4Hw1SsxI_6YXySZyeTcHQK_vcKtgPpSVj_fLDrQz2A_aem_5fV8ugQ4QHlAQuS3KBnM2w

    Reply
  29. Tomi Engdahl says:

    https://www.tomshardware.com/software/operating-systems/grapheneos-refuses-to-comply-with-age-verification-laws?fbclid=IwVERDUAQtPJFleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR7E3UN9oGi46_KC4HFPdgxeU7WU5zcTGUvXzcw9O3KyZOWr_tpK3zYKrmnpow_aem_aoNX6mc5VPTbaoz3uRtmvw

    Reply
  30. Tomi Engdahl says:

    THE FBI JUST ISSUED A WARNING ABOUT A HIDDEN THREAT IN YOUR HOME WI-FI NETWORK
    https://www.slashgear.com/2129073/fbi-warning-home-wifi-network-hidden-threat/

    Reply
  31. Tomi Engdahl says:

    There are a few strategies the FBI recommends to keep residential proxies at bay. For one, use common sense and act safely on your home Wi-Fi network. Avoid suspicious websites, don’t engage with pop-up advertisements, be cautious of apps from non-official sources, and don’t download free VPNs that lack concrete evidence of their safety. Through these channels, criminals can effectively access a backdoor to your network, steal your IP address, and begin engaging in illegal activities with your information acting as a decoy.

    Read More: https://www.slashgear.com/2129073/fbi-warning-home-wifi-network-hidden-threat/

    Reply
  32. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18697-telegramia-on-vaikea-siivota-kyberrikollisista

    Reply
  33. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18696-tekoaely-tarkistaa-nyt-linux-ytimen-koodia

    Reply
  34. Tomi Engdahl says:

    https://www.securityweek.com/navia-data-breach-impacts-2-7-million/

    Reply
  35. Tomi Engdahl says:

    Exclusive: Foreign hacker in 2023 compromised Epstein files held by FBI, source and documents show
    https://www.reuters.com/world/us/foreign-hacker-2023-compromised-epstein-files-held-by-fbi-source-documents-show-2026-03-11/?fbclid=IwdGRjcAQuh3NjbGNrBC6HSWV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHhat9o0zmkBUeHRpIJPQaDh3aEI6R_yxXEzi3P3dHSPZykCcRM-on6Zl6PHk_aem_Iqq5ROtBpleEijO12EN2PA

    Summary
    Foreign hacker accessed FBI files ‘pertaining to the Epstein investigation’ three years ago
    Hack raises concerns over foreign spies’ interest in the explosive documents
    FBI says its investigation into the incident is ongoing
    WASHINGTON, March 11 (Reuters) – A foreign hacker compromised files relating to the FBI’s investigation of the late sex offender Jeffrey Epstein during a break-in at the bureau’s New York Field Office three years ago, according to ​a source familiar with the matter and recently published Justice Department documents reviewed by Reuters.
    The details of who accessed a server at the FBI’s New York Field Office, ‌including the allegation that a foreign hacker was involved, are being reported here for the first time.

    Reply
  36. Tomi Engdahl says:

    GitHub expands application security coverage with AI‑powered detections
    CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.
    https://github.blog/security/application-security/github-expands-application-security-coverage-with-ai-powered-detections/

    Reply
  37. Tomi Engdahl says:

    FCC bans new routers made outside the USA over security risks
    https://www.bleepingcomputer.com/news/security/fcc-bans-new-routers-made-outside-the-usa-over-security-risks/?fbclid=IwdGRjcAQwU_tjbGNrBDBT3mV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHqv7unYFZhxSDswbaNQlQfyCPcnMf9dzkErX-_6EkrbOlvhGgrWHqJmXvKh__aem_2UisdETQ8v10vrNgIYv6lA

    The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S.

    The Covered List, created under the Secure and Trusted Communications Networks Act of 2019, is an FCC-maintained list of communications equipment and services that the U.S. government has determined to pose an unacceptable risk to national security or the safety of Americans.

    The list previously included specific products and companies tied to security concerns, such as Kaspersky, Huawei, ZTE, Hikvision, and Dahua.

    Adding all routers manufactured abroad to the Covered List follows a National Security Determination issued on March 20 by an Executive Branch interagency body.

    According to the assessment, foreign-produced routers carry a supply-chain risk “that could disrupt the U.S. economy, critical infrastructure, and national defense.” The agency determined that these devices could also be used “to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”

    In support of the decision, the FCC highlights that foreign-made routers helped the Volt, Flax, and Salt Typhoon hackers carry out attacks that targeted vital U.S. infrastructure.

    Exemptions and alternative approval path
    Conditional approval has been granted to certain routers used in the U.S. Department of War (DoW) or the Department of Homeland Security (DHS) for drone systems, which have been determined not to constitute a security risk.

    Also, the new rules do not bar foreign consumer-grade router makers from seeking approval in the U.S., as long as they transparently disclose:

    Corporate and ownership structure, including any foreign government financial support and influence.
    Manufacturing and supply chain details, including bill of materials, country of origin for all components, IP ownership details, manufacturing and assembly locations, and origin of software/firmware.
    Plan to move critical components manufacturing to the United States, and provide a description of existing U.S.-based manufacturing or assembly processes.

    Consumer impact
    For regular consumers in the United States, the new rules are expected to have no immediate effect, as all existing routers will continue to be sold in the country.

    In what concerns Unmanned Aircraft Systems (UAS) and their critical components, the FCC noted that it will allow software and firmware updates until at least January 1, 2027.

    Access to new router models for U.S.-based consumers may become more difficult, and the devices may also become more expensive, as the regulatory approval process adds extra complications and costs.

    Reply
  38. Tomi Engdahl says:

    https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routers

    Reply
  39. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18708-usa-kieltaeae-ulkomaiset-wi-fi-reitittimet-markkina-menee-uusiksi

    Reply
  40. Tomi Engdahl says:

    Samalla kotireitittimen rooli määritellään uudelleen. Se ei ole enää pelkkä kuluttajalaite, vaan osa kansallista infrastruktuuria. Reitittimen kautta kulkee yhä suurempi osa kriittisestä liikenteestä, aina etätyöstä ja yritysverkoista IoT-järjestelmiin ja sähköautojen latausinfrastruktuuriin. Kun tämä viimeinen lenkki verkossa politisoituu, vaikutukset ulottuvat paljon laajemmalle kuin Wi-Fi-markkinaan.

    Päätös muistuttaa kehitystä puolijohteissa ja 5G-verkoissa. Siinä missä aiemmin rajoitukset kohdistuivat yksittäisiin toimijoihin, nyt kohteena on koko toimitusketju. Reitittimistä tulee seuraava strateginen komponentti, jonka alkuperä ja valmistus halutaan kontrolliin.

    https://etn.fi/index.php/13-news/18708-usa-kieltaeae-ulkomaiset-wi-fi-reitittimet-markkina-menee-uusiksi

    Reply
  41. Tomi Engdahl says:

    Tim Bradshaw / Financial Times:
    Apple rolls out mandatory UK age verification with iOS 26.4, requiring users to provide a credit card or ID, a first in Europe, after UK government pressure

    https://www.ft.com/content/c36dc645-8cd4-4e69-a9ce-3a0ac4071264

    Reply
  42. Tomi Engdahl says:

    AES ei vielä tee muistitikusta turvallista
    https://etn.fi/index.php/new-products/18722-aes-ei-vielae-tee-muistitikusta-turvallista

    Kingston on esitellyt uuden IronKey Locker+ 50 G2 -muistitikkunsa vahvasti salaukseen nojaavalla viestillä. Tikku käyttää XTS-tilassa toimivaa 256-bittistä AES-salausta ja tarjoaa suojauksen brute force -hyökkäyksiä sekä BadUSB-uhkia vastaan. Paperilla paketti näyttää vakuuttavalta, mutta yksi keskeinen asia puuttuu, sillä tikku ei ole FIPS 140-3 -sertifioitu.

    Kingston korostaa tiedotteessaan FIPS 197 -yhteensopivuutta, joka käytännössä tarkoittaa AES-algoritmin käyttöä. Tämä ei kuitenkaan ole varsinainen tietoturvasertifiointi, vaan pelkkä määrittely siitä, miten salaus toimii. Varsinainen toteutuksen turvallisuus (eli avainten hallinta, firmware-suojaus ja fyysiset hyökkäykset) arvioidaan FIPS 140-3 -prosessissa, jota tämä malli ei ole läpäissyt.

    Teknisesti Kingston on valinnut oikean suunnan: XTS-AES-256 on nykyisin standardi tallennusmedian salauksessa, ja samaa menetelmää käytetään esimerkiksi levy- ja SSD-suojauksessa. Lisäksi tikku toimii ilman erillistä ohjelmistoa, mikä tarkoittaa, että salaus toteutetaan ohjainpiirissä eikä tietokoneella.

    Reply
  43. Tomi Engdahl says:

    https://etn.fi/index.php/tekniset-artikkelit/18717-kriittisen-infran-turvaaminen-laajenee-avaruuteen

    Reply
  44. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18716-yritykset-ottivat-agentit-kaeyttoeoen-mutta-unohtivat-tietoturvan

    Reply
  45. Tomi Engdahl says:

    Iran-linked hackers breach FBI director’s personal email, publish photos and documents
    https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/

    Handala Hack Team claims breach of Patel’s Gmail account
    Personal photos and emails of FBI Director Kash Patel published online
    Experts says Iranian hackers are hoping to embarrass U.S. officials as US-Israeli war drags on

    Reply
  46. Tomi Engdahl says:

    Iran-linked hackers have breached FBI Director Kash Patel’s personal emails
    https://edition.cnn.com/2026/03/27/politics/iran-linked-hackers-fbi-director-patel

    Hackers connected to the Iranian government accessed FBI Director Kash Patel’s personal email and posted materials — including photos and documents — taken from his account, a person familiar with the breach confirmed to CNN.

    The hackers have published a series of photos of Patel from before he became FBI director that they claim were stolen from his personal email account. A source familiar with the incident confirmed the images’ authenticity.

    The stolen emails appear to date from around 2011 to 2022 and appear to include personal, business and travel correspondence that Patel had with various contacts, according to a preliminary CNN review of the files with the help of an independent cybersecurity researcher.

    Reply
  47. Tomi Engdahl says:

    Pro-Iranian hackers claim they breached FBI Director Kash Patel’s personal email as Trump administration offers $10 million reward
    https://fortune.com/2026/03/27/pro-iranian-hackers-kash-patel-fbi-reward-trump-administration/

    Reply
  48. Tomi Engdahl says:

    After DOJ ‘outed’ the names of dozens of victims, the search engine failed to prevent their information from circulating online, plaintiffs allege

    Epstein survivors launch class-action lawsuit against Trump and Google after their names appeared in the files
    After DOJ ‘outed’ the names of dozens of victims, the search engine giant failed to prevent their information from circulating online, including in AI-generated content, plaintiffs allege
    https://www.independent.co.uk/news/world/americas/us-politics/epstein-victims-class-action-lawsuit-google-trump-b2947098.html?fbclid=IwdGRjcAQzu6xjbGNrBDO7k2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHsD22zS38GWJUhkPIhNzjaRusfjCNgRJ3e6rO03RUwGSNBPRBtOuD-Ot-K1G_aem_O5JEg3YWgwKHZb0rZ_ZrDQ&test_group=lighteradlayout

    Reply
  49. Tomi Engdahl says:

    https://www.facebook.com/share/p/1Kw5LjQN1C/

    The official White House Android app:
    Injects JavaScript into every website you open through its in-app browser to hide cookie consent dialogs, GDPR banners, login walls, signup walls, upsell prompts, and paywalls.
    Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 minutes in the background, syncing lat/lng/accuracy/timestamp to OneSignal’s servers.
    Loads JavaScript from a random person’s GitHub Pages site (lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app’s WebView.
    Loads third-party JavaScript from Elfsight (elfsightcdn.com/platform.js) for social media widgets, with no sandboxing.
    Sends email addresses to Mailchimp, images are served from Uploadcare, and a Truth Social embed is hardcoded with static CDN URLs. None of this is government infrastructure.
    Has no certificate pinning. Standard Android trust management.
    Ships with dev artifacts in production. A localhost URL, a developer IP (10.4.4.109), the Expo dev client, and an exported Compose PreviewActivity.
    Profiles users extensively through OneSignal – tags, SMS numbers, cross-device aliases, outcome tracking, notification interaction logging, in-app message click tracking, and full user state observation.
    Is any of this illegal? Probably not. Is it what you’d expect from an official government app? Probably not either.

    https://blog.thereallo.dev/blog/decompiling-the-white-house-app

    #2600net #irc #secnews via Michael Gurski

    Reply
  50. Tomi Engdahl says:

    Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure

    The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage.

    https://www.securityweek.com/chinese-hackers-caught-deep-within-telecom-backbone-infrastructure/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*