This posting is here to collect cyber security news in April 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
155 Comments
Tomi Engdahl says:
Chromen uusi toiminto suojaa tietojen kalastelulta
Google on päivittänyt Chromea uudella tietoturvaominaisuudella, joka vaikeuttaa hakkerien pääsyä tiedostoihisi. Lue nyt, miten se otetaan käyttöön.
https://kotimikro.fi/internet/selain/chromen-uusi-toiminto-suojaa-tietojen-kalastelulta
Suojaksi Google Safe Browsing
Google on lisännyt Chromeen uuden tietoturvaominaisuuden, joka pitää tietosi turvassa ja verkkorikolliset loitolla.
Toiminto on nimeltään Google Safe Browsing, ja se suojaa käyttäjiä hyökkäyksiltä reaaliaikaisesti. Aiemmin se sisälsi luettelon vaarallisista tiedostoista, ja sen avulla tarkistettiin, ovatko selaamasi verkkosivustot vaarallisia.
Luettelo päivitettiin 30–60 minuutin välein, mutta Googlen tutkimusten mukaan vaaralliset sivustot ovat yleensä olemassa vain alle kymmenen minuuttia. Siksi ominaisuus suojaa nyt hakujasi reaaliaikaisesti, mikä Googlen mukaan estää 25 prosenttia enemmän phishing-hyökkäyksiä eli tiedonkalastelua.´
Suojaa tietokoneen, iPhonen ja Android-laitteet
Uusi ominaisuus on jo saatavilla tietokoneisiin ja iPhonelle, ja myöhemmin tässä kuussa se saadaan myös Android-laitteisiin.
Sinun ei tarvitse tehdä mitään saadaksesi uuden ominaisuuden käyttöön, sillä se on oletusarvoisesti käytössä, jos olet ottanut oletussuojauksen käyttöön Chromessa.
Kannattaa myös huomata, että Google Chromessa voit ottaa käyttöön Parannettu suojaus -toiminnon, joka tarjoaa vielä kehittyneempiä tietoturvapalveluja.
Ottamalla tämän ominaisuuden käyttöön saat muun muassa varoituksen salasanavuodoista ja suojaa haitallisilta selaimen laajennuksilta.
Tomi Engdahl says:
Cloud Email Filtering Bypass Attack Works 80% of the Time
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
https://www.darkreading.com/cloud-security/cloud-email-filtering-bypass-attack
Tomi Engdahl says:
Backdoor found in widely used Linux utility targets encrypted SSH connections
Malicious code planted in xz Utils has been circulating for more than a month.
https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.
The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora Rawhide and Debian testing, unstable and experimental distributions. A stable release of Arch Linux is also affected. That distribution, however, isn’t used in production systems.
Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it’s not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. “BUT that’s only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”
Tomi Engdahl says:
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight.
https://arstechnica.com/security/2024/03/pypi-halted-new-users-and-projects-while-it-fended-off-supply-chain-attack/
PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any device that installed them. Ten hours later, it lifted the suspension.
Short for the Python Package Index, PyPI is the go-to source for apps and code libraries written in the Python programming language.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/700-cybercrime-software-turns-raspberry-pi-into-an-evasive-fraud-tool/
Cybercriminals are selling custom Raspberry Pi software called ‘GEOBOX’ on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools.
GEOBOX is sold on Telegram channels for a subscription of $80 per month or $700 for a lifetime license, payable in cryptocurrency.
Analysts at Resecurity discovered the tool during an investigation into a high-profile banking theft impacting a Fortune 100 company.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-exploit-ray-framework-flaw-to-breach-servers-hijack-resources/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2024/03/28/suomalaisyrityksilla-paljon-tekemista-nis2-tietoturvadirektiivin-taytantoonpanossa/
Tomi Engdahl says:
Feds finally decide to do something about years-old SS7 spy holes in phone networks
Feds finally decide to do something about years-old SS7 spy holes in phone networks
And Diameter, too, for good measure
https://www.theregister.com/2024/04/02/fcc_ss7_security/?fbclid=IwAR05GjQ4NtIH0lMI6zaj-qOk1fk9a50CY73vwTkJ9T-Lc8i562sYxK6Be1c
The FCC appears to finally be stepping up efforts to secure decades-old flaws in American telephone networks that are allegedly being used by foreign governments and surveillance outfits to remotely spy on and monitor wireless devices.
At issue are the Signaling System Number 7 (SS7) and Diameter protocols, which are used by fixed and mobile network operators to enable interconnection between networks. They are part of the glue that holds today’s telecommunications together.
According to the US watchdog and some lawmakers, both protocols include security weaknesses that leave folks vulnerable to unwanted snooping. SS7′s problems have been known about for years and years, as far back as at least 2008, and we wrote about them in 2010 and 2014, for instance. Little has been done to address these exploitable shortcomings.
These threats, according to Wyden, are caused by flaws in SS7 and Diameter, and have been abused by “authoritarian governments to conduct surveillance” and obtain people’s information.
This isn’t the first time Senator Wyden has demanded the government address vulnerabilities in SS7 — or the first time he’s called the protocol flaws a national security issue.
Tomi Engdahl says:
Poliisi varoittaa verkkopankkien käyttäjiä: ”Älä syötä”
Verkkopankkiin menemiseen on turvallisempia ja vähemmän turvallisia tapoja.
https://www.is.fi/digitoday/tietoturva/art-2000010336459.html
Älä syötä verkkopankkitunnuksiasi qr-koodin välityksellä avautuvalle sivustolle, poliisi varoitti torstaina. Tiedotteen mukaan rikolliset ovat tunnistaneet tämän yksinkertaiseksi tavaksi ohjata ihmisiä haluamilleen huijaussivustoille.
Qr-koodi on puhelimen kameralla luettava neliömäinen symboli, joka toimii nopeana reittinä paitsi verkkosivuille menemiseen, myös sovellusten asentamiseen ja maksamiseenkin. Monet internetsivustot sekä palveluiden tarjoajat ovat alkaneet käyttää näitä koodeja sivustojen suorien verkko-osoitteiden sijasta.
Suomessa qr-koodeja on käytetty tähän asti maksamiseen melko vähän. Suosittu MobilePay kuitenkin edistää aktiivisesti maksutapaa tuomalla kauppojen kassoille puhelimien kameralla luettavia koodeja.
Koodeja on kuitenkin helppo käyttää väärin. Sähköpostiohjelmistot eivät välttämättä estä haitallisia qr-koodeja sisältäviä viestejä, ja esimerkiksi katulampun kyljestä löytyvän mainoksen koodi on saattanut vanhentua ja on nyt valjastettu rikolliseen käyttöön. Vaarallisia qr-tarroja voidaan myös liimata alkuperäisten koodien päälle.
Koodien väärinkäytöstä käytetään nimitystä quishing erotuksena tavallisesta kalastelusta (phishing)
Sisä-Suomen poliisilaitos on lähiaikoina vastaanottanut useita ilmoituksia, joissa ulkomaalaisen verkkokauppapaikan käyttäjiä on ohjattu qr-koodien avulla verkkopankkisivustoja muistuttaville huijaussivustoille.
Käyttäjät ovat saaneet ilmoituksen, että heidän myymänsä tuote on palvelun välityksellä ostettu ja ostotapahtuman vahvistamiseksi heidän tulisi kirjautua henkilökohtaisilla verkkopankkitunnuksilla huijaussivustolle tai syöttää maksukorttinsa tiedot, jotta voisivat vastaanottaa maksun.
Verkkopankkitunnuksilla kirjautumisen tai maksukorttitietojen syöttämisen jälkeen käyttäjien pankkitileiltä tai maksukorteilla on tehty oikeudettomia veloituksia, jotka ovat päätyneet ulkomaille.
Tomi Engdahl says:
new linux exploit is absolutely insane
https://www.youtube.com/watch?v=ixn5OygxBY4
The new privilege escalation against the Linux is absolutely wild. In this video we talk about what a privesc is, how they typically work, and why the techniques used in this one are so wild
Tomi Engdahl says:
What Everyone Missed About The Linux Hack
https://www.youtube.com/watch?v=0pT-dWpmwhA
The xz exploit pushed the limits of social engineering, code obfuscation, package distribution and more. I’m concerned the important parts aren’t being covered, so I decided to do a vid
Comments:
This attack hit the entire software exploit playbook. Built trust? Check. Socially engineered a situation? Check. Built an elaborate, difficult to detect exploit? Check. Managed to infiltrate a wide scope of possible downstream systems? CHECK!
I hope there is recourse against this (these?!) bad actor(s).
Tomi Engdahl says:
Linux Supply Chain Attack Discovered in SSH CVE-2024-3094
https://www.youtube.com/watch?v=VsCTp9yH6iQ
CHAPTERS:
0:00 – Intro
0:48 – How the backdoor was discovered
2:11 – Security Vulnerability Details
4:56 – Open Source Security
Tomi Engdahl says:
The XZ Backdoor Almost Compromised Every Linux System
https://www.youtube.com/watch?v=044GiRqGebc
In this video I discuss how advanced persistent threat actors managed to backdoor xz-utils and almost gained system RCE on every Debian Linux system.
The XZ Linux Backdoor Is Incredibly BAD!!
https://www.youtube.com/watch?v=OHAyf0qwdCs
Tomi Engdahl says:
Jason Koebler / 404 Media:
Developers say open-source software culture, where users demand constant updates from volunteer coders, is a security issue, as shown by the XZ Utils backdoor
Bullying in Open Source Software Is a Massive Security Vulnerability
https://www.404media.co/xz-backdoor-bullying-in-open-source-software-is-a-massive-security-vulnerability/
The Xz backdoor and a near miss on the F-Droid app store show how the entitled attitude of some people in the open source community can be used to push malicious or insecure code.
A previously unknown contributor to the popular open-source Android app store F-Droid repeatedly pressured its developers to push a code update that would have introduced a new vulnerability to the software, in what one of the developers described on Mastodon as a “similar kind of attempt as the Xz backdoor.”
As the fallout of the Xz backdoor continues to rock the open source software community, people woking on open source software are realizing (and reiterating) that a culture in which people often feel entitled to constant updates and additional features from volunteer coders presents a pretty large attack surface.
In the case of the Xz backdoor, a malicious actor was able to pressure the owner of a widely-used Linux compression utility called Xz Utils into making them a trusted maintainer of the project. They did this in part by arguing that the owner was letting the community of users down because they weren’t pushing new features and updates often enough, in the eyes of this malicious coder.
Tuesday, Hans-Christoph Steiner, a longtime developer of F-Droid, explained that a very similar situation nearly led F-Droid to push an update that would have introduced a security vulnerability into the product three years ago: “Three years ago, F-Droid had a similar kind of attempt as the Xz backdoor,” he posted on Mastodon. “A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn’t found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a SQL injection vulnerability. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think it’s relevant now.”
Other open source developers and security experts have pointed to the dynamic of bullying and the general reliance on a small number of volunteer developers. They explained that it’s a problem across much of the open source software ecosystem, and is definitely a problem for the large tech companies and infrastructure who rely on these often volunteer-led projects to build their for-profit software on top of.
Glyph, the founder of the Twisted python networking engine open source project, said the Xz Utils pressure campaign should “cause an industry-wide reckoning with the common practice of letting your entire goddamn product rest on the shoulders of one overworked person having a slow mental health crisis without financially or operationally supporting them whatsoever. I want everyone who has an open source dependency to read this message.”
The Xz Backdoor Highlights the Vulnerability of Open Source Software—and Its Strengths
https://www.404media.co/the-xz-backdoor-highlights-the-vulnerability-of-open-source-software-and-its-strengths/
The backdoor highlights the politics, governance, and community management of an ecosystem exploited by massive tech companies and largely run by volunteers.
Friday afternoon, Andres Freund, a software developer at Microsoft, sent an email to a listserv of open source software developers with the subject line “backdoor in upstream xz/liblzma leading to ssh server compromise.” What Freund had stumbled upon was a malicious backdoor in xz Utils, a compression utility used in many major distributions of Linux, that increasingly seems like it was purposefully put there by a trusted maintainer of the open source project. The “xz backdoor” has quickly become one of the most important and most-discussed vulnerabilities in recent memory.
Ars Technica has a detailed writeup of the technical aspects of the backdoor, which intentionally interfered with SSH encryption, which is a security protocol that allows for secure connections over unsecured networks. The specific technical details are still being debated
Tomi Engdahl says:
Backdoor found in widely used Linux utility targets encrypted SSH connections
Malicious code planted in xz Utils has been circulating for more than a month.
https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/?ref=404media.co
Tomi Engdahl says:
https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/
Tomi Engdahl says:
Ukrainian cybersecurity official reveals structure of Russian hacker groups
https://www.ukrinform.net/rubric-ato/3848343-ukrainian-cybersecurity-official-reveals-structure-of-russian-hacker-groups.html?fbclid=IwAR2Q9AgkOr5VmXNGx79sEyIsf0dla2k6ccV-XsOv9ktAFeui8_6VQ12WKkc
EXCLUSIVE04.04.2024 11:36
Russian hacker groups are military units with code names that are part of the Main Intelligence Directorate of the General Staff and the Federal Security Service of the Russian Federation.
Illia Vitiuk, head of the Cybersecurity Department of the Security Service of Ukraine (SBU), said this in an interview with Ukrinform
Tomi Engdahl says:
Ukrainan hakkerit tuhosivat Venäjän suuren datakeskuksen
ILKKA AHTOKIVI
JULKAISTU 08.04.2024 | 14:51
PÄIVITETTY 08.04.2024 | 14:51
UKRAINAN SOTA
Lähteiden mukaan yli 10000 Venäjän sotateollisuuteen osallistuvaa tahoa tallensi tietojaan pilvipalveluun.
https://www.verkkouutiset.fi/a/ukrainan-hakkerit-tuhosivat-venajan-suuren-datakeskuksen/#78f1161d
Tomi Engdahl says:
https://www.securityweek.com/exploitation-attempts-target-unpatched-flaw-affecting-many-d-link-nas-devices/
Tomi Engdahl says:
https://www.securityweek.com/strikeready-raises-12m-to-build-ai-powered-security-command-center/
Tomi Engdahl says:
Google Adds V8 Sandbox to Chrome
Google fights Chrome V8 engine memory safety bugs with a new sandbox and adds it to the bug bounty program.
https://www.securityweek.com/google-adds-v8-sandbox-to-chrome/
Tomi Engdahl says:
Microsoft’s Security Chickens Have Come Home to Roost
News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China’s audacious Microsoft’s Exchange Online hack and isn’t at all surprised by the findings.
https://www.securityweek.com/microsofts-security-chickens-have-come-home-to-roost/
Tomi Engdahl says:
Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.
https://www.securityweek.com/thousands-of-ivanti-vpn-appliances-impacted-by-recent-vulnerability/
Tomi Engdahl says:
https://www.securityweek.com/patch-tuesday-code-execution-flaws-in-multiple-adobe-software-products/
Tomi Engdahl says:
Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers
Patch Tuesday: Microsoft warns that unauthenticated hackers can take complete control of Azure Kubernetes clusters.
https://www.securityweek.com/microsoft-plugs-gaping-hole-in-azure-kubernetes-service-confidential-containers/
Software giant Microsoft on Tuesday released a massive batch of security patches with cover for at least 150 vulnerabilities and called urgent attention to a gaping hole that lets inauthentic hackers take full control of Azure Kubernetes clusters.
The vulnerability, tracked as CVE-2024-29990, allows an unauthenticated hacker to steal credentials and affects resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC), Redmond said in an advisory.
Redmond’s security response team said the Azure Kubernetes Service bug carries a CVSS severity score of 9/10 and could be exploited to take over confidential guests and containers beyond the network stack it might be bound to.
“An unauthenticated attacker can move the same workload onto a machine they control, where the attacker is root,” Microsoft warned.
The Azure Kubernetes Service bug headlines a massive patch bundle that includes fixes for a trio of remote code execution bugs in Microsoft Defender for IOT and a critical-severity Windows Secure Boot bypass that’s marked as already exploited.
Tomi Engdahl says:
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-palo-alto-networks-product-vulnerabilities/
Tomi Engdahl says:
Karmea moka – Suomalaisten suosiman lentoyhtiön asiakastiedot päätyivät hakkereiden käsiin
https://www.kauppalehti.fi/uutiset/karmea-moka-suomalaisten-suosiman-lentoyhtion-asiakastiedot-paatyivat-hakkereiden-kasiin/c2608924-a267-4bd5-82b9-597d676f634b?fbclid=IwAR0CPrHOkH-PLspGGSybfGi4lMcoOQ2jtMX1YXwkD4LZdbAH59sfIOhrj3E
Tietovarkauden kohteeksi joutunut alihankkija piti varkauden omana tietonaan kolmen viikon ajan. Eikä kyseessä edes ollut murto, vaan alihankkijan oma virhe.
Tomi Engdahl says:
Lentoyhtiö Norwegian on joutunut tietovarkauden kohteeksi. Hakkerit saivat saaliikseen noin 16 000 asiakkaan henkilötietoja, mukaan lukien koko nimen, sukupuolen, puhelinnumeron sekä joissakin tapauksissa myös lentotietoja.
https://www.kauppalehti.fi/uutiset/karmea-moka-suomalaisten-suosiman-lentoyhtion-asiakastiedot-paatyivat-hakkereiden-kasiin/c2608924-a267-4bd5-82b9-597d676f634b?fbclid=IwAR0CPrHOkH-PLspGGSybfGi4lMcoOQ2jtMX1YXwkD4LZdbAH59sfIOhrj3E
Tomi Engdahl says:
https://www.theatlantic.com/technology/archive/2024/04/roku-tv-ads-patent/678041/?fbclid=IwAR14e-UYmZwoqlq4KLTenG7rfFKrZoEoBJN9D5S3Og9XeHWx3tjZ3EoyrVM
Welcome to the Golden Age of User Hostility
They don’t make ’em like they used to!
What happens when a smart TV becomes too smart for its own good? The answer, it seems, is more intrusive advertisements.
Last week, Janko Roettgers, a technology and entertainment reporter, uncovered a dystopian patent filed last August by Roku, the television- and streaming-device manufacturer whose platform is used by tens of millions of people worldwide. The filing details plans for an “HDMI customized ad insertion,” which would allow TVs made by Roku to monitor video signals through the HDMI port—where users might connect a game console, a Blu-ray player, a cable box, or even another streaming device—and then inject targeted advertisements when content is paused. This would be a drastic extension of Roku’s surveillance potential: The company currently has no ability to see what users might be doing when they switch away from its proprietary streaming platform. This is apparently a problem, in that Roku is missing monetization opportunities!
Tomi Engdahl says:
Although the patent may never come to fruition (a spokesperson for Roku told me that the company had no plans to put HDMI ad insertion into any products at this time), it speaks to a dispiriting recent trend in consumer hardware. Internet-connected products can transform after the point of purchase in ways that can feel intrusive or even hostile to users.
Tomi Engdahl says:
https://12ft.io/https://www.theatlantic.com/technology/archive/2024/04/roku-tv-ads-patent/678041/
Tomi Engdahl says:
Brian Krebs / Krebs on Security:
CISA is investigating a breach at business intelligence company Sisense; sources: the attackers copied several terabytes of customer data, including credentials — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence …
Why CISA is Warning CISOs About a Breach at Sisense
https://krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16086-suomessa-yli-6000-lg-televisiota-alttiina-kyberuhille
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/critical-rust-flaw-enables-windows-command-injection-attacks/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/over-90-000-lg-smart-tvs-may-be-exposed-to-remote-attacks/
Tomi Engdahl says:
https://www.engadget.com/google-one-is-shutting-down-its-vpn-feature-later-this-year-063507780.html?fbclid=IwAR1zlWq2VjVjRsVnNU7c7dZi59XJZxy4gm388kPpL_wt9ql2ca-W6sI2Mbc
Tomi Engdahl says:
Varo, huijareilla on uusi täky: Pyydettiinkö sinua vahvistamaan sähköpostiosoitteesi?
Verkkorikolliset hyödyntävät kaikille tuttua vahvistusmekanismia.
https://www.is.fi/digitoday/tietoturva/art-2000010350760.html
Suomalaisia huijataan parhaillaan uuden koukun sisältävällä huijausviestillä. Digi- ja väestötietovirasto (DVV) varoittaa sen ylläpitämän Suomi.fi-palvelun nimissä lähetettävistä huijauksista.
Liikkeellä on parhaillaan useita Suomi.fin nimissä olevia viestejä. Uusimmissa huijauksissa pyydetään vahvistamaan sähköpostiosoite. Tämä jäljittelee aitoa vahvistusviestiä, jonka saa Suomi.fi-viestien tilauksen yhteydessä. Huijauksessa vedotaan kiireellisyyteen, jota ei aidossa viestissä ole.
Kaikkia viestejä yhdistää se, että niillä yritetään saada uhri klikkaamaan viestissä olevaa linkkiä ja luovuttamaan pankkitunnuksensa rikollisille.
Huijausviestejä voi tulla sekä tekstiviestinä että sähköpostina.
Suomi.fi-huijauksilta on helppo suojautua. Ensimmäinen keino on käyttää Suomi.fi-mobiilisovellusta verkkosivujen sijaan. Voit päivittää tietosi ja lukea viestisi turvallisesti sovelluksella.
Toinen tehokas suojautumistapa on käyttää tunnistautumiseen mobiilivarmennetta pankkitunnusten sijaan viranomaisten sivuilla. Kun et käytä tunnistautumiseen pankkitunnuksia, verkkorikolliset eivät pääse käsiksi verkkopankkitunnuksiisi.
Tomi Engdahl says:
https://www.securityweek.com/google-cloud-unveils-new-ai-powered-security-capabilities/
https://www.securityweek.com/chatgpt-integrated-into-cybersecurity-products-as-industry-tests-its-capabilities/
Tomi Engdahl says:
Mikko Hyppöseltä kylmäävät terveiset: ”Tätä emme ole vielä nähneet, mutta pian näemme”
https://www.is.fi/digitoday/tietoturva/art-2000010344740.html
Mikko Hyppönen listasi merkittävimmät tekoälyn lähitulevaisuudessa tuomat uhat. Samalla hän kertoo muuttaneensa mielensä tärkeässä avoimuuskysymyksessä.
Tietoturvaguru ja tietoturvayhtiö WithSecuren tutkimusjohtaja Mikko Hyppönen on kertonut, millaisia uhkia tekoälyn nopea yleistyminen tuo tullessaan. Englantilaisessa University College London -yliopistossa luennoidessaan Hyppönen pohti käsillä olevaan tekniseen vallankumoukseen liittyviä vaaroja.
Hyppönen mainitsi suurimmiksi tekoälyn aiheuttamiksi tietoturvauhiksi deepfaket eli syväväärennökset, sarjahuijaukset eli deepscamit, itse itseään kehittävät haittaohjelmat sekä tietoturva-aukkoja etsivän tekoälyn.
Hyppönen kansantajuisti aluksi tekoälyn hyvin kouriintuntuvalla tavalla: kyse on tekniikasta, joka ”tietää” asioita siten, että se osaa laittaa sanoja peräkkäin perustuen siihen, miten ne yleensä kielessä asettuvat.
AI-enabled Crime
https://www.youtube.com/watch?v=Wc1yCYgwjfg
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-pan-os-firewall-zero-day-used-in-attacks/
Tomi Engdahl says:
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib
BatBadBut hits Erlang, Go, Python, Ruby as well
https://www.theregister.com/2024/04/10/rust_critical_vulnerability_windows/
Programmers are being urged to update their Rust versions after the security experts working on the language addressed a critical vulnerability that could lead to malicious command injections on Windows machines.
The vulnerability, which carries a perfect 10-out-of-10 CVSS severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the library’s Command API – specifically, std::process::Command.
“An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping,” said Pietro Albini of the Rust Security Response Working Group, who wrote the advisory.
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-gmail-blocks-some-outlook-email-as-spam-shares-fix/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-default-web-browser/
Tomi Engdahl says:
https://www.tomshardware.com/tech-industry/cyber-security/laptop-bios-password-reset-technique-uses-contorted-paperclips-stuffed-into-a-parallel-port
Tomi Engdahl says:
Roku says 576,000 accounts breached in cyberattack
https://edition.cnn.com/2024/04/12/business/roku-security-breach-user-accounts/index.html?fbclid=IwAR2stJVaa0Iqdxi1Ja53aJnpf8_vSEjIGPrKZBVPoMYNXrrdbALDnlNdd_4
About 576,000 Roku accounts were compromised in a cyberattack, the company said on Friday, the second security breach for the streaming service this year.
Hackers gained access to user accounts through stolen login credentials, Roku said in a blog post. The security breach was discovered while Roku monitored account activity after a cyberattack affected 15,000 accounts earlier this year.
https://www.roku.com/blog/protecting-your-roku-account