This posting is here to collect cyber security news in June 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
187 Comments
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/
Tomi Engdahl says:
https://www.theguardian.com/technology/article/2024/jun/18/encryption-is-deeply-threatening-to-power-meredith-whittaker-of-messaging-app-signal
Tomi Engdahl says:
https://www.savelan.fi/palvelut/tietoturvakartoitus-yritykselle/
Tomi Engdahl says:
How to turn off Recall on Copilot+ PCs: Stop Windows from recording everything
The new Windows Recall function records everything that happens on your PC and takes a screenshot of your screen every five seconds. This allows you to switch off Recall permanently and protect your privacy.
https://www.pcworld.com/article/2358956/switch-off-windows-recall-how-to-stop-windows-recording-everything.html
Tomi Engdahl says:
Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG
A hacker claims to have stolen the information of 30 million users from TEG subsidiary Ticketek.
https://www.securityweek.com/hacker-claims-theft-of-30m-user-records-from-australia-ticketing-company-teg/
Tomi Engdahl says:
Japan’s Space Agency Was Hit by Multiple Cyberattacks, but Officials Say No Sensitive Data Was Taken
Japan’s space agency has suffered a series of cyberattacks, but sensitive information related to rockets and satellites was not affected.
https://www.securityweek.com/japans-space-agency-was-hit-by-multiple-cyberattacks-but-officials-say-no-sensitive-data-was-taken/
Tomi Engdahl says:
https://www.securityweek.com/facial-recognition-startup-clearview-ai-settles-privacy-suit/
Tomi Engdahl says:
Investigation of Russian Hack on London Hospitals May Take Weeks Amid Worries Over Online Data Dump
Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 cyberattack on NHS provider Synnovis.
https://www.securityweek.com/investigation-of-russian-hack-on-london-hospitals-may-take-weeks-amid-worries-over-online-data-dump/
Tomi Engdahl says:
AMD Investigating Breach Claims After Hacker Offers to Sell Data
AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.
https://www.securityweek.com/amd-investigating-breach-claims-after-hacker-offers-to-sell-data/
Tomi Engdahl says:
Santander Employee Data Breach Linked to Snowflake Attack
Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach.
https://www.securityweek.com/santander-employee-data-breach-linked-to-snowflake-attack/
Tomi Engdahl says:
Disruptions at Many Car Dealerships Continue as CDK Hack Worsens
Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.
https://www.securityweek.com/disruptions-at-many-car-dealerships-continue-as-cdk-hack-worsens/
Tomi Engdahl says:
Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability
Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.
https://www.securityweek.com/hundreds-of-pc-server-models-possibly-affected-by-serious-phoenix-uefi-vulnerability/
Hundreds of PC and server models that use Intel processors could be affected by a high-severity vulnerability found recently in Phoenix Technologies’ SecureCore UEFI firmware solution.
The vulnerability, tracked as CVE-2024-0762 and dubbed UEFIcanhazbufferoverflow, was discovered by an automated analysis system developed by enterprise firmware and hardware security firm Eclypsium.
The security hole can be exploited by a local attacker to escalate privileges and execute arbitrary code within the UEFI firmware during runtime.
Eclypsium warned that this is a type of vulnerability that may be leveraged by threats such as the Black Lotus UEFI rootkit.
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead to a buffer overflow and potential malicious code execution. To be clear, this vulnerability lies in the UEFI code handling TPM configuration—in other words, it doesn’t matter if you have a security chip like a TPM if the underlying code is flawed.
We originally identified the vulnerability on the Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen, both using the latest Lenovo BIOS updates. However, Phoenix Technologies has subsequently acknowledged that the same issue applies to multiple versions of its SecureCore firmware that runs on Intel processor families including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. These are Intel codenames for multiple generations of Intel Core mobile and desktop processors. Given that these Intel Core processors are used by a wide range of OEMs and ODMs, the same vulnerability could potentially affect a wide range of vendors and potentially hundreds of PC products that also use the Phoenix SecureCore UEFI firmware. The possibility of exploitation depends on the configuration and permission assigned to the TCG2_CONFIGURATION variable, which could be different for every platform.
Tomi Engdahl says:
Government
US Bans Kaspersky Software
The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.
https://www.securityweek.com/us-bans-kaspersky-software/
The US government on Thursday announced a ban on the sale of Kaspersky software over fears that the cybersecurity company is controlled by Russia.
The United States has been concerned about the Russian government’s potential control and influence over Kaspersky for several years. In 2017, the Trump administration banned the use of Kaspersky products and services in federal agencies due to the risk of spying.
Several European countries followed suit while Kaspersky launched transparency initiatives and took other steps to clear its name.
Russia’s war against Ukraine has only been making things worse for Kaspersky in the West, and the Biden administration has now prohibited Kaspersky — as well as its affiliates and subsidiaries — from directly or indirectly providing antimalware and other cybersecurity software products and services in the United States or to US persons.
“Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use,” said the US Department of Commerce’s Bureau of Industry and Security (BIS).
Tomi Engdahl says:
The Register: Why attack surfaces are expanding > https://go.theregister.com/feed/www.theregister.com/2024/06/21/why_attack_surfaces_are_expanding/, 2024-06-21 14:58:10 +0000
Tomi Engdahl says:
US Sanctions 12 Kaspersky Executives
The US has imposed sanctions on 12 individuals who have leadership roles at Kaspersky in Russia and the UK.
https://www.securityweek.com/us-sanctions-12-kaspersky-executives/
Tomi Engdahl says:
Data Breaches
Push Notification Fatigue Leads to LA County Health Department Data Breach
The Los Angeles County Department of Health Services discloses a data breach caused by push notification spamming attack.
https://www.securityweek.com/push-notification-fatigue-leads-to-la-county-health-department-data-breach/
Tomi Engdahl says:
Artificial Intelligence
AI Weights: Securing the Heart and Soft Underbelly of Artificial Intelligence
AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.
https://www.securityweek.com/ai-weights-securing-the-heart-and-soft-underbelly-of-artificial-intelligence/
Tomi Engdahl says:
Privacy
EFF Issues New Warning After Discovery of Automated License Plate Reader Vulnerabilities
The EFF has issued a warning over the use of automated license plate readers following the discovery of serious vulnerabilities.
https://www.securityweek.com/eff-issues-new-warning-after-discovery-of-automated-license-plate-reader-vulnerabilities/
The Electronic Frontier Foundation (EFF) has issued a warning on the risks and threats associated with mass surveillance technologies following the disclosure of several potentially serious vulnerabilities discovered recently in automated license plate readers.
Automated license plate readers (ALPRs) are high-speed camera systems that automatically capture all license plate numbers in their view. They are mounted on street poles, highway overpasses, and police cars. In addition to license plate numbers, they can capture data such as location, date and time, images of the vehicle, and sometimes even photographs of the driver and passengers.
The EFF has been raising concerns about this system for several years, warning that it’s a mass surveillance system that captures and stores data beyond what is needed for public safety purposes.
The organization’s latest warning comes shortly after the US cybersecurity agency CISA issued an advisory to inform organizations about several vulnerabilities found in Vigilant license plate readers made by Motorola Solutions.
https://sls.eff.org/technologies/automated-license-plate-readers-alprs
Tomi Engdahl says:
Vulnerabilities
New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity
New attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic.
https://www.securityweek.com/new-snailload-attack-relies-on-network-latency-variations-to-infer-user-activity/
A team of researchers from the Graz University of Technology in Austria has disclosed the details of a new attack method that allows a remote attacker to infer websites and other content viewed by a user without needing direct access to their network traffic.
Other researchers previously showed that websites accessed by users and even the actions they perform within applications can be inferred by an attacker, but this often requires a person-in-the-middle (PitM) attack or hacking the target’s Wi-Fi connection from physical proximity.
The new side-channel attack method discovered by the TU Graz researchers, named SnailLoad, is more efficient as it does not require a PitM position, JavaScript, or any other code execution on the victim’s system.
The researchers demonstrated the attack by showing that they could deduce the YouTube videos and websites accessed by a user.
In order to launch a SnailLoad attack, the attacker conducts a series of latency measurements for various YouTube videos and websites that the victim may be viewing. This data provides a latency trace that includes specific variations over time for each targeted video or website, basically creating a fingerprint for each of them.
The attacker then needs to get the targeted user to load data from a malicious server. The attacker can convince the victim to download a file, but the attack also works with any other type of non-malicious content delivered by the attacker’s server, including style sheets, fonts, images or ads.
“The main threat here is that any TCP server can stealthily obtain latency traces from any clients connecting to it,” Stefan Gast, one of the researchers involved in this project, told SecurityWeek.
An important aspect is that the malicious server needs to load the content at a slow pace — this is where the SnailLoad name comes from — for the attacker to be able to monitor the connection latency over an extended period of time.
The attack leverages the fact that servers typically have a fast internet connection, in contrast with the speed when the traffic reaches the ISP’s systems or the victim’s gateway, where packets are delayed. These bandwidth bottlenecks can be leveraged by the attacker for latency measurements.
The data obtained by the attacker while content is being fetched by the victim’s system from the malicious server is compared to the previously created fingerprint, enabling the attacker to figure out which of the videos or websites in their list is viewed by the victim in a different window while the SnailLoad attack is being carried out.
The researchers noted that an attacker can leverage a convolutional neural network (CNN) to learn the latency trace for each targeted asset and also to later infer the site or video.
The attack is not easy to mitigate because it leverages the way the internet works. However, the researchers believe it’s unlikely that SnailLoad has been exploited in the wild.
In the tests conducted by the TU Graz researchers, which covered 10 YouTube videos and 100 popular websites, they achieved an accuracy ranging between 37% and 98%, depending on the type of targeted resource and the type of internet connection.
Tomi Engdahl says:
Tech Leaders Gather This Week for AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay
SecurityWeek’s AI Risk Summit + CISO Forum brings together business and government stakeholders to provide meaningful guidance on risk management and cybersecurity in the age of artificial intelligence.
https://www.securityweek.com/tech-leaders-gather-this-week-for-ai-risk-summit-ciso-forum-at-the-ritz-carlton-half-moon-bay/
Tomi Engdahl says:
Nation-State
Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says
A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy.
https://www.securityweek.com/chinese-hackers-have-stepped-up-attacks-on-taiwanese-organizations-cybersecurity-firm-says/
A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future.
In recent years, relations between China and Taiwan, a self-governed island across the Taiwan Strait that Beijing claims as its territory, have deteriorated. The cyberattacks by the group known as RedJulliett were observed between November 2023 and April 2024, during the lead up to Taiwan’s presidential elections in January and the subsequent change in administration.
RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded Future analyst said, speaking on condition of anonymity out of safety concerns.
The report said RedJuliett attacked 24 organizations, including government agencies in places like Laos, Kenya and Rwanda, as well as Taiwan.
It also hacked into websites of religious organizations in Hong Kong and South Korea, a U.S university and a Djiboutian university. The report did not identify the organizations.
Tomi Engdahl says:
WikiLeaks Founder Julian Assange Will Plead Guilty in Deal With US and Return to Australia
Assange will plead guilty to an Espionage Act charge of conspiring to unlawfully obtain and disseminate classified national defense information, the Justice Department said.
https://www.securityweek.com/wikileaks-founder-julian-assange-will-plead-guilty-in-deal-with-us-and-return-to-australia/
Tomi Engdahl says:
Car Dealerships in North America Revert to Pens and Paper After Cyberattacks on Software Provider
https://www.securityweek.com/car-dealerships-in-north-america-revert-to-pens-and-paper-after-cyberattacks-on-software-provider/
Car dealerships in North America are still wrestling with major disruptions that started last week with cyberattacks on a company whose software is used widely in the auto retail sales sector.
Car dealerships in North America are still wrestling with major disruptions that started last week with cyberattacks on a company whose software is used widely in the auto retail sales sector.
CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations.
For prospective car buyers, that’s meant delays at dealerships or vehicle orders written up by hand. There’s no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.
On Monday, Group 1 Automotive Inc., a $4 billion automotive retailer, said it is using “alternative processes” to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also disclosed that they implemented workarounds to keep their operations going.
Tomi Engdahl says:
Vulnerabilities
Chrome 126 Update Patches Memory Safety Bugs
Google has released a Chrome security update to resolve four high-severity use-after-free vulnerabilities.
https://www.securityweek.com/chrome-126-update-patches-memory-safety-bugs/
Tomi Engdahl says:
Data Breaches
Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information
Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.
https://www.securityweek.com/neiman-marcus-data-breach-disclosed-as-hacker-offers-to-sell-stolen-information/
High-end department store Neiman Marcus on Monday disclosed a data breach, shortly before a hacker offered to sell information belonging to millions of the company’s customers.
The Dallas-based luxury retailer has started informing customers that a database platform storing personal information was compromised between April and May 2024. The data breach was detected in May.
An investigation showed that the hacker had gained access to information such as name, contact data, date of birth, and Neiman Marcus or Bergdorf Goodman gift card number. The retailer said gift card PINs were not exposed.
“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform. We also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement,” Neiman Marcus said in a letter sent to impacted individuals.
The company told the Maine Attorney General’s Office that the breach has impacted more than 64,000 individuals.
Tomi Engdahl says:
Phishing
Malware Sandbox Any.Run Targeted in Phishing Attack
Employees of the Any.Run malware analysis service were recently targeted in a phishing attack that was part of a BEC campaign.
https://www.securityweek.com/malware-sandbox-any-run-targeted-in-phishing-attack/
The malware analysis service Any.Run on Monday shared details on a recent phishing attack targeting its employees.
The incident came to light on June 18, when all the employees of the malware sandbox service received a phishing email from another Any.Run employee. The attacker’s access was terminated within minutes, but an investigation showed that the hacker was present for several weeks.
The attack started on May 23, 2024, when an employee in Any.Run’s sales team received an email from a client they had previously communicated with.
The email contained a link and the employee did upload the message to a sandbox to check whether it posed a threat. However, since the link pointed to a trusted website that had been compromised and the sandbox environment was not properly configured, the threat was not detected.
The employee clicked on the link and was led to a Microsoft phishing website that prompted them to enter their login credentials and multi-factor authentication (MFA) code. The information was entered on the phishing page and the attacker was provided with everything they needed to access the employee’s account.
https://any.run/cybersecurity-blog/phishing-incident-report/
Tomi Engdahl says:
Impressive engineering… #NOT
There is at least a critical vulnerability in every turn. This indeed requires some skills! LOL
https://www.cvedetails.com/cve/CVE-2024-27857/?fbclid=IwZXh0bgNhZW0CMTEAAR3RJ_IJ5gBScVoBUfXafgVo2ULvU5Sp9ugDzL940dWha-frrCX-OJiEsnc_aem_0LfMEcY9qZPyUJtpD7lFzw
Vulnerability Details : CVE-2024-27857
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
Tomi Engdahl says:
New IOActive Security Advisory: ‘MásMóvil Comtrend Router – Multiple Vulnerabilities.’ Check out the full advisory below or at the following link. https://ioactive.com/masmovil-comtrend-router-multiple-vulnerabilities/
#2600net #irc #secnews #ioactive
Tomi Engdahl says:
280 Million Google Chrome Users Installed Dangerous Extensions, Study Says
https://www.forbes.com/sites/daveywinder/2024/06/24/280-million-google-chrome-users-installed-dangerous-extensions-study-says/
Two new reports reveal distinctly different opinions about the safety of Chrome browser extensions. Google says that less than 1% of all installs include malware, while university researchers say 280 million users have installed extensions with malware over a three-year period. Neither number fills me with much confidence.
According to Google more than 250,000 extensions are available on the Chrome web store. Google also says that “less than 1% of all installs from the Chrome Web Store were found to include malware,” so why don’t I find this as reassuring as I might?
According to the study, over 346 million users installed these kind of extensions between July 2020 and February 2023. Even after subtracting 63 million policy violations and three million with vulnerable code, the researchers estimate that there were still 280 million installs of Chrome extensions containing malware.
Unsurprisingly, the researchers found that dodgy extensions tend to ask for more permissions than benign ones. “Ultimately, the more permissions an extension has, the larger the attack surface is,” the study concluded.
Also worrying was that the study found extensions containing malware were available from the Chrome web store for an average of 380 days.
A June 20 posting to the Google Security Blog, just 48 hours after the researchers published their study, by Benjamin Ackerman, Anunoy Ghosh and David Warren from the Chrome security team, admits that “as with any software, extensions can also introduce risk.” However, it also sets out how a dedicated security team is dedicated to keeping Chrome users safe regarding extensions.
https://security.googleblog.com/2024/06/staying-safe-with-chrome-extensions.html
Tomi Engdahl says:
China-backed hackers stepping up attacks on Taiwan, cybersecurity firm says
Hacking group RedJuliett compromised two dozen organisations in Taiwan and elsewhere, report says.
https://www.aljazeera.com/economy/2024/6/24/china-backed-hackers-stepping-up-attacks-on-taiwan-cybersecurity-firm-says
Tomi Engdahl says:
https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/
Tomi Engdahl says:
An AI-Generated Elon Musk Just Stole Bitcoin From Viewers Via YouTube Live
A deepfaked Musk promised viewers he would instantly double their money.
https://uk.pcmag.com/old-cryptocurrency/152945/an-ai-generated-elon-musk-just-stole-bitcoin-from-viewers-via-youtube-live
Just a few days after rapper 50 Cent’s website and social accounts were used by hackers to promote a fake cryptocurrency, it looks like something similar is happening to Elon Musk.
A YouTube Live video today displayed a video of Musk with an AI-generated version of his voice suggesting that users go to a website to deposit Ethereum, Dogecoin, or Bitcoin, Engadget reports. The video clip promised viewers that depositing their cryptocurrency on the site would “automatically send back double the amount of the cryptocurrency you deposited.”
The stream ran for 5 hours, and at one point had over 30,000 concurrent viewers, bringing it to the top of YouTube’s Live Now recommendations. Both the video and the account associated with it have since been removed from YouTube.
It’s not surprising that hackers chose Musk to deepfake to promote the site. Tweets from Musk have been known to have a significant impact on the crypto market, especially with meme coins such as Dogecoin, thanks to his dedicated following.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
Tomi Engdahl says:
https://www.tomshardware.com/pc-components/cpus/firmware-flaw-affects-numerous-generations-of-intel-cpus-uefi-code-execution-vulnerability-found-for-intel-cpus-from-14th-gen-raptor-lake-to-6th-gen-skylake-cpus
Tomi Engdahl says:
Supply Chain Security
Several Plugins Compromised in WordPress Supply Chain Attack
https://www.securityweek.com/several-plugins-compromised-in-wordpress-supply-chain-attack/
Five WordPress plugins were injected with malicious code that creates a new administrative account.
Malicious code injected over the past week in five WordPress plugins creates a new administrative account, WordPress security firm Defiant reports.
The code was discovered on Monday, after the WordPress.org Plugin Review Team learned that a threat actor had taken over the Social Warfare plugin and added the malicious code in recent versions.
Starting June 22, several versions of the plugin were released with the injected code inside. Social Warfare versions 4.4.6.4 to 4.4.7.1 contain the malicious code and users are advised to update to version 4.4.7.3 as soon as possible.
“If you have used versions 4.4.6.4 to 4.4.7.1 of the Social Warfare plugin, we strongly recommend you do an in-depth review of your site’s activity and user account details,” the WordPress team notes.
While investigating the incident, Defiant discovered that four other plugins – namely Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and Simply Show Hooks – also contain the malicious code.
Tomi Engdahl says:
https://www.securityweek.com/hackers-steal-over-2-million-in-cryptocurrency-from-coinstats-wallets/
Tomi Engdahl says:
Ransomware
Indonesia Says a Cyberattack Has Compromised Its Data Center but It Won’t Pay the $8 Million Ransom
Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.
https://www.securityweek.com/indonesia-says-a-cyberattack-has-compromised-its-data-center-but-it-wont-pay-the-8-million-ransom/
Tomi Engdahl says:
Malware & Threats
Recent Zyxel NAS Vulnerability Exploited by Botnet
A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.
https://www.securityweek.com/recent-zyxel-nas-vulnerability-exploited-by-botnet/
Tomi Engdahl says:
Tracking & Law Enforcement
EU Sanctions Six Russian Hackers
The European Council has added six Russian hackers to the EU’s sanctions list for their cyberattacks against member states and Ukraine.
https://www.securityweek.com/eu-sanctions-six-russian-hackers/
Tomi Engdahl says:
Ransomware
Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher
Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta’s Quest 3 VR headset.
https://www.securityweek.com/metas-virtual-reality-headset-vulnerable-to-ransomware-attacks-researcher/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-medusa-malware-variants-target-android-users-in-seven-countries/?fbclid=IwZXh0bgNhZW0CMTEAAR2xlLv4ku2z8-ZK9GSc4zHV-9CU3f0Vzt6qTXl9HVgXFn5FyRTXRy-QiEM_aem_ecMnNOIunKU85URtuciK4A
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16367-yrityksiin-hyoekaetaeaen-kiihtyvaellae-vauhdilla
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-target-new-moveit-transfer-critical-auth-bypass-bug/?fbclid=IwZXh0bgNhZW0CMTEAAR0KKJ7E-xiTgXfIgl1kaFnUQQdBOTRWZ89t8qRJjetWm68HkQoBJIWRbzk_aem_fCTRFl2WCXaqzilxW0WCjg
Tomi Engdahl says:
Rabbit R1 security issue allegedly leaves sensitive user data accessible to anybody https://engt.co/45F1hmy
Tomi Engdahl says:
An ID verification service that works with TikTok and X left its credentials wide open for a year https://engt.co/4cA2jm8
Tomi Engdahl says:
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
Malicious updates available from WordPress.org create attacker-controlled admin account.
https://arstechnica.com/security/2024/06/supply-chain-attack-on-wordpress-plugins-affects-as-many-as-36000-sites/
Tomi Engdahl says:
https://www.neowin.net/news/windows-11-is-now-automatically-enabling-onedrive-folder-backup-without-asking-permission/
Tomi Engdahl says:
https://www.techspot.com/news/103508-firefox-users-unhappy-privacy-tweaks-browser-latest-version.html
Tomi Engdahl says:
Naisista salaa otetut takapuolikuvat leviävät Ylilaudalla – Asiantuntija: ”Vaikea reagoida laillisesti”
Rikos- ja prosessioikeuden emeritusprofessori Matti Tolvanen pitää salakuvien jakamista Ylilaudalla rikosoikeudellisesti haastavana tapauksena.
https://www.iltalehti.fi/kotimaa/a/35d4dcae-7509-40da-845a-db8b81dafa0e
Ylilaudalla on toukokuun alusta lähtien jaettu salakuvia useista naisista. Kuvissa korostuvat naisten takapuolet.
Emeritusprofessori Matti Tolvanen arvioi julkisella paikalla otettujen kuvien laillisuutta.
Tolvasen mukaan pitää hyväksyä, että kaikki hyvän tavan vastainen menettely ei ole rikollista.
Useista suomalaisnaisista otettuja salakuvia on jaettu suositulla keskustelupalstalla Ylilaudalla. Salakuvat ovat kohdistuneet erityisesti naisten takapuoliin.
Kuvia on jaettu kahdessa viestiketjussa, joiden näkemiseen tarvitsee noin kymmenen euroa kuukaudessa maksavan kultatilin.
Ketjuihin on jaettu myös esimerkiksi videoita bikineissä aurinkoa ottavista naisista. Kuvat ovat otettu pääsääntöisesti takaapäin, jolloin kuvattujen kasvoja ei näy.
Kuvia on otettu julkisilla paikoilla, kuten lenkkipoluilla, myymälöissä ja parkkipaikoilla. Julkisella paikalla kuvaaminen on sallittua.
– Kuvaaminen on sallittua, jos kuvan levittäminen ei loukkaa yksityisyyselämää tai kunniaa. Rikosta ei ole, jos kuvaa toista ihmistä torilla tai lenkillä, kommentoi rikos- ja prosessioikeuden emeritusprofessori Matti Tolvanen.
Rikos tapahtuisi, jos henkilöä olisi kuvattu salaa esimerkiksi tämän kodin alueella. Tällöin puhuttaisiin salakatselusta, josta voidaan tuomita vankeutta enintään vuodeksi.
– Salakatselu ei tähän sovellu, sillä ei olla kotirauhan suojaamalla alueella eikä kyseessä ole pukeutumistila tai käymälä, Tolvanen arvioi.
Vaikka julkisella paikalla saa kuvata, kuvien levittäminen saattaa olla rikos.
– Jos kuvia levitetään, niin silloin kyseessä saattaisi olla yksityiselämää loukkaavan tiedon levittäminen, jos intiimialueita on kuvattu. Myös kunnianloukkaus voisi olla kyseessä.
– Kunnianloukkauksen raja voi täyttyä, jos ihmisistä aletaan nimillä puhua rumia, Tolvanen näkee.
Tolvasen mukaan keskustelu ihmisten ulkomuodoista Ylilaudalla on rikosoikeuden näkökulmasta harmaalla alueella. Rikokseen ei syyllisty, jos toisesta ei käytä loukkaava kieltä.
– Tällaiseen on varsin vaikea reagoida laillisesti. Somessa voi käyttäytyä sopimattomasti syyllistymättä rikokseen, sillä kaikki hyvän tavan vastainen menettely ei ole rikollista. Sekin on vain hyväksyttävä.
Asianomistaja eli salakuvauksen kohde voi vaatia rikostutkintaa Ylilaudan keskusteluista.
– Siinä tulisi sitten arvioitavaksi, onko kyseessä kunnianloukkaus vai yksityiselämää loukkaavan tiedon levittäminen. Se riippuu sitten levitystavasta ja siitä, mitä kuva esittää, Tolvanen arvioi.