Cyber security news October 2024

This posting is here to collect cyber security news in October 2024.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

309 Comments

  1. Tomi Engdahl says:

    North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft

    The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency.

    https://www.securityweek.com/north-korean-hackers-exploited-chrome-zero-day-for-cryptocurrency-theft/

    Reply
  2. Tomi Engdahl says:

    ‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives

    Deceptive Delight is a new AI jailbreak that has been successfully tested against eight models with an average success rate of 65%.

    https://www.securityweek.com/deceptive-delight-jailbreak-tricks-gen-ai-by-embedding-unsafe-topics-in-benign-narratives/

    Palo Alto Networks has detailed a new AI jailbreak method that can be used to trick gen-AI by embedding unsafe or restricted topics in benign narratives.

    The method, named Deceptive Delight, has been tested against eight unnamed large language models (LLMs), with researchers achieving an average attack success rate of 65% within three interactions with the chatbot.

    AI chatbots designed for public use are trained to avoid providing potentially hateful or harmful information. However, researchers have been finding various methods to bypass these guardrails through the use of prompt injection, which involves deceiving the chatbot rather than using sophisticated hacking.

    The new AI jailbreak discovered by Palo Alto Networks involves a minimum of two interactions and may improve if an additional interaction is used.

    The attack works by embedding unsafe topics among benign ones, first asking the chatbot to logically connect several events (including a restricted topic), and then asking it to elaborate on the details of each event.

    For instance, the gen-AI can be asked to connect the birth of a child, the creation of a Molotov cocktail, and reuniting with loved ones. Then it’s asked to follow the logic of the connections and elaborate on each event. This in many cases leads to the AI describing the process of creating a Molotov cocktail.

    Reply
  3. Tomi Engdahl says:

    New Fortinet Zero-Day Exploited for Months Before Patch

    A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.

    https://www.securityweek.com/new-fortinet-zero-day-exploited-for-months-before-patch-release/

    Reply
  4. Tomi Engdahl says:

    Google Warns of Samsung Zero-Day Exploited in the Wild

    A zero-day vulnerability in Samsung mobile processors has been abused as part of an exploit chain for arbitrary code execution.

    https://www.securityweek.com/google-warns-of-samsung-zero-day-exploited-in-the-wild/

    A zero-day vulnerability in Samsung’s mobile processors has been leveraged as part of an exploit chain for arbitrary code execution, Google’s Threat Analysis Group (TAG) warns.

    Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung’s October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.

    “An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory reads.

    Samsung’s scarce advisory on CVE-2024-44068 makes no mention of the vulnerability’s exploitation, but Google researcher Xingyu Jin, who was credited for reporting the flaw in July, and Google TAG researcher Clement Lecigene, warn that an exploit exists in the wild.

    Reply
  5. Tomi Engdahl says:

    Wall Street Journal:
    Sources: Elon Musk has been in regular contact with Vladimir Putin since late 2022; Putin asked Musk to not activate Starlink in Taiwan as a favor to Xi Jinping — Regular contacts between world’s richest man and America’s chief antagonist raise security concerns; topics include geopolitics, business and personal matters

    Elon Musk’s Secret Conversations With Vladimir Putin
    Regular contacts between world’s richest man and America’s chief antagonist raise security concerns; topics include geopolitics, business and personal matters
    https://www.wsj.com/world/russia/musk-putin-secret-conversations-37e1c187?st=36C5QZ

    Reply
  6. Tomi Engdahl says:

    Lawrence Abrams / BleepingComputer:
    UnitedHealth says over 100M people had their data stolen in the February ransomware attack on Change Healthcare, the largest-ever US healthcare data breach — UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen …

    https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/

    Reply
  7. Tomi Engdahl says:

    Kyle Wiggers / TechCrunch:
    Concentric AI, which helps companies secure and track sensitive data, raised a $45M Series B, bringing its total funding to $67M

    Concentric helps companies keep track of their sensitive data
    https://techcrunch.com/2024/10/24/concentric-helps-companies-keep-track-of-their-sensitive-data/

    Enterprises have a data inventory problem. The amount of data they’re collecting and storing is increasing, and that data is being spread across disparate storage buckets. Yet many organizations rely on processes that essentially amount to pencil-and-paper methods for tracking data provenance. According to one survey, more than 50% of companies use Excel spreadsheets in their data privacy and compliance efforts.

    Karthik Krishnan, Shankar Subramaniam, and Madhu Shashanka thought they might have the engineering chops to build something to make this easier for companies. The trio had cut their teeth in cybersecurity: Years ago, Subramaniam and Shashanka had recruited Krishnan as one of the first employees at their behavioral analytics startup, Niara.

    A few years after Hewlett Packard acquired Niara, the trio began sketching out ideas for an enterprise data management tool. They envisioned a product that could catalog a company’s critical data — including information stored in infrequently accessed places — and automatically flag any data that’s at risk of compromise.

    “We hoped to solve one of the most pressing data security challenges facing the modern enterprise,” Krishnan told TechCrunch. “That is: identifying and securing business-critical information within structured and unstructured data, stored on-premises or in the cloud, at scale.”

    Reply
  8. Tomi Engdahl says:

    David E. Sanger / New York Times:
    The Biden administration issues the first-ever National Security Memorandum on AI, detailing how the Pentagon and intel agencies should use and protect AI

    https://www.nytimes.com/2024/10/24/us/politics/biden-government-guidelines-ai.html?unlocked_article_code=1.Uk4.NA6q.sreB_UhMnV65&smid=url-share

    Reply
  9. Tomi Engdahl says:

    Max Ufberg / Fast Company:
    A profile of and an interview with CISA Director Jen Easterly, as the agency ramps up efforts to protect the US elections from cyberattacks and misinformation

    This agency is tasked with protecting elections from cyber attacks. If Trump wins, it could be in danger
    https://www.fastcompany.com/91212013/cisa-jen-easterly-election-balancing-act

    While many Democrats would like to see CISA director Jen Easterly ramp up the focus on misinformation around the election, Republicans would prefer she stay on the sidelines. That presents a nearly impossible balancing act.

    The Senate voted unanimously in her favor, with Mike Gallagher, the Republican congressman from Wisconsin, praising her “incredible” qualifications at the hearing. Following the Senate’s unanimous vote, Homeland Security Secretary Alejandro Mayorkas called her a “brilliant cybersecurity expert.”

    Of course, CISA is housed under the Department of Homeland Security, so Mayorkas’s flattery was a foregone conclusion. CISA is tasked with enforcing cybersecurity and protecting American infrastructure across all levels of government. The agency is responsible for keeping some of our most vital systems—power grids, transportation networks, administrative websites, and everything in between—safe from private and nation-state hackers. It is also charged with overseeing the security and integrity of elections. And it’s this area that’s now fueled a somewhat predictable political divide on Capitol Hill, with misinformation—and Easterly—at the center of the controversy.

    CISA was, for a time at least, actively monitoring voting-related misinformation on social media, which it deemed a threat to election security, and thus squarely in its purview. Those efforts prompted by-now-familiar accusations of government overreach from a number of prominent Republicans

    At the same time, some Democrats have been pushing for CISA to ramp up its election security efforts, namely by taking a more active role in policing misinformation, particularly on social media platforms. Those competing visions put Easterly in an uncomfortable bind: trying to placate both sides while, in the background, insiders worry that the agency might be totally disempowered and defunded under another Trump presidency.

    Reply
  10. Tomi Engdahl says:

    Venäläinen hakkeriryhmä kylvää kaaosta – Uhka on vakava
    Venäläinen hakkeriryhmä kylvää tällä hetkellä kaaosta internetiin kytköksissä olevien, suojaamattomien laitteiden kautta.
    https://www.iltalehti.fi/digiuutiset/a/095126ea-0cee-4db2-9eb5-2bb7e51a9e7f

    Yhdysvaltain ja Ison-Britannian hallitukset varoittavat massiivisesta, käynnissä olevasta Venäjän kampanjasta, joka hyödyntää tunnettuja haavoittuvuuksia.

    NSA:n, FBI:n ja NCSC:n mukaan Venäjän palkkaamat hakkerit etsivät tilaisuuksia tällä hetkellä joka puolelta. Asialla on tiedustelupalveluiden mukaan APT29, sama hakkeriryhmä, joka oli Solarwinds-hyökkäyksen taustalla.

    Asiasta raportoi muun muassa The Register.

    Venäjän ulkomaantiedustelu ja sen palkkaamat hakkerit etsivät koko ajan internetiin yhteydessä olevia järjestelmiä, joiden suojaus on heikko tai sitä ei ole lainkaan.

    – Toisin kuin kohdennetummissa operaatioissa, massiivinen skannaus ja opportunistinen hyväksikäyttö koskevat käytännössä mitä tahansa organisaatiota, jolla on haavoittuvia järjestelmiä, virastojen tiedotteessa sanotaan.

    Varoituksen yhteydessä on lista 24:stä yleisestä haavoittuvuudesta (CVE), joita venäläiset ovat tykänneet käyttää tähän asti. Osa niistä on tietoturvan asiantuntijoilla hyvin tiedossa, kuten Ciscon iOS-ohjelmistoon kohdistettu CVE-2023-20198 tai Jetbrains Teamcity-sovelluksessa havaittu CVE-2023-42793.

    Jenkki- ja brittivirastojen mukaan on tiettyjä toimenpiteitä, joita jokaisen mahdollisen uhrin tulisi tehdä hyökkäyksiltä säästyäkseen.

    US and UK govts warn: Russia scanning for your unpatched vulnerabilities
    Also, phishing’s easier over the phone, and your F5 cookies might be unencrypted, and more
    https://www.theregister.com/2024/10/12/russia_is_targeting_you_for/

    If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick.

    In a joint release [PDF] by the US National Security Agency, FBI, Cyber National Mission Force and UK National Cyber Security Centre (NCSC), the agencies warned that hackers linked to Russia’s Foreign Intelligence Service (SVR) have been aggressively looking for targets of opportunity of late.

    The group behind the campaign is none other than APT29, the same crew that pulled off the SolarWinds hack. In other words, this is a serious threat.

    “SVR cyber operators consistently scan Internet-facing systems for unpatched vulnerabilities,” the agencies said. “This mass scanning and opportunistic exploitation of vulnerable systems, as opposed to more targeted operations, increase the threat surface to include virtually any organization with vulnerable systems.”

    Reply
  11. Tomi Engdahl says:

    Intelsat is conducting a comprehensive analysis to determine the cause of the satellite failure. https://link.ie.social/ArhvPL

    Boeing-built satellite blows up into bits in space, cutting comms for 3 continents
    The destruction of the iS-33e satellite has prompted immediate action from both Intelsat and Boeing.
    https://interestingengineering.com/space/boeing-built-satellite-breaks-up-in-orbit?utm_source=facebook&utm_medium=article_image&fbclid=IwY2xjawGIqztleHRuA2FlbQIxMQABHc6Co2TKJD-0AD_jKA9j1mz7JNSGscMWN4KrrIpXhehfgOtx2CfF6q1Anw_aem_xJ5MVPmrvKdIiRw_7fSZ-g

    Reply
  12. Tomi Engdahl says:

    Nordea palvelun­esto­hyökkäyksen kohteena – pankki­palvelut jumissa
    Osa käyttäjistä ei pääse kirjautumaan mobiili- tai verkkopankkiin.

    https://www.is.fi/digitoday/art-2000010788780.html

    Nordean mobiili- ja verkkopankkipalvelussa on meneillään häiriö, eikä ainakaan osa käyttäjistä pääse kirjautumaan pankkipalveluihin.

    – Palvelunestohyökkäyksen takia osa digikanavistamme tai -palveluistamme voi hetkellisesti toimia hitaasti tai olla ajoittain pois käytöstä, Nordea tiedottaa mobiilipankkisovelluksessaan.

    Reply
  13. Tomi Engdahl says:

    Nordealla isoja ongelmia
    Nordea tiedottaa joutuneensa jälleen kerran palvelunestohyökkäysten kohteeksi.
    https://www.iltalehti.fi/digiuutiset/a/42f4effa-46e2-4455-a57a-2bc67beb1067

    Nordean verkkopankkipalveluissa on jälleen laajoja ongelmia. Yhtiö kertoo joutuneensa jälleen palvelunestohyökkäyksen kohteeksi.

    Iltalehti sai perjantai-iltana lukuisia yhteydenottoja Nordean palveluista, jotka eivät toimi.

    Vikailmoituksista kirjaa pitävälle downdetector.fi-sivustolle on kirjattu yli tuhat vikailmoitusta kello 19 jälkeen perjantai-iltana.

    Nordea kertoo palvelunestohyökkäyksestä viestissä, joka ilmestyy käyttäjän puhelimeen hänen yrittäessä kirjautua verkkopankkiin.

    https://downdetector.fi/ei-toimi/nordea/

    Reply
  14. Tomi Engdahl says:

    In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers

    Noteworthy stories that might have slipped under the radar: CVE Program celebrates 25th anniversary, one year after ransomware attack Henry Schein says 160,000 are impacted, US offering rewards for Shahid Hemmat hackers.

    https://www.securityweek.com/in-other-news-cve-turns-25-henry-schein-data-breach-reward-for-shahid-hemmat-hackers/

    CVE Program’s 25th anniversary

    The CVE Program has turned 25 and MITRE has published an anniversary report. According to MITRE, there are currently over 400 CVE Numbering Authorities (CNAs) and more than 240,000 CVE identifiers have been assigned as of October 2024.

    Reply
  15. Tomi Engdahl says:

    LinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish Watchdog

    LinkedIn has received a 310 million euro fine from Ireland’s Data Protection Commission for data privacy violations.

    https://www.securityweek.com/linkedin-hit-with-310-million-euro-fine-for-data-privacy-violations-from-irish-watchdog/

    Reply
  16. Tomi Engdahl says:

    Location tracking of phones is out of control. Here’s how to fight back.
    Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew?
    https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/

    Reply
  17. Tomi Engdahl says:

    Kasvojentunnistus poliisin käyttöön? Luotto virkavaltaan on kova Euroopassa
    22.10.202419:05
    Nuorimmat antaisivat äänestyspäätöksensäkin koneälyn käsiin.
    https://www.mikrobitti.fi/uutiset/kasvojentunnistus-poliisin-kayttoon-luotto-virkavaltaan-on-kova-euroopassa/25aea57a-9449-486f-90c7-ed9a6138abfb

    Reply
  18. Tomi Engdahl says:

    Jättimäisessä hyökkäyksessä hyödynnettiin Suomessa myytyjä laitteita – Onko sinulla jokin näistä?
    https://www.iltalehti.fi/digiuutiset/a/d749b387-958a-449a-b0c7-5316cc80d545

    Kyberturvallisuuskeskus varoittaa Suomessa myydyistä reitittimistä, josta paljastui aiemmin vakava haavoittuvuus.

    Yhdysvaltalainen Cloudflare uutisoi lokakuun alussa jättimäisestä palvelunestohyökkäyksestä, jossa mitattiin enimmillään peräti 3,8 terabitin edestä hyökkäysliikennettä sekunnissa. Kyseessä on Cloudflaren mukaan kaikkien aikojen korkein mitattu lukema.

    Suuri osa Cloudflaren raportoimasta hyökkäysliikenteestä oli peräisin murretuista Asus-merkkisistä kotireitittimistä. Hyökkääjät hyödynsivät reitittimistä viime kesänä paljastunutta haavoittuvuutta CVE-2024-3080, joka mahdollistaa rikollisille pääsyn tavallisten ihmisten verkkolaitteisiin.

    – Haavoittuvuuksia on havaittu hyväksikäytettävän myös Suomessa ja tähän viittaavaa haittaliikennettä on havaittu, Kyberturvallisuuskeskus kertoo viikkokatsauksessaan.

    Reply
  19. Tomi Engdahl says:

    Toivottavasti et ole kytkenyt nettiboksisi piuhoja näin – Viranomaiselta varoitus
    https://www.iltalehti.fi/digiuutiset/a/d5575565-024f-46c6-8cf7-bf7510feb3e6

    Kyberturvallisuuskeskus muistuttaa reitittimien tietoturvasta. Se lisäsi ohjeisiinsa tietoa laitteiden turvallista kytkemisestä ja varoittaa väärien kytkentöjen mahdollisista seurauksista.

    Reply
  20. Tomi Engdahl says:

    Oletko muistanut tehdä nämä toimenpiteet reitittimellesi? Erittäin tärkeää
    https://www.iltalehti.fi/digiuutiset/a/5761b4a4-107b-4eb0-af49-e2a90722e491

    Reply
  21. Tomi Engdahl says:

    Kyberturvallisuuskeskus painottaa kuluttajien vastuuta. Suomalaisia reitittimiä käytettiin äskettäin myös poikkeuksellisen suuressa palvelunestohyökkäyksessä Nordeaa vastaan.

    Erityisen tärkeää on tarkistaa, että nettipiuha on kytketty reitittimen oikeaan porttiin. Jos näin ei ole tehty, reititin menettää palomuuritoimintonsa ja lähiverkon laitteet ovat suoraan alttiita internetistä tulevalle haitalliselle liikenteelle.

    Kyberturvallisuuskeskus painottaa kuluttajien vastuuta. Suomalaisia reitittimiä käytettiin äskettäin myös poikkeuksellisen suuressa palvelunestohyökkäyksessä Nordeaa vastaan.

    Erityisen tärkeää on tarkistaa, että nettipiuha on kytketty reitittimen oikeaan porttiin. Jos näin ei ole tehty, reititin menettää palomuuritoimintonsa ja lähiverkon laitteet ovat suoraan alttiita internetistä tulevalle haitalliselle liikenteelle.

    Viranomainen julkaisi listan: Onko sinulla joku näistä reitittimistä? Toimi näin
    https://www.is.fi/digitoday/tietoturva/art-2000010786835.html

    Reply
  22. Tomi Engdahl says:

    Viranomaiset varoittavat reitittimistä, joista löytyi vakava haavoittuvuus – tarkista, onko sinulla sellainen
    Kodin nettilaitteille tarkoitettuja reitittimiä voidaan käyttää kyberrikollisuuden välineinä. Väärin kytketyt kaapelitkin voivat altistaa laitteen haitoille.

    https://yle.fi/a/74-20120434

    Reply
  23. Tomi Engdahl says:

    Tällaisia takaportteja viestijärjestelmiin on rakennettu ja näin ne ovat vuotaneet – silti EU haluaa avata uuden portin
    Liikenne- ja viestintävaliokunta tyrmäsi tällä viikolla EU:n esityksen, joka mahdollistaisi ihmisten viestien seulomisen lasten seksuaalista hyväksikäyttöä esittävän materiaalin löytämiseksi.
    https://yle.fi/a/74-20120462?origin=rss&fbclid=IwY2xjawGL97lleHRuA2FlbQIxMQABHZ5PD5jsEBb7jTj4nDO38n81VwH2Ho1ThlNIazQKGU50iVPGKdUmTZyhxg_aem_DMBxXZrEclxyktObDMUKwA

    Vaikka Kreikan Watergatesta on kulunut kaksikymmentä vuotta, vähän on muuttunut.

    Lokakuun alussa Wall Street Journal uutisoi, että Kiinan hallintoon yhdistetty hakkeriryhmä on murtautunut yhdysvaltalaisten teleoperaattoreiden järjestelmiin ja käyttänyt kuukausien ajan hyväkseen viranomaisten ylläpitämiä telekuuntelujärjestelmiä.

    Perjantain New York Times kertoi, että hakkerit olivat kohdistaneet vakoilun muun muassa republikaanien presidenttiehdokkaan Donald Trumpin ja tämän lähipiirin puhelimiin.

    Takaporteista tulee myöhemmin ongelmia
    Niin kauan kuin viestejä on välitetty, valtaapitävät ovat halunneet päästä avaamaan viestinnän. Tänäkin päivänä lähes kaikki maat vaativat teleoperaattoreilta mahdollisuuden salakuunnella teleliikennettä

    Salausteknologian yleistyessä tämä halu on johtanut erilaisten takaporttien syntyyn.

    Kun 2000-luvun taitteessa internetliikennettä säätelevään verkkoprotokollaan rakennettiin salausta, viranomaiset valitsivat mukaan menetelmän, jonka murtamiseen heillä oli kyvykkyys. Tämä heikko salausmenetelmä on yhä valikoimassa, vaikka laskentatehon kasvun myötä käytännössä jokaisella on kyvykkyys sen murtamiseen.

    – Tämä on yksi esimerkki takaportista, josta on myöhemmin tullut ongelmia.

    Viestien seulonta lisää haavoittuvuutta
    Kaksi vuotta sitten EU-komissio esitti, että viestintäsovellusten on seulottava ihmisten viestit lasten seksuaalista hyväksikäyttöä esittävän materiaalin varalta. Asetus ei suoraan vaadi teknologiayhtiöitä rakentamaan takaportteja järjestelmiinsä, mutta käytännössä sen vaikutukset ovat samat.

    Halunen katsoo, että teknisestä toteutuksesta riippumatta viestien seulonta loukkaa merkittävästi käyttäjien yksityisyydensuojaa, ja luo samalla lisää haavoittuvuuksia jo ennestään haavoittuvaan järjestelmään.

    – Se olisi yksi komponentti, joka kaikkien pitäisi ottaa käyttöön. Jos tästä komponentissa löytyy haavoittuvuus, niin se olisi nimenomaan iso takaportti melkein mihin tahansa kommunikaatioon, Halunen toteaa.

    Hän painottaa, että tämänkaltainen järjestelmä olisi erittäin herkullinen kohde kaikenlaiselle tiedustelutoiminnalle.

    – Tällainen järjestelmä tulisi käytännössä jokaiseen puhelimeen Euroopassa.

    Liikenne- ja viestintävaliokunnan mukaan esityksen hyväksyminen tarkoittaisi viestinnän massavalvonnan hyväksymistä. Asiantuntijakuulemisten pohjalta valiokunta katsoo, että seulontaa voidaan helposti laajentaa poliittisella päätöksellä koskemaan myös muunlaisia sisältöjä.

    Reply
  24. Tomi Engdahl says:

    Ransomware-hyökkäyksen anatomia: kaikki koneet saastuivat muutamassa tunnissa
    https://etn.fi/index.php/13-news/16767-ransomware-hyoekkaeyksen-anatomia-kaikki-koneet-saastuivat-muutamassa-tunnissa

    Traficomin Kyberturvallisuuskeskus järjesti eilen mediatilaisuuden, jossa kartoitettiin tämän hetken kybermaisemaa. Tietoturva-asiantuntija Samuli Könönen kertoi suosiotaan kasvattavista kiristyshaittaohjelmista esimerkiksi kautta. Marraskuussa 2022 Lockbit-haittaohjelma saastutti muutamassa tunnissa Keski-Uudenmaan koulutuskuntayhtymä Keudan kaikki koneet.

    Seuraukset hyökkäyksestä olivat massiiviset. – Verkon etähallintaohjelma jäi auki, mikä mahdollisti palvelimien asetusten muuttamisen etänä. Hyökkääjä sai tunnukset todennäköisesti tietojenkalastelun avulla, eikä organisaatio valvonut poikkeuksellisia kirjautumisia, Könönen selvitti.

    Hyökkäyksen takia palvelimet ja esimerkiksi Keudan sähköposti oli pysähdyksissä yli kuukauden ajan. Lopulta kaikki asennettiin uudelleen, mikä tarkoitti noin 1500 tietokonetta. – Suorat kustannukset ylittivät 100 tuhatta euroa.

    Reply
  25. Tomi Engdahl says:

    Financial Times:
    A UK judge sentences a 27-year-old man who used AI tool Daz 3D to create child sexual abuse imagery to 18 years in prison, a landmark prosecution over deepfakes

    Man who used AI to create child abuse images jailed for 18 years in UK
    Judge rules in landmark case involving deepfake sexual abuse material
    https://www.ft.com/content/81060e76-994d-4635-af02-637504c69532

    A man who used artificial intelligence technology to create child sexual abuse imagery was sentenced to 18 years in prison on Monday, in a landmark prosecution over deepfakes in the UK.

    Hugh Nelson, 27, from Bolton, pleaded guilty to a total of 16 child sexual abuse offences, including transforming everyday photographs of real children into sexual abuse material using AI tools from US software provider Daz 3D. He also admitted encouraging others to commit sexual offences on children.

    At Bolton Crown Court, Judge Martin Walsh imposed an extended sentence on Nelson, saying he posed a “significant risk” of causing harm to the public.

    Advances in AI mean fake images have become more realistic and easier to create, prompting experts to warn about a rise in computer-generated indecent images of children.

    Jeanette Smith, a prosecutor from the Crown Prosecution Service’s Organised Child Sexual Abuse Unit, said Nelson’s case set a new precedent for how computer-generated images and indecent and explicit deepfakes could be prosecuted.

    “This case is one of the first of its kind but we do expect to see more as the technology evolves,” said Smith.

    Greater Manchester Police found both real images of children and computer-generated images of child sexual abuse on Nelson’s devices, which were seized last June.

    The computer-generated images did not look exactly like real photographs but could be classified as “indecent photographs”, rather than “prohibited images”, which generally carry a lesser sentence. This was possible, Smith said, because investigators were able to demonstrate they were derived from images of real children sent to Nelson.

    Nelson in August admitted to creating and selling bespoke images of child sexual abuse tailored to customers’ specific requests. He generated digital models of the children using real photographs that his customers had submitted. Police also said he further distributed the images he had created online, both for free and for payment.

    It comes as both the tech industry and regulators are grappling with the far-reaching social impacts of generative AI. Companies such as Google, Meta and X have been scrambling to tackle deepfakes on their platforms.

    The UK’s Online Safety Act, which passed last October, makes it illegal to disseminate non-consensual pornographic deepfakes. But Nelson was prosecuted under existing child abuse law.

    Smith said that as AI image generation improved, it would become increasingly challenging to differentiate between different types of images. “That line between whether it’s a photograph or whether it’s a computer-generated image will blur,” she said.

    Daz 3D, the company that created the software used by Nelson, said that its user licence agreement “prohibits its use for the creation of images that violate child pornography or child sexual exploitation laws, or are otherwise harmful to minors”

    Reply
  26. Tomi Engdahl says:

    The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread.

    Law Enforcement Deanonymizes Tor Users
    https://www.schneier.com/blog/archives/2024/10/law-enforcement-deanonymizes-tor-users.html?fbclid=IwZXh0bgNhZW0CMTEAAR3N1fFJ1LpVXyz2xl83jMq3nOd0L5CtUIgGwdKZ5tMVVGiE3by7xJPJk-4_aem_zB2lOSrnBqd7NWfh5SVmKg

    https://marx.wtf/2024/10/10/law-enforcement-undermines-tor/

    Few weeks ago, the German political magazine Panorama and STRG_F reported that law enforcement agencies infiltrated the Tor network in order to expose criminals. The reporters had access to documents showing four successful deanonymizations. I was given the chance to review some documents. In this post, I am highlighting publicly documented key findings.

    2024-09-12: Telefónica implements IP Catching
    Frankfurt District Court orders Telefónica (O2) to surveil its customers for up to three months
    Telefónica reports all customers connecting to a specific Tor entry relay named by the German Federal Criminal Police Office (Bundeskriminalamt, BKA). This is called IP catching
    After a few days, the measure is completed successfully

    2024-09-16: First statement of the Tor Project
    Pinpointing Tor entry relays of onion services to successfully deanonymize Tor users
    Timing analyses in combination with broad and long-term monitoring of Tor relay
    V2 and V3 onion addresses were affected, at least between 2019/Q3 and 2021/Q2

    2024-09-18: Journalists detail one case
    Operation Liberty Lane is referenced
    Four successful measures [=deanonymizations] in one investigation
    2x identification of Ricochet users
    2x further measures
    Deanonymization is based on timing analysis
    It’s not a classic software vulnerability that is exploited
    Tor Project agrees that nothing indicates that a vulnerability in the Tor browser is exploited. Problem: The attack works even though the Tor software is working properly

    More and more Tor relays in Germany are under surveillance for longer and longer periods, in such a way that apparently data has been used for timing analysis
    Deanonymization takes some time. Tor users are not deanonymized by the authorities in the blink of an eye

    Timing analyses was always possible when, to put it simply, there was „little traffic“ on an onion service and only a few packets were transmitted, which could then be assigned to a specific user. On whistleblowing platforms, there is usually little traffic until a source decides to submit data

    Reply
  27. Tomi Engdahl says:

    Leivänpaahdin voi hyökätä pankkiin – suomalainen tutkija kehitti ratkaisun iot-laitteiden tietoturvaongelmiin
    https://www.tivi.fi/uutiset/leivanpaahdin-voi-hyokata-pankkiin-suomalainen-tutkija-kehitti-ratkaisun-iot-laitteiden-tietoturvaongelmiin/862971a5-0d1d-40d9-b0ef-1e89a85ffb2d

    Suomalainen tutkija loi menetelmän, jolla esineiden internet saadaan nykyistä turvallisemmaksi. Tässä jutussa hän kertoo, miten se toimii.

    Nordeaan kohdistetut palvelunestohyökkäykset ovat olleet uutisissa viikkokausia. Pankki on ollut ongelmissa erityisesti siksi, että hyökkääjät ovat käyttäneet hyväkseen suomalaisia ja pohjoismaisia verkkoon liitettyjä kodinkoneita ja -laitteita.

    Reply
  28. Tomi Engdahl says:

    Imagine a scenario where your entire company’s IT system crashes in an instant, leaving nothing but destruction and chaos in its wake. In June 2017, the world’s most devastating computer virus, NotPetya, struck just like that—causing tens of billions of dollars in damages worldwide. What can we learn from this event?

    Read the full story and its lessons!

    NotPetya – The Ten Billion Dollar Worm

    https://www.dna.fi/dnabusiness/blogi/-/blogs/notpetya-the-ten-billion-dollar-worm?utm_source=facebook&utm_medium=social&utm_content=LAA-artikkeli-notpetya-the-ten-billion-dollar-worm&utm_campaign=P_LAA_24-40-44_artikkelikampanja_ENKKU_&fbclid=IwZXh0bgNhZW0BMABhZGlkAasU_zmwIlwBHbIPoPYRrlFw6yUKqk_z_3_kMicQ4OSQNNjmCTRNaaAUDBDYnN3cP-T4Qw_aem_QzIaFREd2_sFs0n_jq-YgQ

    In late June 2017, one of the most devastating cyberattacks in history began. The worm NotPetya struck critical infrastructure, corporations, and government systems across the globe, leaving a trail of crippled businesses and billions of dollars in damages in its wake. What follows is a true story.

    Reply
  29. Tomi Engdahl says:

    Fired Employee Allegedly Hacked Disney World’s Menu System to Alter Peanut Allergy Information
    https://m.slashdot.org/story/434869

    A disgruntled former Disney employee allegedly repeatedly hacked into a third-party menu creation software used by Walt Disney World’s restaurants and changed allergy information on menus to say that foods that had peanuts in them were safe for people with allergies, added profanity to menus, and at one point changed all fonts used on menus to Wingdings, according to a federal criminal complaint.

    Reply
  30. Tomi Engdahl says:

    North Korean govt hackers linked to Play ransomware attack
    https://www.bleepingcomputer.com/news/security/north-korean-govt-hackers-linked-to-play-ransomware-attack/?fbclid=IwY2xjawGQN65leHRuA2FlbQIxMQABHeoEAI7m64AyrHdBGuZE6qv3120PaM4a41UXZf3P3OzKKAqL7ZGkJamiyQ_aem_0KccZLcVzc3aGs2L2-bJ7A

    The North Korean state-sponsored hacking group tracked as ‘Andariel’ has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions.

    A report from Palo Alto Networks and its Unit 42 researchers claims that Andariel might be either an affiliate of Play or acting as an initial access broker (IAB), facilitating the deployment of the malware on a network they had breached several months earlier.

    Reply
  31. Tomi Engdahl says:

    The penalty follows YouTube’s suspension of Russian state media and sanctioned channels. https://link.ie.social/SEdkbY

    Reply
  32. Tomi Engdahl says:

    Over a thousand online shops hacked to show fake product listings
    https://www.bleepingcomputer.com/news/security/over-a-thousand-online-shops-hacked-to-show-fake-product-listings/?fbclid=IwZXh0bgNhZW0CMTEAAR276DBqB3gUyDg8zIa8LmF7Ou7biIkjUuNEb6IeT2HSS_72-Eq-h8wwk5w_aem_FcBLGZsl8l5S7PpvmMt0VQ

    A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items.

    Unsuspecting users clicking on those products are redirected to a network of hundreds of fake web stores that steal their personal details and money without shipping anything.

    According to HUMAN’s Satori Threat Intelligence team that discovered Phish n’ Ships, the campaign has impacted hundreds of thousands of consumers, causing estimated losses of tens of millions of dollars.

    The Phish n’ Ships operation
    The attack starts by infecting legitimate sites with malicious scripts by exploiting known vulnerabilities (n-days), misconfigurations, or compromised administrator credentials.

    Once a site is compromised, the threat actors upload inconspicuously named scripts such as “zenb.php” and “khyo.php,” with which they upload fake product listings.

    These items are complete with SEO-optimized metadata to increase their visibility on Google search results, from where victims can be drawn.

    When victims click on these links, they are redirected through a series of steps that ultimately lead to fraudulent websites, often mimicking the interface of the compromised e-store or using a similar design.

    All of these fake shops are connected to a network of fourteen IP addresses

    Attempting to purchase the item on the fake shop takes victims through a fake checkout process designed to appear legitimate but does not include any data verification, a sign of potential fraud.

    The malicious sites steal the information victims enter in the order fields, including their credit card details, and complete the payment using a semi-legitimate payment processor account controlled by the attacker.

    The purchased item is never shipped to the buyer, so the victims lose both their money and data.

    Reply
  33. Tomi Engdahl says:

    Here’s the paper no one read before declaring the demise of modern cryptography
    The advance was incremental at best. So why did so many think it was a breakthrough?
    https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/#gsc.tab=0

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*