This posting is here to collect cyber security news in February 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
145 Comments
Tomi Engdahl says:
Tämä kodin laite on tietoturvariski, jota ei tule ajatelleeksi: ”Harva estää”
Kodissa saattaa piillä vaara, joka tulee näkyväksi vasta pahimman tapahduttua.
https://www.is.fi/digitoday/tietoturva/art-2000010986528.html
Älylaitteet valtaavat koteja. Esimerkiksi reitittimien ja turvakameroiden hakkeroinnista on varoiteltu, mutta vähemmälle huomiolle ovat jääneet hiljalleen yleistyvät ovipuhelimet.
Ovipuhelimet ovat perinteisen ovikellon ja ovisilmän kehittyneempi versio. Vierailija voi ilmoittaa saapumisestaan puhumalla ja häntä voidaan kuvata kamerallisella ovipuhelimella. Ovessa oleva laite voi olla yhteydessä tavalliseen älypuhelimeen.
– Jos ne sattuvat olemaan mallia, jossa on internet-yhteys, niin harvassa niissä on sellainen turvallisuustoteutus, joka estää salakuuntelun ja kamerallisissa malleissa salakatselun, projektipäällikkö Ari Järvinen sanoo.
Brittiläinen kuluttajajärjestö Which? löysi taannoisessa selvityksessään vakavia tietoturvaongelmia kaikista testaamistaan 11 ovipuhelimesta.
– Pitäisin erikoisena, jos näin räikeitä haavoittuvuuksia ei olisi hyödynnetty, Järvinen sanoo.
– Jo pelkästään se, että yrityksen sisäänkäynnin ovikameran avulla tunnistetaan vierailijat, on kilpailijoille tai joissakin tapauksissa valtiollisille toimijoille arvokasta tietoa. Saati sitten se, että sisäpäätteen tai -päätteiden kautta voi kuunnella, mitä tilassa puhutaan, Järvinen hahmottaa.
Järvisen tehtävänä Huoltovarmuusorganisaation Rakennuspoolissa on edistää rakennetun ympäristön digitaalista turvallisuutta. Hänen mukaansa rakennusalalla ei juurikaan keskustella rakennusten digiturvallisuudesta.
– Rakentajat tekee sitä, mitä tilataan sen mukaan, miten on suunniteltu. Digiturvallisuus ei ole tilaajilla ainakaan vielä kovinkaan tärkeässä roolissa, toisin sanoen siihen ei hankesuunnittelun tai myöhempienkään suunnitteluvaiheiden aikana kiinnitetä riittävästi huomiota ja aseteta vaatimuksia kuin poikkeustilanteissa eli vain, kun tilaaja on valistunut.
Järvinen odottaa tilanteen paranevan erilaisten vastuukriteerien kiristyessä. Euroopan unionin tasolla jo säädettyyn NIS2-direktiiviin perustuva kansallinen säädöstö on astumassa voimaan kevään kuluessa. Direktiivi koskee kyberturvallisuuden riskienhallintaa kriittisillä toimialoilla.
Lisäksi elokuun alussa tänä vuonna EU:ssa aletaan soveltaa uutta kyberturvallisuusasetusta. Asetuksen nojalla tietoturvavaatimusten vastaiset laitteet voidaan poistaa myynnistä.
Järvinen huomauttaa, että turvallisuudessa ei ole kyse vain päätelaitteista, vaan myös esimerkiksi toiminnan edellyttämästä ja valmistajan tarjoamasta pilvipalvelusta.
Peruskäyttäjän ei sinänsä tarvitse useinkaan tehdä paljoa turvallisuuden eteen. Sisäyksikön osalta riittää, että kameran linssin eteen tulee läppä, ja mikrofoni sulkeutuu luotettavasti, kun sitä ei käytetä.
Tomi Engdahl says:
The smart video doorbells letting hackers into your home
All 11 doorbells we tested demonstrated high-risk security issues
https://www.which.co.uk/news/article/the-smart-video-doorbells-letting-hackers-into-your-home-aRfBa5W1boxK
11 smart doorbells purchased from online marketplaces have failed Which? security tests, in the latest example of smart products that could pose a risk to you and your home.
Smart doorbells with cameras let you see who’s at the door without getting up off the sofa, but in-depth security testing has found some are leaving your home wide open to uninvited guests.
With internet-connected smart tech on the rise, smart doorbells are a common sight on UK streets.Popular models, such as Ring and Nest doorbells, are expensive, but scores of similar looking devices have popped up on Amazon, eBay and Wish at a fraction of the price.
They look similar and promise comparable features, but Which? worked with expert cybersecurity researchers, NCC Group, to find that some of these devices have serious vulnerabilities.
Unsecure doorbells from little-known brands
We tested 11 different doorbells found on eBay and Amazon, many of which had scores of 5-star reviews, were recommended as ‘Amazon’s Choice’, or on the bestseller list. One was labelled as the number one bestseller in ‘door viewers’. We found vulnerabilities with every single one.
Victure Smart Video Doorbell Camera
At around £90 this is close to some Ring doorbells in terms of cost, but miles behind them when it comes to security. We’ve found issues with Victure products before, namely its wireless security camera.
The model we tested – the Victure VD300 – sends your wi-fi name and password to servers in China unencrypted. Any hacker able to intercept this data could waltz right into your home network and gain access to other devices on it.
This problematic doorbell is a number one bestseller on Amazon, with a review score of 4.3 out of 5 from over 1,000 ratings.
Even more concerningly, we found a another unbranded doorbell on Amazon that looked identical to this Victure model, and the experts at NCC Group confirmed it. It looked the same and had exactly same vulnerabilities. There’s no telling how many cloned doorbells with similar or different chassis are using the same underlying, unsafe software and hardware.
Qihoo 360 D819 Smart Video Doorbell
The Qihoo 360 Smart Video Doorbell, which was available on Amazon, was easy to steal as criminals could simply detach it from the wall with a standard Sim-card ejector tool included with all smartphones. It can then be reset and sold on.
Your recordings aren’t exactly secure either, as they are stored unencrypted.
Ctronics CT-WDB02 Wireless Video Doorbell
A video doorbell from a brand called Ctronics had a critical vulnerability that could allow cybercriminals to steal the network password, and use that to hack not only the doorbells and the router, but also any other smart devices in the home, such as a thermostat, camera or potentially even a laptop.
Unbranded V5 Wifi Ring Doorbell
We found this unbranded model on eBay and while it looks similar to a Ring doorbell, it most certainly isn’t. A flaw in this doorbell can easily revert it to a ‘pairing’ stage. This takes it offline and could enable a criminal to seize control of it to steal the doorbell, or just stop it from recording while they burgle the customers’ home.
Tomi Engdahl says:
Nordean tilanne ohi
Nordean verkkopalveluissa ilmeni maanantaina häiriöitä.
https://www.iltalehti.fi/digiuutiset/a/da6229d2-74de-47b3-83e8-2ea7126aa3de
Nordean verkkopankki ja mobiilipankki lakkasivat toimimasta maanantaina aamupäivällä. Ongelmat alkoivat pian kello 11 jälkeen.
Verkko- ja mobiilipankki alkoivat jälleen toimia hieman ennen kello 13.
Tomi Engdahl says:
Kyberhyökkäyksiä maan vesivoimaloihin
Bundeswehrin kyber- ja informaatiojoukkojen komentaja Thomas Daum vastaa Münchenissä kysymyksiin kyberuhista. Hänen mukaansa viimeisen puolen vuoden aikana hänen yksikkönsä on havainnut yhä enemmän hyökkäysyrityksiä kriittistä infrastruktuuria vastaan.
Perjantaina, turvallisuuskonferenssin ensimmäisenä päivänä, Bundeswehr esimerkiksi havaitsi merkittävän kyberhyökkäyksen Münchenin vesivoimalaan.
– Olemme [näiden hyökkäysten osalta] uudessa vaiheessa. Vastustaja haluaa saada kansalaiset huolestumaan turvallisuudestaan, Daum sanoo.
https://www.iltalehti.fi/ulkomaat/a/d097fd72-f19e-42e4-8e39-867c27089c2c
Tomi Engdahl says:
Gillian Tan / Bloomberg:
Dream, which offers cybersecurity tools to governments and critical infrastructure firms, raised $100M led by Bain at a $1.1B valuation, up from ~$190M in 2023
https://www.bloomberg.com/news/articles/2025-02-17/bain-backs-israeli-ai-cybersecurity-startup-dream-at-1-1-billion-valuation
Tomi Engdahl says:
New FinalDraft Malware Spotted in Espionage Campaign
A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
https://www.securityweek.com/new-finaldraft-malware-spotted-in-espionage-campaign/
Tomi Engdahl says:
Russian State Hackers Target Organizations With Device Code Phishing
Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.
https://www.securityweek.com/russian-state-hackers-target-organizations-with-device-code-phishing/
A Russia-linked threat actor tracked as Storm-2372 has been targeting government and private organizations in a global campaign employing device code phishing for account compromise, Microsoft reports.
The campaign has been ongoing since at least August 2024, targeting entities in the government, IT, defense, telecoms, health, education, and energy sectors, as well as NGOs in Africa, Europe, the Middle East, and North America.
Relying on a numeric or alphanumeric code, the device code authentication flow is used to authenticate an account from a device that cannot perform an interactive authentication.
Tomi Engdahl says:
127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police
After governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline.
https://www.securityweek.com/127-servers-of-bulletproof-hosting-service-zservers-seized-by-dutch-police/
Tomi Engdahl says:
https://www.securityweek.com/rising-tides-lesley-carhart-on-bridging-enterprise-security-and-ot-and-improving-the-human-condition/
Tomi Engdahl says:
HSBC down: Online banking and app not working in major outage
https://www.independent.co.uk/tech/hsbc-down-not-working-latest-b2696277.html?fbclid=IwZXh0bgNhZW0CMTEAAR2MlqtDISWBMMJKhzYw6CpV9dO81n6Yq0RW82Hj0gt9bfJoXJDKHcsW3kE_aem_a-Y0s-uDOkSkzGtcUptWWQ
Outage comes after high-profile problems at banks across the high street
The apparent outage is the latest to hit major banks in recent weeks, with Barclays, Lloyds and Halifax all recently also suffering outages
Tomi Engdahl says:
Warning—New Microsoft Windows Threat When Your PC Restarts
https://www.forbes.com/sites/zakdoffman/2025/02/19/hidden-microsoft-windows-threat-attacks-when-your-pc-restarts/?fbclid=IwY2xjawIi_GhleHRuA2FlbQIxMQABHcwTvwG75Wpysf0Gh6_Iv_Juz8OqT_QChnpDwB7bO9YX6-wGXUAnDBr8SQ_aem_yyg0ooWOw0iKQL2ZMa5KfQ
A stark new warning for Microsoft Windows users this week, as AI sniffs out an enhanced keylogger that “steals sensitive information from popular web browsers from popular web browsers like Chrome, Edge, and Firefox, logging keystrokes, capturing credentials, and monitoring the clipboard.”
Take this warning seriously — the malware has already targeted millions of PCs and shows no signs of slowing down. And it is now programmed to attack when your PC restarts, making the threat much harder to stop, especially as it hides in amongst Windows’ benign processing tools to avoid detection.
The warning comes by way of Fortinet, its latest report on the poisonous Snake Keylogger that has become one of the most persistent Microsoft Windows threats out in the wild. The security firm says its new AI engine “designed to detect and analyze previously unknown threats in real-time” picked up this latest suspicious activity through “a blend of behavioral analysis and file attributes.”
Tomi Engdahl says:
How Hackers Manipulate Agentic AI with Prompt Engineering
https://www.securityweek.com/how-hackers-manipulate-agentic-ai-with-prompt-engineering/
Organizations adopting the transformative nature of agentic AI are urged to take heed of prompt engineering tactics being practiced by threat actors.
The era of “agentic” artificial intelligence has arrived, and businesses can no longer afford to overlook its transformative potential. AI agents operate independently, making decisions and taking actions based on their programming. Gartner predicts that by 2028, 15% of day-to-day business decisions will be made completely autonomously by AI agents.
However, as these systems become more widely accepted, their integration into critical operations as well as excessive agency—deep access to systems, data, functionalities, and permissions—make them appealing targets for cybercrime. One of the most subtle but powerful attack techniques that threat actors use to manipulate, deceive, or compromise AI agents involves prompt engineering.
How Threat Actors Leverage Prompt Engineering to Exploit Agentic AI
Threat actors utilize a number of prompt engineering techniques to compromise agentic AI systems, such as:
Steganographic Prompting
Remember SEO poisoning technique where white text was used on a white background to manipulate search engine results? If a visitor browses the web page, they are unable to read the hidden text. But if a search engine bot crawls the page, it can read it. Similarly, steganographic prompting involves a technique where hidden text or obfuscated instructions are embedded in a way that is invisible to the human eye but detectable by an LLM.
Jailbreaking
Jailbreaking is a prompting technique that manipulates AI systems into circumventing their own built-in restrictions, ethical standards, or safety measures. In the case of agentic AI systems, jailbreaking seeks to bypass built-in protections and safeguards, compelling the AI to behave in ways that go against its intended programming. There are a number of different techniques bad actors can employ to jailbreak AI guardrails:
Role-playing: instructing the AI to adopt a persona that bypasses its restrictions.
Obfuscation: using coded language, metaphors, or indirect phrasing to disguise malicious intent.
Context manipulation: altering context such as prior interactions or specific details to guide the model into producing restricted outputs.
Prompt Probing
Prompt probing is a technique used to explore and understand the behavior, limitations, and vulnerabilities of an agentic AI system by systematically testing it with carefully crafted inputs (prompts). Although the technique is typically employed by researchers and developers to gain an understanding about how AI models respond to different types of inputs or queries, it is also used by threat actors as a precursor to more malicious activities, such as jailbreaking, prompt injection attacks, or model extraction.
Mitigating the Risks of Prompt Engineering
To defend against prompt engineering attacks, organizations must adopt a multi-layered approach. Key strategies include:
Input Sanitization and Validation: Implement robust input validation and sanitization techniques to detect and block malicious prompts, to strip or detect hidden text, such as white-on-white text, zero-width characters, or other obfuscation techniques, prior to processing inputs.
Improve Agent Robustness: Using techniques like adversarial training and robustness testing, train AI agents to recognize and resist adversarial inputs.
Limit AI Agency: Restrict the actions that agentic AI systems can perform, particularly in high-stakes environments.
Monitor Agent Behavior: Continuously monitor AI systems for unusual behavior and conduct regular audits to identify and address vulnerabilities.
Train Users: Educate users about the risks of prompt engineering and how to recognize potential attacks.
Implement Anomaly Detection: Investing in a converged network and security-as-a-service model like SASE ensures that organizations can identify anomalous activities and unusual behaviors, which are often triggered by prompt manipulations, across the entire IT estate.
Deploy Human-in-the-Loop: Use human reviewers to validate AI outputs and to monitor critical and sensitive interactions.
Tomi Engdahl says:
Pangea Launches AI Guard and Prompt Guard to Combat Gen-AI Security Risks
Guardrail specialist releases new products to aid the development and use of secure gen-AI apps.
https://www.securityweek.com/pangea-launches-ai-guard-and-prompt-guard-to-combat-gen-ai-security-risks/
AI security specialist Pangea has added to its existing suite of corporate gen-AI security products with AI Guard and Prompt Guard. The first prevents sensitive data leakage from gen-AI applications, while the second defends against prompt engineering, preventing jailbreaks.
According to the current OWASP Top 10 for LLM Applications 2025 (PDF), the number one risk for gen-AI applications comes from ‘prompt injection’, while the number two risk is ‘sensitive information disclosure’ (data leakage). With large organizations each developing close to 1,000 proprietary AI apps, Pangea’s new products are designed to prevent these apps succumbing to their major risks.
OWASP Top 10 for LLM Applications 2025
https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/
Tomi Engdahl says:
Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox security updates.
https://www.securityweek.com/chrome-133-firefox-135-updates-patch-high-severity-vulnerabilities/
Tomi Engdahl says:
OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks
The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.
https://www.securityweek.com/openssh-patches-vulnerabilities-allowing-mitm-dos-attacks/
On Tuesday, the developers of OpenSSH, the popular open source implementation of the Secure Shell (SSH) protocol, rolled out patches for two vulnerabilities, one exploitable without user interaction and the other without authentication.
Using a client-server system, OpenSSH provides support for encrypted communication, and is used across modern operating systems on both desktop and mobile devices.
The first of the newly addressed vulnerabilities, tracked as CVE-2025-26465, impacts the OpenSSH client with the VerifyHostKeyDNS option enabled, and can be exploited by a man-in-the-middle (MiTM) attacker to impersonate a server.
The VerifyHostKeyDNS configuration option allows the SSH client to verify a server’s host key using SSHFP records in the DNS.
According to Qualys, which identified and reported CVE-2025-26465, the flaw can be successfully exploited regardless of the VerifyHostKeyDNS option in use, without user interaction, and even if an SSHFP resource record does not exist.
The security defect was introduced in OpenSSH in December 2014. By default, the VerifyHostKeyDNS is disabled, but FreeBSD had it enabled by default between September 2013 and March 2023.
“If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the attacker’s key instead of the legitimate server’s key. This would break the integrity of the SSH connection, enabling potential interception or tampering with the session before the user even realizes it,” Qualys says.
Tracked as CVE-2025-26466, the second bug resolved in OpenSSH on Tuesday impacts both the client and the server, and can be exploited without authentication to cause a denial-of-service (DoS) condition through asymmetric consumption of memory and CPU resources.
OpenSSH version 9.9p2 was released on Tuesday with fixes for both vulnerabilities.
Tomi Engdahl says:
https://www.securityweek.com/new-windows-zero-day-exploited-by-chinese-apt-security-firm/
Windows vulnerability exploited
Israeli threat intelligence firm ClearSky Cyber Security on Thursday revealed that it has seen an APT linked to China exploiting a new Windows vulnerability.
The company said Microsoft is aware of the flaw, but classified it as ‘low severity’.
ClearSky described the issue as a ‘UI vulnerability’ and found evidence of exploitation by the notorious Chinese APT named Mustang Panda.
Tomi Engdahl says:
Nordnet: Nyt tapahtuu iso muutos
Nordnet siirtyy kokonaan kaksivaiheiseen tunnistautumiseen.
https://www.iltalehti.fi/digiuutiset/a/87a2137d-d5a4-4f90-81f2-9861a2b26f52
Sijoituspalveluyhtiö Nordnet kertoo luopuvansa kokonaan käyttäjätunnuksista ja salasanoista kirjautumismenetelmänä. Jatkossa palveluun kirjaudutaan aina kaksivaiheisella tunnistautumisella.
– Olemme alkaneet poistaa käyttäjätunnuksia ja salasanoja käytöstä kirjautumismenetelminä niiltä asiakkailta, joilla on kaksivaiheinen tunnistautuminen jo käytössä, Nordnet kertoo asiakastiedotteessaan.
Muutos liittyy Nordnetin mukaan turvallisuuden ja käyttömukavuuden parantamiseen.
Näin kirjaudutaan jatkossa
Tietokoneella Nordnetiin kirjaudutaan skannaamalla QR-koodi Nordnetin älypuhelinsovelluksella. Mobiilisovellukseen puolestaan kirjaudutaan sormenjäljellä, kasvojentunnistuksella tai kuusinumeroisella PIN-koodilla.
Nordnetin asiakkaat, joilla ei ole älypuhelinta, voivat kirjautua palveluun käyttäen omalta operaattorilta tilattavaa mobiilivarmennetta.
Tekninen häiriö
Nordnet nousi otsikoihin viime viikolla, kun teknisen häiriön vuoksi osa tiistaina puoliltapäivin kirjautuneista asiakkaista päätyi aivan väärän henkilön tilille pystyen näkemään salkkujen sisällöt ja jopa tekemään ostoja ja myyntejä.
Nordnet kertoi Kauppalehdelle keskiviikkona, että yhden suomalaisasiakkaan salkusta oli tehty luvatta noin 7 400 euron osakemyynti.
Tomi Engdahl says:
Vincit: Valion tietomurto alkoi varastetuista VPN-tunnuksista
Tietomurrot|Joulukuussa tapahtunut tietomurto on vaarantanut noin 70 000 ihmisen henkilötiedot.
https://www.hs.fi/talous/art-2000011046945.html?fbclid=IwZXh0bgNhZW0CMTEAAR2QJDJLmqB9g639VEzG8791ZWA5fcZY_5lcowMj6IsScKeQnfHSKyBBrH8_aem_ljT5RZ1vmJrgUxnGM-0W3g
Elintarvikeyhtiö Valioon kohdistunut laajaa tietomurto sai alkunsa varastetuista VPN-tunnuksista, selviää ohjelmistoyhtiö Vincitin tilinpäätöstiedotteesta.
Toimitusjohtaja Julius Manni toteaa tiedotteessa, että tunnukset varastettiin Vincitin työntekijän henkilökohtaisen tietokoneen kautta. Niiden avulla rikolliset pääsivät tunkeutumaan asiakkaan suljettuun verkkoon.
”Varastetuilla tunnuksilla ei suoraan päästy murtautumaan asiakkaiden järjestelmiin tai asiakkaiden hallinnoimiin henkilötietoihin, mutta rikolliset pääsivät hyödyntämään Vincitistä riippumattomia tietoturvahaavoittuvuuksia hyökkäyksen seuraavassa vaiheessa”, hän sanoo.
”Tulemme nopeuttamaan jo käynnissä olleiden tietoturvahankkeiden aikataulua ja entisestään lisäämään panostuksia tietoturvan kehittämiseen ja riskienhallintaan yhdessä asiakkaidemme kanssa.”
Joulukuussa tapahtunut tietomurto on vaarantanut noin 70 000 ihmisen henkilötiedot. Valtaosassa tapauksista hyökkääjän haltuun on päätynyt uhrin nimi ja henkilötunnus.
Poliisi kertoi helmikuun alussa, että tapausta tutkitaan törkeänä tietomurtona.
Vincit on Valion it-palvelukumppani, eli se myy Valiolle it-palveluita.
Tietoturvahyökkäykseen liittyneiden kustannusten kerrotaan rasittaneen Vincitin viimeisen vuosineljänneksen tulosta.
Tomi Engdahl says:
https://www.securityweek.com/chinese-apt-tools-found-in-ransomware-schemes-blurring-attribution-lines/
https://www.securityweek.com/cisa-fbi-warn-of-china-linked-ghost-ransomware-attacks/
Tomi Engdahl says:
Sarah Wynn / The Block:
The US SEC announces the Cyber and Emerging Technologies Unit to protect investors from bad actors in crypto and AI, replacing the Crypto Assets and Cyber Unit — – The agency announced the new unit on Thursday, calling it the Cyber and Emerging Technologies Unit, or CETU.
SEC launches new unit focused on protecting investors against fraud in crypto and AI
https://www.theblock.co/post/342419/sec-launches-new-unit-focused-on-protecting-investors-against-fraud-in-crypto-and-ai
Tomi Engdahl says:
Emily Birnbaum / Bloomberg:
FTC Chair Andrew Ferguson announces an inquiry into “Big Tech censorship”, which he says is “un-American” and “potentially illegal” — – FTC Chair Ferguson invites public comment about tech platforms — Conservatives claim ideas, affiliations have been censored
https://www.bloomberg.com/news/articles/2025-02-20/-big-tech-censorship-of-users-targeted-by-trump-s-ftc-chief
Tomi Engdahl says:
A group of hackers just pulled off the largest cryptocurrency heist in history, looting an estimated $1.4 billion from the Bybit exchange.
The hackers compromised an offline “cold wallet” that stored Ethereum, stealing the 400,000 in ETH on Friday morning, Bybit CEO Ben Zhou told users in a live stream.
During the incident, the cold wallet was supposed to transfer funds to an online “hot wallet.” To execute the transaction, the cold wallet required approval from multiple private keys.
“Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” Bybit said in a tweet. “As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”
The statement suggests the hackers gained remote access to computers at the exchange. Bybit is still determining how the breach occurred, but the amount lost far surpasses the previous record-holder for biggest crypto heist. In 2022, Ronin Network lost $620 million in Ethereum and USD Coin, allegedly at the hands of North Korea’s Lazarus group.
More at PCMag
https://www.pcmag.com/news/hackers-loot-record-breaking-14-billion-from-cryptocurrency-exchange
Tomi Engdahl says:
https://www.csoonline.com/article/3819176/top-5-ways-attackers-use-generative-ai-to-exploit-your-systems.html
Tomi Engdahl says:
https://blog.cloudflare.com/introducing-automatic-audit-logs/
Tomi Engdahl says:
https://www.helpnetsecurity.com/2025/02/13/sandworm-apts-initial-access-subgroup-hits-organizations-accross-the-globe/
Tomi Engdahl says:
https://www.edn.com/the-future-of-cybersecurity-and-the-living-label/
Tomi Engdahl says:
Vincitin tietomurto sai alkunsa työntekijän kotikoneelta – ”Se oli tahaton, inhimillinen virhe”
https://www.tivi.fi/uutiset/vincitin-tietomurto-sai-alkunsa-tyontekijan-kotikoneelta-se-oli-tahaton-inhimillinen-virhe/3fa11768-a355-408d-90af-c3191abb2370
Vincit on kertonut uusia tietoja joulukuussa yhtiöön kohdistuneesta tietoturvahyökkäyksestä, joka eteni useassa vaiheessa ja vaikutti kymmeneen sen asiakkaaseen. Yhtiö on ryhtynyt laajoihin tietoturvatoimiin estääkseen vastaavat tapaukset tulevaisuudessa.
Tomi Engdahl says:
Pornhub: Tällaisen pornon etsiminen johtaa Suomessa jatkossa varoitukseen
Yksi maailman suurimmista pornosivustoista näyttää suomalaisille käyttäjille jatkossa sisältövaroituksen tietynlaista materiaalia etsiessä.
https://www.iltalehti.fi/digiuutiset/a/206b088d-1787-4b33-9e08-a9408beec9c6
Pornhub on alkanut estää väkivaltaista sisältöä suomalaisilta käyttäjiltä ja varoittaa, mikäli käyttäjä sellaista etsii. Aiheesta kertoi ensimmäisenä Suomessa Yle.
Mikäli sivustolta etsii pornoa hakusanoilla, jotka viittaavat raiskaukseen tai pakottamiseen, näytetään käyttäjälle suomenkielinen varoitusteksti. Varoituksessa kerrotaan, että haettu sisältö voi liittyä laittomaan tai muutoin väkivaltaiseen toimintaan, kuten seksuaalisen kuvan luvattomaan levittämiseen.
Lisäksi ilmoituksessa korostetaan, että todelliset tai lavastetut seksuaalista pakottamista esittävät videot eivät ole Pornhubissa sallittuja.
Pornosivusto Pornhub näyttää varoituksia suomalaisille, jotka etsivät väkivaltaista sisältöä
https://yle.fi/a/74-20144672
Varoitustekstin tarkoitus on estää ilman suostumusta levitettyjen kuvien jakamista verkossa. Kuvamateriaaliin liittyvä digitaalinen väkivalta on lisääntynyt.
Juttu tiivistettynä
Pornhub rajoittaa väkivalta- ja pakotussisällön näkymistä hakutuloksissa Suomessa.
Sivusto ohjaa käyttäjiä ottamaan yhteyttä Naisten linjaan ja tekemään rikosilmoituksen, jos kuvaa on levitetty luvattomasti.
Poliisi tutkii kuvan luvattomaan levittämiseen liittyviä rikoksia, mutta resurssipula vaikuttaa tutkintaan.
Tutkija vaatii verkkoalustoilta parempaa vastuuta ja toimintatapojen muuttamista digitaalisen väkivallan ehkäisemiseksi.
Tomi Engdahl says:
Kirpputorilta löytyi jotain, mikä ei olisi saanut ikinä päätyä sinne
Ostaja ei käyttänyt tietoja väärin, mutta niiden ei olisi pitänyt alun perinkään olla tuntemattomien ihmisten saatavilla.
https://www.iltalehti.fi/digiuutiset/a/5b3e11d8-bd36-4d03-a65f-0364eb761e0d
The Register kertoo, että 62-vuotias Polet on ollut jo vuosikymmeniä kiinnostunut tietokoneista ja laitteista.
Polet päätyikin ostamaan sattumalta viisi kiintolevyä kirpputorilta, joka sijaitsi Weelden lentokentän vieressä Belgiassa lähellä Alankomaiden rajaa.
Kiintolevyt vetivät kukin 500 gigatavua dataa ja maksoivat vain viisi euroa kappale.
Polet löysi kiintolevyistä suuren määrän ihmisten sairaanhoitoon liittyviä henkilötietoja, jotka olivat peräisin vuosilta 2011–2019. Ne liittyivät lähinnä ihmisiin, jotka asuvat Utrechtin, Houtenin ja Delftin alueilla Alankomaissa.
Tietoihin sisältyi muun muassa henkilötunnuksia, syntymäaikoja, osoitteita ja lääkinnällistä historiaa
https://www.theregister.com/2025/02/19/hundreds_of_dutch_medical_records
Tomi Engdahl says:
Lue tiivistelmä
Tietoturvayhtiö Kaspersky Lab neuvoo suojautumaan vakoilulta.
Kameran peittäminen ja mikrofonin poiskytkeminen ovat tärkeitä toimenpiteitä.
Joissakin laitteissa on useampia mikrofoneja, joiden paikallistaminen voi olla vaikeaa.
Tarkista myös laitteiden asetukset ja sovelluksille annetut käyttöoikeudet.
Turvaudu sekä fyysisiin että ohjelmallisiin keinoihin.
Moni peittää tietokoneen kameran, mutta ei muista tätä yhtä tärkeää asiaa
https://www.is.fi/digitoday/tietoturva/art-2000010961569.html
Tomi Engdahl says:
Google Confirms Gmail To Ditch SMS Code Authentication
https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/
It is certainly no secret that using SMS text messages for security codes used to authenticate your identity is far from ideal. Just as the tech industry is slowly moving away from passwords to passkeys that take a more secure biometric approach to logins, the use of code-generating apps and even app-less approaches to two-factor authentication have increasingly become the norm in recent years. But SMS has always been said to be better than no authentication at all, which is hard to argue with. Now, following a privileged conversation with Google insiders, I can exclusively reveal that Gmail is finally looking to ditch SMS codes for authentication. Here’s everything you need to know.
Google tekee ison muutoksen Gmailiin
https://www.is.fi/digitoday/mobiili/art-2000011054807.html
Tomi Engdahl says:
Citigroup Mistakenly Credited a Customer with $81 Trillion Instead of $280: ‘Inputting Error’
An employee caught the mistake quickly, but the bank has recently made other errors that have drawn scrutiny and fines from regulators.
https://www.entrepreneur.com/business-news/citigroup-credited-a-customer-81-trillion-instead-of-280/487773
Key Takeaways
Citigroup accidentally posted a payment of $81 trillion to a customer’s account instead of $280.
An employee caught the mistake, leading the bank to reverse the transaction before the funds were transferred.
Citigroup said the issue was an inputting error, and that the transaction was so large it would not have gone through anyway.
Citigroup made the mistake of crediting $81 trillion to a customer’s account instead of $280, according to a Friday report from the Financial Times.
The multi-trillion-dollar error occurred in April 2024 and was overlooked by both a payments employee and a second employee assigned to check the transaction before it was approved to be processed. A third employee caught the mistake 90 minutes after the payment was posted, leading Citigroup to reverse the transaction several hours after it had been submitted, per the outlet.
The value of the transaction far exceeds the gross domestic product of every country in the world
No funds left the bank. Citigroup disclosed the “near miss,” or the term for a bank processing a wrong amount but recovering the funds, to the U.S. Federal Reserve and the Office of the Comptroller of the Currency.
A Citigroup spokesperson told Business Insider that the incident was an “inputting error” and that there was “no impact to the bank or our client.” They also stated that the transaction was so large it could not have been processed.
“Despite the fact that a payment of this size could not actually have been executed, our detective controls promptly identified the inputting error between two Citi ledger accounts and we reversed the entry,” a Citigroup spokesperson told BI.
Tomi Engdahl says:
Trump administration retreats in fight against Russian cyber threats
Recent incidents indicate US is no longer characterizing Russia as a cybersecurity threat, marking a radical departure: ‘Putin is on the inside now’
https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security
Tomi Engdahl says:
https://www.forbes.com/sites/daveywinder/2025/02/28/paypal-security-2fa-codes-to-be-replaced-by-single-step-login/
Tomi Engdahl says:
Signal will withdraw from Sweden if encryption-busting laws take effect
Experts warned the UK’s recent ‘victory’ over Apple would kickstart something of a domino effect
https://www.theregister.com/2025/02/26/signal_will_withdraw_from_sweden/
Tomi Engdahl says:
https://futurism.com/nuclear-access-doge
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/pypi-package-with-100k-installs-pirated-music-from-deezer-for-years/
Tomi Engdahl says:
https://cybersecuritynews.com/threat-actor-vmware-esxi-0-day/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/vscode-extensions-with-9-million-installs-pulled-over-security-risks/
Tomi Engdahl says:
https://www.hackster.io/news/dylan-ayrey-has-a-sleepless-night-thanks-to-an-ssh-backdoor-in-eight-sleep-smart-mattress-covers-d01055e4e1c6
Tomi Engdahl says:
It is no longer safe to move our governments and societies to US clouds
https://berthub.eu/articles/posts/you-can-no-longer-base-your-government-and-society-on-us-clouds/
Tomi Engdahl says:
https://www.thestar.com.my/tech/tech-news/2025/02/21/hackers-have-found-a-way-to-bypass-two-factor-authentication?utm_medium=colorwall&utm_source=facebook&fbclid=IwY2xjawIpStRleHRuA2FlbQIxMQABHcnL0wFsbpVsq1be-A2-YtQ-ipSHGaWUsiOwLVHvMi4038Q4PJy0ktFB6g_aem_1op-0ybO7ZCa5b24aTOIJg
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/firefox-continues-manifest-v2-support-as-chrome-disables-mv2-ad-blockers/
Tomi Engdahl says:
A single default password exposes access to dozens of apartment buildings
https://techcrunch.com/2025/02/24/a-single-default-password-exposes-access-to-dozens-of-apartment-buildings/
A security researcher says the default password shipped in a widely used door access control system allows anyone to easily and remotely access door locks and elevator controls in dozens of buildings across the U.S. and Canada.
Eric Daigle said he found exposed residential and office buildings across North America that have not yet changed their access control system’s default password, or are unaware that they should.
Tomi Engdahl says:
Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users
https://www.forbes.com/sites/daveywinder/2025/02/26/google-confirms-gmail-to-ditch-sms-code-authentication/