Cyber security news March 2025

This posting is here to collect cyber security news in March 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

19 Comments

  1. Tomi Engdahl says:

    Researchers reveal a new Wi-Fi jamming technique using RIS technology. https://link.ie.social/eAUWev

    Reply
  2. Tomi Engdahl says:

    US Cyber Command reportedly pauses cyberattacks on Russia
    PLUS: Phishing suspects used fishing gear as alibi; Apple’s ‘Find My’ can track PCs and Androids; and more
    https://www.theregister.com/2025/03/03/infosec_in_brief/

    Reply
  3. Tomi Engdahl says:

    Yhdysvaltain puolustus­ministeriltä määräys: Kyber­hyökkäykset Venäjää vastaan lopetettava

    https://yle.fi/a/74-20146992

    Reply
  4. Tomi Engdahl says:

    https://www.infoworld.com/article/3830687/how-ebpf-is-changing-container-networking.html

    Reply
  5. Tomi Engdahl says:

    https://www.securityweek.com/chrome-134-firefox-136-patch-high-severity-vulnerabilities/

    Reply
  6. Tomi Engdahl says:

    IoT Security
    New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices
    The Eleven11bot botnet has been described as one of the largest known DDoS botnets observed in recent years.
    https://www.securityweek.com/new-eleven11bot-ddos-botnet-powered-by-80000-hacked-devices/

    Several cybersecurity organizations are tracking what has been described as one of the largest known DDoS botnets observed in recent years.

    The new botnet, named Eleven11bot, was recently noticed by Nokia’s Deepfield Emergency Response Team, which saw hyper-volumetric DDoS attacks conducted by its operators.

    Nokia reported on February 28 that Eleven11bot had ensnared roughly 30,000 devices, mainly security cameras and network video recorder (NVR) devices.

    However, the non-profit cybersecurity organization Shadowserver Foundation reported on Tuesday that its scanning had identified approximately 86,400 IoT devices compromised by the botnet.

    A majority of the impacted devices are in the United States (25,000), followed by the United Kingdom (10,000), Canada (4,000) and Australia (3,000).

    Reply
  7. Tomi Engdahl says:

    Artificial Intelligence
    Intel TDX Connect Bridges the CPU-GPU Security Gap

    AI is all about data – and keeping AI’s data confidential both within devices and between devices is problematic. Intel offers a solution.

    https://www.securityweek.com/intel-tdx-connect-bridges-the-cpu-gpu-security-gap/

    The use of AI by companies is expanding rapidly. This requires the collection and processing of vast amounts of corporate data. The threat of sensitive company data and PII leaking is serious and heavily regulated by governments.

    One problem is that AI data processing is performed on devices with GPUs (such as Nvidia), while the data source (as in parameters and prompts) is delivered through connected devices more commonly using standard CPUs (such as Intel). Mapping the data from one device to another has been achieved in software with the use of Bounce Buffers. But these add overhead to the data transfer and cannot be secured as effectively as hardware protection. Direct memory access, from one device to the other, is a better solution.

    Intel is addressing this by extending its TDX Connect technology on its Xeon 6 processors. TDX is the basis for Intel’s Confidential Computing – isolated and hardware-protected Trust Domains within VMs providing greater data confidentiality and integrity in cloud and virtualized environments.

    TDX Connect extends this concept beyond the Intel CPU to any supporting device, including GPUs, Smart NICs, and storage devices. Its relevance is primarily to Intel’s wider concept of confidential computing – but in the current technology environment, much interest will focus on the potential for confidential AI.

    Confidential AI

    The data security problem for burgeoning AI applications lies in AI methodology. “AI is all about data,” explains Anand Pashupathy, VP & general manager of Intel’s security software & services division. “Parameters going in, prompts going in, data being processed, and the results coming back. A lot of this is happening without confidential computing protection.”

    For him, confidential AI is the application of confidential computing to the rapidly growing use of gen-AI applications. It is a partnership between the trusted execution environment (TEE) on the CPU (that is, TDX on Intel) and the GPU’s own TEE. Data is kept confidential between the two via TDX Connect’s high performance, encrypted connection and secure direct memory access.

    “This helps ensure end-to-end compliance and data security,” he writes in Intel’s announcement.

    Announcing Intel® TDX Connect Support on Intel® Xeon® 6
    https://community.intel.com/t5/Blogs/Tech-Innovation/Data-Center/Announcing-Intel-TDX-Connect-Support-on-Intel-Xeon-6/post/1668423

    Reply
  8. Tomi Engdahl says:

    Data Breaches
    Polish Space Agency Hit by Cyberattack

    The Polish space agency POLSA says it has disconnected its network from the internet to contain a cyberattack.

    https://www.securityweek.com/polish-space-agency-hit-by-cyberattack/

    Reply
  9. Tomi Engdahl says:

    IoT Security
    BadBox Botnet Powered by 1 Million Android Devices Disrupted

    A second iteration of the BadBox botnet that affected over one million Android devices has been partially disrupted.

    https://www.securityweek.com/badbox-botnet-powered-by-1-million-android-devices-disrupted/

    Reply
  10. Tomi Engdahl says:

    Artificial Intelligence
    AIceberg Gets $10 Million in Seed Funding for AI Security Platform

    AIceberg has launched a solution that helps governments and enterprises with the safe, secure and compliant adoption of AI.

    https://www.securityweek.com/aiceberg-gets-10-million-in-seed-funding-for-ai-security-platform/

    Reply
  11. Tomi Engdahl says:

    Vulnerabilities
    Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

    Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.

    https://www.securityweek.com/exploited-vmware-esxi-flaws-put-many-at-risk-of-ransomware-other-attacks/

    Reply
  12. Tomi Engdahl says:

    https://www.securityweek.com/us-indicts-chinas-isoon-hackers-for-hire-operatives/

    Reply
  13. Tomi Engdahl says:

    Sergiu Gatlan / BleepingComputer:
    Broadcom fixes three VMware zero-days exploited in the wild found by Microsoft; attackers with admin or root access can chain the flaws to escape a VM’s sandbox

    Broadcom fixes three VMware zero-days exploited in attacks
    https://www.bleepingcomputer.com/news/security/broadcom-fixes-three-vmware-zero-days-exploited-in-attacks/

    Reply
  14. Tomi Engdahl says:

    Funding/M&A
    Armis Acquires Otorio to Expand OT and CPS Security Suite

    The transaction is valued in the range of $120 million and gives Armis an on-premises CPS solution

    https://www.securityweek.com/armis-acquires-otorio-to-expand-ot-and-cps-security-suite/

    Reply
  15. Tomi Engdahl says:

    Government
    House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies

    The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP).

    https://www.securityweek.com/federal-contractor-cybersecurity-bill-passes-house/

    Reply
  16. Tomi Engdahl says:

    Näin Suomeen hyökätään nyt – USA:n piiloon jääneellä päätöksellä saattaa olla pian ikävä vaikutus
    Suomen verkot ovat puhtaita, mutta Yhdysvaltojen päätöksillä saattaa olla vaikutuksia täälläkin.
    Näin Suomeen hyökätään nyt – USA:n piiloon jääneellä päätöksellä saattaa olla pian ikävä vaikutus
    https://www.is.fi/digitoday/tietoturva/art-2000011079554.html

    Lue tiivistelmä
    Suomeen kohdistuneet palvelunestohyökkäykset ovat lisääntyneet 122 prosenttia vuoden 2024 alusta, kertoo Elisan tietoturvajohtaja Teemu Mäkelä.

    Hyökkäyksiä tehdään erityisesti näkyvyyden saamiseksi ja niiden takana on usein Venäjä-mielisyys.

    Yhdysvaltain päätös lopettaa kyberoperaatiot Venäjää vastaan voi vaikeuttaa uhkatiedustelua myös Suomessa.

    Reply
  17. Tomi Engdahl says:

    Undocumented “backdoor” found in Bluetooth chip used by a billion devices
    https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/?fbclid=IwZXh0bgNhZW0CMTEAAR33XL68voucKkLtJ5cneZIUTs3GCPcrwq0wIs6g5uds5g7byEcSgseKopQ_aem__23PqVwLxIe33hEN4Vwsmw

    The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented “backdoor” that could be leveraged for attacks.

    The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

    This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

    Reply
  18. Tomi Engdahl says:

    Lots off us use esp32 for projects or have It embedded in cots products…

    https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/?

    Reply
  19. Tomi Engdahl says:

    Why Airports Hate this $12 Watch.
    https://youtu.be/f_y90Gkyz4k?si=AG2gbpVYUuBeV-_j

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*