This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
214 Comments
Tomi Engdahl says:
Researchers reveal a new Wi-Fi jamming technique using RIS technology. https://link.ie.social/eAUWev
Tomi Engdahl says:
US Cyber Command reportedly pauses cyberattacks on Russia
PLUS: Phishing suspects used fishing gear as alibi; Apple’s ‘Find My’ can track PCs and Androids; and more
https://www.theregister.com/2025/03/03/infosec_in_brief/
Tomi Engdahl says:
Yhdysvaltain puolustusministeriltä määräys: Kyberhyökkäykset Venäjää vastaan lopetettava
https://yle.fi/a/74-20146992
Tomi Engdahl says:
https://www.infoworld.com/article/3830687/how-ebpf-is-changing-container-networking.html
Tomi Engdahl says:
https://www.securityweek.com/chrome-134-firefox-136-patch-high-severity-vulnerabilities/
Tomi Engdahl says:
IoT Security
New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices
The Eleven11bot botnet has been described as one of the largest known DDoS botnets observed in recent years.
https://www.securityweek.com/new-eleven11bot-ddos-botnet-powered-by-80000-hacked-devices/
Several cybersecurity organizations are tracking what has been described as one of the largest known DDoS botnets observed in recent years.
The new botnet, named Eleven11bot, was recently noticed by Nokia’s Deepfield Emergency Response Team, which saw hyper-volumetric DDoS attacks conducted by its operators.
Nokia reported on February 28 that Eleven11bot had ensnared roughly 30,000 devices, mainly security cameras and network video recorder (NVR) devices.
However, the non-profit cybersecurity organization Shadowserver Foundation reported on Tuesday that its scanning had identified approximately 86,400 IoT devices compromised by the botnet.
A majority of the impacted devices are in the United States (25,000), followed by the United Kingdom (10,000), Canada (4,000) and Australia (3,000).
Tomi Engdahl says:
Artificial Intelligence
Intel TDX Connect Bridges the CPU-GPU Security Gap
AI is all about data – and keeping AI’s data confidential both within devices and between devices is problematic. Intel offers a solution.
https://www.securityweek.com/intel-tdx-connect-bridges-the-cpu-gpu-security-gap/
The use of AI by companies is expanding rapidly. This requires the collection and processing of vast amounts of corporate data. The threat of sensitive company data and PII leaking is serious and heavily regulated by governments.
One problem is that AI data processing is performed on devices with GPUs (such as Nvidia), while the data source (as in parameters and prompts) is delivered through connected devices more commonly using standard CPUs (such as Intel). Mapping the data from one device to another has been achieved in software with the use of Bounce Buffers. But these add overhead to the data transfer and cannot be secured as effectively as hardware protection. Direct memory access, from one device to the other, is a better solution.
Intel is addressing this by extending its TDX Connect technology on its Xeon 6 processors. TDX is the basis for Intel’s Confidential Computing – isolated and hardware-protected Trust Domains within VMs providing greater data confidentiality and integrity in cloud and virtualized environments.
TDX Connect extends this concept beyond the Intel CPU to any supporting device, including GPUs, Smart NICs, and storage devices. Its relevance is primarily to Intel’s wider concept of confidential computing – but in the current technology environment, much interest will focus on the potential for confidential AI.
Confidential AI
The data security problem for burgeoning AI applications lies in AI methodology. “AI is all about data,” explains Anand Pashupathy, VP & general manager of Intel’s security software & services division. “Parameters going in, prompts going in, data being processed, and the results coming back. A lot of this is happening without confidential computing protection.”
For him, confidential AI is the application of confidential computing to the rapidly growing use of gen-AI applications. It is a partnership between the trusted execution environment (TEE) on the CPU (that is, TDX on Intel) and the GPU’s own TEE. Data is kept confidential between the two via TDX Connect’s high performance, encrypted connection and secure direct memory access.
“This helps ensure end-to-end compliance and data security,” he writes in Intel’s announcement.
Announcing Intel® TDX Connect Support on Intel® Xeon® 6
https://community.intel.com/t5/Blogs/Tech-Innovation/Data-Center/Announcing-Intel-TDX-Connect-Support-on-Intel-Xeon-6/post/1668423
Tomi Engdahl says:
Data Breaches
Polish Space Agency Hit by Cyberattack
The Polish space agency POLSA says it has disconnected its network from the internet to contain a cyberattack.
https://www.securityweek.com/polish-space-agency-hit-by-cyberattack/
Tomi Engdahl says:
IoT Security
BadBox Botnet Powered by 1 Million Android Devices Disrupted
A second iteration of the BadBox botnet that affected over one million Android devices has been partially disrupted.
https://www.securityweek.com/badbox-botnet-powered-by-1-million-android-devices-disrupted/
Tomi Engdahl says:
Artificial Intelligence
AIceberg Gets $10 Million in Seed Funding for AI Security Platform
AIceberg has launched a solution that helps governments and enterprises with the safe, secure and compliant adoption of AI.
https://www.securityweek.com/aiceberg-gets-10-million-in-seed-funding-for-ai-security-platform/
Tomi Engdahl says:
Vulnerabilities
Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks
Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.
https://www.securityweek.com/exploited-vmware-esxi-flaws-put-many-at-risk-of-ransomware-other-attacks/
Tomi Engdahl says:
https://www.securityweek.com/us-indicts-chinas-isoon-hackers-for-hire-operatives/
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
Broadcom fixes three VMware zero-days exploited in the wild found by Microsoft; attackers with admin or root access can chain the flaws to escape a VM’s sandbox
Broadcom fixes three VMware zero-days exploited in attacks
https://www.bleepingcomputer.com/news/security/broadcom-fixes-three-vmware-zero-days-exploited-in-attacks/
Tomi Engdahl says:
Funding/M&A
Armis Acquires Otorio to Expand OT and CPS Security Suite
The transaction is valued in the range of $120 million and gives Armis an on-premises CPS solution
https://www.securityweek.com/armis-acquires-otorio-to-expand-ot-and-cps-security-suite/
Tomi Engdahl says:
Government
House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies
The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP).
https://www.securityweek.com/federal-contractor-cybersecurity-bill-passes-house/
Tomi Engdahl says:
Näin Suomeen hyökätään nyt – USA:n piiloon jääneellä päätöksellä saattaa olla pian ikävä vaikutus
Suomen verkot ovat puhtaita, mutta Yhdysvaltojen päätöksillä saattaa olla vaikutuksia täälläkin.
Näin Suomeen hyökätään nyt – USA:n piiloon jääneellä päätöksellä saattaa olla pian ikävä vaikutus
https://www.is.fi/digitoday/tietoturva/art-2000011079554.html
Lue tiivistelmä
Suomeen kohdistuneet palvelunestohyökkäykset ovat lisääntyneet 122 prosenttia vuoden 2024 alusta, kertoo Elisan tietoturvajohtaja Teemu Mäkelä.
Hyökkäyksiä tehdään erityisesti näkyvyyden saamiseksi ja niiden takana on usein Venäjä-mielisyys.
Yhdysvaltain päätös lopettaa kyberoperaatiot Venäjää vastaan voi vaikeuttaa uhkatiedustelua myös Suomessa.
Tomi Engdahl says:
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/?fbclid=IwZXh0bgNhZW0CMTEAAR33XL68voucKkLtJ5cneZIUTs3GCPcrwq0wIs6g5uds5g7byEcSgseKopQ_aem__23PqVwLxIe33hEN4Vwsmw
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented “backdoor” that could be leveraged for attacks.
The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.
Tomi Engdahl says:
Lots off us use esp32 for projects or have It embedded in cots products…
https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/?
Tomi Engdahl says:
Why Airports Hate this $12 Watch.
https://youtu.be/f_y90Gkyz4k?si=AG2gbpVYUuBeV-_j
Tomi Engdahl says:
Kuva: Joku tehtaili leikkipuistolle karsean nimen – Ylöjärven kaupunki hämillään
Ylöjärvellä sijaitsevan Takotien leikkipuiston nimi muutettiin Google Mapsissa.
https://www.iltalehti.fi/digiuutiset/a/d6695cd7-611e-48fa-939b-ffaeef554003
Ylöjärvellä hämmästyttiin
Kauttoon ei osaa sanoa, kuka voisi olla teon takana. Kauttoon kertoo alkavansa selvittää, miten nimi voidaan vaihtaa takaisin alkuperäiseen nimeen eli Takotien leikkipuistoksi.
Samankaltaisia nimenmuutoksia on tehty ennenkin. Esimerkiksi Mikrobitti uutisoi vuosi sitten Valkeakoskella sijaitsevasta lukiosta, jonka nimeä muuteltiin toistuvasti vuodesta 2023 lähtien.
Asiantuntija kommentoi
Yliopistonlehtori Matti Nelimarkka Helsingin yliopiston yhteiskuntadatatieteen keskukselta kertoo, että hänen käsittääkseen jokainen voi tehdä Google Mapsiin ehdotuksia paikannimille. Ehdotusten tekeminen tapahtuu eri tavoin, mikäli ehdottajalla on oma yritys tai hän ehdottaa yleistä paikannimeä.
Google käy ehdotuksia läpi omilla menetelmillään.
– Ei se laadunvalvonta näytä olevan hirveän korkealla tasolla, Nelimarkka sanoo.
Nelimarkka toivoo, että yritykset ottaisivat enemmän vastuuta moderoinnistaan. Suomessa on rasistisia paikannimiä virallisellakin tasolla, mutta ilkivalta pitäisi erottaa, hän sanoo.
– Google on yrittänyt pitää itsensä erillään tästä tietojen oikeellisuudesta. He eivät koe olevansa itse lopulta vastuussa siitä, mitä tietoja karttapalvelu antaa.
– Sitten se on vähän tällaista. Kyllähän sitä toivoisi, että noilla isoilla alustafirmoilla olisi tarpeeksi osaamista ja tarpeeksi ihmisiä näiden asioiden käsittelyyn.
Nelimarkan mukaan esimerkiksi Wikipedia on kärsinyt saman kaltaisista ilkivaltaongelmista ja Wikipedia on kehittänyt erilaisia menetelmiä ongelmien ratkaisuksi.
Tomi Engdahl says:
Chromecastit hajosivat ympäri maailmaa
Chromecastin käyttäjät Suomessa ja muualla joutuvat tuijottamaan turhauttavaa virheilmoitusta.
https://www.is.fi/digitoday/art-2000011087235.html
Googlen vanhemmat Chromecast-laitteet vikaantuivat sunnuntaina, muun muassa 9to5Google ja Android Authority kertovat. Asiasta keskustellaan suomeksi ainakin Threads-palvelussa.
Toisen sukupolven Chromecast ja Chromecast Audio eivät pysty vian vuoksi esittämään mitään sisältöjä. Sen sijaan käyttäjät ovat nähneet virheilmoituksia, joiden mukaan Chromecastia ei pystytty autentikoimaan, tai että laite ei ole luotettu. Vika koskee aivan vähintään tuhansia, mutta todennäköisesti huomattavasti suurempaa joukkoa ympäri maailmaa.
Virheilmoitukset saivat jotkut pelkäämään, että Google on vaivihkaa lopettanut tukemasta laitteita. Viime elokuussa Google kertoi lopettavansa Chromecast-tuoteperheensä. Jo myytyjen tuotteiden tuen piti jatkua ennallaan, mutta uusia ei enää tuoteta.
Ei ole kuitenkaan viitteitä, että Google olisi tahallaan tehnyt laitteista toimimattomia. Yhden Reddit-käyttäjän vahvistamattoman kommentin mukaan Google on tietoinen ongelmasta ja on korjaamassa sitä.
Chromecast (2nd gen) and Audio cannot Cast in ‘Untrusted’ outage
https://9to5google.com/2025/03/09/chromecast-2nd-gen-audio/
Tomi Engdahl says:
https://www.securityweek.com/cyberattack-disrupts-national-presto-industries-operations/
Tomi Engdahl says:
Espressif’s Response to Claimed Backdoor and Undocumented Commands in ESP32 Bluetooth Stack
https://www.espressif.com/en/news/response_esp32_bluetooth?position=0&list=KIW5efYNZx3uqLNbSyDg3klIJaOWQMzEdWou7noRyQI
Recently, some media have reported on a press release initially calling out ESP32 chips for having a “backdoor”. Of note is that the original press release by the Tarlogic research team was factually corrected to remove the “backdoor” designation. However, not all media coverage has been amended to reflect this change. Espressif would like to take this opportunity to clarify this matter for our users and partners.
What was found
The functionality found are debug commands included for testing purposes. These debug commands are part of Espressif’s implementation of the HCI (Host Controller Interface) protocol used in Bluetooth technology. This protocol is used internally in a product to communicate between Bluetooth layers.
Key clarification points
Internal Debug Commands: These commands are meant for use by developers and are not accessible remotely. Having such private commands is not an uncommon practice.
No Remote Access: They cannot be triggered by Bluetooth, radio signals, or over the Internet, meaning they do not pose a risk of remote compromise of ESP32 devices.
Security Impact: While these debug commands exist, they cannot, by themselves, pose a security risk to ESP32 chips. Espressif will still provide a software fix to remove these undocumented commands.
Scope: If ESP32 is used in a standalone application and not connected to a host chip that runs a BLE host, the aforementioned HCI commands are not exposed and there is no security threat.
Affected Chipsets: These commands are present in the ESP32 chips only and are not present in any of the ESP32-C, ESP32-S, and ESP32-H series of chips.
Tomi Engdahl says:
New Chirp tool uses audio tones to transfer data between devices
https://www.bleepingcomputer.com/news/software/new-chirp-tool-uses-audio-tones-to-transfer-data-between-devices/
A new open-source tool named ‘Chirp’ transmits data, such as text messages, between computers (and smartphones) through different audio tones.
The tool, developed by cybersecurity researcher solst/ICE, maps each character into a specific sound frequency and plays it along with real-time visualization.
Other microphone-equipped computers running Chirp may capture the sound and translate the message back into text.
The project allows users to “sneak” messages between devices in a fun way, and it’s available both online and as a standalone app available for free through GitHub.
https://github.com/solst-ice/chirp
Tomi Engdahl says:
Dark Storm Team Claims DDoS Attack on X, Causing Major Outage: Live Updates
https://www.newsweek.com/x-twitter-outage-dark-storm-live-updates-2042333?fbclid=IwY2xjawI8BylleHRuA2FlbQIxMQABHdjo2x1Qk_H8IOuQFODauQKjLpSN70Hvp2nevLUztBVWs3408LkZLYIPfg_aem_W_hmSTRV4_4cntgq1G2kMw
Tomi Engdahl says:
Elon Musk: Jäljet johtavat Ukrainaan
Viestipalvelu X:n tekniset ongelmat olivat Elon Muskin mukaan seurausta kyberhyökkäyksestä. Hän sanoo hyökkääjien IP-osoitteiden viittaavan Ukrainaan.
https://www.iltalehti.fi/digiuutiset/a/9d73271d-50ee-4c48-bb24-c8d4c520f502
Tomi Engdahl says:
Venäjä onnistui: ChatGPT on myrkytetty
https://www.iltalehti.fi/digiuutiset/a/a1e32468-fee3-4fcd-9f1a-ad819f8d0953
Tomi Engdahl says:
https://www.securityweek.com/560000-people-impacted-across-four-healthcare-data-breaches/
Tomi Engdahl says:
Network Security
Elon Musk Claims X Being Targeted in ‘Massive Cyberattack’ as Service Goes Down
Elon Musk claimed that the social media platform X was being targeted in a “massive cyberattack” that impacted availability.
https://www.securityweek.com/elon-musk-claims-x-being-targeted-in-massive-cyberattack-as-service-goes-down/
Tomi Engdahl says:
Malware & Threats
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
https://www.securityweek.com/china-hackers-behind-us-treasury-breach-caught-targeting-it-supply-chain/
Tomi Engdahl says:
ICS/OT
Details Disclosed for SCADA Flaws That Could Facilitate Industrial Attacks
Palo Alto Networks has shared details on several high-severity Mitsubishi Electric and Iconics SCADA vulnerabilities.
https://www.securityweek.com/details-disclosed-for-scada-flaws-that-could-facilitate-industrial-attacks/
Palo Alto Networks has disclosed the details of five high-severity vulnerabilities affecting Iconics and Mitsubishi Electric supervisory control and data acquisition (SCADA) products.
Impacted products include Genesis64 and MC Works64. The same vulnerabilities affect both Iconics and Mitsubishi Electric products because the former is part of the latter.
The SCADA vulnerabilities include DLL hijacking (CVE-2024-1182), incorrect default permission (CVE-2024-7587), uncontrolled search path element (CVE-2024-8299 and CVE-2024-9852), and dead code (CVE-2024-8300) issues.
Tomi Engdahl says:
Cybercrime
Cobalt Strike Abuse Dropped 80% in Two Years
Fortra has shared an update on the effects of actions taken to reduce the abuse of Cobalt Strike by threat actors.
https://www.securityweek.com/cobalt-strike-abuse-dropped-80-in-two-years/
Tomi Engdahl says:
Malware & Threats
Critical PHP Vulnerability Under Mass Exploitation
GreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers.
https://www.securityweek.com/mass-exploitation-of-critical-php-vulnerability-begins/
Threat actors have started exploiting en masse a critical vulnerability in PHP that could allow remote code execution on vulnerable servers, threat intelligence firm GreyNoise warns.
The flaw, tracked as CVE-2024-4577 (CVSS score of 9.8), can be exploited on Windows servers that are using Apache and PHP-CGI, if they are set to use certain code pages, to inject arguments remotely and execute arbitrary code.
Because PHP’s implementation in Windows did not consider the ‘Best-Fit’ behavior that controls the conversion of Unicode characters to the closest matching ANSI characters, attackers could supply specific character sequences that, when converted, would be misinterpreted as PHP options by the php-cgi module.
CVE-2024-4577 was publicly disclosed in June 2024, and the first exploitation attempts, attributed to a ransomware gang, were observed only two days later.
Last week, Cisco warned that, since January 2025, the security defect has been exploited in a malicious campaign targeting Japanese organizations across the education, entertainment, ecommerce, technology, and telecommunications sectors.
Tomi Engdahl says:
https://www.securityweek.com/us-seize-garantex-in-cryptocurrency-money-laundering-bust/
Tomi Engdahl says:
Vulnerabilities
In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report
Noteworthy stories that might have slipped under the radar: Google discloses AMD CPU flaw named EntrySign, ISPs in the US and China targeted in massive attack, ENISA report on NIS2 Directive.
https://www.securityweek.com/in-other-news-entrysign-amd-flaw-massive-attack-targets-isps-enisa-report/
ENISA report
The EU cybersecurity agency ENISA has published a report that aims to identify areas for improvement and tracking of progress across NIS2 Directive sectors. The NIS2 Directive is the EU baseline framework for cybersecurity risk management and incident reporting for important entities. ENISA’s NIS360 report looks at the cybersecurity maturity and criticality of NIS2 sectors.
ENISA NIS360 2024 report: A comprehensive look at cybersecurity maturity and criticality of NIS2 sectors
https://www.enisa.europa.eu/news/enisa-nis360-2024-report
The European Union Agency for Cybersecurity’s first NIS360 report identifies areas for improvement and tracking of progress across NIS2 Directive sectors.
The NIS360 is a new product by the EU Agency for Cybersecurity, ENISA, that assesses the maturity and criticality of NIS2 sectors, providing both a comparative and a more in-depth analysis.
The goal of the NIS360 is to help national authorities and cybersecurity agencies in the Member States tasked with the implementation of the NIS2, (1) to understand the overall picture, (2) to help them with prioritisation, (3) to highlight areas for improvement, and (4) to facilitate monitoring of sectors’ progress. The NIS360 also aims to support policy makers at national and EU level, to give input on policy and strategy development, and initiatives to build up cyber resilience.
The report sets out three main priorities.
Firstly, it recommends that collaboration, within and between sectors is strengthened, through community-building events and cooperation at sector, national and EU level.
Secondly, within this NIS2 transposition period, it is becoming more of a priority to develop sector-specific guidance on how to implement the key NIS2 requirements in each sector. The report notes that national sectorial authorities are stepping up to implement the NIS2. While investments are increasing across sectors, further upskilling is required.
Thirdly, the NIS360 emphasises the need for both alignment of requirements across borders in each NIS sector, and for cross-border collaboration.
Tomi Engdahl says:
https://www.securityweek.com/edimax-camera-zero-day-disclosed-by-cisa-exploited-by-botnets/
Tomi Engdahl says:
The ESP32 Bluetooth Backdoor That Wasn’t
https://hackaday.com/2025/03/10/the-esp32-bluetooth-backdoor-that-wasnt/
ecently there was a panicked scrambling after the announcement by [Tarlogic] of a ‘backdoor’ found in Espressif’s popular ESP32 MCUs. Specifically a backdoor on the Bluetooth side that would give a lot of control over the system to any attacker. As [Xeno Kovah] explains, much about these claims is exaggerated, and calling it a ‘backdoor’ is far beyond the scope of what was actually discovered.
To summarize the original findings, the researchers found a number of vendor-specific commands (VSCs) in the (publicly available) ESP32 ROM that can be sent via the host-controller interface (HCI) between the software and the Bluetooth PHY. They found that these VSCs could do things like writing and reading the firmware in the PHY, as well as send low-level packets.
The thing about VSCs is of course that these are a standard feature with Bluetooth controllers, with each manufacturer implementing a range of these for use with their own software SDK. These VSCs allow for updating firmware, report temperatures and features like debugging, and are generally documented (except for Broadcom).
Effectively, [Xeno] makes the point that VSCs are a standard feature in Bluetooth controllers, which – like most features – can also be abused.
Tomi Engdahl says:
Muskin väite Ukrainasta on hyvin arveluttava
Elon Musk nimesi syyllisen poikkeuksellisen nopeasti.
https://www.is.fi/digitoday/art-2000011089936.html
Miljardööri Elon Muskin mukaan viestipalvelu X:ään kohdistunut kyberhyökkäys näyttäisi olevan tehty Ukrainasta käsin. Väite on osoittautumassa hyvin kyseenalaiseksi.
X:ssä on ollut ainakin maanantaina käyttökatkoja, jotka ovat olleet palvelun omistajan Muskin mukaan peruja mittavasta kyberhyökkäyksestä. Hän esitti näkemyksensä X:ssä maanantaina.
– Meitä vastaan hyökätään joka päivä, mutta tämä tehtiin mittavilla resursseilla, Musk sanoi päivityksessä.
Väitetyn hyökkäyksen takana on Muskin mukaan joko mittava koordinoitu ryhmä, valtio tai molemmat.
Musk kommentoi viestipalvelun ongelmia maanantaina myös Fox Businessin haastattelussa. Muskin mukaan kyberhyökkäys on tehty tietokoneilla, joiden ip-osoitteet ovat Ukrainan alueella.
Väite on osoittautumassa hyvin kyseenalaiseksi. Kyberturvallisuusasiantuntijoiden mukaan tilannetta on vaikea arvioida näkemättä sisälle viestipalvelun toimintaan. Ongelmien keston on kuitenkin arvioitu olevan merkki hyökkäyksestä.
– Kybersota iskee täydellä voimalla, sanoi Chad Cragle kyberturvallisuusyhtiö Deepwatchista.
Cragle painottaa Muskin olevan tällä hetkellä valokeilassa, minkä lisäksi poliittiset jännitteet ovat huipussaan. Hänen mukaansa X:n ongelmissa on merkkejä valtiollisen toimijan tekemästä hyökkäyksestä.
Deepwatch myy kyberturvallisuuspalveluita yhtiöille.
Asiantuntija: Muskin väite ei pidä paikkaansa
Uutistoimisto Reutersin mukaan internetin infrastruktuurin parissa työskentelevä lähde kiisti Muskin väitteet. Hänen mukaansa Ukrainasta tuleva hyökkäysliikenne oli voimakkuudeltaan merkityksetöntä.
Sen sijaan suuri osa hyökkäyksistä oli peräisin amerikkalaisista vietnamilaisista ja brasilialaisista verkko-osoitteista.
Verkkohyökkäysten todellisen alkulähteen osoittaminen eli syylliset attribuointi on erittäin vaikeaa. Hyökkäykset tehdään usein kaapattujen laitteiden välityksellä, mikä kätkee niiden alkuperän.
Viranomaiset ja tietoturvayhtiöt eivät tee attribuutioita kevyin perustein. Siksi Muskin nopeaa lausuntoa voidaan pitää erikoisena.
Musk blames X outage on cyberattack
https://www.reuters.com/technology/social-media-platform-x-down-thousands-users-downdetector-shows-2025-03-10/
Musk later said in an interview with Fox Business Network’s Larry Kudlow the cyberattack came from IP addresses originating in the Ukraine area.
The industry source disputed Musk’s account, saying that large chunks of the rogue traffic bombarding X could be traced back to IP addresses in the United States, Vietnam, Brazil and other countries, and that the amount of rogue traffic coming directly from Ukraine was “insignificant.”
In any case, denial of service attacks are notoriously hard to trace back to their authors and the IP addresses involved rarely provide any meaningful insight into who was behind them.
Tomi Engdahl says:
Elon Musk claims a “massive” cyberattack took X offline as anti-Tesla protests escalate worldwide. https://link.ie.social/ewbsxl
Tomi Engdahl says:
Google paid $12 million in bug bounties last year to security researchers
https://www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/?fbclid=IwY2xjawI9StFleHRuA2FlbQIxMQABHb_os7_E7HzAcWlgWHrkXvl7FwYiBh_UtZaz7DM-afWYbsXOCh1Qkt1hSQ_aem_ceJK14R14iysaxifKCgomg
Tomi Engdahl says:
Kill switches in software development is a constantly running joke, good reason not to follow through with it (at least not without covering your tracks extremely well).
Developer convicted for “kill switch” code activated upon his termination
Software developer plans to appeal after admitting to planting malicious code.
https://arstechnica.com/tech-policy/2025/03/fired-coder-faces-10-years-for-revenge-kill-switch-he-named-after-himself/?fbclid=IwY2xjawI9TFVleHRuA2FlbQIxMQABHXHlSKM90IFtl1Bf_eI_S5bCSoxFhyDqPowKhLof67XD2iZhGH7Bzqo6Rw_aem_M0QS9M1VoXxVzy7gVlFhNg
Tomi Engdahl says:
Musk can’t keep his own computers safe.
Musk can’t keep his cars from crashing.
Musk can’t keep his rockets from exploding.
Musk can’t keep stolen government data safe. (and probably never intended to)
—snip—
see evidence that some X origin servers, which respond to web requests, weren’t properly secured behind the company’s Cloudflare DDoS protection and were [publicly visible](https://beta.shodan.io/host/104.244.42.193).
—snip—
https://www.wired.com/story/x-ddos-attack-march-2025/
Tomi Engdahl says:
Kiinalainen takaportti osoittautui uutisankaksi
https://etn.fi/index.php/13-news/17259-kiinalainen-takaportti-osoittautui-uutisankaksi
Maailmalla levisi kulovalkean tavoin uutinen siitä, että kiinalainen Espressif olisi ujuttanut takaportin jopa miljardiin markkinoilla olevaan Bluetooth-piiriinsä. Laineiden vähän laskettua voidaan todeta, että kyse on suurimmalta osin uutisankasta.
Espressif on toki osoittanut huonoa suunnittelukäytäntöä sisällyttämällä dokumentoimattomia komentoja suosittuun langattomaan IoT-piiriperheeseensä ESP32. Valitettavasti moni muu on tehnyt samoin, joten löydöstä on aika lailla perusteetonta kutsua takaportiksi tai tietoturva-aukoksi.
Kyberturvallisuustutkijat Tarlogic-yrityksestä havaitsivat tuntemattomia komentoja ESP32:ssa analysoimalla suunnittelua takaperin. Komennot tarjoavat laitetason pääsyn muun muassa muistiin. Tarlogic kutsui näitä komentoja tiedotteessaan takaoveksi, ja aihe sai paljon huomiota, kun uutissivusto Bleeping Computer nosti sen esiin.
Tällaisia komentoja käytetään hyvin yleisesti mikropiirien kehitysvaiheessa. Hyvän suunnittelukäytännön mukaista on estää ne tuotantoversiossa. Espressif ei kuitenkaan ole ensimmäinen, joka on jättänyt tämän tekemättä. Myös Broadcom, Cypress ja Texas Instruments ovat toimineet samoin.
Tomi Engdahl says:
Chromecastit lakkasivat toimimasta
Googlen mediatoistimissa on ongelmia.
https://www.iltalehti.fi/digiuutiset/a/20a31bc9-2bd0-4096-8cd1-568a00ed84f4
Maanantaiaamu valkeni monissa kotitalouksissa tavallistakin ankeammissa merkeissä, sillä Googlen Chromecast-mediatoistimiin iskeneen ongelman vuoksi osa laitteista on muuttunut täysin käyttökelvottomiksi.
Varhaisten tietojen mukaan vika vaikuttaa koskettavan toisen sukupolven Chromecastia sekä Chromecast Audiota. Ilmoituksia muun muassa Reddit-keskustelupalstalle on tullut ympäri maailman, mutta ei ainakaan suuremmissa määrin muilta kuin mainittujen laitteiden käyttäjiltä.
Aiheesta uutisoivan Android Authorityn mukaan kukaan ei toistaiseksi tiedä, mikä vian on aiheuttanut. Osa käyttäjistä on saanut ilmoituksen, ettei laite ole luotettu, eikä siihen voida yhdistää.
A strange error is making Chromecast devices unusable for many users (Updated: Workarounds)
People are struggling to use their Chromecast today and no one knows why.
https://www.androidauthority.com/chromecast-device-authentication-error-3533424/
Chromecast (2nd gen) and Audio cannot Cast in ‘Untrusted’ outage [Update]
https://9to5google.com/2025/03/11/chromecast-2nd-gen-audio/
Over the past few hours, owners of the Chromecast (2nd gen) and Chromecast Audio haven’t been able to Cast any audio or video content.
Update 3/11: Google provided an update on Tuesday afternoon, with the latest being that the “team has identified the cause of the issue impacting Chromecast (2nd gen) and Chromecast Audio devices.”
Please do not factory reset your device. If you previously performed a factory reset during troubleshooting, you may also be experiencing an issue where you’re unable to re-setup your device. The team has identified the cause for this as well and is currently working on a fix.
We’re working to resolve this as soon as possible, and will keep you updated when there is more to share.
We sincerely apologize for the inconvenience, and appreciate your patience in the meantime.
Update 3/10: As of Monday, Google is “aware of an issue with Chromecast v2 and Chromecast Audio devices,” and working on a fix.
Original 3/9: Seemingly, all users of those two Chromecast models are seeing the “Untrusted device: [name] couldn’t be verified. This could be caused by outdated device firmware” message. This warning appears in apps (like YouTube) after users select the devices in question as Cast targets.
You can only “close” the dialog box and cannot proceed. There are no end user workarounds, reboots, resets, etc. that will resolve this issue. The screensaver (Google Photos, art, photography, etc.) functionality with the time and weather still works.
Today’s “Untrusted device” warning is causing people to think that Google has bricked their Chromecasts or is announcing end-of-life.
However, this is more likely a bug because Google hasn’t made any support deprecation announcements for those devices like it did with the original Chromecast (1st gen) in May of 2023. (Even that original streaming device still works, including today.)
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-usb-printers-print-random-text-after-recent-windows-updates/?fbclid=IwZXh0bgNhZW0CMTEAAR0gYE492IZ773MQaoQwNRnAnM03GZ9_ZXl0CNYqjRV6HnwUG76DQNIcwQ4_aem_yKkxj1yVk2H17FIG-wnriw
Tomi Engdahl says:
https://www.csoonline.com/article/3842391/almost-1-million-business-and-home-pcs-compromised-after-users-visited-illegal-streaming-sites-microsoft.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2025-patch-tuesday-fixes-7-zero-days-57-flaws/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2025/03/12/tietoturvan-suunnannayttaja-tunnustus-kimmo-rouskulle/
Tomi Engdahl says:
Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers.
https://www.securityweek.com/mandiant-uncovers-custom-backdoors-on-end-of-life-juniper-routers/
Security researchers at Mandiant have discovered a series of custom backdoors deployed on end-of-life Juniper Networks Junos OS routers by a Chinese cyberespionage group that has historically targeted network devices.
According to Mandiant documentation, the backdoors were planted on end‑of‑life hardware and software and included bypasses for Junos OS’s veriexec subsystem, a kernel‑based file integrity protection mechanism.
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers
Tomi Engdahl says:
Webinar Today: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks
How hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives.
https://www.securityweek.com/webinar-today-protecting-executives-and-enterprises-from-digital-narrative-and-physical-attacks/