This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
214 Comments
Tomi Engdahl says:
Government
Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections
The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election officials.
https://www.securityweek.com/trump-administration-halts-funding-for-two-cybersecurity-efforts-including-one-for-elections/
Tomi Engdahl says:
ICS/OT
China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days
Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems.
https://www.securityweek.com/chinas-volt-typhoon-hackers-dwelled-in-us-electric-grid-for-300-days/
Tomi Engdahl says:
Artificial Intelligence
Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers
Exploiting trust in the DeepSeek brand, scammers attempt to harvest personal information or steal user credentials.
https://www.securityweek.com/beware-of-deepseek-hype-its-a-breeding-ground-for-scammers/
Tomi Engdahl says:
Vulnerabilities
Zoom Patches 4 High-Severity Vulnerabilities
Zoom has patched five vulnerabilities in its applications, including four high-severity flaws.
https://www.securityweek.com/zoom-patches-4-high-severity-vulnerabilities/
Tomi Engdahl says:
Coder faces 10 years in jail after creating ‘kill switch’ that activated when he was fired
He was charged with causing ‘international damage’
https://www.uniladtech.com/news/coder-kill-switch-fired-10-years-jail-623973-20250312?fbclid=IwY2xjawI_f1lleHRuA2FlbQIxMQABHQwG4PFgzPpXAQnTeV3DcYuPSoTgSSQ0E5bWLUKkHZckyAJMkxRDuA06dQ_aem_gyZIGJxsXtpuuCufzmu2Gw
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17264-elon-musk-puhui-omiaan-x-alustaan-kohdistuneesta-kyberhyoekkaeyksestae
Tomi Engdahl says:
Brother annoys people with firmware update. HP says “hold my beer”… printers now unable to use official HP cartridges.
https://arstechnica.com/gadgets/2025/03/firmware-update-bricks-hp-printers-makes-them-unable-to-use-hp-cartridges/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/
Tomi Engdahl says:
Bug affecting PHP scripts demands ‘immediate action from defenders globally’
https://therecord.media/bug-affecting-php-scripts-global-issue
A vulnerability initially exploited mostly in cyberattacks against Japanese organizations is now a potential problem worldwide, researchers said Friday.
Threat intelligence company GreyNoise said exploitation of the bug, tracked as CVE-2024-4577, “extends far beyond initial reports,” referencing in particular a blog post published Thursday by cybersecurity firm Cisco Talos.
The Cisco Talos team had said an unknown attacker was “predominantly targeting organizations in Japan” in January through the vulnerability, which affects a setup called PHP-CGI that runs scripts on web servers. A patch was issued last summer.
The attacker’s apparent goal was to steal access credentials and potentially establish persistence in a system, “indicating the likelihood of future attacks,” Cisco Talos said.
Tomi Engdahl says:
https://www.cbsnews.com/news/cybersecurity-agencys-top-recruits-doge-cuts/
Tomi Engdahl says:
https://www.tomshardware.com/pc-components/cpus/you-can-now-jailbreak-your-amd-cpu-google-researchers-release-kit-to-exploit-microcode-vulnerability-in-zen-1-to-zen-4-chips
Tomi Engdahl says:
Elon Musk Is Helping U.S. Intelligence Turn Thousands of Satellites into a Planet-Wide Brain to Spy on Everything All the Time
The National Reconnaissance Office, USA’s most secretive spy agency, contracts with SpaceX to build & launch a “proliferated architecture” of AI-controlled spy satellites interfacing with Starlink
https://booty.substack.com/p/elon-musk-is-helping-us-intelligence?utm_medium=ios&triedRedirect=true
Tomi Engdahl says:
https://www.csoonline.com/article/3836778/microsoft-pushes-a-lot-of-products-on-users-but-heres-one-cybersecurity-can-embrace.html
Tomi Engdahl says:
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
Tomi Engdahl says:
https://cybersecuritynews.com/35000-websites-hacked-to-inject-malicious-scripts/
Tomi Engdahl says:
https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html
Tomi Engdahl says:
https://www.wired.com/story/1-million-third-party-android-devices-badbox-2/
Tomi Engdahl says:
https://securityaffairs.com/174923/security/u-s-cisa-adds-linux-kernel-and-vmware-esxi-and-workstation-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Tomi Engdahl says:
https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/
Tomi Engdahl says:
Free Security Incident Response Toolkit Released to Detect Cyber Intrusions
https://cybersecuritynews.com/free-security-incident-response-program/#google_vignette
Tomi Engdahl says:
Unpatched Edimax Camera Flaw Exploited Since at Least May 2024
A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year.
https://www.securityweek.com/unpatched-edimax-camera-flaw-exploited-since-at-least-may-2024/
Tomi Engdahl says:
https://www.securityweek.com/cisco-patches-10-vulnerabilities-in-ios-xr/
Tomi Engdahl says:
FreeType Zero-Day Being Exploited in the Wild
Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.
https://www.securityweek.com/freetype-zero-day-being-exploited-in-the-wild/
Meta’s Facebook security team has raised an alarm after spotting live exploitation of a zero-day vulnerability in the widely used FreeType software development library.
In a barebones advisory, Facebook warned that the security defect was found in FreeType versions 2.13.0 and below and provides a pathway for arbitrary code execution attacks.
“This vulnerability may have been exploited in the wild,” Facebook said, without providing any details on the reported attacks. The bug has been tagged as CVE-2025-27363 and carries a CVSS severity score of 8.1 out of 10.
The full Facebook bulletin:
“An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files.
The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution.”
Affected systems include those running older versions of FreeType, such as versions bundled with some older Linux distributions. Although the latest version, FreeType 2.13.3, is not vulnerable, many current systems remain at risk.
Organizations are advised to update FreeType to version 2.13.3 or later and monitor systems for signs of suspicious activity.
Tomi Engdahl says:
DeepSeek’s Malware-Generation Capabilities Put to Test
Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers.
https://www.securityweek.com/deepseeks-malware-generation-capabilities-put-to-test/
Researchers at security firm Tenable have analyzed the ability of the Chinese gen-AI DeepSeek to develop malware such as keyloggers and ransomware.
The DeepSeek R1 chatbot was released in January and it has made many headlines since, including regarding its susceptibility to jailbreaks.
Just like all major LLMs, DeepSeek has guardrails designed to prevent its use for malicious purposes, such as creating malware. However, these guardrails can be fairly easily bypassed using jailbreak methods.
When directly asked to write the code for a keylogger or a piece of ransomware, DeepSeek refuses to do so, arguing that it cannot assist users with anything that could be harmful or illegal.
However, Tenable used a jailbreak to trick the chatbot into writing the malicious code and leveraged DeepSeek’s chain-of-thought (CoT) capabilities to improve the results.
CoT simulates human-like reasoning for more complex tasks by breaking them up into a sequence of steps that need to be completed to achieve the main objective. Through CoT, the AI ‘thinks out loud’ to provide a step-by-step description of its reasoning process.
When Tenable used DeepSeek to create a keylogger, the gen-AI created a plan for completing the task and then produced the code in C++. The resulting code was buggy and the chatbot was unable to correct some of the errors to create a fully functional piece of malware without any manual intervention.
Tomi Engdahl says:
Cooglen Chromecast-sekoilu on malliesimerkki siitä, miten ei pidä toimia
https://etn.fi/index.php/13-news/17268-googlen-chromecast-sekoilu-on-malliesimerkki-siitae-miten-ei-pidae-toimia
Jos kuulut niiden miljoonien käyttäjien joukkoon, joilla on televisionsa kyljessä vanha toisen polven Chromecast-laite, et ole saanut toistettua ruudullasi mitään striimattavaa lähes viikkoon. Google ei ole vielä kertonut tarkkaan, mistä ongelmat johtuvat, mutta moka on osoittautumassa todella noloksi hakujätin kannalta.
Useat käyttäjät ovat raportoineet saaneensa virheilmoituksen, joka estää Chromecastia toimimasta normaalisti. Ongelmat alkoivat ilmaantua maanantaina ja ne vaikuttavat erityisesti vuonna 2015 julkaistuihin toisen sukupolven Chromecast-laitteisiin. Google on myöntänyt tiedostavansa ongelman ja työskentelevänsä ratkaisun parissa, mutta konkreettisia korjaustoimia ei ole vielä julkaistu.
Tilanne on herättänyt turhautumista monien uskollisten Google-käyttäjien keskuudessa. Chromecast on ollut suosittu helppokäyttöisyytensä ansiosta, ja monet ovat pitäneet sitä luotettavana laitteena. Nyt kuitenkin monet kokevat, että Google on jättänyt heidät pulaan.
Miksi Chromecast lakkasi toimimasta?
Vaikka Google ei ole paljastanut tarkkaa syytä ongelmille, käyttäjien esittämien huhujen mukaan kyseessä voi olla jokin seuraavista:
Sertifikaatio-ongelma – Osa käyttäjistä spekuloi, että laitteiden turvallisuussertifikaatit ovat vanhentuneet tai virheellisesti uusittu, mikä estää niiden yhteyden Googlen palvelimiin.
Ohjelmistopäivityksen bugi – Google on saattanut tehdä taustajärjestelmiinsä päivityksen, joka on vahingossa katkaissut vanhojen Chromecast-mallien toiminnan.
Laitteiden hiljainen hylkääminen – Vaikka Google lupasi jatkaa Chromecastin ohjelmistotukea, saattaa olla, että nämä vanhat laitteet eivät enää ole yrityksen prioriteettilistalla.
SSL/TLS-yhteensopivuusongelma – Vanhemmat laitteet saattavat olla yhteensopimattomia uusien verkkoturvaprotokollien kanssa, mikä voi estää niiden kommunikoinnin Googlen palvelimien kanssa.
Google on julkaissut lyhyen lausunnon, jossa se myöntää ongelman ja lupaa työskennellä ratkaisun parissa. Sen sijaan, että yritys olisi tarjonnut väliaikaisen kiertotien tai edes kunnollisen selityksen, käyttäjille on annettu vain epämääräinen kehotus “odottaa korjausta”.
Tomi Engdahl says:
Wall Street Journal:
Sources: Elon Musk visited the NSA and discussed staff reductions and operations with its leadership, after posting “the NSA needs an overhaul” on X last week
Elon Musk Made Visit to U.S. Spy Agency
Meeting between Musk and the National Security Agency’s leadership was ‘positive’ but comes after he called for its overhaul
https://www.wsj.com/politics/national-security/elon-musk-made-secret-visit-to-u-s-spy-agency-9b0b64e2?st=Z9Q1cK&reflink=desktopwebshare_permalink
Elon Musk visited the National Security Agency on Wednesday, current and former U.S. officials said, meeting with leadership a week after saying the intelligence and cybersecurity outfit needed an overhaul.
The discussion with the NSA, Musk’s first known visit to an intelligence agency, centered on staff reductions and operations, officials said, with one describing it as a “positive” conversation. Musk is leading the Trump administration’s efforts to shrink the size of government and align every agency’s mission with the president’s “America First” vision.
Musk’s Department of Government Efficiency, or DOGE, has been leading the Trump administration’s effort to shrink the federal government.
It isn’t clear whether Musk inquired about specific intelligence or military operations, one of the officials said. The visit came a day before the deadline for federal agencies to submit reorganization plans.
Tomi Engdahl says:
Hannah Ellis-Petersen / The Guardian:
Reuters journalist Raphael Satter sues the Indian government for revoking his Overseas Citizen status, after he wrote about hack-for-hire company Appin in 2023
https://www.theguardian.com/world/2025/mar/13/us-journalist-sues-indian-government-after-losing-his-overseas-citizenship
Tomi Engdahl says:
Eric Geller / Wired:
Interviews with seven CISA staff: mass layoffs and weak leadership are undermining CISA’s ability to protect against foreign adversaries and ransomware gangs
‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge
Employees at the Cybersecurity and Infrastructure Security Agency tell WIRED they’re struggling to protect the US while the administration dismisses their colleagues and poisons their partnerships.
https://www.wired.com/story/inside-cisa-under-trump/
Tomi Engdahl says:
Massive egg on its face. https://trib.al/DayWr5B
The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing
Oops.
https://lm.facebook.com/l.php?u=https%3A%2F%2Ftrib.al%2FDayWr5B%3Ffbclid%3DIwZXh0bgNhZW0CMTEAAR31deHkPqvFpanfzg6qq_uRDKu66Um0jLzdY1mQYjAzUnNyhFi9OUIaUWM_aem_Dj2ra49ygBtkTqj9_rotwA&h=AT1Uzfgb1FN6Mha-fIsI9q0qMv50s21_jCkZDvJaPmaqdgfiAkoAIoaNLhcUSWJ7uL-Zr3tvyDXMNfedjmbNkvwFp6TVtyDHQlmdoa1tzXk4Lmt1bstoGeKjs2uklQByqB7XwwZCX-ptN77yQpnLIEQe6yJXVg
During a Fox News interview earlier this week, multi-hypenate billionaire and X-formerly-Twitter owner Elon Musk blamed a “massive cyberattack” that repeatedly took down the site yesterday as coming from Ukraine.
But, as Wired reports, his evidence is flimsy at best. Musk claimed that “IP addresses” behind the attack originated in the embattled European nation. But as experts told the publication, that’s far from actual proof.
“What we can conclude from the IP data is the geographic distribution of traffic sources, which may provide insights into botnet composition or infrastructure used,” connectivity firm Zayo chief security officer Shawn Edwards told Wired. “What we can’t conclude with certainty is the actual perpetrator’s identity or intent.”
One researcher claimed in an interview with Wired that Ukraine wasn’t even in the top 20 IP addresses involved in the attack.
Since then, a pro-Palestine hacking group called Dark Storm Team claimed responsibility for the attacks in now-deleted Telegram posts.
And considering some glaring technical oversights, the hackers seem to have had a surprisingly easy time taking down the social media platform. Security researchers told Wired that several X origin servers, which are designated to respond to web requests, weren’t secured by the company’s Cloudflare protection.
Cloudflare offers services allowing websites to automatically detect and mitigate distributed denial-of-service (DDoS) attacks, like the most recent cyberattack targeting X.
“The botnet was directly attacking the IP and a bunch more on that X subnet yesterday,”
Put simply, X was ill-prepared, despite DDoS attacks being an extremely common threat to virtually all services on the internet. The company’s loose protections may have even allowed the incident to be far worse than it would’ve been otherwise.
It’d be far from the first time X has been thrown into chaos due to questionable decision-making and a bevy of bugs.
Put simply, X was ill-prepared, despite DDoS attacks being an extremely common threat to virtually all services on the internet. The company’s loose protections may have even allowed the incident to be far worse than it would’ve been otherwise.
It’d be far from the first time X has been thrown into chaos due to questionable decision-making and a bevy of bugs.
“There are kind of two types of cyber attacks — there are ones that are designed to be very loud and there are ones that are designed to be very quiet,” cyber operations Nicholas Reese told the Associated Press. “And the ones that are usually the most valuable are the ones that are very quiet.”
“Something like this was designed to be discovered,” he added. “So to me that almost certainly eliminates state actors. And the value that they would have gained from it is pretty low.”
Musk has certainly made plenty of enemies with his embracing of extreme-right ideologies and plundering of the US government. The dealerships of his car company Tesla have been targeted with protests and vandalism across the country, indicating a massive flare-up in anti-Musk sentiment.
In other words, a DDoS attack against Musk’s social media mouthpiece isn’t exactly surprising, regardless of who was behind it.
Elon Musk Has a Major Problem: Tesla Investors Are Absolutely Disgusted With Him
“Wow, what an overachiever ketamine boy is!”
https://futurism.com/tesla-investors-disgusted-elon-musk
Tomi Engdahl says:
https://hackaday.com/2025/03/14/this-week-in-security-the-x-ddos-the-esp32-basementdoor-and-the-camelcase-rce/
Tomi Engdahl says:
“We believe cybersecurity is national security.” NO DUH!!! Who among these mental giants finally figured that out?
White House instructs agencies to avoid firing cybersecurity staff, email says
https://www.msn.com/en-us/news/politics/white-house-instructs-agencies-to-avoid-firing-cybersecurity-staff-email-says/ar-AA1ARWvi?ocid=msedgntp&pc=HCTS&cvid=954ec35fdd994f17830ccb6157c9dfc2&ei=24&fbclid=IwY2xjawJBOW9leHRuA2FlbQIxMQABHTjOSWDuKjMY3ZDpUnIW_WtzY1pAexxQ6e-aZrjrWebVs2HqbHgDFOgVDw_aem_eK3KfD7Jhmp34JYMBofIAQ
WASHINGTON (Reuters) – The White House is urging federal agencies to refrain from laying off their cybersecurity teams, as they scramble to comply with a Thursday deadline to submit mass layoff plans to slash their budgets, according to an email seen by Reuters.
Selviydy veloistasi
Ad
Arkadia Rahoitus
Selviydy veloistasi
Expand article logo
Tomi Engdahl says:
Apple says the vulnerability may have been exploited in “an extremely sophisticated attack against specific targeted individuals” using older versions of iOS.
Apple patches 0-day exploited in “extremely sophisticated attack”
0-day exploited by maliciously crafted web content to break out of security sandbox.
https://arstechnica.com/security/2025/03/apple-patches-0-day-exploited-in-extremely-sophisticated-attack/?utm_source=facebook&utm_medium=social&utm_campaign=dhfacebook&utm_content=null&fbclid=IwZXh0bgNhZW0CMTEAAR0vesJtKw3BdNOYPPMt_h7Oba_EyiY6iNUTRjAlxoak7YzfCFQtEeznnKk_aem_AKhVV_f186uPotXDY1fUBQ
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisa-medusa-ransomware-hit-over-300-critical-infrastructure-orgs/
Tomi Engdahl says:
Apple’s alleged UK encryption battle sparks political and privacy backlash
National security defense being used to keep appeal behind closed doors
https://www.theregister.com/2025/03/14/apple_uk_encryption_hearing/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-creates-automated-tool-to-brute-force-vpns/
Tomi Engdahl says:
https://mobiili.fi/2025/03/13/google-julkaisi-korjauksen-chromecastit-lamauttaneeseen-ongelmaan/
Tomi Engdahl says:
https://thequantuminsider.com/2025/03/14/china-established-quantum-secure-communication-links-with-south-africa/
Tomi Engdahl says:
https://www.searchenginejournal.com/wordpress-backup-plugin-vulnerability-affects-5-million-websites/541952/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/facebook-discloses-freetype-2-flaw-exploited-in-attacks/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/apple/apple-fixes-webkit-zero-day-exploited-in-extremely-sophisticated-attacks/
Tomi Engdahl says:
https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryption
Tomi Engdahl says:
https://www.phonearena.com/news/google-gives-ios-android-users-an-ultimatum-to-update-timeline-settings_id168306#Echobox=1741384354
Tomi Engdahl says:
Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide
Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers’ most prized attack tools, with massive takedowns.
https://www.darkreading.com/threat-intelligence/cybercrime-cobalt-strike-use-plummets-worldwide
Tomi Engdahl says:
Tens of 1,000s of Orgs at Risk for Zero-Day VM Escape Attacks
More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.
https://www.darkreading.com/remote-workforce/zero-days-risk-vm-escape-attacks
Tomi Engdahl says:
Hundreds of men thought they were in relationships with popular OnlyFans models. Then they started noticing weird discrepancies. Holly Baxter reports on the murky phenomenon of ‘chatters’ — and the men who fell for them: https://trib.al/HKu5z1K
Tomi Engdahl says:
Two honest mistakes cost him everything. https://trib.al/cVKmMZO
Man’s Entire Life Destroyed After Downloading AI Software
https://futurism.com/the-byte/life-destroyed-ai?fbclid=IwY2xjawJDkONleHRuA2FlbQIxMQABHSCKLNpDXzFlbL4SAOwXKLhDzIxMVTP9cikuQDYL9rxRSdD3RitaSuM23A_aem_CDgJbzHjHekVYBhD_42sCA
“It’s impossible to convey the sense of violation.”
Last February, Disney employee Matthew Van Andel downloaded what seemed like a helpful AI tool from the developer site GitHub.
Little did he know that the decision would totally upend his life — resulting in everything from his credit cards to social security number being leaked to losing his job, as the Wall Street Journal reports.
“It’s impossible to convey the sense of violation,” the 42-year old Van Andel, who is the father of two boys, told the newspaper.
The software, an AI image generator, worked as advertised. But embedded into its files was a piece of malware
The next day, the hacker used Van Andel’s work credentials to perpetrate a massive data leak at Disney, dumping everything from private customer info to internal revenue numbers online. Van Andel’s personal info was caught in the mix, including financial accounts — suddenly barraged with unsolicited bills — his social media, and even his children’s Roblox logins.
In a blog post, the hacker gloated about the attack, naming Van Andel.
“1.1 terabytes of data, almost 10,000 channels, every message file possible, dumped,” wrote Nullbulge, per a WSJ screenshot. “We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special Matthew J Van Andel!”
Disney to ditch Slack following July data breach
https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html
Tomi Engdahl says:
Atte on palkkionmetsästäjä – alan korvaukset jopa 250 000 dollaria
https://www.is.fi/digitoday/tietoturva/art-2000011070634.html
Tomi Engdahl says:
TS: S-Pankin asiakas löysi tililtään 40 luvatonta tapahtumaa, syystä karu arvio
S-Pankin tileillä on tapahtunut outoja asioita, Turun Sanomat kertoo.
https://www.is.fi/digitoday/tietoturva/art-2000011098468.html
S-Pankin asiakkaat ovat tehneet erikoisia havaintoja. Turun Sanomien mukaan osa asiakkaista on huomannut itselleen täysin vieraita tilitapahtumia omilla tileillään helmi–maaliskuussa tänä vuonna.
S-Pankki ei kommentoi, liittyvätkö ongelmat vastikään oikeuteen päätyneeseen petoskokonaisuuteen. Siinä kaksi nuorta miestä onnistui kirjautumaan S-Pankin asiakkaiden tileille verkkopankissa olevaa ohjelmistohaavoittuvuutta hyödyntäen. Nämä nostivat uhrien tileiltä yhteensä 1,3 miljoonaa euroa.
Vuoden 2022 ongelmat johtuivat pankin tietoturvahaavoittuvuudesta, joka paikattiin saman vuoden elokuussa. Pankin kuitenkin uskotaan saaneen tiedon aukosta jo toukokuussa. Pankin mukaan kyseinen järjestelmävirhe korjattiin välittömästi, kun se tunnistettiin.
Tomi Engdahl says:
In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware.
https://www.securityweek.com/in-other-news-swiss-breach-disclosure-rules-esp32-chip-backdoor-disputed-massjacker/
Tomi Engdahl says:
New AI Security Tool Helps Organizations Set Trust Zones for Gen-AI Models
Measure the different level of risk inherent to all gen-AI foundational models and use that to fine-tune the operation of in-house AI deployments.
https://www.securityweek.com/new-ai-security-tool-helps-organizations-set-trust-zones-for-gen-ai-models/