This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
214 Comments
Tomi Engdahl says:
New CCA Jailbreak Method Works Against Most AI Models
Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems.
https://www.securityweek.com/new-cca-jailbreak-method-works-against-most-ai-models/
Two Microsoft researchers have devised a new, optimization-free jailbreak method that can effectively bypass the safety mechanisms of most AI systems.
Called Context Compliance Attack (CCA), the method exploits a fundamental architectural vulnerability present within many deployed gen-AI solutions, subverting safeguards and enabling otherwise suppressed functionality.
“By subtly manipulating conversation history, CCA convinces the model to comply with a fabricated dialogue context, thereby triggering restricted behavior,” Microsoft’s Mark Russinovich and Ahmed Salem explain in a research paper (PDF).
“Our evaluation across a diverse set of open-source and proprietary models demonstrates that this simple attack can circumvent state-of-the-art safety protocols,” the researchers say.
Tomi Engdahl says:
FreeType Zero-Day Being Exploited in the Wild
Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.
https://www.securityweek.com/freetype-zero-day-being-exploited-in-the-wild/
Tomi Engdahl says:
Management & Strategy
RSA Conference Playbook: Smart Strategies from Seasoned Attendees
Your guide on how to get through the conference with your sanity, energy, and key performance indicators (KPIs) intact.
https://www.securityweek.com/rsa-conference-playbook-smart-strategies-from-seasoned-attendees/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2025/03/17/tekoalyhanke-pyrkii-tunnistamaan-langattomien-kyberhyokkaykset/
Tomi Engdahl says:
https://hackaday.com/2025/03/15/my-scammer-girlfriend-baiting-a-romance-fraudster/
Tomi Engdahl says:
Daniel Thomas / Financial Times:
Ofcom will enforce rules under the UK’s Online Safety Act, designed to protect internet users from illegal content and harmful activity online, from March 17 — Regulator Ofcom will begin assessing tech groups’ compliance with new obligations under Online Safety Act
https://www.ft.com/content/91414488-7146-4b9c-9ac4-15767be4ec9f
Tomi Engdahl says:
Käytettiinkö Belgradissa laitonta ääniasetta? Mielenosoittajat valtasi pakokauhu Serbiassa
Video|Serbian hallintoa syytetään laittoman ääniaseen käyttämisestä lauantain mielenosoituksessa. Maan oikeuslaitos uhkailee ”misinformaatiota” levittäviä mielenosoittajia oikeustoimilla.
https://www.hs.fi/maailma/art-2000011102442.html?utm_medium=alsoreadthese&utm_campaign=hs_tf&utm_source=www.is.fi
Tomi Engdahl says:
K-Citymarketin asiakkaat näkivät toistensa henkilötietoja
Joukko K-Citymarketin verkkosivujen käyttäjiä joutui järjestelmävirheen uhriksi.
https://www.iltalehti.fi/digiuutiset/a/38fdc302-e355-4842-8764-be750cc532cd
Tomi Engdahl says:
Annoitko vanhan puhelimesi eteenpäin, ennen kuin teit nämä toimenpiteet? Huonompi homma
Moni älyää ottaa tärkeät tiedot ja valokuvat talteen vanhasta laitteesta, mutta se ei ole suinkaan tärkein toimenpide.
https://www.iltalehti.fi/digiuutiset/a/12043913-2dd8-4a6c-a6af-bacf507dffc4
Oli käytettyä puhelinta sitten viemässä kierrätykseen tai myymässä eteenpäin, on omasta tietoturvasta syytä pitää tiukasti kiinni.
Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on ohjeistanut, kuinka käytetyt älylaitteet laitetaan eteenpäin tietoturvallisesti.
Älylaitteiden tietoturvallinen kierrättäminen
Siirrä itsellesi tärkeät tiedot ja kuvat pilvipalveluun tai esimerkiksi ulkoiselle kovalevylle ennen laitteen tyhjentämistä.
Kirjaudu ulos sometileiltä ja sovelluksista. Jos laitetta on käytetty monivaiheisen tunnistautumiseen, tulisi laite poistaa monivaiheisen tunnistautumisen välineistä kyseisestä palvelusta.
Tyhjennä laitteen sisältö palauttamalla se tehdasasetuksille sekä poista mahdolliset SIM- ja muistikortit.
Jos laite ei toimi, on sen fyysinen tuhoaminen paras tapa varmistaa, että tiedot häviävät.
Vie laite SER-kierrätykseen, kun olet varmistunut tärkeiden tietojen tallentamisesta ja henkilökohtaisen datan poistamisesta. Sähkö- ja elektroniikkalaitteita ei saa heittää sekajätteeseen
Älylaitteetkin kuuluvat kierrätykseen – tee se tietoturvallisesti
https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskuksen-viikkokatsaus-092025#83023-0
Android-laitteen tehdasasetusten palauttaminen
Jos haluat poistaa kaiken datan puhelimeltasi, voit palauttaa puhelimen tehdasasetukset. Tehdasasetusten palauttamista kutsutaan myös formatoimiseksi tai laitekäynnistykseksi.
https://support.google.com/android/answer/6088915?hl=fi
Tomi Engdahl says:
Saitko tällaisen viestin Kelalta? Älä avaa
Kela muistuttaa, ettei se koskaan lähetä linkin sisältäviä teksti- tai sähköpostiviestejä.
https://www.iltalehti.fi/digiuutiset/a/b18ccd16-e203-40d3-bcff-93dfe5101923
Kela varoittaa huijausviesteistä, joiden avulla yritetään kalastella suomalaisten henkilötietoja.
Kela kertoo muun muassa liikkeellä olevasta huijausyrityksestä, jossa viestin vastaanottajaa pyydetään muuttamaan omia sairausvakuutustietoja. Viestissä on mukana linkki, jonka avaamalla päätyy huijaussivustolle.
Tomi Engdahl says:
Varoitus S-pankin asiakkaille – Älä päivitä
S-pankin asiakkaiden pankkitunnuksia kalastellaan oudolla sähköpostilla.
https://www.iltalehti.fi/digiuutiset/a/4e3c8194-5829-4ec3-9d89-b37fc230b070
Liikenne- ja viestintävirasto Traficomin alaisuudessa toimiva Kyberturvallisuuskeskus varoittaa liikkeellä olevasta huijauksesta, joka kohdistuu S-pankin asiakkaisiin.
Sähköpostitse tulevassa huijausviestissä annetaan ymmärtää, että verkkopankkien käyttäjien olisi käytävä ”säännöllisessä järjestelmätarkastuksessa”, joka ”lain mukaan” on kaikille pakollinen puolen vuoden välein.
Sanomattakin on selvää, että tämä ei pidä paikkaansa, vaan on täyttä huijausta.
S-pankin nimissä tulevassa huijausviestissä kehotetaan päivittämään sekä omat että lapsen tiedot. Mukana on linkki, jota klikkaamalla päätyy huijaussivustolle. Kyse on siis varsin klassisesta tapauksesta.
Tomi Engdahl says:
2 Bytes Was Enough To Breach The US Treasury
https://www.youtube.com/watch?v=rgsIkZkflMw
0:00
on December 30th 2024 the US Treasury
0:03
Department announced that the state
0:05
sponsored Chinese hackers had apparently
0:08
breached the department systems the
0:11
attackers got in through a tool called
0:14
Beyond trust a remote support software
0:17
and there was a bug in their database
0:20
that had been sitting there for years
0:22
just waiting to be found what you’re
0:24
about to see is just how two bytes was
0:27
enough to expose a fundamental flaw in
0:30
the postgress database one of the most
0:33
or if not the most used database out
0:36
there a flaw that is so simple that it
0:39
challenged our core assumptions about
0:42
preventing SQL injections in the first
0:44
place so without further Ado let’s get
Tomi Engdahl says:
Supo haluaa tietää, jos olet saanut tällaisen viestin – Kyseessä kansallinen turvallisuus
https://www.iltalehti.fi/digiuutiset/a/67fd8028-4a66-4b57-8087-156083b704da
Suojelupoliisin mukaan Kiina hyödyntää sosiaalisen median alustoja tiedustelussaan. Supo pyytää suomalaisia ilmoittamaan epäilyttävistä yhteydenotoista ja työtarjouksista.
Yksi Kiinan tiedustelun suosimista alustoista on Linkedin. Siellä tapahtuvia värväysyrityksiä voi olla supon mukaan vaikea tunnistaa Kiinan tiedusteluun liittyviksi.
– Värväysprosessi LinkedInissä alkaa tyypillisesti siten, että tiedustelu-upseeri tai hänen laskuunsa toimiva henkilö lähestyy kohdehenkilöä jonkin yrityksen nimissä, supon katsauksessa kerrotaan.
Kohdetta saatetaan esimerkiksi pyytää kirjoittamaan raportti jostakin Kiinaa kiinnostavasta aiheesta, kuten poliittisesta päätöksenteosta tai huipputeknologian osaamisesta. Kohdetta saatetaan myös kosiskella konsultaatiokeskusteluun aiheesta. Palveluksesta saatetaan tarjota myös palkkio.
Yhteyttä ottavaa henkilöä ei pysty välttämättä lainkaan yhdistämään Kiinaan. Hän voi esiintyä esimerkiksi kuvitteellisen tai todellisen rekrytointi- tai konsultointiyrityksen edustajana.
Aiemmin maaliskuussa suojelupoliisin päällikkö Juha Martelius sanoi, että Suomessa on hankittava lisää tietoa Kiinasta, joka tällä hetkellä mahdollistaa Venäjän sotimisen Ukrainassa.
– Venäjä ja Kiina kohdistavat jatkuvaa ja aktiivista vakoilua Suomeen, Martelius sanoi.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17280-tutkimus-suurin-osa-apple-storen-sovelluksista-vuotaa-dataa
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
A critical Apache Tomcat RCE flaw is being exploited, letting attackers take over servers via a PUT request; Wallarm: the attack “requires no authentication”
https://www.bleepingcomputer.com/news/security/critical-rce-flaw-in-apache-tomcat-actively-exploited-in-attacks/
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.
Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week.
The malicious activity was confirmed by Wallarm security researchers, who warned that traditional security tools fail to detect it as PUT requests appear normal and the malicious content is obfuscated using base64 encoding.
Tomi Engdahl says:
Not a fan of AI? A recent Windows update can actually remove Microsoft’s Copilot assistant from the OS.
As the company promotes generative AI to the public, Redmond accidentally introduced a software bug last week that can delete the Copilot program from PCs running Windows 10 or 11.
The problem affects the March 11th updates for both operating systems. “We’re aware of an issue with the Microsoft Copilot app affecting some devices. The app is unintentionally uninstalled and unpinned from the taskbar,” the company wrote in the support pages.
In a bit of irony though, some Windows users have said “I wish this wasn’t a bug” after learning that Microsoft has been mistakenly deleting the Copilot app.
“Amazing, Microsoft fixes their own bloat,” joked one user on Reddit. “Finally a good feature,” wrote another.
More at PCMag
https://www.pcmag.com/news/oops-update-accidentally-removes-copilot-from-windows
Tomi Engdahl says:
Jos päädyt tähän pieneen huoneeseen Helsinki-Vantaalla, sisuskalusi näkyvät pian ruudulla: Tämä uusi laite on salakuljettajien kauhu
Tulli saa uudella laitteellaan kuvattua kehon sisällä kuljetetut huumeet.
https://www.iltalehti.fi/kotimaa/a/b13a3ba3-b642-4ad1-bac4-663e6b7c1de0
Tomi Engdahl says:
Onko kotonasi tällainen reititin? Tarkista päivitykset – hyökkäykset käynnissä
https://www.is.fi/digitoday/tietoturva/art-2000011103710.html
Tomi Engdahl says:
Financial Times:
Sources: Alphabet has agreed to buy cybersecurity startup Wiz for at least $32B and will announce the deal today, after talks over a $23B deal failed in 2024 — Previous round of negotiations to purchase group fell through last year — Google parent Alphabet has agreed to buy cyber security start …
https://www.ft.com/content/26ae0691-b133-42cc-b239-0da88e1b603d
Tomi Engdahl says:
Amazon is killing its “Do Not Send Voice Recordings” privacy feature on March 28 as the company aims to bolster Alexa+, its new subscription assistant.
https://www.wired.com/story/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-march-28/?utm_source=facebook&utm_medium=social&utm_campaign=aud-dev&utm_brand=wired&utm_social-type=owned&fbclid=IwZXh0bgNhZW0CMTEAAR2kwOeG6hfP0h65qtsjGo91iiQnjADdmIl7bTIDdyuG-C4k9trDkfcH5c8_aem_gMHhv884Rax_5xL6meQs2w
Everything You Say to Your Echo Will Soon Be Sent to Amazon, and You Can’t Opt Out
Amazon is killing its “Do Not Send Voice Recordings” privacy feature on March 28 as the company aims to bolster Alexa+, its new subscription assistant.
Tomi Engdahl says:
Endpoint Security
Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover
A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks.
https://www.securityweek.com/critical-ami-bmc-vulnerability-exposes-servers-to-disruption-takeover/
A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks, according to firmware and hardware security company Eclypsium.
Eclypsium has been analyzing AMI BMC security for years. In the summer of 2023, the company disclosed two serious flaws, warning that they could expose millions of devices that use AMI’s MegaRAC BMC to takeover and physical damage.
The company’s researchers on Tuesday reported discovering a new flaw, tracked as CVE-2024-54085. The new vulnerability is similar to CVE-2023-34329, one of the 2023 vulnerabilities, which allows authentication bypass, but it’s unclear if CVE-2024-54085 is the result of an incomplete patch or an entirely new security hole — that is still being investigated.
The BMC enables administrators to remotely monitor and control devices, including to update firmware and install operating systems. BMC made by AMI is present in millions of devices worldwide, including ones made by Asrock, Asus, Arm, Dell, Gigabyte, HPE, Huawei, Inspur, Lenovo, Nvidia, and Qualcomm.
According to Eclypsium, CVE-2024-54085 has been confirmed to impact servers made by HPE, Asus, Asrock and Lenovo. AMI, Lenovo and HPE appear to have published advisories to date to inform customers about patches and mitigations.
While AMI has made available patches, it’s now up to OEMs to push them out to their customers through updates.
A Shodan search conducted by the security firm revealed more than 1,000 internet-exposed MegaRAC instances that could be vulnerable to such attacks. However, a significantly higher number could be vulnerable to attacks conducted by local or network attackers.
Tomi Engdahl says:
Application Security
Google Releases Major Update for Open Source Vulnerability Scanner
Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers.
https://www.securityweek.com/google-releases-major-update-for-open-source-vulnerability-scanner/
Tomi Engdahl says:
Suomalaisten puhelimiin kilahti aamuyön tunteina satojatuhansia viestejä – Poliisi: Massiivista
Rikolliset ovat kalastelleet suomalaisten pankkitunnuksia massiivisella huijausviestien aallolla.
https://www.iltalehti.fi/digiuutiset/a/72a28453-1222-4380-b586-66c97d5ce77a
Suomalaisille lähetettiin lauantaina 15. maaliskuuta satojatuhansia huijausviestejä. Sisä-Suomen poliisin tietoverkkoavusteisten rikosten tutkintayksikkö kertoo tiedotteessa, että viestit lähetettiin aamuyön tunteina.
Viesteillä yritettiin sekä kalastella verkkopankkitunnuksia että saada vastaanottajat tekemään kiireellisiä maksuja. Toisessa huijauksessa on poliisin mukaan esiinnytty verottajana, kun taas toinen on ollut klassinen ”hei äiti” -huijaus, jossa rikollinen on esiintynyt viestin vastaanottajan lapsena. Jälkimmäisessä tapauksessa keskustelu on yritetty ohjata Whatsappiin.
Tomi Engdahl says:
Carly Page / TechCrunch:
CISA scrambles to contact 130+ fired employees after court rules the layoffs unlawful but says re-hired staff will immediately be placed on administrative leave
CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’
https://techcrunch.com/2025/03/18/cisa-scrambles-to-contact-fired-employees-after-court-rules-layoffs-unlawful/
The U.S. government’s cybersecurity agency is scrambling to contact more than 130 former employees after a federal court ruled that the Trump administration must reinstate workers it “unlawfully” fired.
U.S. District Judge James Bredar last week ordered the Trump administration to reinstate employees laid off across a number of U.S. government agencies, including the Department of Homeland Security, which oversees the Cybersecurity and Infrastructure Security Agency (CISA).
The ruling focuses on federal probationary employees, which include workers who were hired or promoted within the past three years. CISA fired 130 probationary employees in February, as part of the Trump administration’s broad push to slash the federal workforce.
CISA is now seeking to contact the since-fired employees, according to a message displayed on CISA’s website. The message indicates the agency doesn’t have contact information for all of the former employees it fired — or isn’t aware of all the staffers who were affected by the cuts.
“CISA is making every effort to individually contact all impacted individuals,” the message reads, adding that fired employees who believe they fall under the court’s order to “please reach out.”
Tomi Engdahl says:
Matt Kapko / CyberScoop:
Flashpoint: 3.2B credentials were stolen from organizations in 2024, up 33% YoY, of which 2.1B were compromised using info-stealing malware infecting 23M hosts — Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint. — Learn more.
Infostealers fueled cyberattacks and snagged 2.1B credentials last year
Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint.
https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/
Tomi Engdahl says:
The Verge:
Alphabet acquires NYC-based cybersecurity startup Wiz for $32B cash, its largest acquisition yet, pending approval; antitrust fears stalled a $23B deal in 2024 — The acquisition is Alphabet’s biggest yet, after a $23 billion takeover attempt stalled last year.
Google acquires cybersecurity firm Wiz for $32 billion
https://www.theverge.com/google/24198766/google-acquires-wiz-cloud-cybersecurity-32-billion
The acquisition is Alphabet’s biggest yet, after a $23 billion takeover attempt stalled last year.
Tomi Engdahl says:
https://www.idrive.com/microsoft-office-365-backup/
Tomi Engdahl says:
You have 4 days to update Firefox before everything breaks
This upgrade isn’t optional.
https://www.zdnet.com/article/you-have-4-days-to-update-firefox-before-everything-breaks/
On March 14, 2025, a root certificate used to verify signed content and add-ons for Firefox, Thunderbird, and other Mozilla projects expired. The expiration of this certificate will cause problems for Firefox users unless they update to version 128 (or ESR 115.13+). This includes versions for Linux, MacOS, Windows, Android, and iOS — in other words, all platforms.
Without updating, all features that rely on remote updates will cease to function, all add-ons will be automatically disabled, and DRM-protected content will stop playing. In addition, all systems dependent on content verification could stop functioning as expected.
The web browser itself will continue to work, but much of what you do with the browser will be broken.
This means every Firefox user around the world must update to the latest version; otherwise, they’ll find out the hard way that this upgrade isn’t optional.
Tomi Engdahl says:
https://www.securityweek.com/chatgpt-vulnerability-exploited-against-us-government-organizations/
Tomi Engdahl says:
Application Security
Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
https://www.securityweek.com/popular-github-action-targeted-in-supply-chain-attack/
A popular GitHub Action has been compromised in a supply chain attack apparently targeting secrets associated with continuous integration and continuous delivery (CI/CD).
The targeted GitHub Action is called ‘tj-actions/changed-files’. Tj-actions provides GitHub Actions for streamlining CI/CD processes. Changed-files, which is actively used in over 23,000 repositories, is designed for tracking file and directory changes.
According to StepSecurity, a security company specializing in GitHub Actions, the incident started on March 14 and involved a threat actor modifying the Changed-files code to execute a malicious Python script designed to dump CI/CD secrets to build logs.
“If the workflow logs are publicly accessible (such as in public repositories), anyone could potentially read these logs and obtain exposed secrets,” StepSecurity said.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17289-chromecast-heraesi-henkiin
Googlen toisen sukupolven Chromecast-laitteita piinannut laajamittainen toimintahäiriö on viimein saatu korjattua.
Tomi Engdahl says:
The Citizen Lab:
A look at Israeli spyware company Paragon, which makes Graphite: suspected deployments in Australia, Canada, Cyprus, and others, a WhatsApp zero-click, and more — Key Findings — Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite.
Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
Tomi Engdahl says:
Artificial Intelligence
ChatGPT Tool Vulnerability Exploited Against US Government Organizations
A year-old vulnerability in ChatGPT is being exploited against financial entities and US government organizations.
https://www.securityweek.com/chatgpt-vulnerability-exploited-against-us-government-organizations/
Threat actors are targeting a year-old server-side request forgery (SSRF) vulnerability in a third-party ChatGPT tool, mainly against financial entities and US government organizations, cybersecurity firm Veriti reports.
The affected tool is called ChatGPT, but it’s not made by OpenAI. Instead, it’s an open source tool created by a Chinese developer, designed to provide an interface for interacting with the ChatGPT gen-AI service.
The bug, tracked as CVE-2024-27564, is a medium-severity issue affecting the pictureproxy.php file. It allows attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests.
Reported in September 2023 and publicly disclosed one year ago, the flaw can be exploited without authentication, and has had proof-of-concept (PoC) exploit code available publicly for some time.
According to Veriti, at least one threat actor has added an exploit for CVE-2024-27564 to its arsenal, and has started probing the internet for vulnerable applications.
Within a single week, the cybersecurity firm observed over 10,000 attack attempts coming from a single IP address. Roughly one-third of the targeted organizations are potentially at risk of exploitation due to misconfigurations in their protection solutions, Veriti warns.
Tomi Engdahl says:
Cybercrime
March Madness Requires Vigilance on Both an Individual and Corporate Level
Defending high profile sporting events from adversarial attacks requires a mix of experienced capabilities and a solid threat intelligence program.
https://www.securityweek.com/march-madness-requires-vigilance-on-both-an-individual-and-corporate-level/
With the Super Bowl and NBA All-Star weekend behind us this means March Madness is nearly upon us. I’m sure most of us know about March Madness, which is the nickname for the National Collegiate Athletic Association’s (NCAA) Division I men’s and women’s college basketball tournaments.
Emotions run high around this tournament, as millions of people across America fill out March Madness “brackets” with the hope of predicting the Final Four as 67 games are played over a 3-week period in March and April. I’m a life-long March Madness fan and I absolutely understand the excitement it generates. I even did my college Honors paper on inter-collegiate athletics (men’s football and basketball), how their teams performed, how far they got in tournaments and how that correlated with alumni contributions to the school. I won’t bore you with the findings here, but you won’t be surprised that money flowed in based on results relative to expectations; such is the very personal connection that sporting success generates.
Tomi Engdahl says:
Cybersecurity Funding
Orion Security Raises $6 Million to Tackle Insider Threats and Data Leaks with AI-Driven DLP
Orion protects against data exfiltration by using AI to compare actual data flows against permitted and expected data flows.
https://www.securityweek.com/orion-security-raises-6-million-to-tackle-insider-threats-and-data-leaks-with-ai-driven-dlp/
Orion Security has emerged from stealth with a $6 million seed funding round led by Pico Partners and FXP, with participation from Underscore VC and cybersecurity leaders. Based in Tel Aviv, Israel, the firm was founded in 2024 by Nitay Milner (CEO) and Yonatan Kreiner (CTO) with a mission to use AI to revitalize data leak prevention (DLP).
Orion’s platform automatically learns and understands how data normally flows within an organization. “By using AI to map and understand an organization’s operational DNA, we’re enabling a new generation of data protection that can accurately distinguish between legitimate business workflows and potential data theft, without burdening an already overstretched security team,” explains Milner.
Orion uses two primary AI models. The first uses multiple LLMs to understand and classify company data: is it PCI traffic, is it unstructured IP, is it PII or PHI with SSNs or private addresses. “The second,” says Milner, “is a reasoning model. It helps you understand the entire context around a data incident. Who sent this data outside? What department does he work for? Where did this data go? What is this data containing? It basically considers all the criteria around an incident to be able to decide whether it was a genuine incident or just a legitimate business flow inside the company.”
Tomi Engdahl says:
Reuters:
Baidu denies data breach allegations after a top executive’s teenage daughter leaked users’ personal info, including phone numbers, following an online argument
https://www.reuters.com/technology/cybersecurity/chinas-baidu-denies-data-breach-after-executives-daughter-leaks-personal-info-2025-03-20/
Tomi Engdahl says:
MOT:n uutisoimasta petostehtaasta aloitettu rikostutkinta – Georgian syyttäjä takavarikoi ammattihuijareiden omistuksia
Valesijoituksilla huijannut rikollisverkosto paljastui, kun toimittajaryhmä tutki laajaa tietovuotoa petostehtaan sisältä. Uhreja on tuhansia eri maissa, myös Suomessa.
https://yle.fi/a/74-20150492
Tomi Engdahl says:
Euroopan vilkkain lentoasema suljettiin koko perjantaiksi
Tulipalo läheisellä sähkönjakoasemalla aiheutti laajan sähkökatkon Heathrow’n lentoasemalla Lontoossa.
Euroopan vilkkain lentoasema suljettiin koko perjantaiksi
https://www.is.fi/ulkomaat/art-2000011113592.html
Tomi Engdahl says:
https://www.catonetworks.com/blog/cato-ctrl-ballista-new-iot-botnet-targeting-thousands-of-tp-link-archer-routers/
Tomi Engdahl says:
https://blog.cloudflare.com/cloudflare-radar-ddos-leaked-credentials-bots/
Tomi Engdahl says:
https://www.hackster.io/news/vincent-bernat-turns-three-yubikeys-and-a-cheap-single-board-computer-into-a-secure-offline-pki-1735b4ad7fc2
Tomi Engdahl says:
KRP epäilee rikosta Helsingin kaupungin toiminnassa – poliisin arvio tietomurron uhrimäärästä ”laajassa haarukassa”
Helsingin kasvatuksen ja koulutuksen toimialaan kohdistui tietomurto toukokuussa 2024. Esitutkinnassa selvitetään, onko Helsingin kaupunki suojannut tietoja asianmukaisesti.
https://yle.fi/a/74-20149294
Helsingin kaupunkia epäillään rikoksesta jättimäisessä tietomurrossa
Rikosepäilyt|Helsingin kaupunkia epäillään rikoksesta tietomurrossa vuonna 2024. Murto koski satojatuhansia oppilaita, vanhempia ja työntekijöitä.
https://www.hs.fi/helsinki/art-2000011095384.html
Tomi Engdahl says:
Introducing Cloudy, Cloudflare’s AI agent for simplifying complex configurations
https://blog.cloudflare.com/introducing-ai-agent/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/
Tomi Engdahl says:
https://www.scworld.com/brief/data-breach-refuted-by-baidu-after-user-info-leak
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-bug-mistakenly-quarantines-user-emails/
Tomi Engdahl says:
https://cybersecuritynews.com/microsoft-windows-file-explorer-vulnerability-let-attackers/
Tomi Engdahl says:
Hacker who ‘took down North Korea’s internet for over a week’ lets people ask him any question they want about it
He claimed it wasn’t that hard to hack.
https://www.uniladtech.com/news/hacker-took-down-north-korea-internet-answers-questions-410121-20240621
Tomi Engdahl says:
https://blog.cloudflare.com/https-only-for-cloudflare-apis-shutting-the-door-on-cleartext-traffic/
Tomi Engdahl says:
Härski ilmiö havaittu suosituissa kauppaketjuissa – supo: ”On hyvä muistaa…”
Ilmiön taustalla voi olla monia motiiveja.
Härski ilmiö havaittu suosituissa kauppaketjuissa – supo: ”On hyvä muistaa…”
https://www.is.fi/digitoday/art-2000011103486.html
Nykyään sähkö- ja elektroniikkalaitteiden myyjillä on velvollisuus ottaa vastaan vanhoja laitteita kierrätystä varten. Lieveilmiönä laitteiden keräyksessä on havaittu kierrätettävien laitteiden tai niiden osien varastelua.
Härskeimmillään laitteita on kyselty niitä suoraan kierrätykseen vieviltä asiakkailta. Loimaan Gigantin toimitusjohtaja Aki Rauhala kertoi aiemmin IS:lle, että ilmiö oli selvinnyt hänelle, kun asiakkaalta oli jo auton ikkunasta kysytty laitetta.
Vinkin mukaan lukija olisi ollut Gigantin pihassa nostamassa kierrätystavaroita autostaan, kun häneltä tultiin kysymään, voisiko hän antaa tietokoneen ja tabletin tiedustelijalle. Kun lukija kieltäytyi, henkilö oli väitetysti tarjonnut laitteista 50 euroa.
Lukijan mukaan henkilö olisi käyttänyt vuoropuheluun kääntäjää, jonka alkuperäiskieli olisi ollut venäjä.
Gigantin Rauhala kertoi aiemmin, että Loimaalla varkaita kiinnostavat erityisesti kuparia sisältävät laitteet ja johdot. Mitä ilmeisemmin varastettu kupari menee myyntiin. Korkeimmillaankin kupariromun kilohinta vaikuttaa olevan muutamia euroja.