This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
112 Comments
Tomi Engdahl says:
Huolestuttava ilmiö rehottaa Facebookissa
https://www.iltalehti.fi/digiuutiset/a/7871a3e6-dae2-4f4a-8382-cfca790a6fce
Kyytipalveluiden kuljettajien ja ruokalähettien käyttäjätilejä kaupitellaan kymmenissä Facebook-ryhmissä. Tilin ostamalla kuka tahansa voi esiintyä esimerkiksi Uberin hyväksymänä kuljettajana tai lähettinä. Yhtiöt yrittävät estää väärinkäytöksiä eri tavoin.
Kuskien ja kuriirien käyttäjätilejä kaupitellaan somessa hyvin avoimesti.
Alustat eivät salli käyttäjätilien jakamista, mutta puuttuminen ei ole helppoa.
Tuore yhdysvaltalaisraportti paljastaa käyttäjätilien kaupittelun laajuuden.
Yhdysvaltalainen uutiskanava CNN uutisoi voittoa tavoittelemattoman Tech Transparency Projectin raportista, joka paljastaa, että jopa täysin julkisissa Facebook-ryhmissä myydään, ostetaan ja vuokrataan muun muassa Uberin kuljettajatilejä.
Yhdessä Uber-tilien vuokraamiseen keskittyvässä kansainvälisessä ryhmässä on yli 22 000 jäsentä. Eräässä ryhmässä Uber Eats -ruoankuljetuspalvelun kuriiritiliä tarjottiin vuokralle 65 dollarilla eli vajaalla 60 eurolla.
Vastaavia Facebook-ryhmiä on raportin mukaan tunnistettu 80 kappaletta, ja niiden yhteenlaskettu jäsenmäärä on peräti 800 000. Monien ryhmien kohdalla niiden tarkoitus käy ilmi suoraan ryhmän nimestä, toisissa toiminta paljastuu vasta lähempää tarkastellessa.
Mustan pörssin ryhmät mahdollistavat alustojen taustatarkastusten ja ajokorttivaatimusten kiertämisen. Tilin ostava tai vuokraava henkilö voi esiintyä palvelun hyväksymänä kuljettajana tai lähettinä, mikä lisää käyttäjiin kohdistuvia riskejä.
‘Incredibly concerning’: Facebook black market groups offer rideshare and delivery driver accounts for sale, researchers say
https://edition.cnn.com/2025/04/14/tech/facebook-groups-buy-sell-uber-doordash-deliveroo-accounts/index.html
New York CNN —
“Need an Uber Eats account in Jacksonville, FL ASAP.” “I have one.”
“Looking for an Uber eats account to rent in Virginia.” “Available.”
Those exchanges were found on a public Facebook group with more than 22,000 members called “UBER ACCOUNT FOR RENT WORLDWIDE.” It’s just one of 80 Facebook groups where users regularly discuss buying, selling and renting driver accounts for Uber, DoorDash and UK-based Deliveroo that were identified in a new report from the non-profit tech watchdog Tech Transparency Project, which CNN received exclusively ahead of its Monday release.
These Facebook “black market groups” could let people bypass those platforms’ background checks and driver’s license requirements to fraudulently pose as a credentialed driver or delivery worker, researchers wrote in the report. And that could create risks for users who rely on safety assurances from apps such as Uber and DoorDash to ride in strangers’ cars or order deliveries to their homes.
“It’s incredibly concerning because part of the reason Uber has been such an attractive tool for women, in particular, is because there’s some sort of semblance of safety when there’s tracking of who this person is … if something were to happen,” said Tech Transparency Project Director Katie Paul. “If that’s not the case, then what’s the point of using this platform?”
Tomi Engdahl says:
The difference between ‘hate speech’ and ‘freedom of speech’
I hold Big Tech’s greed and exploitation of people accountable for the surge in the former – and a clampdown on the latter, writes WeAre8 founder Zoe Kalar: https://www.independent.co.uk/voices/hate-speech-free-speech-online-safety-act-trump-musk-b2734319.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/?fbclid=IwY2xjawJt_YNleHRuA2FlbQIxMQABHv85OLN0gie3JXN-dUbCINvYARuT6AB4pAD5k_BQrdtSq9wIH_WSl-0ieIyl_aem_1EXI05S21xIjYTktolrPcw
Tomi Engdahl says:
SSL/TLS certificate lifespans reduced to 47 days by 2029
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.
The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications.
Its members include major CAs like DigiCert and GlobalSign, as well as browser vendors such as Google, Apple, Mozilla, and Microsoft.
This proposal would gradually reduce the lifespan of certificates over the next four years from its current 398-day lifespan to 47 days in March 2029.
The goal is to minimize risks from outdated certificate data, deprecated cryptographic algorithms, and prolonged exposure to compromised credentials. It also encourages companies and developers to utilize automation to renew and rotate TLS certificates, making it less likely that sites will be running on expired certificates.
Tomi Engdahl says:
https://www.theregister.com/2025/04/15/ec_burner_devices/
EU gives staff ‘burner phones, laptops’ for US visits
That would put America on the same level as China for espionage
Tomi Engdahl says:
https://futurism.com/google-border-surveillance
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
Tomi Engdahl says:
Posti kerää kohta tietojasi uudella tavalla – tarkista asetukset nyt
Posti alkaa kohdentaa mainontaa asiakkailleen.
Posti kerää kohta tietojasi uudella tavalla – tarkista asetukset nyt
https://www.is.fi/digitoday/tietoturva/art-2000011173830.html
Tomi Engdahl says:
https://www.csoonline.com/article/3964668/hackers-target-apple-users-in-an-extremely-sophisticated-attack.html?fbclid=IwY2xjawJu26VleHRuA2FlbQIxMQABHkINNf_YkMNqFPDdATXe-KWCsjdVMnfcwdxlCfCH7QI4zYkKdSHPQdRIpsES_aem_ZKLa5orqI0aE3CCxDNwEjA
Tomi Engdahl says:
Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts
https://www.csoonline.com/article/3964113/whistleblower-alleges-russian-ip-address-attempted-access-to-us-agencys-systems-via-doge-created-accounts.html?fbclid=IwY2xjawJu6ClleHRuA2FlbQIxMQABHlrTSulaImLDZw2aUiLOVI1rnhn_ggG03qC1XKbPdBinevc3ZINXpNjJtRDG_aem_lZwXQ6I_77d17wm5K1pGew
This and other DOGE actions inside National Labor Relations Board systems constituted a “significant cybersecurity breach”, says affidavit sent to Senate Intelligence Committee members.
Tomi Engdahl says:
Google said it suspended 39.2 million advertiser accounts on its platform in 2024 — more than triple the number from the previous year — in its latest crackdown on ad fraud.
By leveraging large language models (LLMs) and using signals such as business impersonation and illegitimate payment details, the search giant said it could suspend a “vast majority” of ad accounts before they ever served an ad.
Read more from Jagmeet Singh here: https://tcrn.ch/42OvAHC
#TechCrunch #technews #artificialintelligence #Google
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/?fbclid=IwZXh0bgNhZW0CMTEAAR4xy1MCUGOVomgZ-f_HeVUNJ24o6Cd3KMqQ21GzMrrIrYkI97Vz8YPKzlrRBw_aem_a7JZ_UTqU_M7Akdhm_EYkA