This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
132 Comments
Tomi Engdahl says:
Huolestuttava ilmiö rehottaa Facebookissa
https://www.iltalehti.fi/digiuutiset/a/7871a3e6-dae2-4f4a-8382-cfca790a6fce
Kyytipalveluiden kuljettajien ja ruokalähettien käyttäjätilejä kaupitellaan kymmenissä Facebook-ryhmissä. Tilin ostamalla kuka tahansa voi esiintyä esimerkiksi Uberin hyväksymänä kuljettajana tai lähettinä. Yhtiöt yrittävät estää väärinkäytöksiä eri tavoin.
Kuskien ja kuriirien käyttäjätilejä kaupitellaan somessa hyvin avoimesti.
Alustat eivät salli käyttäjätilien jakamista, mutta puuttuminen ei ole helppoa.
Tuore yhdysvaltalaisraportti paljastaa käyttäjätilien kaupittelun laajuuden.
Yhdysvaltalainen uutiskanava CNN uutisoi voittoa tavoittelemattoman Tech Transparency Projectin raportista, joka paljastaa, että jopa täysin julkisissa Facebook-ryhmissä myydään, ostetaan ja vuokrataan muun muassa Uberin kuljettajatilejä.
Yhdessä Uber-tilien vuokraamiseen keskittyvässä kansainvälisessä ryhmässä on yli 22 000 jäsentä. Eräässä ryhmässä Uber Eats -ruoankuljetuspalvelun kuriiritiliä tarjottiin vuokralle 65 dollarilla eli vajaalla 60 eurolla.
Vastaavia Facebook-ryhmiä on raportin mukaan tunnistettu 80 kappaletta, ja niiden yhteenlaskettu jäsenmäärä on peräti 800 000. Monien ryhmien kohdalla niiden tarkoitus käy ilmi suoraan ryhmän nimestä, toisissa toiminta paljastuu vasta lähempää tarkastellessa.
Mustan pörssin ryhmät mahdollistavat alustojen taustatarkastusten ja ajokorttivaatimusten kiertämisen. Tilin ostava tai vuokraava henkilö voi esiintyä palvelun hyväksymänä kuljettajana tai lähettinä, mikä lisää käyttäjiin kohdistuvia riskejä.
‘Incredibly concerning’: Facebook black market groups offer rideshare and delivery driver accounts for sale, researchers say
https://edition.cnn.com/2025/04/14/tech/facebook-groups-buy-sell-uber-doordash-deliveroo-accounts/index.html
New York CNN —
“Need an Uber Eats account in Jacksonville, FL ASAP.” “I have one.”
“Looking for an Uber eats account to rent in Virginia.” “Available.”
Those exchanges were found on a public Facebook group with more than 22,000 members called “UBER ACCOUNT FOR RENT WORLDWIDE.” It’s just one of 80 Facebook groups where users regularly discuss buying, selling and renting driver accounts for Uber, DoorDash and UK-based Deliveroo that were identified in a new report from the non-profit tech watchdog Tech Transparency Project, which CNN received exclusively ahead of its Monday release.
These Facebook “black market groups” could let people bypass those platforms’ background checks and driver’s license requirements to fraudulently pose as a credentialed driver or delivery worker, researchers wrote in the report. And that could create risks for users who rely on safety assurances from apps such as Uber and DoorDash to ride in strangers’ cars or order deliveries to their homes.
“It’s incredibly concerning because part of the reason Uber has been such an attractive tool for women, in particular, is because there’s some sort of semblance of safety when there’s tracking of who this person is … if something were to happen,” said Tech Transparency Project Director Katie Paul. “If that’s not the case, then what’s the point of using this platform?”
Tomi Engdahl says:
The difference between ‘hate speech’ and ‘freedom of speech’
I hold Big Tech’s greed and exploitation of people accountable for the surge in the former – and a clampdown on the latter, writes WeAre8 founder Zoe Kalar: https://www.independent.co.uk/voices/hate-speech-free-speech-online-safety-act-trump-musk-b2734319.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/?fbclid=IwY2xjawJt_YNleHRuA2FlbQIxMQABHv85OLN0gie3JXN-dUbCINvYARuT6AB4pAD5k_BQrdtSq9wIH_WSl-0ieIyl_aem_1EXI05S21xIjYTktolrPcw
Tomi Engdahl says:
SSL/TLS certificate lifespans reduced to 47 days by 2029
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.
The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications.
Its members include major CAs like DigiCert and GlobalSign, as well as browser vendors such as Google, Apple, Mozilla, and Microsoft.
This proposal would gradually reduce the lifespan of certificates over the next four years from its current 398-day lifespan to 47 days in March 2029.
The goal is to minimize risks from outdated certificate data, deprecated cryptographic algorithms, and prolonged exposure to compromised credentials. It also encourages companies and developers to utilize automation to renew and rotate TLS certificates, making it less likely that sites will be running on expired certificates.
Tomi Engdahl says:
https://www.theregister.com/2025/04/15/ec_burner_devices/
EU gives staff ‘burner phones, laptops’ for US visits
That would put America on the same level as China for espionage
Tomi Engdahl says:
https://futurism.com/google-border-surveillance
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
Tomi Engdahl says:
Posti kerää kohta tietojasi uudella tavalla – tarkista asetukset nyt
Posti alkaa kohdentaa mainontaa asiakkailleen.
Posti kerää kohta tietojasi uudella tavalla – tarkista asetukset nyt
https://www.is.fi/digitoday/tietoturva/art-2000011173830.html
Tomi Engdahl says:
https://www.csoonline.com/article/3964668/hackers-target-apple-users-in-an-extremely-sophisticated-attack.html?fbclid=IwY2xjawJu26VleHRuA2FlbQIxMQABHkINNf_YkMNqFPDdATXe-KWCsjdVMnfcwdxlCfCH7QI4zYkKdSHPQdRIpsES_aem_ZKLa5orqI0aE3CCxDNwEjA
Tomi Engdahl says:
Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts
https://www.csoonline.com/article/3964113/whistleblower-alleges-russian-ip-address-attempted-access-to-us-agencys-systems-via-doge-created-accounts.html?fbclid=IwY2xjawJu6ClleHRuA2FlbQIxMQABHlrTSulaImLDZw2aUiLOVI1rnhn_ggG03qC1XKbPdBinevc3ZINXpNjJtRDG_aem_lZwXQ6I_77d17wm5K1pGew
This and other DOGE actions inside National Labor Relations Board systems constituted a “significant cybersecurity breach”, says affidavit sent to Senate Intelligence Committee members.
Tomi Engdahl says:
Google said it suspended 39.2 million advertiser accounts on its platform in 2024 — more than triple the number from the previous year — in its latest crackdown on ad fraud.
By leveraging large language models (LLMs) and using signals such as business impersonation and illegitimate payment details, the search giant said it could suspend a “vast majority” of ad accounts before they ever served an ad.
Read more from Jagmeet Singh here: https://tcrn.ch/42OvAHC
#TechCrunch #technews #artificialintelligence #Google
Tomi Engdahl says:
https://www.facebook.com/share/p/1C1JDxk1DC/
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows [task scheduling service](https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page) that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities.
The issues have been uncovered in a binary named “[schtasks.exe](https://learn.microsoft.com/en-us/windows/win32/taskschd/schtasks),” which enables an administrator to create, delete, query, change, run, and end scheduled tasks on a local or remote computer.
“A [User Account Control] bypass vulnerability has been found in Microsoft Windows, enabling attackers to bypass the User Account Control prompt, allowing them to execute high-privilege (SYSTEM) commands without user approval,” Cymulate security researcher Ruben Enkaoua [said](https://cymulate.com/blog/task-scheduler-new-vulnerabilities-for-schtasks-exe/) in a report shared with The Hacker News.
“By exploiting this weakness, attackers can elevate their privileges and run malicious payloads with Administrators’ rights, leading to unauthorized access, data theft, or further system compromise.”
The problem, the cybersecurity company said, occurs when an attacker creates a scheduled task [using Batch Logon](https://learn.microsoft.com/en-us/windows/win32/taskschd/taskschedulerschema-logontype-simpletype) (i.e., a password) as opposed to an Interactive Token, causing the task scheduler service to grant the running process the maximum allowed rights.
However, for this attack to work, it hinges on the threat actor acquiring the password through some other means, such as cracking an NTLMv2 hash after authenticating against an SMB server or exploiting flaws such as [CVE-2023-21726](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21726).
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/?fbclid=IwZXh0bgNhZW0CMTEAAR4xy1MCUGOVomgZ-f_HeVUNJ24o6Cd3KMqQ21GzMrrIrYkI97Vz8YPKzlrRBw_aem_a7JZ_UTqU_M7Akdhm_EYkA
Tomi Engdahl says:
Anonymous publish Donald Trump file amid hack into Putin’s secret data
https://www.uniladtech.com/news/anonymous-publish-donald-trump-file-putins-secret-data-385573-20250417?utm_source=flipboard&utm_content=topic%2Ftechnology&fbclid=IwY2xjawJvQ3NleHRuA2FlbQIxMQABHj7ZtROgc9WBJg8Jud8o6_XhjZtH-SfXNznXQbiim4oY4T8LNKkhpjBbsW4e_aem_1zuKDBlWK_slw9Zg9b1HDw
Anonymous have been one of the more vocal groups against US President Donald Trump since he returned to office earlier this year, and a recent data dump from the hacking organization has seemingly revealed links to Putin and the Russian government.
Standing, in their own words, for ‘freedom of thought, expression, and privacy’, infamous hacking group Anonymous have been a long time voice against right wing individuals and governments worldwide, with a particular focus on American politics while Donald Trump is in office.
They’ve previously sparred with Trump’s close ally Elon Musk on X at several points, and only recently outlined how Trump’s administration is following plans laid out by ‘Project Russia’ in what would eventually be a breakdown of democracy.
They have seemingly now been proven right in their worries, as data stolen from Putin’s administration reveals what are being called ‘Donald Trump files’, seemingly linking the current president to the Russian government, as reported by Forbes.
The major cyberattack has resulted in around 10 terabytes of data being leaked online, containing information of a large number of Russian businesses, high-ranking and influential individuals, contracts, political information, and more, with it all sorted neatly into folders.
Tomi Engdahl says:
Anonymous Hackers Expose Putin’s Secret Data—Publish Trump File
https://www.forbes.com/sites/zakdoffman/2025/04/18/anonymous-hacks-putins-secret-data-publishes-trump-file/
The Anonymous PR machine is in full flight once again, claiming a new cyberattack on Russia “in defense of Ukraine.” The hacking collective has released a cache of some 10 terabytes, it says, which includes “data on all businesses operating in Russia, all Kremlin assets in the West, pro-Russian officials, Donald Trump, and more.”
Tomi Engdahl says:
I don’t know if it’s actually been debunked as this says
https://www.dailydot.com/debug/anonymous-10tb-leak-russia-trump-debunk/
Tomi Engdahl says:
Suspected 4chan Hack Could Expose Longtime, Anonymous Admins
Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board.
https://www.wired.com/story/2025-4chan-hack-admin-leak/?fbclid=IwY2xjawJvTPNleHRuA2FlbQIxMQABHnVcoOAHnFl2mHY_Uyz1yR8DRsS1s6iqt30l1Fir8Ext3mNapfMF_gjuAPtb_aem_0LKyxH7_u9UNVOuQd61bTw
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/?fbclid=IwY2xjawJvWhdleHRuA2FlbQIxMQABHsXEqdwDBenpdBUs-LxFDO3GVE9a16tLtokoGUKqx9bT9xokj13OYtDIQulQ_aem_idRJhTbCJ4jJtbVgo6rlvw
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/?fbclid=IwY2xjawJvYaRleHRuA2FlbQIxMQABHv9P5VCeABEHLgMiK2mQ2vD04g3qJ181By-amfpNL1LmUTwKQCf3I3LwcU_u_aem_FJwBORQK6FNpiBhi2tubjw
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/
Tomi Engdahl says:
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
“The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication,” Ruhr University Bochum researchers Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk said.
The issue stems from improper handling of SSH protocol messages that essentially permit an attacker to send connection protocol messages prior to authentication. Successful exploitation of the shortcomings could result in arbitrary code execution in the context of the SSH daemon.
Further exacerbating the risk, if the daemon process is running as root, it enables the attacker to have full control of the device, in turn, paving the way for unauthorized access to and manipulation of sensitive data or denial-of-service (DoS).
Tomi Engdahl says:
https://www.paloaltoonline.com/technology/2025/04/12/silicon-valley-crosswalk-buttons-apparently-hacked-to-imitate-musk-zuckerberg-voices/?ICID=ref_fark&fbclid=IwY2xjawJpDQdleHRuA2FlbQIxMQABHmOBAggCtIAIsaczb7gt0Ck_YhKVjnQetJh7gkY-7Qps-HaEWun6SbfY44cV_aem_cqTK4pssAjJPdi7A3Kz12Q
Tomi Engdahl says:
CVE fallout: The splintering of the standard vulnerability tracking system has begun
MITRE, EUVD, GCVE … WTF?
iconJessica Lyons
Fri 18 Apr 2025 // 09:54 UTC
Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.
Earlier this week, the widely used Common Vulnerabilities and Exposures (CVE) program faced doom as the US government discontinued funding for MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute, and promised another 11 months of cash to keep the program going.
Meanwhile, the EU is rolling its own.
The European Union Agency for Cybersecurity (ENISA) developed and maintains this alternative, which is known as the EUVD, or the European Union Vulnerability Database. The EU mandated its creation under the Network and Information Security 2 Directive, and ENISA announced it last June.
The EUVD is similar to the US government’s NVD, or National Vulnerability Database, in that it organizes disclosed bugs by their CVE-assigned unique ID, documents their impact, and links to advisories and patches.
Interestingly, the Euro database also uses its own EUVD IDs to track security bugs as well as CVE-managed identifiers and GSD IDs, the latter of which are issued by the (what appears to be now-defunct) Global Security Database operated by the Cloud Security Alliance.
Although the EUVD has been gestating for nearly a year, the uncertainty around the CVE program is set to push the European effort into the spotlight as a replacement, fallback, or alternative for CVE. ENISA is, we note, a partner of CVE; specifically, it’s a CVE numbering authority.
The EUVD “will hopefully gain more traction so that Europe can achieve self-sustainability in this domain as well,”
https://euvd.enisa.europa.eu/
Tomi Engdahl says:
https://www.theregister.com/2025/04/18/splintering_cve_bug_tracking/?fbclid=IwY2xjawJwFy1leHRuA2FlbQIxMQABHq93uii-2PFT6a6P5laSKaVrByEND68dYgiGLmRfHtXlCQVXY-hmQAjNoDtr_aem_T6SOUX9OcL890yu32mciYA
Tomi Engdahl says:
https://cybersecuritynews.com/critical-pgadmin-vulnerability/#google_vignette
Tomi Engdahl says:
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
Tomi Engdahl says:
Signalgate solved? Report claims journalist’s phone number accidentally saved under name of Trump official
PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more
https://www.theregister.com/2025/04/07/infosec_news_roundup_in_brief/
Tomi Engdahl says:
https://blog.sesse.net/blog/tech/2025-04-05-10-57_cisco_2504_password_extraction.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
Tomi Engdahl says:
https://cybersecuritynews.com/cve-foundation-launched/#google_vignette
Tomi Engdahl says:
If an Android device remains locked for three consecutive days, it will now automatically reboot. Earlier this week, Google introduced this new feature through its Google System Release Notes page. The feature functions similarly to the “Inactivity Reboot” found on iPhone devices.
Read more https://9to5google.com/2025/04/16/android-auto-restart-security/
Tomi Engdahl says:
Pentagon’s ‘SWAT team of nerds’ resigns en masse
Employees of a defense tech unit say they were sidelined by DOGE. “Either we die quickly or we die slowly,” says the director.
https://www.politico.com/news/2025/04/15/pentagons-digital-resignations-00290930?fbclid=IwY2xjawJxgiJleHRuA2FlbQIxMQABHnlHboK4lFDB9Cx3fkj-tanOQoAb1eexNjr8Crwy9nal-XxriKab0mKSaXhS_aem_zOHDAPD1PiK0KqiweAnY2g