This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
13 Comments
Tomi Engdahl says:
Telian palvelut romahtivat – Asiantuntija: Toimi näin, jos olet asiakas
https://www.iltalehti.fi/digiuutiset/a/86b61e09-0a82-4c4e-929f-fa86694a8d30
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17344-julkinen-wi-fi-altistaa-hakkereille-silti-miljoonat-ottavat-riskin
Tomi Engdahl says:
https://www.securityweek.com/critical-vulnerability-found-in-canon-printer-drivers/
Tomi Engdahl says:
https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/
Tomi Engdahl says:
https://www.securityweek.com/hacker-leaks-samsung-customer-data/
Tomi Engdahl says:
https://www.securityweek.com/hackers-attempting-to-exploit-crushftp-vulnerability/
Tomi Engdahl says:
AI bots are devouring web content and taking down sites as they go.
https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/?utm_source=twitter&utm_medium=social&utm_campaign=dhtwitter&utm_content=app.dashsocial.com%2Flinux-format%2Flibrary%2Fmedia%2F515843056
Tomi Engdahl says:
“Nudify” deepfakes stored unprotected online
https://www.malwarebytes.com/blog/news/2025/04/nudify-deepfakes-stored-unprotected-online?fbclid=IwY2xjawJa8wdleHRuA2FlbQIxMQABHQkum922w3Q6PaDflUP4EZUqVZ4nqh4jMYKGv8V627Ln_Ngi7lUbfeQ9qw_aem_gTPL5lSiWTG2Bml2zqJVlA
Yesterday, we told you about how millions of pictures from specialized dating apps had been stored online without any kind of password protection.
Now it’s the turn of an AI “nudify” service.
A researcher, famous for finding unprotected cloud storage buckets, has uncovered an unprotected AWS bucket belonging to the nudify service.
The rising popularity of these nudify services apparently has caused a selection of companies without any security awareness to hop on the money train. Millions of people use these services to turn normal pictures into nude images, and it only takes a few minutes.
South Korean AI company GenNomis by AI-NOMIS or somebody acting at their behalf stored 93,485 images and json files with a total size of 47.8 GB in a non-password-protected nor encrypted, but publicly exposed database.
The researcher saw numerous pornographic images, including what appeared to be disturbing AI-generated portrayals of very young people. Even though the GenNomis guidelines prohibit explicit images of children and any other illegal activities, the researcher found many of them.
Tomi Engdahl says:
https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/
Tomi Engdahl says:
https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/
Tomi Engdahl says:
https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html
Tomi Engdahl says:
K18-materiaalia voinut vuotaa – Kauhea moka koskee jopa 900 000 ihmistä
Satojentuhansien ihmisten käyttämien deittialustojen kuvia säilytettiin suojaamattomina. Joukossa oli myös alastonkuvia.
https://www.iltalehti.fi/digiuutiset/a/48c848d4-f603-4f7a-8459-20d6cea2e03a
Aras Nazarovas löysi deittisovellusten käyttäjien kuvia suojaamattomalta palvelimelta. Otoksia on yhteensä peräti 1,5 miljoonaa kappaletta, ja osa materiaalista on arkaluontoisia sisältäen muun muassa alastomuutta.
Kuvakatastrofi koskee aiheesta uutisoineen BBC:n mukaan palveluita nimeltä Chica, BDSM People, Pink, Brish ja Translove. Niitä käyttää yhteensä jopa 900 000 ihmistä.
Kuka tahansa olisi päässyt katsomaan käyttäjien kuvia pelkällä linkillä. Minkäänlaista salasanaa ei tarvittu.
Eettiseksi hakkeriksi itseään kutsuva Nazarovas ilmoitti havainnostaan kaikkien viiden alustan takana olevalle MAD Mobilelle jo tammikuussa, joka ei kuitenkaan reagoinut mitenkään, ennen kuin BBC otti yritykseen yhteyttä viime viikolla. Yhteydenoton jälkeen se korjasi ongelman nopeasti, mutta ei muutoin kommentoinut tapausta BBC:lle.
Kink and LGBT dating apps exposed 1.5m private user images online
https://www.bbc.com/news/articles/c05m5m5v327o
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.
Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.
These services are used by an estimated 800,000 to 900,000 people.
Tomi Engdahl says:
Radio Free Europe/Radio Liberty head Stephen Capus says the US government turned off satellite services that transmit its Russian-language program into Russia — The head of Radio Free Europe/Radio Liberty said on Thursday that the US government had switched off a satellite that transmitted its Russian-language programme into Russia.
https://www.barrons.com/news/radio-free-europe-says-us-cut-off-its-russian-broadcast-c089c9b2