According to experts at mobile application infosec system vendor Then Secure, DeepSeek’s iOS app is a security problem that you should immediately delete.
The organization found that the iOS type of DeepSeek, the third most popular application on the App Store as of writing, transmits data in text, uses archaic ciphers, and has hardcoded encryption keys. Additionally, the software doesn’t keep certificates properly, thoroughly fingerprints users, and sends data to China.
That last point has been well established when, as DeepSeek acknowledges right away in its protection policy that it sends users information to China.
NowSecure found that DeepSeek uses ByteDance’s public cloud services, meaning the Taiwanese robot is now tangled up with TikTok’s owner.
Negative information if DeepSeek’s on your system, and even worse news if you’ve put it on a company-owned phone.
US regulators have quickly been drawn to DeepSeek because of concerns about privacy and national security. This is why US representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL ) have joined forces to the No DeepSeek on Government Devices Act.
Although the bill’s text isn’t already available, the legislators claimed that its provisions do live up to its name. The couple statement that research has demonstrated that DeepSeek script “is directly related to the Chinese Communist Party” and can relay user information to China Mobile, a telecom company supported by the US government.
To be on the safe side, you may as well just get a locally-run DeepSeek type that doesn’t convey information- , at least.
HPE warns personnel of data violation
Following a nation-state strike, Hewlett-Packard Enterprise last week advised employees that their personal information may have been removed from cloud message.
The business software giant sent workers a ]PDF] warning them of the event. Only ten employees are affected, according to the State of Massachusetts’s data breach warning statement.
In January 2024, HPE made an assault that resembles this one and named Russia’s famous Cozy Bear team as the culprit.
According to some reports, the attack targeted an Office 365 example.
– Simon Sharwood
Important risks: You patched Outlook, straight?
About a year ago Microsoft wished the earth a happy Valentine’s Day by 73 security threats, with among them. Microsoft Outlook’s CVSS 9.8 distant code execution vulnerability has recently rear-ended itself by joining the list of known exploited risks.
Elsewhere:
- CVSS 9.8- CVE-2024-45195: Apache OFBiz due to 18.12.16 contains a direct request “forced browsing” risk under effective exploitation
- CVSS 9.8- : A cache overflow/RCE insect in Sophos XG Firewall editions up to 17.5 MR12 is under effective abuse.
- CVSS 9.8- : Miscreants have even found this four year old SQL injection risk in Cyberoam OS ‘ online admin portal with new exploitation.
- CVSS 9.8- : PRTG Network Monitor variations due to 18.2.40.1683 allow unauthenticated attackers to make users with read/write privileges, and some are constantly doing so.
- Cityworks ‘ public asset management software is vulnerable to deserialization attacks that could encrypt an authenticated user’s ability to access a client’s Microsoft IIS server under CVSS 8.6- . It’s under active exploitation, too.
Spanish police say an attacker allegedly violated the US Army and NATO.
According to Spanish police, he might have been good, so good that he had” set up a complex technological network” through which he had been able to conceal his tracks, but an alleged Spanish hacker with a propensity for attacking high-profile targets has been detained.
After a year of tracking him following reports from a Madrid business association that found his files leaked online, Spanish law enforcement finally located him, who the media to be 18 years old and go by the name” Natohub.”
Natohub is alleged to have also targeted NATO, the United Nations, the US Army, and multiple government ministries in Spain.
The teenage suspect reportedly boasted about his skill on dark web forums while selling stolen data for cryptocurrency, a portion of which was recovered by law enforcement.
The suspect remains unidentified, per Spanish media.
IMI experiences a” cyber incident.”
IMI plc, a renowned engineering company in the UK, to having “unauthorized access” to its systems last week.
The business has not provided specifics about the incident other than to say that it has engaged outside cyber security experts to look into and contain the incident and that it is taking necessary steps to comply with regulatory requirements, including submitting the matter to the London Stock Exchange.
Beyond its initial statement, IMI opted not to comment on The Register. It’s not clear if data was stolen in the incident, whether ransomware was involved, or anything else, for that matter.
IMI is the second UK engineering giant to acknowledge a cyberattack following Smiths Group’s admission of a similar system breach at the end of January. As was the case with IMI, Smiths didn’t admit too much, only saying that the incident “involved unauthorized access to the company’s systems”.
Salesforce software being used in phishing campaigns on Facebook
Have you been notified of a copyright violation via email from Facebook? Check Point reported this week that it had discovered a new wave of phishing emails using a Salesforce email address, so make sure to double-check the sender.
The campaign, which Check Point believes started in December, primarily targets businesses in the EU, the US, and Australia and uses Salesforce’s automated email service to send messages. Whoever runs the campaign hasn’t bothered to change the address it’s being sent from, so all messages originate from noreply@salesforce .com.
Users are accused of sharing copyrighted content in the messages, which all appear to be suspicious. Users are directed to a landing page that collects their Facebook credentials when they click a button to appeal the report.
Don’t click and fall for this, people! Instead, check the name of the sender- if it’s not coming from Facebook, ignore it. ®