Information security now!
This week, we cover the safe adoption of new technologies and AI services. This also includes information on software security.
Adopting new technologies requires care
Various types of AI assistants are becoming more common in many organisations. Generative assistants based on broad language models have been actively used for a couple of years but, in the last year, the use of so-called personal AI assistants to handle emails, remote meetings and other ongoing tasks has also taken on a bigger role.
However, particular care must be taken when adopting new technologies. The NCSC-FI has received reports of cases where an AI application deployed in an organisation has been accompanied by features that were not intended to be deployed. As a result, it is possible that personal data, personal emails, confidential emails within the organisation, or entire transcripts of meetings, for example, could be sent from the organisation's systems to an external service for analysis.
Organisations should develop their own principles for approving the adoption of AI systems and checking the basics. When adopting services, it is always a good idea to at least review the service’s privacy policy and documentation about secure and managed deployment.
Software security 2025 – businesses and regulation webinar 11 February 2025
Is your organisation ready for regulatory changes in the software industry? Sign up to the webinar on Tuesday 11 February from 1.00 to 4.30 p.m.
The event is especially for you if
- you are not sure whether regulation will affect your organisation
- you want to get a clear picture of what the CRA (Cyber Resilience Act) means and how to prepare for it
- you need concrete tools and tips to meet regulatory requirements.
Check out the programme and sign up for it (External link)! (In Finnish)
Threat modelling is an important part of software security
Today's organisations have a huge number of different applications, software and databases using different services or platforms. At the same time, cyber threats are becoming more numerous and sophisticated.
Threat modelling is a systematic and effective way to manage security throughout the software life-cycle The aim is to identify potential security threats and vulnerabilities before they cause serious damage.
Use threat modelling to map and rectify threats to software as early as at the design and procurement stage. This will ensure the smooth continuity of your business.
Read more: Threat modelling and software security: protect your organisation from cyber threats (in Finnish)
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
WHAT TO DO IF YOU GET SCAMMED
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or payment card information.
- File a police report. You can file a police report online. (External link)
- You can also report the incident to the NCSC-FI.
- Instructions for victims of data leaks (External link)
Recognise online scams and protect yourself from them
Vulnerabilities
CVE: CVE-2025-23006
CVSS: 9.8
What: Critical vulnerability in the Sonicwall SMA1000 device management interface
Product: Sonicwall SMA1000
Repair: Update your devices to version 12.4.3-02854 or later
Vulnerability report 5/2025 (in Finnish)
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (reporting period 17–23 January 2025). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cybersecurity specialists to regular citizens.