
Digital natives are not cybersecurity natives
At TurkuSec meetup in April, I had the opportunity to share my insights on a pressing issue we’ve been researching lately at F-Secure: the cybersecurity challenges faced by digital natives. These are individuals who have grown up with fast internet and personal screens, making them uniquely vulnerable to online threats ... Read More
Master Your Passwords
Every month millions of people have their passwords stolen. Here we explain how to keep your passwords secure | Originally written for F-Secured - Your complete guide to online security in 2023 ... Read More

Uncovering a long-lasting porn spam campaign on YouTube | (NSFW, maybe)
In December 2022 I stumbled upon an interesting YouTube comment-based campaign, which promoted a shady camgirl / porn website through a clever use of YouTube features. I screengrabbed some video evidence and took a quick look at the campaign, but I didn’t have time to allocate for this back then ... Read More
What are social media countermeasures?
As the guy who pretty much owns the #socialmediacountermeasures on Twitter, I figured it makes sense to give the term some proper definition beyond just 280 characters. In short, social media countermeasures are those techniques – both automated and manual – of which social media services use when trying to ... Read More
Everyman’s Cyber Defence
The following is my translation of “Jokamiehen kyberpuolustus”, Everyman’s Cyber Defence, a short snippet from publicly available document #kyberpuolustus : kyberkäsikirja Puolustusvoimien henkilöstölle (2019) by Laari, Flyktman, Härmä, Timonen and Tuovinen. Source material is encrypted in Finnish and free to download from National Defence University of Finland’s website. I intend ... Read More

Social Media Countermeasures – Battling Long-Running Scams on YouTube, Facebook, Twitter and Instagram
For the past few years, I’ve been documenting, screenshotting, and sharing examples of criminal campaigns on the three big social media platforms: Facebook, YouTube and Twitter. I’m not that interested in speculating whether or not something is fake content, falsely amplified by nation-state sponsored threat actors (i.e. coordinated inauthentic behavior), ... Read More
What is Ransomware 3.0?
I believe there’s a pretty clear consensus within the industry that ransomware should not be mistaken anymore to limit itself to just encrypting files and demanding payment for a decryption key. Dubbed by F-Secure “Ransomware 2.0”, now the standard practice for ransomware groups includes also stealing files from the target ... Read More
![Dual Core - 0x0A Hack Commandments [FREE DL]](https://securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure
Recently I was invited to KOVA Esports podcast to talk about cyber security, online privacy and identity management from the perspective of gamers and gaming industry in general. Hosted by KOVA’s General Manager Timo Tarvainen and joined by their streamer Teemu “Spamned” Rissanen, we had a great one-hour long discussion ... Read More

YouTube Channel Phishing, Part 2: The Enemy Evolves
Last year I took a first look at a phishing campaign that was interestingly targeting YouTube channel owners’ email addresses. The aim of the campaign was to guide people to fake YouTube sign in page and phish their login credentials. Note, this did not target YouTube accounts in general, but ... Read More
Wearables & Privacy – What You Need To Know
Continuing my seemingly never-ending quest of digging through privacy policies, this time I analyzed how the most popular wearables companies handle their customers’ data. Fitbit, Biostrap, Motiv, Oura and Whoop all are on the cutting edge of health technology, but are their privacy practices on par with that or not? ... Read More