CERT-SE:s veckobrev v.18
Blandade händelser från veckan. Bland annat om sårbarheter i ArubaOS och intrång i verksamheter i olika sektorer.
Vi vill också nämna att vi just nu söker en IT-säkerhetsspecialist: https://www.cert.se/om-cert-se/lediga-jobb/
Sista ansökningsdag är 9 maj.
Trevlig helg!
Nyheter i veckan
Telegram is down with “Connecting” error (26 apr) https://www.bleepingcomputer.com/news/technology/telegram-is-down-with-connecting-error/
Kaiser’s website tracking tools may have compromised data on 13 million customers (26 apr) https://therecord.media/kaiser-permanente-potential-third-party-data-exposure
Cyberattack hits Georgia county at center of voting software breach (26 apr) https://cyberscoop.com/cyberattack-hits-georgia-county-at-center-of-voting-software-breach/
Bogus npm Packages Used to Trick Software Developers into Installing Malware (27 apr) https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html
NATO’s international cybersecurity exercise Locked Shields concludes (27 apr) https://www.ukrinform.net/rubric-society/3857429-natos-international-cybersecurity-exercise-locked-shields-concludes.html
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks (28 apr) https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure (29 apr) https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/
Anticipating and addressing cybersecurity challenges (29 apr) https://www.helpnetsecurity.com/2024/04/29/various-cybersecurity-challenges-organizations-face-video/
Change Healthcare hacked using stolen Citrix account with no MFA (30 apr) https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/
Umeå universitet utsatt för omfattande cyberattack (2 maj) https://www.umu.se/nyheter/umea-universitet-utsatt-for-omfattande-cyberattack_11935138/ ..
IT-chefen om attacken mot universitetet (2 maj) https://sverigesradio.se/artikel/omfattande-it-attack-mot-umea-universitet
Dropbox Discloses Breach of Digital Signature Service Affecting All Users (2 maj) https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html
Informationssäkerhet och blandat
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure (29 apr) https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/
UK becomes first country to ban default bad passwords on IoT devices (29 apr) https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices
USB Malware Attacks on Industrial Orgs Becoming More Sophisticated (29 apr) https://www.securityweek.com/honeywell-usb-malware-attacks-on-industrial-orgs-becoming-more-sophisticated/
Anticipating and addressing cybersecurity challenges (29 apr) https://www.helpnetsecurity.com/2024/04/29/various-cybersecurity-challenges-organizations-face-video/
Considerations for Operational Technology Cybersecurity (30 apr) https://thehackernews.com/2024/04/considerations-for-operational.html
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024 (30 apr) https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html
Preventing the Next Big Cyberattack on U.S. Health Care (1 maj) https://hbr.org/2024/05/preventing-the-next-big-cyberattack-on-u-s-health-care
NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms (1 maj) https://www.infosecurity-magazine.com/news/ncscs-mobile-risk-model-highthreat/
Falsk information om cyberattacker skapar allt större osäkerhet (3 maj) https://computersweden.se/article/2096581/falsk-information-om-cyberattacker-skapar-allt-storre-osakerhet.html
CERT-SE i veckan
Allvarliga sårbarheter i Brocade SANnav (29 apr) https://www.cert.se/2024/04/allvarliga-sarbarheter-i-brocade-sannav.html
Flera kritiska sårbarheter i produkter från Aruba Networks (2 maj) https://www.cert.se/2024/05/flera-kritisika-sarbarheter-i-produkter-fran-aruba-networks.html