CERT-SE:s veckobrev v.18

VECKOBREV

Blandade händelser från veckan. Bland annat om sårbarheter i ArubaOS och intrång i verksamheter i olika sektorer.

Vi vill också nämna att vi just nu söker en IT-säkerhetsspecialist: https://www.cert.se/om-cert-se/lediga-jobb/

Sista ansökningsdag är den 9 maj!

Nyheter i veckan

Telegram is down with “Connecting” error (26 apr)https://www.bleepingcomputer.com/news/technology/telegram-is-down-with-connecting-error/

Kaiser’s website tracking tools may have compromised data on 13 million customers (26 apr)https://therecord.media/kaiser-permanente-potential-third-party-data-exposure

Cyberattack hits Georgia county at center of voting software breach (26 apr)https://cyberscoop.com/cyberattack-hits-georgia-county-at-center-of-voting-software-breach/

Bogus npm Packages Used to Trick Software Developers into Installing Malware (27 apr)https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html

NATO’s international cybersecurity exercise Locked Shields concludes (27 apr)https://www.ukrinform.net/rubric-society/3857429-natos-international-cybersecurity-exercise-locked-shields-concludes.html

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks (28 apr)https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure (29 apr)https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/

Anticipating and addressing cybersecurity challenges (29 apr)https://www.helpnetsecurity.com/2024/04/29/various-cybersecurity-challenges-organizations-face-video/

Change Healthcare hacked using stolen Citrix account with no MFA (30 apr)https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/

Umeå universitet utsatt för omfattande cyberattack (2 maj)https://www.umu.se/nyheter/umea-universitet-utsatt-for-omfattande-cyberattack_11935138/..

IT-chefen om attacken mot universitetet (2 maj)https://sverigesradio.se/artikel/omfattande-it-attack-mot-umea-universitet

Dropbox Discloses Breach of Digital Signature Service Affecting All Users (2 maj)https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html

Informationssäkerhet och blandat

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure (29 apr)https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/

UK becomes first country to ban default bad passwords on IoT devices (29 apr)https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices

USB Malware Attacks on Industrial Orgs Becoming More Sophisticated (29 apr)https://www.securityweek.com/honeywell-usb-malware-attacks-on-industrial-orgs-becoming-more-sophisticated/

Anticipating and addressing cybersecurity challenges (29 apr)https://www.helpnetsecurity.com/2024/04/29/various-cybersecurity-challenges-organizations-face-video/

Considerations for Operational Technology Cybersecurity (30 apr)https://thehackernews.com/2024/04/considerations-for-operational.html

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024 (30 apr)https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html

Preventing the Next Big Cyberattack on U.S. Health Care (1 maj)https://hbr.org/2024/05/preventing-the-next-big-cyberattack-on-u-s-health-care

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms (1 maj)https://www.infosecurity-magazine.com/news/ncscs-mobile-risk-model-highthreat/

Falsk information om cyberattacker skapar allt större osäkerhet (3 maj)https://computersweden.se/article/2096581/falsk-information-om-cyberattacker-skapar-allt-storre-osakerhet.html

CERT-SE i veckan

Allvarliga sårbarheter i Brocade SANnav (29 apr)https://www.cert.se/2024/04/allvarliga-sarbarheter-i-brocade-sannav.html

Flera kritiska sårbarheter i produkter från Aruba Networks (2 maj)https://www.cert.se/2024/05/flera-kritisika-sarbarheter-i-produkter-fran-aruba-networks.html