====== Vybraná varování/upozornění z IT/kyberbezpečnosti (s odkazy na zdroje) ====== Threat Intelligence / Awareness probíhá v pracovní skupině [[https://hsoc.cesnet.cz/cs/skupiny#hsoc_-_emergency|hsoc-emergency]]. Detaily nejsou zde veřejně komunikovatelné. Za aktivitu však vypovídá následující statistika: ^Situational awarness / threat inteligence ^9-12/2020 ^ 2021 ^ 2022 ^ 2023 ^ 1-9/2024^ | Počet zpráv | 16 | 71 | 178 | 281 | 304 | * ------------------------------------------------------------ 2024 --------------------------------------------------------- * 15.01.2024 - [[https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US|[TLP:CLEAR] Vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways]] * 15.01.2024 - [[https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-sql-servers-in-mimic-ransomware-attacks/|[TLP:CLEAR] Hackers target Microsoft SQL servers in Mimic ransomware attacks]] * ------------------------------------------------------------ 2023 --------------------------------------------------------- * 29.11. 2023 - [[https://www.wireshark.org/docs/relnotes/wireshark-4.0.11.html|[TLP:CLEAR] Wireshark 4.0.11 opravuje bezpečnostní chyby]] * 24.11. 2023 - [[https://github.com/nextcloud/security-advisories/security|[TLP:CLEAR] Nextcloud opravuje 8 zranitelností ve svých produktech]] * 15.11. 2023 - [[https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/|[TLP:CLEAR] OpenVPN verzí 2.12.2 opravuje 2 zranitelnosti​]] * 03.11. 2023 - [[https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR|[TLP:CLEAR] Cisco opravuje 5 zranitelností v ISE]] * 31.10. 2023 - [[https://my.f5.com/manage/s/article/K000137353|[TLP:CLEAR] F5 opravuje zranitelnost v produktu BIG-IP]] * 26.10. 2023 - [[https://www.openssl.org/news/secadv/20231024.txt|[TLP:CLEAR] OpenSSL opravuje středně závažnou zranitelnost]] * 17.10. 2023 - [[ https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967|[TLP:CLEAR] Citrix opravuje 2 zranitelnosti v NetScaler ADC a NetScaler Gateway]] * 03.07. 2023 - **[[https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-180-01|Medtronic Paceart Optima System | CISA Alert]]** (varování před zranitelností CVE-2023-31222, CVSS 9.8) * 27.06. 2023 - **[[https://www.vmware.com/security/advisories/VMSA-2023-0014.html|VMWware Security Advisory VMSA-2023-0014]]** (opravy zranitelností ve vCenter Server a Cloud Foundation) * 26.06. 2023 - **[[https://www.fortiguard.com/psirt/FG-IR-23-074|FortiNAC - java untrusted object deserialization RCE - PSIRT Advisories]]** (CVE-2023-33299, CVSS 9.6) * 22.06. 2023 - [[https://isc.sans.edu/diary/rss/29972|Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari - SANS]] * 08.06. 2023 - **[[https://www.cert.europa.eu/static/SecurityAdvisories/2023/CERT-EU-SA2023-037.pdf|High Severity Vulnerability in Cisco AnyConnect Client - EU CERT]]** * 18.05. 2023 - [[https://www.foxit.com/support/security-bulletins.html|FOXIT Security bulletins - Security updates available]] * 18.04. 2023 - **[[https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108|APT28 Exploits Known Vulnerability to Carry Out Reconnaissance&Deploy Malware on Cisco Routers | CISA]]** * 08.04. 2023 - [[https://bugzilla.redhat.com/show_bug.cgi?id=2137666|A flaw was found in Open vSwitch (OVS).]] pre-CVSS Score:5.0 * 06.04. 2023 - **[[https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH|Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities]] CVSS:9.0 ** * 29.03. 2023 - **[[https://support.apple.com/en-us/HT201222|Apple security updates]] ** * 09.03. 2023 - [[https://www.fortiguard.com/psirt/FG-IR-23-001|FortiOS / FortiProxy - Heap buffer underflow in administrative interface]] * 03.03. 2023 - [[https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP|Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities]] * 03.03. 2023 - [[https://github.com/cisagov/Decider/|Mapping Adversary Behaviors to the MITRE ATT&CK® Framework Web App (*Decider*)]] * 02.03. 2023 - [[https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt|ArubaOS Multiple Vulnerabilities]] * 20.02. 2023 - [[https://www.fortiguard.com/psirt?page=3&date=02-2023|(February) FortiWeb vulnerabilities @PSIRT Advisories]] * 17.02. 2023 - [[https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb|Microsoft February 2023 Security Updates]] * 16.02. 2023 - [[https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-clamav-q8DThCy.html?dtid=osscdc000283|ClamAV HFS+ Partition Scanning Buffer Overflow Vuln.]] * 16.02. 2023 - [[https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-clamav-xxe-TcSZduhN.html?dtid=osscdc000283|ClamAV DMG File Parsing XML Entity Expansion Vulnerability]] * 07.02. 2023 - [[https://us-cert.cisa.gov/ncas/bulletins/sb23-030|US-CERT.CISA.GOV/NCAS/BULLETINS/SB23-030 Vulnerability Summary for the Week of January 23, 2023]] * 02.02. 2023 - [[https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/|[TLP:CLEAR] Thunderbird 102.7.1,oprava kontroly revokace S/MIME certifikátů]] a dále [[https://www.mozilla.org/en-US/security/advisories/mfsa2023-04//|zde]], případně [[https://bugzilla.mozilla.org/show_bug.cgi?id=1769000|zde]]. * 31.01. 2023 - **[[https://www.qnap.com/en/security-advisory/qsa-23-01|Zranitelnosti v QNAP, Vulnerability in QTS and QuTS hero]]** * 31.01. 2023 - [[https://us-cert.cisa.gov/ncas/bulletins/sb23-023|US-CERT.CISA.GOV/NCAS/BULLETINS/SB23-023 Vulnerability Summary for the Week of January 16, 2023]] * 26.01. 2023 - **[[https://osveta.nukib.cz/course/view.php?id=145#section-13|NÚKIB:Informace o zveřejnění návrhu změn ZoKB a souvisejících předpisů k veřejným konzultacím]]** * 25.01. 2023 - **[[https://support.apple.com/en-us/HT201222|Apple security updates]]** (Apple vydal záplaty i pro starší zařízení) * 25.01. 2023 - **[[https://www.vmware.com/security/advisories/VMSA-2023-0001.html|VMware vydala aktualizaci pro 2 kritické zranitelnosti v vRealize Log Insight]]** * 24.01. 2023 - [[https://us-cert.cisa.gov/ncas/bulletins/sb23-016|US-CERT.CISA.GOV/NCAS/BULLETINS/SB23-016 Vulnerability Summary for the Week of January 9, 2023]] * 23.01. 2023 - [[https://nvd.nist.gov/vuln/detail/CVE-2022-47950|[TLP:CLEAR] Zranitelnost ve Swift S3 XML parseru - Information Disclosure, PoC]] * 17.01. 2023 - [[https://us-cert.cisa.gov/ics/advisories/icsa-23-012-03|US-CERT.CISA.GOV/ICS/ADVISORIES/ICSA-23-012-03 InHand Networks InRouter]] * 17.01. 2023 - [[https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438|TLP:CLEAR - Google - Reklamní odkazy na trojanizované aplikace]] * 12.01. 2023 - **[[https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5| TLP:CLEAR - CISCO - Kritická zranitelnost RCE Cisco RV routerů]]** * 12.01. 2023 - [[https://helpx.adobe.com/security/products/acrobat/apsb23-01.html|TLP:CLEAR - Adobe - Acrobat - kritické zranitelnosti, Adobe Patch Tuesday]] (a další...) * 12.01. 2023 - **[[https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-Jan|TLP:CLEAR – Microsoft Patch Tuesday – January 2023]]** * 11.01. 2023 - [[https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf|TLP:CLEAR - Cacti - RCE zranitelnost v 1.2.22]] * 06.01. 2023 - **[[https://nvd.nist.gov/vuln/detail/CVE-2022-44877|Velmi vážná zranitelnost v CentOS 7 Web Panel - PoC]]** * 05.01. 2023 - [[https://www.fortiguard.com/psirt/FG-IR-22-061|TLP:CLEAR - FORTINET - aktualizace s opravami chyb u více produktů]] * ------------------------------------------------------------ 2022 --------------------------------------------------------- * 21.11. 2022 - [[https://www.cisa.gov/uscert/ncas/current-activity/2022/11/16/cisco-releases-security-updates-identity-services-engine|Cisco Releases Security Updates for Identity Services Engine...]] * 18.11. 2022 - **[[https://www.lansweeper.com/patch-tuesday/microsoft-patch-tuesday-november-2022/|LANSweeper o Microsoft Patch Tuesday – November 2022]]** * 27.10. 2022 - **[[https://www.vmware.com/security/advisories/VMSA-2022-0027.html|VMware Cloud Foundation update addresses more vulnerabilities...]]** * 22.10. 2022 - **[[https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/|Investigation Regarding Misconfigured Microsoft Storage Location]]** * 21.10. 2022 - **[[https://www.cisa.gov/uscert/ncas/current-activity/2022/10/20/cisa-releases-three-industrial-control-systems-advisories|CISA Releases Three Industrial Control Systems Advisories]]** * 19.10. 2022 - [[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf|Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability]] * 19.10. 2022 - **[[https://www.oracle.com/security-alerts/cpuoct2022.html|Oracle - Critical Patch Update Advisory]]** * 17.10. 2022 - [[https://www.consilium.europa.eu/cs/press/press-releases/2022/10/17/the-council-agrees-to-strengthen-the-security-of-ict-supply-chains/|Rada EU se dohodla na posílení bezpečnosti dodavatelských řetězců IKT]] (Závěry Rady [[https://data.consilium.europa.eu/doc/document/ST-13664-2022-INIT/cs/pdf/|(zde)]] v pdf) * 15.10. 2022 - **[[https://www.phoronix.com/news/Linux-WiFi-Malicious-Packets|Linux Gets Patched For WiFi Vulnerabilities...]]** * 04.10. 2022 - **[[https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/|NÚKIB:upozornění na závažné zranitelnosti Microsoft Exchange Server]]** [[https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html|GTSC]] * 30.09. 2022 - [[https://arstechnica.com/information-technology/2022/09/north-korean-threat-actors-are-weaponizing-all-kinds-of-open-source-apps/|Numerous orgs hacked after installing weaponized open source apps]] * 26.09. 2022 - *Vzdálené spuštění kódu v Sophos Firewall* (odkaz na [[https://www.sophos.com/en-us/security-advisories|Sophos Security Advisories]]) * 23.09. 2022 - **[[https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity|Medtronic MiniMed 600 Series Insulin Pump System Potential Cybersecurity Risk]]** * 23.09. 2022 - **[[https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords|Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords]]** * 22.09. 2022 - [[https://kb.isc.org/v1/docs/aa-00913|BIND 9 Security Vulnerability Matrix]] * 20.09. 2022 - [[https://us-cert.cisa.gov/ics/advisories/icsa-19-344-03|ICSA-19-344-03 Siemens RUGGEDCOM ROS (Update A)]] * 19.09. 2022 - [[https://www.bitdefender.com/blog/labs/bitdefender-releases-universal-lockergoga-decryptor-in-cooperation-with-law-enforcement|Bitdefender Releases Universal LockerGoga Decryptor in Cooperation with Law Enforcement]] * 15.09. 2022 - [[https://support.lenovo.com/us/en/product_security/LEN-94953|(LENOVO) Multi-Vendor BIOS Security Vulnerabilities (September 2022)]] * 01.09. 2022 - **[[https://nukib.cz/cs/infoservis/hrozby/1873-upozornujeme-na-zavaznou-zranitelnost-cve-2022-26113-cvss-7-5-ve-forticlient|NÚKIB - Upozorňujeme na závažnou zranitelnost CVE-2022-26113 (CVSS 7.5) ve FortiClient]]** * 30.08. 2022 - **[[https://nukib.cz/cs/infoservis/hrozby/1872-upozornujeme-na-phishingovou-kampan-s-cilem-zneuzit-bankovni-identitu/|NÚKIB - Upozorňujeme na phishingovou kampaň s cílem zneužít bankovní identitu]]** * 30.08. 2022 - **[[ https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/|GitLab Critical Security Release: 15.3.2, 15.2.4 and 15.1.6]]** * 29.08. 2022 - [[https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html|CISA Adds 10 New Known Exploited Vulnerabilities to Its Catalog]] * 22.08. 2022 - [[https://www.cisa.gov/known-exploited-vulnerabilities-catalog|CISA added 7 new actively exploited vulners to the Catalog - Due Date:2022-09-08]] * 22.08. 2022 - [[https://nukib.cz/cs/infoservis/aktuality/1868-nukib-zverejnil-pruvodce-rizenim-aktiv-a-rizik-dle-vyhlasky-o-kyberneticke-bezpecnosti/|NÚKIB zveřejnil Průvodce řízením aktiv a rizik dle vyhlášky o kybernetické bezpečnosti]] * 15.08. 2022 - [[https://nukib.cz/cs/infoservis/hrozby/1865-upozorneni-na-sadu-zranitelnosti-tykajici-se-softwaru-vmware-a-platformy-vmware-vrealize-operations/|NÚKIB: Upozornění na sadu zranitelností týkající se VMware a platformy VMware vRealize Operations]] * 15.08. 2022 - **[[https://www.cisa.gov/uscert/ncas/alerts/aa22-223a|CISA Alert - #StopRansomware: Zeppelin Ransomware]]** * 10.08. 2022 - [[https://www.first.org/tlp/|FIRST - TRAFFIC LIGHT PROTOCOL (TLP) Change]] (authoritative August 2022 onwards) * 08.08. 2022 - [[https://tools.cisco.com/security/center/publicationListing.x|Cisco Releases Security Update for Multiple Products]] * 08.08. 2022 - [[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS|Cisco Webex Meetings Web Interface Vulnerabilities]] * 07.08. 2022 - **[[https://www.cisa.gov/uscert/ncas/alerts/aa22-216a|CISA Alert - 2021 Top Malware Strains]]** * 07.07. 2022 - [[https://www.qnap.com/en/security-advisory/QSA-22-21|Checkmate Ransomware via SMB Services Exposed to the Internet - Security Advisory | QNAP]] * 07.07. 2022 - [[https://tools.cisco.com/security/center/publicationListing.x|Cisco Releases Security Patches @Security Advisories]] * 06.07. 2022 - [[https://thehackernews.com/2022/07/openssl-releases-patch-for-high.html|OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks]] (CVE-2022-2274) * 01.07. 2022 - [[https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.html|New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild]] (apllicable to MSX & IIS combo) * 16.06. 2022 - **[[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD/ |Cisco ESA and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability]] ** * 01.06. 2022 - [[https://www.sk-cert.sk/sk/varovanie-pred-zneuzivanim-0-day-zranitelnosti-v-microsoft-office-word-ms-msdt-follina/ |Doplnění k varování před zranitelností Follina - velmi vážná zranitelnost v MS Office]] * 24.05. 2022 - [[https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/ |Microsoft upozorňuje na nové skimmingové kampaně]] * 23.05. 2022 - [[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK |Cisco opravy pro středně závažnou chybu v software IOS XR (řada Cisco 8000)]] * 20.05. 2022 - [[https://www.catalog.update.microsoft.com/Home.aspx|[1] Microsoft - OOB oprava ověřování uživatelů s AD]] [[https://docs.microsoft.com/en-us/mem/configmgr/sum/get-started/synchronize-software-updates#import-updates-from-the-microsoft-update-catalog|[2]]] (Oprava dostupná jen z MS Update Catalog, viz [2]) * 19.05. 2022 - [[https://www.vmware.com/security/advisories/VMSA-2022-0014.html|[1] 2.kolo vážných zraniteľností vo VMware Workspace ONE Access, VMware Id. Manager aď.]] [[https://kb.vmware.com/s/article/88438|[2]]] [[https://kb.vmware.com/s/article/88433|[3]]] [[https://kb.vmware.com/s/article/70911|[4]]] * 17.05. 2022 - [[https://thehackernews.com/2022/05/europe-agrees-to-adopt-new-nis2.html|Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity]] * 17.05. 2022 - [[https://thehackernews.com/2022/05/researchers-find-way-to-run-malware-on.html|"Evil Never Sleeps" aka Way to Run Malware on iPhone Even When it's OFF]] * 16.05. 2022 - [[https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce|Sophos Firewall CVE-2022-1040 RCE exploitation activity]] * 15.05. 2022 - [[https://www.zyxel.com/us/en/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml|Zyxel firewall CVE-2022-30525 exploitation activity]] * 10.05. 2022 - **[[https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79|Kritická zranitelnost v Ruby-Gem]]** * 09.05. 2022 - [[https://thehackernews.com/2022/05/this-new-fileless-malware-hides.html|New Fileless Malware Hides Shellcode in Windows Event Logs]] * 09.05. 2022 - **[[https://support.f5.com/csp/article/K23605346|F5 - kritická zranitelnost, patche vydány]]** * 05.05. 2022 - [[https://support.f5.com/csp/article/K23605346|F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability]] - **[[https://thehackernews.com/2022/05/researchers-develop-rce-exploit-for.html|Researchers Develop RCE Exploit...]]** * 05.05. 2022 - [[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9|Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software]] * 03.05. 2022 - **[[https://blog.talosintelligence.com/2022/05/vuln-spotlight-accusoft-.html?&web_view=true/|Two vulnerabilities in Accusoft ImageGear...]]** (used in hospitals to view DICOM formats!!!) * 02.05. 2022 - [[https://www.bleepingcomputer.com/news/security/cyberspies-use-ip-cameras-to-deploy-backdoors-steal-exchange-emails/|Cyberspies use IP cameras to deploy backdoors, steal Exchange emails]] * 02.05. 2022 - [[https://www.bleepingcomputer.com/news/security/google-smtp-relay-service-abused-for-sending-phishing-emails/|Google SMTP relay service abused for sending phishing emails]] * 02.05. 2022 - **[[https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html|AvosLocker.... Using New Trick to Disable Antivirus Protection]]** (aka [[https://thehackernews.com/2022/05/researchers-disclose-10-year-old.html|Years-Old Vulner's in Avast and AVG]]) * 02.05. 2022 - [[https://thehackernews.com/2022/05/unpatched-dns-related-vulnerability.html|Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices]] (C lib's uClibc&uClibc-ng) * 26.04. 2022 - [[https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops//|When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities in Lenovo laptops‎]] * 26.04. 2022 - [[https://www.mzcr.cz/podle-namestka-pro-it-blahy-rezort-zdravotnictvi-vi-co-chce-ale-chybi-mu-lidi-k-rizeni-ehealth-nabere-dvacet-odborniku/|Podle náměstka pro IT Blahy rezort zdravotnictví ví, co chce, ale chybí mu lidi...‎]] * 26.04. 2022 - [[https://www.bleepingcomputer.com/news/security/french-hospital-group-disconnects-internet-after-hackers-steal-data/|Francouzská nemocniční skupina odpojila internet poté, co hackeři ukradli data‎]] * 25.04. 2022 - **[[https://www.ic3.gov/Media/News/2022/220420.pdf|FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware]]** * 25.04. 2022 - **[[https://www.oracle.com/security-alerts/cpuapr2022.html|Oracle:Upozornění na nutnost opravit kritickou kryptografickou chybu Java‎]]** * 14.04. 2022 - **[[https://nukib.cz/cs/infoservis/hrozby/1830-upozornujeme-na-stale-trvajici-kampan-podvodnych-vishingovych-telefonatu/|NÚKIB: Upozorňujeme na stále trvající kampaň podvodných vishingových telefonátů]]** * 12.04. 2022 - [[https://nukib.cz/cs/infoservis/aktuality/1828-analyza-komunikacnich-prostredku/|Analýza komunikačních prostředků]] (Dokument NÚKIBu, analýza kom. aplikací s end2end šifrováním) * 11.04. 2022 - **[[https://www.techradar.com/news/us-defense-contractor-planted-dozens-of-malicious-apps-on-google-play|Google Play pulls dozens of apps that collected personal data from millions of Android users]]** * 09.04. 2022 - **[[https://cyware.com/news/ukraine-cert-warns-of-increasing-attacks-by-armageddon-group-850081f8|Ukraine CERT Warns of Increasing Attacks by Armageddon Group]]** * 09.04. 2022 - [[https://cyware.com/news/chinese-group-expands-its-attack-scope-across-the-globe-171900b4|Chinese Group Expands Its Attack Scope Across the Globe]] * 08.04. 2022 - **[[https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html|Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware]]** * 07.04. 2022 - [[https://www.lupa.cz/aktuality/vlada-jmenovala-inspektora-kyberneticke-obrany-bude-hlidat-vojenske-zpravodajstvi/|Vláda jmenovala inspektora kybernetické obrany, bude hlídat Vojenské zpravodajství]] * 07.04. 2022 - [[https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html|New Octo Banking Trojan Spreading via Fake Apps on Google Play Store]] * 07.04. 2022 - [[https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html|SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps]] * 06.04. 2022 - **[[https://thehackernews.com/2022/04/vmware-releases-critical-patches-for.html|VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products]]** * 01.04. 2022 - [[https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html|Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices]] * 31.03. 2022 - **[[https://thehackernews.com/2022/03/security-patch-releases-for-critical.html|Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework]]** * 31.03. 2022 - [[https://thehackernews.com/2022/03/zyxel-releases-patches-for-critical-bug.html|Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices]] * 31.03. 2022 - **[[https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html|Google Chrome Bug (V8 JavaScript engine) Actively Exploited as Zero-Day]]** separatedly for [[https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096|Chromium]] * 31.03. 2022 - **[[https://thehackernews.com/2022/03/cisa-warns-of-ongoing-cyber-attacks.html|QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices]]** * 29.03. 2022 - [[https://thehackernews.com/2022/03/qnap-warns-of-openssl-infinite-loop.html|CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices]] * 27.03. 2022 - **[[https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html|Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability]]** [[https://www.debian.org/security/2022/dsa-5081|Debian Security Advisory]] * 24.03. 2022 - [[https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780|Chyby zabezpečení zjištěny u 250 modelů tiskáren HP‎]] * 23.03. 2022 - **[[https://thehackernews.com/2022/03/new-dell-bios-bugs-affect-millions-of.html|New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems]]** (‎Nové chyby v Dell BIOS‎) * 15.03. 2022 - **[[https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01|ICS Advisory: PTC Axeda agent and Axeda Desktop Server (Update A)]]** (Zranitelnost v IoMT, SW Axeda) * 15.03. 2022 - **[[https://www.securityweek.com/critical-vulnerabilities-patched-veeam-data-backup-solution?&web_view=true|Critical Vulnerabilities Patched in Veeam Data Backup Solution]]** * 11.03. 2022 - [[https://thehackernews.com/2022/03/multiple-security-flaws-discovered-in.html|Multiple Security Flaws Discovered in Popular Software Package Managers]] * 10.03. 2022 - **[[https://www.zive.cz/clanky/hackeri-okamzite-zneuzivaji-ukradene-certifikaty-nvidie-malware-se-kvuli-tomu-nainstaluje-bez-varovani-windows-defenderu/sc-3-a-215379/default.aspx|Živě:Hackeři ukradli certifikáty NVidia, umožněna instalace malware bez varování!]]** * 08.03. 2022 - [[https://dirtypipe.cm4all.com/|The Dirty Pipe Vulnerability]] (zranitelnost Linux Kernel 5.8+) * 25.02. 2022 - **[[https://www.nukib.cz/download/uredni_deska/2022-02-25_varovani-final.pdf|Varování před hrozbou kybernetických útoků na strategické organizace v České republice]]** * 23.02. 2022 - [[https://www.mvcr.cz/clanek/ucinnejsi-boj-proti-internetove-kriminalite-policie-ma-novou-koncepci-k-potirani-trestnych-cinu-v-kyberprostoru.aspx|Policie má novou koncepci k potírání trestných činů v kyberprostoru]] /Účinnější boj proti internetové kriminalitě./ * 10.02. 2022 - [[cs:varovani:2022-02-hsoc-vrf|Informace o detekci a eliminaci anomálního provozu v hSOC-VRF - 02/2022]] * 08.02.2022 - **[[https://www.ic3.gov/Media/News/2022/220204.pdf|FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware]]** * 07.02.2022 - **[[https://thehackernews.com/2022/02/cisa-orders-federal-agencies-to-patch.html|CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability]]** (DUE DATE 2/18/2022) * 07.02.2022 - **[[https://www.cisa.gov/uscert/ncas/current-activity/2022/02/04/cisa-adds-one-known-exploited-vulnerability-catalog|CISA Adds One Known Exploited Vulnerability to Catalog]]** * 03.02.2022 - [[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D|Cisco Releases Security Updates for RV Series Routers]] * 02.02.2022 - [[https://alltech.news/cyber-security-news/samba-fruit-bug-allows-rce-full-root-user-access-63476|Samba ‘Fruit’ Bug Allows RCE, Full Root User Access]] (nová kritická RCE zranitelnost v Sambě ) * 02.02.2022 - [[https://alltech.news/cyber-security-news/dozens-of-security-flaws-discovered-in-uefi-firmware-used-by-several-vendors-63521|Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors]] (chyby ve firmwaru UEFI) * 28.01.2022 - **[[https://www.nukib.cz/cs/infoservis/hrozby/1796-upozorneni-na-zvysene-riziko-kyberspionazi-ci-ransomwarovych-utoku-proti-ceske-republice/|Upozornění na zvýšené riziko kyberšpionáží či ransom. útoků proti ČR]]** * 21.01.2022 - **[[https://www.nukib.cz/cs/infoservis/aktuality/1794-mesic-od-vydani-reaktivniho-opatreni-ke-zranitelnosti-log4shell-nukib-plosne-zneuzivani-v-cr-neeviduje-presto-obezretnost-zustava-na-miste/|Měsíc od vydání reaktivního opatření ke zranitelnosti Log4Shell]]** * 21.01.2022 - **[[https://tools.cisco.com/security/center/publicationListing.x|Cisco Security Advisories]]** (Patch for Critical RCE Vulnerability @ RCM,Snort Modbus,ConfD CLI...) * 20.01.2022 - **[[https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907|HTTP Protocol Stack Remote Code Execution Vulnerability]]** (CVSS 9.8/critical, **[[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21907|CVE-2022-21907]]**) * 20.01.2022 - **[[https://www.bleepingcomputer.com/news/microsoft/microsoft-solarwinds-fixes-serv-u-bug-exploited-for-log4j-attacks/|Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks]]** * 17.01.2022 - [[https://www.bleepingcomputer.com/news/security/microsoft-defender-weakness-lets-hackers-bypass-malware-detection/|Microsoft Defender weakness lets hackers bypass malware detection]] (‎slabina Defenderu-obejití detekce malware‎) * 13.01.2022 - **[[https://securitybrief.co.nz/story/gartner-explains-what-security-leaders-need-to-know-and-do-about-log4j|Gartner explains what security leaders need to know, and do, about Log4j]]** * 12.01.2022 - [[https://www.cgm.com/cze_cz/aktuality/articles/ze-sveta-cgm/technicka-porucha.html|Technická porucha, aktualizace 12.1.2022 "po tzv. ransomwarovém kriminálním útoku"]] (CGM, CompuGroup Medical) * 07.01.2022 - [[https://thehackernews.com/2022/01/nhs-warns-of-hackers-targeting-log4j.html|NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon]] * 05.01.2022 - [[https://thehackernews.com/2022/01/vmware-patches-important-bug-affecting.html|VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products]] * 03.01.2022 - [[https://9to5mac.com/2022/01/03/homekit-bug-reboot-bug-long-name/|This HomeKit bug could make your iPhone completely unusable...]]|[[https://www.msn.com/cs-cz/zpravy/other/z%C3%A1va%C5%BEn%C3%A1-bezpe%C4%8Dnostn%C3%AD-chyba-v-iphonech-zp%C5%AFsobuje-nepou%C5%BEitelnost-za%C5%99%C3%ADzen%C3%AD-a-zablokov%C3%A1n%C3%AD-p%C5%99%C3%ADstupu-k-dat%C5%AFm/ar-AASsWAa?li=BBOoSYl/|Závažná bezpečn. chyba v iPhonech]] (MSN) * ------------------------------------------------------------ 2021 --------------------------------------------------------- * 29.12.2021 - [[https://blog.lastpass.com/2021/12/unusual-attempted-login-activity-how-lastpass-protects-you/|Unusual Attempted Login Activity: How LastPass Protects You]] (No User Accounts Have Been Compromised) * 28.12.2021 - [[https://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html|New Apache Log4j Update Released to Patch Newly Discovered Vulnerability (CVE-2021-44832)]] * 27.12.2021 - [[https://www.checkpoint.com/defense/advisories/public/2021/cpai-2021-0912.html|High - ExifTool Remote Code Execution (CVE-2021-22204)]] * 27.12.2021 - [[https://www.checkpoint.com/defense/advisories/public/2021/cpai-2021-0946.html|Critical - Kaseya VSA Remote Code Execution (CVE-2021-30116)]] * 27.12.2021 - [[https://www.checkpoint.com/defense/advisories/public/2021/cpai-2021-0949.html|High - Victure WR1200 WiFi Router Command Injection (CVE-2021-43283)]] * 27.12.2021 - [[https://www.checkpoint.com/defense/advisories/public/2021/cpai-2021-0993.html|High - Schneider Electric Struxureware Data Center Expert Directory Traversal (CVE-2021-22794)]] * 27.12.2021 - **[[https://www.cgm.com/cze_cz/aktuality/articles/ze-sveta-cgm/technicka-porucha.html|Technická porucha - Aktualizace 27.12.2021 13:55CET]]** (CGM, CompuGroup Medical breach) * 26.12.2021 - [[https://www.checkpoint.com/defense/advisories/public/2021/cpai-2021-0936.html|Critical - Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)]] * 23.12.2021 - [[https://www.checkpoint.com/defense/advisories/public/2021/cpai-2020-3447.html|Critical - Tenda AC-10U AC1200 Router Denial of Service (CVE-2020-22079)‎]] * 22.12.2021 - [[https://www.bibliomedmanager.de/news/hacker-attackieren-compugroup-medical|‎‎Hackeři zaútočili na výrobce NIS/HIS Compugroup‎ ]] * 22.12.2021 - [[https://github.com/YfryTchsGD/Log4jAttackSurface|‎‎‎Log4jAttackSurface]] [[https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592|‎‎ BlueTeam CheatSheet *Log4Shell*]] * 22.12.2021 - [[https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/|‎‎4 Bugs in MS Teams Left Platform Vulnerable Since March]] * 22.12.2021 - **[[https://us-cert.cisa.gov/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities|Mitigating Log4Shell and Other Log4j-Related Vulnerabilities (CISA)]]** * 20.12.2021 - **[[https://csirt.cz/cs/kyberbezpecnost/aktualne-z-bezpecnosti/navazujici-zranitelnosti-log4j/|Navazující zranitelnosti Log4ju]]** * 20.12.2021 - **[[https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699|‎‎‎Windows Active Directory domain service privilege escalation vulnerability’]]** (SAM Name impersonation) * 17.12.2021 - [[https://businessinsights.bitdefender.com/log4shell-the-call-is-coming-from-inside-the-house|‎‎‎Log4Shell – The call is coming from inside the house]] (Bitdefender) * 15.12.2021 - [[https://gist.github.com/blotus/|‎‎‎Seznam IoC, které se pokouší ‎zneužít chybu zabezpečení v log4j‎ (blotus’s gists · GitHub)]] (publ. 15.12.2021) * 15.12.2021 - [[https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html|‎‎‎Druhá chyba zabezpečení protokolu Log4j (CVE-2021-45046) – vydána nová oprava‎]] (publ. 14.12.2021) * 15.12.2021 - [[https://www.eset.com/cz/o-nas/pro-novinare/tiskove-zpravy/eset-pokusy-o-zneuziti-zranitelnosti-log4j-jsou-na-celem-svete-podle-nasich-dat-je-cesko-osmou-nej/|ESET: Pokusy o zneužití Log4j jsou na celém světě, Česko je 8. nejvíce zasaženou zemí]] ESET * 15.12.2021 - [[https://www.lupa.cz/aktuality/nukib-vydal-reaktivni-opatreni-kvuli-zranitelnosti-log4j-siri-se-jak-pandemie|NÚKIB vydal reaktivní opatření kvůli zranitelnosti Log4j, šíří se jak pandemie]] (LUPA) + ESET doporučuje.... * 14.12.2021 - [[https://www.bleepingcomputer.com/news/security/new-ransomware-now-being-deployed-in-log4shell-attacks/|‎‎New ransomware now being deployed in Log4Shell attacks]] (publ. 14.12.2021) * 14.12.2021 - [[https://log4shell.huntress.com/|‎‎Log4Shell Vulnerability Tester]] (publ. 14.12.2021) * 14.12.2021 - [[https://github.com/NCSC-NL/log4shell|‎‎Log4j overview Detection rules and software]] * 14.12.2021 - [[https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/|‎‎Log4Shell: vysvětlení jak funguje, proč o něm vědět a jak jej opravit‎ (Sophos)‎‎]] (publ. 13.12.2021) * 13.12.2021 - [[https://logging.apache.org/log4j/2.x/security.html|‎‎Apache Log4j Security Vulnerabilities]] (publ. 13.12.2021) * 13.12.2021 - **[[https://www.nukib.cz/cs/infoservis/hrozby/1781-upozorneni-na-zranitelnost-apache-log4j-log4shell/|‎Kritická zranitelnost Apache Log4j - Log4Shell, stránky NÚKIB‎‎]]** (publ. 13.12.2021) * 10.12.2021 - **[[https://thehackernews.com/2021/12/over-300000-mikrotik-devices-found.html|‎Více než 300 000 zařízení MikroTik shledáno zranitelnými na chyby umožňující vzdálené převzetí‎‎]]** * 07.12.2021 - [[https://thehackernews.com/2021/12/solarwinds-hackers-targeting-government.html|Skupina Nobelium přes Solarwinds míří na vládní a obchodní subjekty po celém světě‎‎]] * 07.12.2021 - [[https://www.mandiant.com/resources/russian-targeting-gov-business|Aktivity skupin UNC3004&UNC2652 (Nobelium) přes Solarwinds v analýze společnosti MANDIANT‎]] * 06.12.2021 - [[https://support.hp.com/us-en/document/ish_5000383-5000409-16|Tiskárny řady HP LaserJet Enterprise zasaženy kritickou zranitelností: vektor útoku: škodlivý font]] * 06.12.2021 - [[https://exchange.xforce.ibmcloud.com/collection/SMSishing-Attempt-c38a52a1b2b59b5be73a9ad787fde9bc|Pozor na SMSky zdánlivě od přepravních služeb (SMishing)]] //(vyžadován IBM ID, registrace zdarma)// * 06.12.2021 - [[https://exchange.xforce.ibmcloud.com/collection/DHL-Squatting-Campaign-8cec9bc8883ccc97aa0506ddbaf4ef7b|Pozor na podvodné nabídky přepravních služeb, zneužita loga DHL:DHL Squatting]] //(pro přístup vyžadován IBM ID)// * 02.12.2021 - **[[https://techcrunch.com/2021/11/29/panasonic-data-breach/|Panasonic potvrdil narušení interní sítě hackery (publ. 29.11.2021)]]** * 19.11.2021 - [[https://nakedsecurity.sophos.com/2021/11/12/samba-update-patches-plaintext-passwork-plundering-problem/|Aktualizace Samba záplatuje problém s heslem v plaintextu (publ. 12.11.2021)]] * 10.11.2021 - [[https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/|Walking on APT31 infrastructure footprints (publ. 10.10.2021)]] * 09.11.2021 - **[[https://www.beckershospitalreview.com/cybersecurity/researchers-find-13-medical-device-vulnerabilities-potentially-capable-of-taking-hospitals-offline.html|Researchers find 13 medical device vulners potentially capable of taking hospitals offline]]** * 15.09.2021 - **[[https://www.olympus-europa.com/company/en/news/press-releases/2021-09-11t03-00-00/investigating-potential-cybersecurity-incident-affecting-limited-areas-of-our-emea-it-system.html|Potenciální bezpečnostní incident v Olympus EMEA (publ. 11.9.2021)]]**