{"id":26100,"date":"2023-04-05T12:46:17","date_gmt":"2023-04-05T10:46:17","guid":{"rendered":"https:\/\/kinit.sk\/security-news-march-2023\/"},"modified":"2023-04-05T12:55:27","modified_gmt":"2023-04-05T10:55:27","slug":"security-news-march-2023","status":"publish","type":"post","link":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/","title":{"rendered":"Security News &#8211; Marec 2023"},"content":{"rendered":"<div id=\"\" class=\"element core-paragraph\">\n<p>Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.&nbsp;<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-heading\">\n<h3 class=\"wp-block-heading\">Politika&nbsp;<\/h3>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>Americk\u00e1 vl\u00e1da zverejnila <a href=\"https:\/\/www.securityweek.com\/white-house-releases-national-cybersecurity-strategy\/\" target=\"_blank\" rel=\"noreferrer noopener\">N\u00e1rodn\u00fa kybernetick\u00fa strat\u00e9giu<\/a>. Ich snahou je povinn\u00e1 regul\u00e1cia pre dod\u00e1vate\u013eov kritickej infra\u0161trukt\u00fary. Strat\u00e9gia taktie\u017e d\u00e1va zelen\u00fa agres\u00edvnej\u0161iemu pr\u00edstupu \u201ehack-back\u201c pri jednan\u00ed so zahrani\u010dn\u00fdmi protivn\u00edkmi a akt\u00e9rmi ransomv\u00e9ru. Pl\u00e1nom je presun\u00fa\u0165 kybernetick\u00fa zodpovednos\u0165 na organiz\u00e1cie, ktor\u00e9 neboli schopn\u00e9 prija\u0165 prevent\u00edvne opatrenia na zabezpe\u010denie svojho softv\u00e9ru. Strat\u00e9gia je rozdelen\u00e1 na p\u00e4\u0165 z\u00e1kladn\u00fdch pilierov:<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-list\">\n<ol class=\"wp-block-list\"><div id=\"\" class=\"element core-list-item\">\n<li>Obrana kritickej infra\u0161trukt\u00fary<\/li>\n<\/div>\n\n<div id=\"\" class=\"element core-list-item\">\n<li>Naru\u0161enie a zlikvidovanie akt\u00e9rov hrozieb<\/li>\n<\/div>\n\n<div id=\"\" class=\"element core-list-item\">\n<li>Formulovanie trhovej sily na zv\u00fd\u0161enie bezpe\u010dnosti a odolnosti<\/li>\n<\/div>\n\n<div id=\"\" class=\"element core-list-item\">\n<li>Investovanie do bezpe\u010dnej bud\u00facnosti<\/li>\n<\/div>\n\n<div id=\"\" class=\"element core-list-item\">\n<li>Vytv\u00e1ranie medzin\u00e1rodn\u00fdch partnerstiev na dosiahnutie spolo\u010dn\u00fdch cie\u013eov<\/li>\n<\/div><\/ol>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.scmagazine.com\/analysis\/critical-infrastructure\/meet-apt43-the-group-that-hacks-spies-and-steals-for-north-koreas-ruling-elite\" target=\"_blank\" rel=\"noreferrer noopener\">Novoklasifikovan\u00e1 kyber\u0161pion\u00e1\u017ena APT skupina Kimsuky<\/a> (APT43) vyu\u017e\u00edva agres\u00edvnu taktiku soci\u00e1lneho in\u017einierstva. Zd\u00e1 sa, \u017ee t\u00e1to skupina najviac zoh\u013ead\u0148uje osobn\u00e9 a geopolitick\u00e9 ciele dikt\u00e1tora Kim Jong Una. Okrem \u0161pion\u00e1\u017enych aktiv\u00edt sa s\u00fastre\u010fuje aj na kr\u00e1de\u017ee kryptomien, ktor\u00e9 vyu\u017e\u00edva severok\u00f3rejsk\u00fd re\u017eim na obch\u00e1dzanie sankci\u00ed.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-heading\">\n<h3 class=\"wp-block-heading\">Vy\u0161etrovanie a v\u00fdskum<\/h3>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-marshals-service-investigating-ransomware-attack-data-theft\/\" target=\"_blank\" rel=\"noreferrer noopener\">U.S. Marshals Service vy\u0161etruje prienik do ich syst\u00e9mov<\/a>, odcudzenie d\u00e1t a ich n\u00e1sledn\u00e9 za\u0161ifrovanie. Odcudzen\u00e9 d\u00e1ta obsahovali aj osobn\u00e9 \u00fadaje zamestnancov a citliv\u00e9 pr\u00e1vne inform\u00e1cie (s\u00fadne konania, vy\u0161etrovan\u00e9 subjekty).<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/thehackernews.com\/2023\/02\/dutch-police-arrest-3-hackers-involved.html\" target=\"_blank\" rel=\"noreferrer noopener\">Holandsk\u00e1 pol\u00edcia zatkla troch \u013eud\u00ed<\/a>, ktor\u00ed boli zodpovedn\u00ed za kr\u00e1de\u017e osobn\u00fdch \u00fadajov desiatkam mili\u00f3nov os\u00f4b &#8211; men\u00e1, d\u00e1tumy narodenia, \u010d\u00edsla \u00fa\u010dtov, kreditn\u00fdch karie\u0165, EV\u010c a in\u00e9. Napriek tomu, \u017ee od firiem najprv \u017eiadali v\u00fdkupn\u00e9, tieto \u00fadaje po zaplaten\u00ed aj tak predali na darknete.&nbsp;<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>Spolo\u010dnos\u0165 Centric Health bola <a href=\"https:\/\/www.irishtimes.com\/business\/2023\/02\/24\/centric-health-fined-460000-over-2019-ransomware-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">pokutovan\u00e1 sumou 460 000 eur za ransomware \u00fatok<\/a> v roku 2019. \u00datok sa dotkol 70 000 pacientov, z toho 2 500 nen\u00e1vratne pri\u0161lo o svoje \u00fadaje (bez mo\u017enosti obnovenia zo z\u00e1lohy). Regul\u00e1tor zaznamenal kroky na rie\u0161enie situ\u00e1cie, ale niektor\u00e9 z nich e\u0161te preh\u013abili \u0161kody- napr\u00edklad vymazanie niektor\u00fdch inform\u00e1ci\u00ed z pevn\u00e9ho disku pred t\u00fdm, ne\u017e ich experti stihli analyzova\u0165.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>V\u00fdskumn\u00edci na\u0161li <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/booking-com-oauth-implementation-full-account-takeover\" target=\"_blank\" rel=\"noreferrer noopener\">zranite\u013enos\u0165 v OAuth implement\u00e1cii na Booking.com<\/a>. Zranite\u013enos\u0165 umo\u017e\u0148ovala prevzia\u0165 \u013eubovo\u013en\u00fd \u00fa\u010det, ktor\u00fd pou\u017e\u00edval na prihl\u00e1senie Facebook \u00fa\u010det. Taktie\u017e umo\u017enila z\u00edska\u0165 pr\u00edstup k ich osobn\u00fdm \u00fadajom, \u010di \u00fadajom o platobnej karte.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.darkreading.com\/ics-ot\/ev-charging-infrastructure-electric-cyberattack-opportunity\" target=\"_blank\" rel=\"noreferrer noopener\">Infra\u0161trukt\u00fara na nab\u00edjanie elektrovozidiel<\/a> je ve\u013emi n\u00e1chyln\u00e1 na kybernetick\u00e9 \u00fatoky. V\u00fdskumn\u00edci na\u0161li dve zranite\u013enosti v OCPP protokole. Tie umo\u017e\u0148uj\u00fa odopretie slu\u017eby a kr\u00e1de\u017e citliv\u00fdch inform\u00e1ci\u00ed. Idaho National Laboratory zistilo, \u017ee ka\u017ed\u00e1 skontrolovan\u00e1 nab\u00edjacia stanica obsahuje z\u00e1va\u017en\u00e9 chyby z oblasti kyberbezpe\u010dnosti &#8211; neaktu\u00e1lny opera\u010dn\u00fd syst\u00e9m,&nbsp; ve\u013ea slu\u017eieb s \u201croot\u201d opr\u00e1vneniami a in\u00e9.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>Namiesto z\u00edskania s\u00fadneho povolenia<a href=\"https:\/\/www.wired.com\/story\/fbi-purchase-location-data-wray-senate\/\" target=\"_blank\" rel=\"noreferrer noopener\"> zvolila FBI kontroverzn\u00fa taktiku<\/a> &#8211; zak\u00fapili si americk\u00e9 (USA) lokaliza\u010dn\u00e9 d\u00e1ta. D\u00e1ta boli zak\u00fapen\u00e9 od firiem, ktor\u00e9 ich zbieraj\u00fa za reklamn\u00fdmi \u00fa\u010delmi.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-finds-18-zero-day-vulnerabilities-in-samsung-exynos-chipsets\/\" target=\"_blank\" rel=\"noreferrer noopener\">Projekt Zero (Google) odhalil 18 zero-day zranite\u013enost\u00ed v chipsetoch Samsung Exynos<\/a> ur\u010den\u00fdch pre mobiln\u00e9 zariadenia, wearables a aut\u00e1. Na kompromit\u00e1ciu zariadenia sta\u010d\u00ed \u00fato\u010dn\u00edkom pozna\u0165 len telef\u00f3nne \u010d\u00edslo obete. V\u00fdrobcovia u\u017e maj\u00fa k dispoz\u00edci\u00ed aktualiz\u00e1cie. K\u00fdm sa v\u0161ak dostan\u00fa ku koncov\u00fdm pou\u017e\u00edvate\u013eom, tak to m\u00f4\u017ee e\u0161te trva\u0165. Pre zn\u00ed\u017eenie nebezpe\u010denstva \u00fatokov sa odpor\u00fa\u010da vypn\u00fa\u0165 Wi-Fi calling a Voice-over-LTE (VoLTE)<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fbi-ransomware-hit-860-critical-infrastructure-orgs-in-2022\/\" target=\"_blank\" rel=\"noreferrer noopener\">FBI zverejnila Internet Crime Report 2022<\/a>. Z neho vypl\u00fdva, \u017ee za posledn\u00fd rok boli ransomware gangy \u00faspe\u0161n\u00e9 v minim\u00e1lne 860 pr\u00edpadoch \u00fatokov na kritick\u00fa infra\u0161trukt\u00faru. Spr\u00e1va tie\u017e ukazuje, \u017ee najviac \u00faspe\u0161n\u00fdch \u00fatokov smerovalo do sektorov zdravotn\u00edctva a kritickej v\u00fdroby.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>Medzin\u00e1rodn\u00e1 policajn\u00e1 akcia pomohla <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chipmixer-platform-seized-for-laundering-ransomware-payments-drug-sales\/\" target=\"_blank\" rel=\"noreferrer noopener\">zastavi\u0165 oper\u00e1cie slu\u017eby ChipMixer na darkwebe. <\/a>Slu\u017eba sl\u00fa\u017ei ako mix\u00e9r kryptomien a vo ve\u013ekom ju pou\u017e\u00edvali hackeri, ransomware gangy a podvodn\u00edci, ktor\u00ed sa cez \u0148u sna\u017eili \u201cprepra\u0165\u201d svoje kryptomeny. Zaistili 7TB d\u00e1t a vy\u0161e 46 mili\u00f3nov dol\u00e1rov.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/compliance\/feds-fine-florida-childrens-health-insurance-site-2020-hack\" target=\"_blank\" rel=\"noreferrer noopener\">Spolo\u010dnos\u0165 Jelly Bean urovnala v USA spor v sume takmer 300 000 dol\u00e1rov<\/a>. V spore sa pojedn\u00e1valo o jednom z najv\u00e4\u010d\u0161\u00edch \u00fanikov d\u00e1t v zdravotn\u00edckom sektore, ktor\u00fd bol nahl\u00e1sen\u00fd v roku 2021 (Healthy Kids Corp.). Udelen\u00e1 pokuta bola za poru\u0161enie regul\u00e1cie HIPAA, z\u00e1mern\u00e9 a vedom\u00e9 nedodr\u017eiavanie \u0161tandardn\u00e9ho procesu \u00fad\u017eby a aktualiz\u00e1cie syst\u00e9mu. Toto viedlo k vzniku viacer\u00fdch zranite\u013enost\u00ed, ktor\u00e9 boli zneu\u017eit\u00e9 pri \u00fatoku.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/ransomware\/blackbaud-pays-3-million-misleading-disclosures-2020-ransomware-attack\" target=\"_blank\" rel=\"noreferrer noopener\">Americk\u00e1 spolo\u010dnos\u0165 Blackbaud zaplatila pokutu vo v\u00fd\u0161ke 3 mili\u00f3nov dol\u00e1rov<\/a>. Pokuta bola udelen\u00e1 za zav\u00e1dzaj\u00face inform\u00e1cie, ktor\u00e9 firma poskytla, ke\u010f sa stala ter\u010dom ransomware \u00fatoku. Napriek tomu, \u017ee spolo\u010dnos\u0165 zistila, \u017ee rozsah \u00fatoku bol v\u00e4\u010d\u0161\u00ed, ako p\u00f4vodne ozn\u00e1mila, neupravila svoje po\u010diato\u010dn\u00e9 vyjadrenie.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-heading\">\n<h3 class=\"wp-block-heading\">\u00datoky<\/h3>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.securityweek.com\/cyberattack-hits-major-hospital-in-spanish-city-of-barcelona\/\" target=\"_blank\" rel=\"noreferrer noopener\">Nemocnica v Barcelone sa stala ter\u010dom kybernetick\u00e9ho \u00fatoku<\/a>. Boli zru\u0161en\u00e9 v\u0161etky oper\u00e1cie, ktor\u00e9 neboli ak\u00fatne. 3000 pacientom museli presun\u00fa\u0165 vy\u0161etrenia na in\u00fd term\u00edn. Za \u00fatokom stoj\u00ed skupina Ransom House. N\u00e1sledkom \u00fatoku musela nemocnica znova zaznamen\u00e1va\u0165 dokument\u00e1ciu papierovou formou.&nbsp;<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/therecord.media\/brussels-hospital-cyberattack-belgium-saint-pierre\" target=\"_blank\" rel=\"noreferrer noopener\">Univerzitn\u00e1 nemocnica v Bruseli sa stala ter\u010dom \u00fatoku<\/a> a musela odpoji\u0165 v\u0161etky servery. Riadite\u013e nemocnice ocenil dobre vypracovan\u00fd n\u00fadzov\u00fd pl\u00e1n vo\u010di \u00fatokom, ktor\u00fd pomohol pomerne r\u00fdchlo obnovi\u0165 norm\u00e1lny chod nemocnice.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>Kalifornsk\u00e1 \u0161t\u00e1tna agent\u00fara HACLA, ktor\u00e1 poskytuje dostupn\u00e9 b\u00fdvanie pre n\u00edzkopr\u00edjmov\u00e9 skupiny, sa stala<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/la-housing-authority-discloses-data-breach-after-ransomware-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\"> ter\u010dom ransomware \u00fatoku<\/a>. \u00dato\u010dn\u00edci (LockBit) z\u00edskali pr\u00edstup k mno\u017estvu osobn\u00fd d\u00e1t (meno, social security number, \u010d\u00edsla pasov, vodi\u010dsk\u00fdch preukazov&#8230;), ktor\u00e9 n\u00e1sledne zverejnili na internete.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.hackread.com\/telegram-whatsapp-crypto-android-windows\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u00dato\u010dn\u00edci pou\u017e\u00edvaj\u00fa infikovan\u00e9 verzie aplik\u00e1ci\u00ed Telegram a WhatsApp<\/a> na z\u00edskanie pr\u00edstupov ku kryptope\u0148a\u017eenk\u00e1m a n\u00e1sledn\u00fdm kr\u00e1de\u017eiam prostriedkov (cez tzv. seed). V\u00fdskumn\u00edci z firmy Eset zistili, \u017ee na \u0161\u00edrenie pou\u017e\u00edvaj\u00fa Google Ads. Po kliknut\u00ed na reklamn\u00fd link presmeruj\u00fa pou\u017e\u00edvate\u013ea na str\u00e1nku s infikovan\u00fdmi aplik\u00e1ciami.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>Emotet malware vyu\u017e\u00edva na svoju distrib\u00faciu e-mailov\u00fa pr\u00edlohu <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/emotet-malware-now-distributed-in-microsoft-onenote-files-to-evade-defenses\/\" target=\"_blank\" rel=\"noreferrer noopener\">vo form\u00e1te Microsoft OneNote, aby sa vyhol detekcii<\/a> a infikoval v\u00e4\u010d\u0161ie mno\u017estvo cie\u013eov. Takto dok\u00e1\u017ee ob\u00eds\u0165 zabezpe\u010denie firmy Microsoft, ktor\u00e9 blokuje spustenie makier vo Worde a v Exceli.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nba-alerts-fans-of-a-data-breach-exposing-personal-information\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u0160portov\u00e1 asoci\u00e1cia NBA varovala svojich fan\u00fa\u0161ikov<\/a>, \u017ee niektor\u00e9 z ich osobn\u00fdch \u00fadajov mohli by\u0165 odcudzen\u00e9. Stalo sa tak potom, ako odcudzili \u00fadaje od ich dod\u00e1vate\u013ea newslettra. Fan\u00fa\u0161ikovia boli varovan\u00ed pred mo\u017en\u00fdmi phishingov\u00fdmi kampa\u0148ami.&nbsp;<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/security-researchers-targeted-with-new-malware-via-job-offers-on-linkedin\/\" target=\"_blank\" rel=\"noreferrer noopener\">V\u00fdskumn\u00edci v oblasti bezpe\u010dnosti s\u00fa cie\u013eom<\/a> novej malware kampane, ktor\u00e1 pon\u00faka pracovn\u00e9 poz\u00edcie cez LinkedIn. Op\u00e4tovne je z tohto typu kampane podozriv\u00e1 Severn\u00e1 K\u00f3rea (skupina UNC2970).&nbsp;<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-heading\">\n<h3 class=\"wp-block-heading\">Ostatn\u00e9<\/h3>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/devops\/easterly-tech-makers-safety-design\" target=\"_blank\" rel=\"noreferrer noopener\">Zodpovednos\u0165 za nezabezpe\u010denie softv\u00e9ru a hardv\u00e9ru <\/a>by mali miesto pou\u017e\u00edvate\u013eov prevzia\u0165 ich v\u00fdrobcovia. V USA sa o\u010dak\u00e1va zverejnenie strat\u00e9gie, ktor\u00e1 sa zameria na regul\u00e1ciu bezpe\u010dnosti zo strany v\u00fdrobcov. Druhou mo\u017enos\u0165ou je zv\u00fd\u0161enie n\u00e1rokov na dod\u00e1vate\u013eov pre vl\u00e1dne z\u00e1kazky.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>GitHub <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/github-s-secret-scanning-alerts-now-available-for-all-public-repos\/\" target=\"_blank\" rel=\"noreferrer noopener\">spr\u00edstupnil vyh\u013ead\u00e1vanie citliv\u00fdch inform\u00e1ci\u00ed pre svojich pou\u017e\u00edvate\u013eov<\/a> v repozit\u00e1roch, kde maj\u00fa admin\/owner pr\u00e1va. T\u00fdmto krokom je mo\u017en\u00e9 doh\u013eada\u0165 zabudnut\u00e9 API k\u013e\u00fa\u010de, hesl\u00e1 k \u00fa\u010dtom, autentifika\u010dn\u00e9 tokeny a in\u00e9 citliv\u00e9 d\u00e1ta, ktor\u00e9 by \u00fato\u010dn\u00edkom umo\u017enili pr\u00edstup k citliv\u00fdm \u00fadajom.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/github-makes-2fa-mandatory-next-week-for-active-developers\/\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub za\u010dal vy\u017eadova\u0165 od v\u00fdvoj\u00e1rov pou\u017e\u00edvaj\u00facich platformu povinn\u00fa dvojfaktorov\u00fa autentifik\u00e1ciu<\/a>. Tento krok by mal zv\u00fd\u0161i\u0165 bezpe\u010dnos\u0165 viac ako 100 mili\u00f3nov pou\u017e\u00edvate\u013eov. GitHub najsk\u00f4r za\u010dal s malou skupinou pou\u017e\u00edvate\u013eov, av\u0161ak do konca roka pl\u00e1nuje pokry\u0165 v\u0161etk\u00fdch.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p>Americk\u00e1 Environmental Protection Agency zmenila v\u00fdklad z\u00e1kona z roku 1974 tak, aby zv\u00fd\u0161ila <a href=\"https:\/\/www.scmagazine.com\/news\/critical-infrastructure\/epa-memo-pushes-states-to-include-cybersecurity-in-water-safety-reviews\" target=\"_blank\" rel=\"noreferrer noopener\">bezpe\u010dnos\u0165 kritickej infra\u0161trukt\u00fary<\/a>, ktor\u00e1 sl\u00fa\u017ei na dod\u00e1vky pitnej vody. Po novom bude s\u00fa\u010das\u0165ou auditov aj vplyv kybernetick\u00fdch incidentov na dod\u00e1vky pitnej vody.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/vulnerability-management\/cisa-scans-critical-infrastructure-bugs-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">Americk\u00e1 agent\u00fara CISA sp\u00fa\u0161\u0165a proakt\u00edvny program<\/a>, ktor\u00e9ho cie\u013eom je identifikova\u0165 tak\u00e9 zranite\u013enosti vo vl\u00e1dnych agent\u00farach, ktor\u00e9 m\u00f4\u017eu by\u0165 zneu\u017eit\u00e9 ransomware krimin\u00e1lnikmi. \u00dato\u010dn\u00edci \u010dasto na prienik do syst\u00e9mov zneu\u017e\u00edvaj\u00fa existuj\u00face a dobre zn\u00e1me zranite\u013enosti.&nbsp;<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/linux\/nordvpn-open-sources-its-linux-vpn-client-and-libraries\/\" target=\"_blank\" rel=\"noreferrer noopener\">Nord Security zverejnila zdrojov\u00e9 k\u00f3dy<\/a> k svojej Linux verzii klienta NordVPN. Spolo\u010dnos\u0165 si od tohto kroku s\u013eubuje zv\u00fd\u0161i\u0165 d\u00f4veru pou\u017e\u00edvate\u013eov v oblasti ochrany ich bezpe\u010dnosti a s\u00fakromia. Z\u00e1rove\u0148, open source komunita m\u00f4\u017ee pom\u00f4c\u0165 vylep\u0161i\u0165 u\u017e existuj\u00faci zdrojov\u00fd k\u00f3d.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/emerging-technology\/employees-are-entering-sensitive-business-data-into-chatgpt\" target=\"_blank\" rel=\"noreferrer noopener\">\u013dudia si neuvedomuj\u00fa<\/a>, \u017ee \u00fadaje, ktor\u00e9 zad\u00e1vaj\u00fa do ChatGPT sl\u00fa\u017eia na \u010fal\u0161ie tr\u00e9novanie a zlep\u0161ovanie syst\u00e9mu. \u010casto sa pri tom z poh\u013eadu firiem, kde t\u00edto \u013eudia pracuj\u00fa jedn\u00e1 o ve\u013emi citliv\u00e9 inform\u00e1cie. \u010eal\u0161ou hrozbou pre firmy a \u013eud\u00ed s\u00fa \u00fato\u010dn\u00edci, ktor\u00ed napodob\u0148uj\u00fa ChatGPT rozhranie a tak vedia z\u00edska\u0165 priamy pr\u00edstup k citliv\u00fdm \u00fadajom.<\/p>\n<\/div>\n\n<div id=\"\" class=\"element core-paragraph\">\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-earn-1-035-000-for-27-zero-days-exploited-at-pwn2own-vancouver\/\" target=\"_blank\" rel=\"noreferrer noopener\">S\u00fa\u0165a\u017e Pwn2Own<\/a> sa konala s cie\u013eom identifikova\u0165 nezn\u00e1me bezpe\u010dnostn\u00e9 zranite\u013enosti. \u00da\u010dastn\u00edci za n\u00e1jdenie 27 nezn\u00e1mych zranite\u013enost\u00ed z\u00edskali viac ako mili\u00f3n dol\u00e1rov a Tesla Model 3. Cie\u013eom bezpe\u010dnostn\u00fdch expertov boli Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox a Tesla Model 3.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.&nbsp; Politika&nbsp; Americk\u00e1 vl\u00e1da zverejnila&#8230;<\/p>\n","protected":false},"author":26,"featured_media":26093,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[88,142],"tags":[94,405,423],"class_list":["post-26100","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pop-science-sk","category-2023-sk","tag-security-news-sk","tag-cybersecurity-sk","tag-cyber-attacks-sk"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security News - Marec 2023 - KInIT<\/title>\n<meta name=\"description\" content=\"Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kinit.sk\/sk\/security-news-march-2023\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security News - Marec 2023 - KInIT\" \/>\n<meta property=\"og:description\" content=\"Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kinit.sk\/sk\/security-news-march-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"KInIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-05T10:46:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-05T10:55:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kinit.sk\/wp-content\/uploads\/2023\/04\/March-Web.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"754\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Marianna Palkova\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@kinit\" \/>\n<meta name=\"twitter:site\" content=\"@kinit\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marianna Palkova\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 min\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/\"},\"author\":{\"name\":\"Marianna Palkova\",\"@id\":\"https:\\\/\\\/kinit.sk\\\/#\\\/schema\\\/person\\\/8b175aaaf3267b5bbbbb97e4a6db8cea\"},\"headline\":\"Security News &#8211; Marec 2023\",\"datePublished\":\"2023-04-05T10:46:17+00:00\",\"dateModified\":\"2023-04-05T10:55:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/\"},\"wordCount\":1642,\"image\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kinit.sk\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/March-Web.png\",\"keywords\":[\"security news\",\"cybersecurity\",\"cyber attacks\"],\"articleSection\":[\"Pop science\",\"2023\"],\"inLanguage\":\"sk-SK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/\",\"url\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/\",\"name\":\"Security News - Marec 2023 - KInIT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kinit.sk\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/March-Web.png\",\"datePublished\":\"2023-04-05T10:46:17+00:00\",\"dateModified\":\"2023-04-05T10:55:27+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/#\\\/schema\\\/person\\\/8b175aaaf3267b5bbbbb97e4a6db8cea\"},\"description\":\"Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kinit.sk\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/March-Web.png\",\"contentUrl\":\"https:\\\/\\\/kinit.sk\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/March-Web.png\",\"width\":1440,\"height\":754},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/security-news-march-2023\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pop science\",\"item\":\"https:\\\/\\\/kinit.sk\\\/sk\\\/category\\\/pop-science-sk\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security News &#8211; Marec 2023\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kinit.sk\\\/#website\",\"url\":\"https:\\\/\\\/kinit.sk\\\/\",\"name\":\"KInIT\",\"description\":\"Vyu\u017e\u00edvame v\u00fdskum pre \u013eud\u00ed a priemysel\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kinit.sk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kinit.sk\\\/#\\\/schema\\\/person\\\/8b175aaaf3267b5bbbbb97e4a6db8cea\",\"name\":\"Marianna Palkova\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security News - Marec 2023 - KInIT","description":"Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/","og_locale":"sk_SK","og_type":"article","og_title":"Security News - Marec 2023 - KInIT","og_description":"Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.\u00a0","og_url":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/","og_site_name":"KInIT","article_published_time":"2023-04-05T10:46:17+00:00","article_modified_time":"2023-04-05T10:55:27+00:00","og_image":[{"width":1440,"height":754,"url":"https:\/\/kinit.sk\/wp-content\/uploads\/2023\/04\/March-Web.png","type":"image\/png"}],"author":"Marianna Palkova","twitter_card":"summary_large_image","twitter_creator":"@kinit","twitter_site":"@kinit","twitter_misc":{"Autor":"Marianna Palkova","Predpokladan\u00fd \u010das \u010d\u00edtania":"6 min\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/#article","isPartOf":{"@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/"},"author":{"name":"Marianna Palkova","@id":"https:\/\/kinit.sk\/#\/schema\/person\/8b175aaaf3267b5bbbbb97e4a6db8cea"},"headline":"Security News &#8211; Marec 2023","datePublished":"2023-04-05T10:46:17+00:00","dateModified":"2023-04-05T10:55:27+00:00","mainEntityOfPage":{"@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/"},"wordCount":1642,"image":{"@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/kinit.sk\/wp-content\/uploads\/2023\/04\/March-Web.png","keywords":["security news","cybersecurity","cyber attacks"],"articleSection":["Pop science","2023"],"inLanguage":"sk-SK"},{"@type":"WebPage","@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/","url":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/","name":"Security News - Marec 2023 - KInIT","isPartOf":{"@id":"https:\/\/kinit.sk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/#primaryimage"},"image":{"@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/kinit.sk\/wp-content\/uploads\/2023\/04\/March-Web.png","datePublished":"2023-04-05T10:46:17+00:00","dateModified":"2023-04-05T10:55:27+00:00","author":{"@id":"https:\/\/kinit.sk\/#\/schema\/person\/8b175aaaf3267b5bbbbb97e4a6db8cea"},"description":"Pre\u010d\u00edtajte si preh\u013ead noviniek z oblasti kybernetickej bezpe\u010dnosti za marec 2023. Ka\u017ed\u00fd mesiac v\u00e1m budeme prin\u00e1\u0161a\u0165 bezpe\u010dnostn\u00e9 pr\u00edpady a zauj\u00edmavosti, ktor\u00e9 v\u00e1m pom\u00f4\u017eu zosta\u0165 v bezpe\u010d\u00ed.\u00a0","breadcrumb":{"@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kinit.sk\/sk\/security-news-march-2023\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/#primaryimage","url":"https:\/\/kinit.sk\/wp-content\/uploads\/2023\/04\/March-Web.png","contentUrl":"https:\/\/kinit.sk\/wp-content\/uploads\/2023\/04\/March-Web.png","width":1440,"height":754},{"@type":"BreadcrumbList","@id":"https:\/\/kinit.sk\/sk\/security-news-march-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kinit.sk\/sk\/"},{"@type":"ListItem","position":2,"name":"Pop science","item":"https:\/\/kinit.sk\/sk\/category\/pop-science-sk\/"},{"@type":"ListItem","position":3,"name":"Security News &#8211; Marec 2023"}]},{"@type":"WebSite","@id":"https:\/\/kinit.sk\/#website","url":"https:\/\/kinit.sk\/","name":"KInIT","description":"Vyu\u017e\u00edvame v\u00fdskum pre \u013eud\u00ed a priemysel","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kinit.sk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Person","@id":"https:\/\/kinit.sk\/#\/schema\/person\/8b175aaaf3267b5bbbbb97e4a6db8cea","name":"Marianna Palkova"}]}},"_links":{"self":[{"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/posts\/26100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/comments?post=26100"}],"version-history":[{"count":3,"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/posts\/26100\/revisions"}],"predecessor-version":[{"id":26105,"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/posts\/26100\/revisions\/26105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/media\/26093"}],"wp:attachment":[{"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/media?parent=26100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/categories?post=26100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kinit.sk\/sk\/wp-json\/wp\/v2\/tags?post=26100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}