Just nu utnyttjas namnet CERT-SE i en nätfiskekampanj.

CERT-SE kommunicerar med e-postadresser från domänen cert.se. Om du känner dig tveksam om ett mejl kommer från oss kan du ringa till CERT-SE på 010-240 40 40.

Är du osäker på vem som är avsändare kan du kryptera meddelanden med vår publika PGP-nyckel och skicka till oss. Det innebär att det bara är vi på cert.se som kan läsa ditt meddelande eftersom vi har den privata PGP-nyckeln. Du kan läsa mer på https://www.cert.se/pgp/.

CERT-SE tar gärna emot både teknisk och generell information från drabbade. Mejla till cert@cert.se och märk tydligt upp mejlet med ämnesraden [Nätfiske (avsändarens mejladress)].

Se CERT-SE:s temasida med generella råd gällande nätfiske: https://www.cert.se/tema/natfiske

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

VECKOBREV

Det nya året har tagit fart och så även nyhetsflödet. Vi vill passa på att tipsa om att CERT-SE, en del av Nationellt Cybersäkerhetscenter, söker nya medarbetare och nu senast en enhetschef till operativ incidentkoordinering. Välkommen med ansökan och sprid gärna vidare!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Interpol publishes first Silver Notice targeting criminal assets (10 jan)https://www.interpol.int/News-and-Events/News/2025/INTERPOL-publishes-first-Silver-Notice-targeting-criminal-assets

FBI-varningen: Använd inte SMS – så ska du tänka istället (11 jan)https://sverigesradio.se/artikel/fbi-varningen-anvand-inte-sms-sa-ska-du-tanka-istallet

ÖB Michael Claesson om misstänkta sabotagen i Östersjön: ”Det här är ett uppvaknande” (11 jan)https://www.sverigesradio.se/avsnitt/ob-michael-claesson-om-misstankta-sabotagen-i-ostersjon-det-har-ar-ett-uppvaknande

UK domain registry Nominet confirms breach via Ivanti zero-day (13 jan)https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/

Många vd:ar oroar sig för cyberspionage (13 jan)https://sverigesradio.se/artikel/manga-vdar-oroar-sig-for-cyberspionage

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details (13 jan)https://www.infosecurity-magazine.com/news/telefonica-breach-20000-employees

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location (13 jan)https://www.wired.com/story/gravy-location-data-app-leak-rtb/

Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers (14 jan)https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed

UK floats ransomware payout ban for public sector (14 jan)https://www.theregister.com/2025/01/14/uk_ransomware_payout_ban

UK-GOV: World-leading proposals to protect businesses from cybercrime (14 jan)https://www.gov.uk/government/news/world-leading-proposals-to-protect-businesses-from-cybercrime

Baltic Sea Cable Cuts Can’t Be Accident, EU Tech Chief Says (14 jan)https://www.bloomberg.com/news/articles/2025-01-14/baltic-sea-cables-damage-can-t-be-accident-eu-tech-chief-says

Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities (15 jan)https://www.ispreview.co.uk/index.php/2025/01/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html

Haveri i Göteborgs stads IT-system – känsliga uppgifter var åtkomliga för vem som helst (15 jan)https://www.svt.se/nyheter/lokalt/vast/haveri-i-goteborgs-stads-it-system-kansliga-uppgifter-var-atkomliga-for-vem-som-helst

EU-Kommissionen presenterar handlingsplan för att skydda hälso- och sjukvårdssektorn mot cyberattacker (15 jan)https://ec.europa.eu/commission/presscorner/detail/sv/ip_25_262

..

Frågor och svar om cybersäkerhet för sjukhus och vårdgivare (15 jan)https://ec.europa.eu/commission/presscorner/detail/sv/qanda_25_263

..

No new funding in EU plan to tackle ransomware attacks against hospitals (15 jan)https://therecord.media/ransomware-hospitals-european-commission-plan

Governments call for spyware regulations in UN Security Council meeting (15 jan)https://techcrunch.com/2025/01/15/governments-call-for-spyware-regulations-in-un-security-council-meeting/

Biden’s Last-Minute Cybersecurity Executive Order Raising Eyebrows (16 jan)https://www.forbes.com/sites/emilsayegh/2025/01/16/bidens-last-minute-cybersecurity-executive-order-raising-eyebrows/

Sportadmin ligger nere efter dataintrång: ”En extern angripare” (16 jan)https://www.gp.se/sport/sportadmin-ligger-nere-efter-dataintrang-en-extern-angripare.6f818b6b-970a-464e-a4f6-072c12e2f9af

..

Sportadmin om dataintrånget: Personuppgifter kan ha läckt (17 jan)https://www.tv4.se/artikel/4s9hBxDkCiKTaWoRmOwsFC/personuppgifter-kan-ha-laeckt-efter-dataintrang

Rapporter och analyser

Trend Micro: Information Stealer Masquerades as LDAPNightmare (9 jan)https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html

Checkpoint Threat Intelligence Report (13 jan)https://research.checkpoint.com/2025/13th-january-threat-intelligence-report/

Ransomware on ESXi: The Mechanization of Virtualized Attacks (13 jan)https://thehackernews.com/2025/01/ransomware-on-esxi-mechanization-of.html

Emerging FunkSec Ransomware Developed Using AI (13 jan)https://www.securityweek.com/emerging-funksec-ransomware-developed-using-ai/

FortiGuard Labs: Deep Dive Into a Linux Rootkit Malware (13 jan)https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks (14 jan)https://unit42.paloaltonetworks.com/graph-neural-networks

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored (14 jan)https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html

Google OAuth flaw lets attackers gain access to abandoned accounts (14 jan)https://www.bleepingcomputer.com/news/security/google-oauth-flaw-lets-attackers-gain-access-to-abandoned-accounts/

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (14 jan)https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 (16 jan)https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/

Researchers Warn of NTLMv1 Bypass in Active Directory Policy (17 jan)https://hackread.com/researchers-ntlmv1-bypass-active-directory-policy/

Informationssäkerhet och blandat

How Britain got its first internet connection – by the late pioneer who made it happen (8 jan)https://theconversation.com/how-britain-got-its-first-internet-connection-by-the-late-pioneer-who-made-it-happen-45404

Schneier on security: The First Password on the Internet (14 jan)https://www.schneier.com/blog/archives/2025/01/the-first-password-on-the-internet.html

CISA: AI Cybersecurity Collaboration Playbook (14 jan)https://cisa.gov/resources-tools/resources/ai-cybersecurity-collaboration-playbook

Bankföreningen: Stärk krishanteringen vid stora cyberangrepp (14 jan)https://www.financesweden.se/om-oss/aktuellt/aktuellt-fran-bankforeningen/stark-krishanteringen-vid-stora-cyberangrepp/

NCSC-UK: Passkeys – They’re not perfect but they’re getting better (15 jan)https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better

GDPR complaints filed against TikTok, Temu for sending user data to China (16 jan)https://www.bleepingcomputer.com/news/security/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china/

Apple pauses AI notification summaries for news after generating false alerts (16 jan)https://techcrunch.com/2025/01/16/apple-pauses-ai-notification-summaries-for-news-after-generating-false-alerts/

CISA: Closing the Software Understanding Gap (16 jan)https://www.cisa.gov/resources-tools/resources/closing-software-understanding-gap

How to delete Facebook, Messenger, or Instagram – if you want Meta out of your life (16 jan)https://www.zdnet.com/article/how-to-delete-facebook-messenger-or-instagram-if-you-want-meta-out-of-your-life/

35 years on: The history and evolution of ransomware (17 jan)https://www.techradar.com/pro/35-years-on-the-history-and-evolution-of-ransomware

Space companies say cyber threat intelligence is often overclassified, unactionable (17 dec)https://www.nextgov.com/cybersecurity/2025/01/space-companies-say-cyber-threat-intelligence-often-overclassified-unactionable/402274/

Guide: Running a Cyber Security Tabletop Exercisehttps://red-goat.com/the-complete-guide-to-running-a-table-top-exercise-2025/

Guide: Avoiding an infinite incident response cyclehttps://www.pwndefend.com/2025/01/17/avoiding-an-infinite-incident-response-cycle/

CERT-SE i veckan

CERT-SE:s namn används i nätfiskekampanj (17 jan)https://www.cert.se/2025/01/cert-se-i-natfiskekampanj.html

Säkerhetsbrister rättas i Unix/Linux-verktyget rsync (16 jan)https://www.cert.se/2025/01/sarbarheter-rattas-i-rsync.html

Ivanti rättar brister i Ivanti Endpoint Manager (16 jan)https://www.cert.se/2025/01/ivanti-rattar-brister-i-ivanti-endpoint-manager.html

Kritisk sårbarhet i FortiOS utnyttjas aktivt (15 jan)https://www.cert.se/2025/01/Kritisk-sarbarhet-i-FortiOS-utnyttjas-aktivt.html

Microsofts månatliga säkerhetsuppdateringar för januari 2025 (15 jan)https://www.cert.se/2025/01/microsofts-manatliga-sakerhetsuppdateringar-for-januari-2025.html

SAPs månatliga säkerhetsuppdateringar för januari 2025 (15 jan)https://www.cert.se/2025/01/saps-manatliga-sakerhetsuppdateringar-for-januari-2025.html

Kritisk sårbarhet i Ivanti Connect Secure, Policy Secure och ZTA Gateways (13 jan)https://www.cert.se/2025/01/kritisk-sarbarhet-ivanti-connect-secure-policy-secure-och-zta-gateways.html

VECKOBREV

CERT-SE:s veckobrev är tillbaka, och omfattar denna gång insamling från den 20 december och framåt. Årsskiftet bjuder som vanligt på diverse sammanfattningar av 2024, liksom framåtblickande analyser.

Från CERT-SE:s sida vill vi med detta veckobrev trycka lite extra på att ta del av NCSC:s nypublicerade rapport, Cybersäkerhet i Sverige 2024: https://www.ncsc.se/siteassets/publikationer/cybersakerhet-i-sverige-2024.pdf

Trevlig helg!

Nyheter

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts (26 dec)https://thehackernews.com/2024/12/brazilian-hacker-charged-for-extorting.html

Japan Airlines Was Hit by a Cyberattack, Delaying Flights During the Year-End Holiday Season (26 dec)https://www.securityweek.com/japan-airlines-was-hit-by-a-cyberattack-delaying-flights-during-the-year-end-holiday-season/

Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked (27 dec)https://cybersecuritynews.com/volkswagen-data-breach/

Cyber attack on Italy’s Foreign Ministry, airports claimed by pro-Russian hacker group (28 dec)https://www.reuters.com/technology/cybersecurity/cyber-attack-italys-foreign-ministry-airports-claimed-by-pro-russian-hacker-2024-12-28/

US Treasury Department breached through remote support platform (30 dec)https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents (31 dec)https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html

US Army soldier arrested in connection with AT&T, Verizon data breaches (31 dec)https://siliconangle.com/2024/12/31/us-army-soldier-arrested-connection-att-verizon-data-breaches/

US sanctions Russian and Iranian entities for interfering in presidential election (31 dec)https://therecord.media/2024-election-influence-operations-russia-iran-sanctions

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability (31 dec)https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/

The biggest cybersecurity and cyberattack stories of 2024 (1 jan)https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2024/

Krafttag mot telefonfusket: Stoppar 50 000 samtal per dag (2 jan)https://sverigesradio.se/artikel/telebolagen-gar-samman-for-att-hindra-nummerbedragarna

Hackers target dozens of VPN and AI extensions for Google Chrome to compromise data (2 jan)https://therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates

IT-attack visade på samhällets sårbarhet (4 jan)https://www.vasterbottningen.se/2025-01-04/it-attack-visade-pa-samhallets-sarbarhet-7b8ba

Is Your Car Spying on You? What It Means That Tesla Shared Data in the Las Vegas Explosion (6 jan)https://www.securityweek.com/is-your-car-spying-on-you-what-it-means-that-tesla-shared-data-in-the-las-vegas-explosion/

Salt Typhoon targets more US telecoms in widening attack campaign (7 jan)https://www.techmonitor.ai/technology/cybersecurity/salt-typhoon-targets-more-us-telecoms-widening-attack-campaign

Cyberattack i Spanien försenar de nya Krösatågen (9 jan)https://sverigesradio.se/artikel/cyberattack-i-spanien-forsenar-de-nya-krosatagen

Rapporter och födjupningar

Top 10 Identity Attacks in 2024: Protecting Credentials in a Digital World (27 dec)https://socradar.io/top-10-identity-attacks-in-2024-protecting-credentials/

These were the badly handled data breaches of 2024 (31 dec)https://techcrunch.com/2024/12/31/badly-handled-data-breaches-2024/

Cyber Threat Intelligence Review: Preparing for 2025 (1 jan)https://www.infosecurity-magazine.com/news-features/cyber-threat-intelligence-review/

FOI rapport: Rysslands cybersäkerhet sämre än väntat (1 jan)https://sverigesradio.se/artikel/rapport-rysslands-cybersakerhet-samre-an-vantat

NCSC-SE: Cybersäkerhet i Sverige 2024 (2 jan)https://www.ncsc.se/sv/aktuellt/cybersakerhet-i-sverige-2024/

Cybersecurity in 2025: A Look Back at 2024’s Biggest Cyber Attacks & Lessons for the Future (6 jan)https://socradar.io/cybersecurity-in-2025-2024s-biggest-cyber-attacks-lessons-for-future/

FBI varnar – svenska cyberexperten: ”Jag litar inte på några sms i dag” (3 jan)https://www.svt.se/nyheter/inrikes/fbi-varnar-svenska-cyberexperten-jag-litar-inte-pa-nagra-sms-i-dag

Säkerhet och AI – här är vad svenska cio:er pratar om i år (7 jan)https://computersweden.se/article/3630847/sakerhet-och-ai-har-ar-vad-svenska-cioer-pratar-om-i-ar.html

IoCs under the microscope: Enhancing cybersecurity through timely intelligence (7 jan)https://www.devdiscourse.com/article/technology/3210889-iocs-under-the-microscope-enhancing-cybersecurity-through-timely-intelligence

Informationssäkerhet och blandat

INTERPOL welcomes adoption of UN convention against cybercrime (23 dec)https://www.interpol.int/News-and-Events/News/2024/INTERPOL-welcomes-adoption-of-UN-convention-against-cybercrime

Kommuner försöker mota cyberattacker – men får inte in experter (26 dec)https://sverigesradio.se/artikel/kommuner-har-svart-att-locka-experter-pa-it-sakerhet

Då är Sverige i krig – cyberangrepp kan spela roll (28 dec)https://www.gp.se/nyheter/sverige/da-ar-sverige-i-krig-cyberangrepp-kan-spela-roll.9e656107-950f-4fd0-aacf-ca5860744df5

US govt launches cybersecurity safety label for smart devices (7 jan)https://www.bleepingcomputer.com/news/security/us-govt-launches-cybersecurity-safety-label-for-smart-devices/

IoCs under the microscope: Enhancing cybersecurity through timely intelligence (7 jan)https://betanews.com/2025/01/09/how-can-organizations-mitigate-the-security-risks-caused-by-human-error/

Nytt från CERT-SE

Microsofts månatliga säkerhetsuppdateringar för december 2024 (3 jan)https://www.cert.se2024/12/microsofts-manatliga-sakerhetsuppdateringar-for-december-2024.html

Kritisk sårbarhet i SonicWall SonicOS (8 jan)https://www.cert.se2025/01/kritisk-sarbarhet-i-sonicwall-sonicos.html

Kritisk sårbarhet i Ivanti Connect Secure, Policy Secure och ZTA Gatewayshttps://www.cert.se/2025/01/kritisk-sarbarhet-ivanti-connect-secure-policy-secure-och-zta-gateways.html

Kritisk sårbarhet i Mitel MiCollab (10 jan) (uppdaterad)https://www.cert.se/2024/12/kritisk-sarbarhet-i-mitel-micollab.html