Just nu utnyttjas namnet CERT-SE i en nätfiskekampanj.

CERT-SE kommunicerar med e-postadresser från domänen cert.se. Om du känner dig tveksam om ett mejl kommer från oss kan du ringa till CERT-SE på 010-240 40 40.

Är du osäker på vem som är avsändare kan du kryptera meddelanden med vår publika PGP-nyckel och skicka till oss. Det innebär att det bara är vi på cert.se som kan läsa ditt meddelande eftersom vi har den privata PGP-nyckeln. Du kan läsa mer på https://www.cert.se/pgp/.

CERT-SE tar gärna emot både teknisk och generell information från drabbade. Mejla till cert@cert.se och märk tydligt upp mejlet med ämnesraden [Nätfiske (avsändarens mejladress)].

Se CERT-SE:s temasida med generella råd gällande nätfiske: https://www.cert.se/tema/natfiske

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

VECKOBREV

Det nya året har tagit fart och så även nyhetsflödet. Vi vill passa på att tipsa om att CERT-SE, en del av Nationellt Cybersäkerhetscenter, söker nya medarbetare och nu senast en enhetschef till operativ incidentkoordinering. Välkommen med ansökan och sprid gärna vidare!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Interpol publishes first Silver Notice targeting criminal assets (10 jan)https://www.interpol.int/News-and-Events/News/2025/INTERPOL-publishes-first-Silver-Notice-targeting-criminal-assets

FBI-varningen: Använd inte SMS – så ska du tänka istället (11 jan)https://sverigesradio.se/artikel/fbi-varningen-anvand-inte-sms-sa-ska-du-tanka-istallet

ÖB Michael Claesson om misstänkta sabotagen i Östersjön: ”Det här är ett uppvaknande” (11 jan)https://www.sverigesradio.se/avsnitt/ob-michael-claesson-om-misstankta-sabotagen-i-ostersjon-det-har-ar-ett-uppvaknande

UK domain registry Nominet confirms breach via Ivanti zero-day (13 jan)https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/

Många vd:ar oroar sig för cyberspionage (13 jan)https://sverigesradio.se/artikel/manga-vdar-oroar-sig-for-cyberspionage

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details (13 jan)https://www.infosecurity-magazine.com/news/telefonica-breach-20000-employees

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location (13 jan)https://www.wired.com/story/gravy-location-data-app-leak-rtb/

Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers (14 jan)https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed

UK floats ransomware payout ban for public sector (14 jan)https://www.theregister.com/2025/01/14/uk_ransomware_payout_ban

UK-GOV: World-leading proposals to protect businesses from cybercrime (14 jan)https://www.gov.uk/government/news/world-leading-proposals-to-protect-businesses-from-cybercrime

Baltic Sea Cable Cuts Can’t Be Accident, EU Tech Chief Says (14 jan)https://www.bloomberg.com/news/articles/2025-01-14/baltic-sea-cables-damage-can-t-be-accident-eu-tech-chief-says

Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities (15 jan)https://www.ispreview.co.uk/index.php/2025/01/millions-of-vpn-servers-and-routers-exposed-to-new-tunnelling-protocol-vulnerabilities.html

Haveri i Göteborgs stads IT-system – känsliga uppgifter var åtkomliga för vem som helst (15 jan)https://www.svt.se/nyheter/lokalt/vast/haveri-i-goteborgs-stads-it-system-kansliga-uppgifter-var-atkomliga-for-vem-som-helst

EU-Kommissionen presenterar handlingsplan för att skydda hälso- och sjukvårdssektorn mot cyberattacker (15 jan)https://ec.europa.eu/commission/presscorner/detail/sv/ip_25_262

..

Frågor och svar om cybersäkerhet för sjukhus och vårdgivare (15 jan)https://ec.europa.eu/commission/presscorner/detail/sv/qanda_25_263

..

No new funding in EU plan to tackle ransomware attacks against hospitals (15 jan)https://therecord.media/ransomware-hospitals-european-commission-plan

Governments call for spyware regulations in UN Security Council meeting (15 jan)https://techcrunch.com/2025/01/15/governments-call-for-spyware-regulations-in-un-security-council-meeting/

Biden’s Last-Minute Cybersecurity Executive Order Raising Eyebrows (16 jan)https://www.forbes.com/sites/emilsayegh/2025/01/16/bidens-last-minute-cybersecurity-executive-order-raising-eyebrows/

Sportadmin ligger nere efter dataintrång: ”En extern angripare” (16 jan)https://www.gp.se/sport/sportadmin-ligger-nere-efter-dataintrang-en-extern-angripare.6f818b6b-970a-464e-a4f6-072c12e2f9af

..

Sportadmin om dataintrånget: Personuppgifter kan ha läckt (17 jan)https://www.tv4.se/artikel/4s9hBxDkCiKTaWoRmOwsFC/personuppgifter-kan-ha-laeckt-efter-dataintrang

Rapporter och analyser

Trend Micro: Information Stealer Masquerades as LDAPNightmare (9 jan)https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html

Checkpoint Threat Intelligence Report (13 jan)https://research.checkpoint.com/2025/13th-january-threat-intelligence-report/

Ransomware on ESXi: The Mechanization of Virtualized Attacks (13 jan)https://thehackernews.com/2025/01/ransomware-on-esxi-mechanization-of.html

Emerging FunkSec Ransomware Developed Using AI (13 jan)https://www.securityweek.com/emerging-funksec-ransomware-developed-using-ai/

FortiGuard Labs: Deep Dive Into a Linux Rootkit Malware (13 jan)https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks (14 jan)https://unit42.paloaltonetworks.com/graph-neural-networks

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored (14 jan)https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html

Google OAuth flaw lets attackers gain access to abandoned accounts (14 jan)https://www.bleepingcomputer.com/news/security/google-oauth-flaw-lets-attackers-gain-access-to-abandoned-accounts/

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (14 jan)https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 (16 jan)https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/

Researchers Warn of NTLMv1 Bypass in Active Directory Policy (17 jan)https://hackread.com/researchers-ntlmv1-bypass-active-directory-policy/

Informationssäkerhet och blandat

How Britain got its first internet connection – by the late pioneer who made it happen (8 jan)https://theconversation.com/how-britain-got-its-first-internet-connection-by-the-late-pioneer-who-made-it-happen-45404

Schneier on security: The First Password on the Internet (14 jan)https://www.schneier.com/blog/archives/2025/01/the-first-password-on-the-internet.html

CISA: AI Cybersecurity Collaboration Playbook (14 jan)https://cisa.gov/resources-tools/resources/ai-cybersecurity-collaboration-playbook

Bankföreningen: Stärk krishanteringen vid stora cyberangrepp (14 jan)https://www.financesweden.se/om-oss/aktuellt/aktuellt-fran-bankforeningen/stark-krishanteringen-vid-stora-cyberangrepp/

NCSC-UK: Passkeys – They’re not perfect but they’re getting better (15 jan)https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better

GDPR complaints filed against TikTok, Temu for sending user data to China (16 jan)https://www.bleepingcomputer.com/news/security/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china/

Apple pauses AI notification summaries for news after generating false alerts (16 jan)https://techcrunch.com/2025/01/16/apple-pauses-ai-notification-summaries-for-news-after-generating-false-alerts/

CISA: Closing the Software Understanding Gap (16 jan)https://www.cisa.gov/resources-tools/resources/closing-software-understanding-gap

How to delete Facebook, Messenger, or Instagram – if you want Meta out of your life (16 jan)https://www.zdnet.com/article/how-to-delete-facebook-messenger-or-instagram-if-you-want-meta-out-of-your-life/

35 years on: The history and evolution of ransomware (17 jan)https://www.techradar.com/pro/35-years-on-the-history-and-evolution-of-ransomware

Space companies say cyber threat intelligence is often overclassified, unactionable (17 dec)https://www.nextgov.com/cybersecurity/2025/01/space-companies-say-cyber-threat-intelligence-often-overclassified-unactionable/402274/

Guide: Running a Cyber Security Tabletop Exercisehttps://red-goat.com/the-complete-guide-to-running-a-table-top-exercise-2025/

Guide: Avoiding an infinite incident response cyclehttps://www.pwndefend.com/2025/01/17/avoiding-an-infinite-incident-response-cycle/

CERT-SE i veckan

CERT-SE:s namn används i nätfiskekampanj (17 jan)https://www.cert.se/2025/01/cert-se-i-natfiskekampanj.html

Säkerhetsbrister rättas i Unix/Linux-verktyget rsync (16 jan)https://www.cert.se/2025/01/sarbarheter-rattas-i-rsync.html

Ivanti rättar brister i Ivanti Endpoint Manager (16 jan)https://www.cert.se/2025/01/ivanti-rattar-brister-i-ivanti-endpoint-manager.html

Kritisk sårbarhet i FortiOS utnyttjas aktivt (15 jan)https://www.cert.se/2025/01/Kritisk-sarbarhet-i-FortiOS-utnyttjas-aktivt.html

Microsofts månatliga säkerhetsuppdateringar för januari 2025 (15 jan)https://www.cert.se/2025/01/microsofts-manatliga-sakerhetsuppdateringar-for-januari-2025.html

SAPs månatliga säkerhetsuppdateringar för januari 2025 (15 jan)https://www.cert.se/2025/01/saps-manatliga-sakerhetsuppdateringar-for-januari-2025.html

Kritisk sårbarhet i Ivanti Connect Secure, Policy Secure och ZTA Gateways (13 jan)https://www.cert.se/2025/01/kritisk-sarbarhet-ivanti-connect-secure-policy-secure-och-zta-gateways.html

VECKOBREV

CERT-SE:s veckobrev är tillbaka, och omfattar denna gång insamling från den 20 december och framåt. Årsskiftet bjuder som vanligt på diverse sammanfattningar av 2024, liksom framåtblickande analyser.

Från CERT-SE:s sida vill vi med detta veckobrev trycka lite extra på att ta del av NCSC:s nypublicerade rapport, Cybersäkerhet i Sverige 2024: https://www.ncsc.se/siteassets/publikationer/cybersakerhet-i-sverige-2024.pdf

Trevlig helg!

Nyheter

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts (26 dec)https://thehackernews.com/2024/12/brazilian-hacker-charged-for-extorting.html

Japan Airlines Was Hit by a Cyberattack, Delaying Flights During the Year-End Holiday Season (26 dec)https://www.securityweek.com/japan-airlines-was-hit-by-a-cyberattack-delaying-flights-during-the-year-end-holiday-season/

Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked (27 dec)https://cybersecuritynews.com/volkswagen-data-breach/

Cyber attack on Italy’s Foreign Ministry, airports claimed by pro-Russian hacker group (28 dec)https://www.reuters.com/technology/cybersecurity/cyber-attack-italys-foreign-ministry-airports-claimed-by-pro-russian-hacker-2024-12-28/

US Treasury Department breached through remote support platform (30 dec)https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents (31 dec)https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html

US Army soldier arrested in connection with AT&T, Verizon data breaches (31 dec)https://siliconangle.com/2024/12/31/us-army-soldier-arrested-connection-att-verizon-data-breaches/

US sanctions Russian and Iranian entities for interfering in presidential election (31 dec)https://therecord.media/2024-election-influence-operations-russia-iran-sanctions

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability (31 dec)https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/

The biggest cybersecurity and cyberattack stories of 2024 (1 jan)https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2024/

Krafttag mot telefonfusket: Stoppar 50 000 samtal per dag (2 jan)https://sverigesradio.se/artikel/telebolagen-gar-samman-for-att-hindra-nummerbedragarna

Hackers target dozens of VPN and AI extensions for Google Chrome to compromise data (2 jan)https://therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates

IT-attack visade på samhällets sårbarhet (4 jan)https://www.vasterbottningen.se/2025-01-04/it-attack-visade-pa-samhallets-sarbarhet-7b8ba

Is Your Car Spying on You? What It Means That Tesla Shared Data in the Las Vegas Explosion (6 jan)https://www.securityweek.com/is-your-car-spying-on-you-what-it-means-that-tesla-shared-data-in-the-las-vegas-explosion/

Salt Typhoon targets more US telecoms in widening attack campaign (7 jan)https://www.techmonitor.ai/technology/cybersecurity/salt-typhoon-targets-more-us-telecoms-widening-attack-campaign

Cyberattack i Spanien försenar de nya Krösatågen (9 jan)https://sverigesradio.se/artikel/cyberattack-i-spanien-forsenar-de-nya-krosatagen

Rapporter och födjupningar

Top 10 Identity Attacks in 2024: Protecting Credentials in a Digital World (27 dec)https://socradar.io/top-10-identity-attacks-in-2024-protecting-credentials/

These were the badly handled data breaches of 2024 (31 dec)https://techcrunch.com/2024/12/31/badly-handled-data-breaches-2024/

Cyber Threat Intelligence Review: Preparing for 2025 (1 jan)https://www.infosecurity-magazine.com/news-features/cyber-threat-intelligence-review/

FOI rapport: Rysslands cybersäkerhet sämre än väntat (1 jan)https://sverigesradio.se/artikel/rapport-rysslands-cybersakerhet-samre-an-vantat

NCSC-SE: Cybersäkerhet i Sverige 2024 (2 jan)https://www.ncsc.se/sv/aktuellt/cybersakerhet-i-sverige-2024/

Cybersecurity in 2025: A Look Back at 2024’s Biggest Cyber Attacks & Lessons for the Future (6 jan)https://socradar.io/cybersecurity-in-2025-2024s-biggest-cyber-attacks-lessons-for-future/

FBI varnar – svenska cyberexperten: ”Jag litar inte på några sms i dag” (3 jan)https://www.svt.se/nyheter/inrikes/fbi-varnar-svenska-cyberexperten-jag-litar-inte-pa-nagra-sms-i-dag

Säkerhet och AI – här är vad svenska cio:er pratar om i år (7 jan)https://computersweden.se/article/3630847/sakerhet-och-ai-har-ar-vad-svenska-cioer-pratar-om-i-ar.html

IoCs under the microscope: Enhancing cybersecurity through timely intelligence (7 jan)https://www.devdiscourse.com/article/technology/3210889-iocs-under-the-microscope-enhancing-cybersecurity-through-timely-intelligence

Informationssäkerhet och blandat

INTERPOL welcomes adoption of UN convention against cybercrime (23 dec)https://www.interpol.int/News-and-Events/News/2024/INTERPOL-welcomes-adoption-of-UN-convention-against-cybercrime

Kommuner försöker mota cyberattacker – men får inte in experter (26 dec)https://sverigesradio.se/artikel/kommuner-har-svart-att-locka-experter-pa-it-sakerhet

Då är Sverige i krig – cyberangrepp kan spela roll (28 dec)https://www.gp.se/nyheter/sverige/da-ar-sverige-i-krig-cyberangrepp-kan-spela-roll.9e656107-950f-4fd0-aacf-ca5860744df5

US govt launches cybersecurity safety label for smart devices (7 jan)https://www.bleepingcomputer.com/news/security/us-govt-launches-cybersecurity-safety-label-for-smart-devices/

IoCs under the microscope: Enhancing cybersecurity through timely intelligence (7 jan)https://betanews.com/2025/01/09/how-can-organizations-mitigate-the-security-risks-caused-by-human-error/

Nytt från CERT-SE

Microsofts månatliga säkerhetsuppdateringar för december 2024 (3 jan)https://www.cert.se2024/12/microsofts-manatliga-sakerhetsuppdateringar-for-december-2024.html

Kritisk sårbarhet i SonicWall SonicOS (8 jan)https://www.cert.se2025/01/kritisk-sarbarhet-i-sonicwall-sonicos.html

Kritisk sårbarhet i Ivanti Connect Secure, Policy Secure och ZTA Gatewayshttps://www.cert.se/2025/01/kritisk-sarbarhet-ivanti-connect-secure-policy-secure-och-zta-gateways.html

Kritisk sårbarhet i Mitel MiCollab (10 jan) (uppdaterad)https://www.cert.se/2024/12/kritisk-sarbarhet-i-mitel-micollab.html

Uppdaterad: 2024-12-27; kl 22.22

Under torsdagen ledde ett fel till totalt tågstopp i hela Norge. Ett stopp som pågick stora delar av torsdagsdygnet. Nu säger Bane-Nors koncernchef att orsaken bakom att alla tåg stod stilla inte kan ha berott på en cyberattack av en utländsk aktör.

Enligt koncernchefen har man också kunnat utesluta fel i mjukvaruuppdateringar. Däremot har man hittat problem med brandväggarna som ska skydda IT-infrastrukturen mot angrepp.

Bolaget har fått omfattande kritik av bla norska SJ som nu kräver en oberoende extern utredning.

Rättelse: I en tidigare version av texten skrev vi felaktigt att tågstoppet berodde på en cyberattack.

Bane-Nor misstänker cyberattack – NRK.no

VECKOBREV

I julrush med socker och klappjakt, ägna en stund åt ditt säkerhetstänk. E-post från betrodd kollega, kan innehålla en till synes legitim länk.

Detta kan dock vara en cyberskurk, som skadlig kod skickar för att komma in i din burk. Så innan ni hastigt klickar, se till att ni på avsändaren och säkerhetsråd blickar.

Läs gärna CERT-SE:s tips och råd om nätfiske: https://www.cert.se/tema/natfiske/

Veckobrevet tar nu uppehåll till den 10 januari, men CERT-SE finns alltid tillgängliga för råd och stöd.

God jul och gott nytt år önskar CERT-SE!

Nyheter i veckan

NCSC-SE deltog i Cyber Coalition – stärkt samverkan inom cyberförsvaret (13 dec)https://www.ncsc.se/sv/aktuellt/ncsc-deltog-i-cyber-coalition/

Superavancerat nätfiske oroar – vanlig åtgärd hjälper inte (13 dec)https://sverigesradio.se/artikel/superavancerat-natfiske-oroar-vanlig-atgard-hjalper-inte

Germany cuts hacker access to 30,000 devices infected with BadBox malware (13 dec)https://therecord.media/germany-hacker-access-malware-cut

Malicious ad distributes SocGholish malware to Kaiser Permanente employees (15 dec)https://www.malwarebytes.com/blog/news/2024/12/malicious-ad-distributes-socgholish-malware-to-kaiser-permanente-employees

Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise (16 dec)https://securityaffairs.com/172024/hacking/volkswagen-group-infotainment-unit-flaws.html

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (16 dec)https://www.bleepingcomputer.com/news/security/fbi-spots-hiatusrat-malware-attacks-targeting-web-cameras-dvrs..

HiatusRAT Actors Targeting Web Cameras and DVRs (16 dec)https://www.ic3.gov/CSA/2024/241216.pdf

Hackers Exploiting Microsoft Teams to Gain Remote Access to User’s System (16 dec)https://cybersecuritynews.com/microsoft-teams-to-gain-remote-access

Androidtelefoner med skadlig kod kan ha sålts i Europa (16 dec)https://omni.se/androidtelefoner-med-skadlig-kod-kan-ha-salts-i-europa/a/VzegQ6

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (16 dec)https://www.bleepingcomputer.com/news/security/fbi-spots-hiatusrat-malware-attacks-targeting-web-cameras-dvrs/

Rhode Island governor warns residents of cyberattack on state benefits system (16 dec)https://therecord.media/rhode-island-governor-cyberattack-benefits

Texas Tech University System data breach impacts 1.4 million patients (16 dec)https://www.bleepingcomputer.com/news/security/texas-tech-university-system-data-breach-impacts-14-million-patients/

FakeCaptcha scams—When the “I’m not a robot” button is a trap (17 dec)https://blog.avast.com/fakecaptcha-scams

Spearphishing identified as leading threat to utilities (17 dec)https://securitybrief.co.nz/story/spearphishing-identified-as-leading-threat-to-utilities

Experten: Så bör Sverige rusta mot moderna säkerhetshot (17 dec)https://www.tv4play.se/klipp/02dba9b1a4a658ef7a97/video-experten-sa-bor-sverige-rusta-mot-moderna-sakerhetshot

NSM anbefaler overgang til phishingresistent autentisering (17 dec)https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-ncsc/nsm-anbefaler-overgang-til-phishingresistent-autentisering

Ny allvarlig sårbarhet upptäckt i iOS och macOS (18 dec)https://it-kanalen.se/ny-allvarlig-sarbarhet-upptackt-i-ios-och-macos/

U.S. Considers Ban On Chinese Made TP-Link Routers — Here’s Why (18 dec)https://www.forbes.com/sites/larsdaniel/2024/12/18/us-considers-ban-on-chinese-made-tp-link-routers-heres-why/

Ongoing phishing attack abuses Google Calendar to bypass spam filters (18 dec)https://www.bleepingcomputer.com/news/security/ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters/

Rapporter och födjupningar

Dark web threats and dark market predictions for 2025 (16 dec)https://securelist.com/ksb-dark-web-predictions-2025/114966/

Checkpoint: Weekly Threat Intelligence Report (16 dec)https://research.checkpoint.com/2024/16th-december-threat-intelligence-report/

Bitsight: Badbox Botnet Is Backhttps://www.bitsight.com/blog/badbox-botnet-back

Forescout: ICS Threat Analysis – New, Experimental Malware Can Kill Engineering Processes (17 dec)https://www.forescout.com/blog/ics-threat-analysis-new-experimental-malware-can-kill-engineering-processes/

CISA: 2024 Year in review (17 dec)https://www.cisa.gov/about/2024YIR

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools (19 dec)https://thehackernews.com/2024/12/thousands-download-malicious-npm.html

Rapport: Cyberattacker mot sjukvården har ökat dramatiskt (19 dec)https://lakartidningen.se/aktuellt/nyheter/2024/12/rapport-cyberattacker-mot-sjukvarden-har-okat-dramatiskt/

Juniper warns of Mirai botnet scanning for Session Smart routers (19 dec)https://www.bleepingcomputer.com/news/security/juniper-warns-of-mirai-botnet-scanning-for-session-smart-routers/

Informationssäkerhet och blandat

Create a Strong Security Culture: How to Turn Good Security Habits into Second Nature for Your Employees (16 dec)https://www.proofpoint.com/us/blog/security-awareness-training/how-build-sustainable-security-culture-drives-behavior-change

MSB finansierar cybersäkerhetsprojekt med 21 miljoner kronor (16 dec)https://www.msb.se/sv/om-msb/press/#/pressreleases/msb-finansierar-cybersaekerhetsprojekt-med-21-miljoner-kronor-3360484

PTS föreslår åtgärder mot bedrägerier via sms (17 dec)https://pts.se/nyheter-och-pressmeddelanden/pts-foreslar-atgarder-mot-bedragerier-via-sms/

SANS Holiday Hack Challenge 2024: Snow-maggedonhttps://www.sans.org/mlp/holiday-hack-challenge-2024/

CERT-SE i veckan

Kritisk sårbarhet i Struts 2 (18 dec)https://www.cert.se/2024/12/kritisk-sarbarhet-i-struts-2.html

God jul och Gott Nytt År önskar CERT-SE!

Kammarrätten i Jönköping avslog i ett tidigare beslut en persons begäran om att få ta del av
uppgifter om namn och tjänstetitel på vårdpersonal som förekom i en
journalkopia i ett mål om psykiatrisk tvångsvård, med hänvisning till att sekretess gäller för till skydd för part med skyddad folkbokföring. Nu har Högsta förvaltningsdomstolen (HFD) upphävt beslutet såvitt gäller uppgiften om tjänstetitel, efter att personen modifierat sin begäran i målet. Enligt HFD kan denna, varken enskilt eller tillsammans med andra uppgifter i målet, ge någon vägledning om vart parten i målet vistas. Därmed omfattas den inte av sekretess.

Källa: Allmän Handling

Svenska Stöldskyddsföreningen (SSF) varnar nu för ett nätfiskeangrepp som använder sökordsresultat för Googleannonser. När användaren klickar på annonsen leds denne till en sida där den ska bekräfta sina inloggningsuppgifter med tvåfaktorsinloggning. På så sätt får angriparen direkt tillgång till ditt användarkonto hos Google.

Enligt IT-säkerhetsexperten Karl-Emil Nikka är just denna kampanj den mest avancerade hittills. Han säger också att nätfiskemetoden är en del i en trend där nätfiske används i allt större utsträckning för att komma åt privat information som sedan kan utnyttjas av angriparna för andra typer av attacker.

Klicka inte på okända länkar

SSF ger rådet att inte klicka på okända länkar. Man kan också alla dölja sökresultatsliknande annonser och att använda fysiska lösenordsnycklar istället för tvåfaktorsinloggning.

Nätfiskeangrepp via Googleannonser – TV4 Nyheterna

Pressmeddelande SSF

VECKOBREV

Denna vecka har det varit patchtisdag, med uppdateringar från Microsoft, SAP, Adobe och Ivanti. I övrigt blandade nyheter från veckan.

Trevlig Lucia och tredje advent önskar CERT-SE!

Nyheter i veckan

QR codes bypass browser isolation for malicious C2 communication (8 dec)https://www.bleepingcomputer.com/news/security/qr-codes-bypass-browser-isolation-for-malicious-c2-communication/

Medical device company says shipping processes disrupted by ransomware attack (9 dec)https://therecord.media/artivion-medical-device-company-cyberattack-notice-sec

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering (9 dec)https://thehackernews.com/2024/12/black-basta-ransomware-evolves-with.html

Romanian energy supplier Electrica hit by ransomware attack (9 dec)https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices (9 dec)https://thehackernews.com/2024/12/socks5systemz-botnet-powers-illegal.html

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (10 dec)https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html

Ongoing Phishing and Malware Campaigns in December 2024 (10 dec)https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html

Regioner och kommuner i Västerbotten drabbades av stora internetstörningar (10 dec)https://www.svt.se/nyheter/lokalt/vasterbotten/problem-med-natet-hos-region-vasterbotten

Microsoft 365 outage takes down Office web apps, admin center (10 dec)https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-office-web-apps-admin-center/

Grävde i fel grav under hackerattack – så säkras systemet (12 dec)https://sverigesradio.se/artikel/gravde-i-fel-grav-under-hackerattack-sa-sakras-systemet

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection (13 dec)https://thehackernews.com/2024/12/new-linux-rootkit-pumakit-uses-advanced.html

Japanese publisher paid $3 million to Russia-linked hacker group after cyberattack (13 dec)https://japantoday.com/category/crime/japanese-publisher-paid-3-million-to-hacker-group-after-cyberattack

Rapporter och analyser

RAPPORT: Skyhög ökning av av politiska attacker och utpressningsattacker mot nordiska mål (10 dec)https://www.aktuellsakerhet.se/rapport-skyhog-okning-av-av-politiska-attacker-och-utpressningsattacker-mot-nordiska-mal/

Open source malware up 200% since 2023 (11 dec)https://www.helpnetsecurity.com/2024/12/11/open-source-malware/

Black Hat Europe 2024: Why a CVSS score of 7.5 may be a ‘perfect’ 10 in your organization (13 dec)https://www.welivesecurity.com/en/cybersecurity/black-hat-europe-2024-cvss-score-75-10-your-organization/

Informationssäkerhet och blandat

International operation against ‘phone phishing’ gang in Belgium and the Netherlandshttps://www.europol.europa.eu/media-press/newsroom/news/international-operation-against-phone-phishing-gang-in-belgium-and-netherlands

NATO to launch new cyber center by 2028: Official (6 dec)https://breakingdefense.com/2024/12/nato-to-launch-new-cyber-center-by-2028-official/

Utrikesministern lanserar regeringens strategi om cyberfrågor och digitala frågor inom utrikes- och säkerhetspolitiken (9 dec)https://regeringen.se/pressmeddelanden/2024/12/utrikesministern-lanserar-regeringens-strategi-om-cyberfragor-och-digitala-fragor-inom-utrikes–och-sakerhetspolitiken/

Utredning om överföring av arbetsuppgifter från MSB till FRA inom cyber- och informationssäkerhetsområdet (10 dec)https://regeringen.se/pressmeddelanden/2024/12/utredning-om-overforing-av-arbetsuppgifter-fran-msb-till-fra-inom-cyber–och-informationssakerhetsomradet

Researchers find security flaws in Skoda cars that may let hackers remotely track them (12 dec)https://techcrunch.com/2024/12/12/researchers-find-security-flaws-in-skoda-cars-that-may-let-hackers-remotely-track-them/

NSM anbefaler overgang til phishingresistent autentisering (12 dec)https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-ncsc/nsm-anbefaler-overgang-til-phishingresistent-autentisering

CERT-SE i veckan

Kritisk sårbarhet i Mitel MiCollab (9 dec)https://www.cert.se/2024/12/kritisk-sarbarhet-i-mitel-micollab.html

Microsofts månatliga säkerhetsuppdateringar för december 2024 (11 dec)https://www.cert.se/2024/12/microsofts-manatliga-sakerhetsuppdateringar-for-december-2024.html

Kritiska sårbarheter i Ivanti Cloud Services Appliance, Connect Secure och Policy Secure (11 dec)https://www.cert.se/2024/12/kritiska-sarbarheter-i-ivanti-cloud-services-appliance-connect-secure-och-policy-secure.html

Adobes månatliga säkerhetsuppdateringar för december 2024 (11 dec)https://www.cert.se/2024/12/adobes-manatliga-sakerhetsuppdateringar-for-december-2024.html

SAPs månatliga säkerhetsuppdateringar för december 2024 (11 dec)https://www.cert.se/2024/12/saps-manatliga-sakerhetsuppdateringar-for-december-2024.html

VECKOBREV

I veckan har ENISA släppt 2024 Report on the state of Cybersecurity in the Union. Rekommenderad läsning!

Trevlig andra advent önskar CERT-SE.

Nyheter i veckan

Ransom gang claims attack on NHS Alder Hey Children’s Hospital (29 nov)https://www.theregister.com/2024/11/29/inc_ransom_alder_hey_childrens_hospital

Novel phishing campaign uses corrupted Word documents to evade security (1 dec)https://www.bleepingcomputer.com/news/security/novel-phising-campaign-uses-corrupted-word-documents-to-evade-security/

INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million (2 dec)https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html

Former Polish spy chief arrested to testify before parliament in spyware probe (2 dec)https://therecord.media/poland-former-spy-chief-testifies-pegasus-spyware

Microsoft 365 credentials stolen via adversary-in-the-middle campaign (2 dec)https://www.scworld.com/news/microsoft-365-credentials-stolen-via-adversary-in-the-middle-campaign

Energy industry contractor says ransomware attack has limited access to IT systems (3 dec)https://therecord.media/energy-industry-contractor-ransomware-disruption

Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online (3 dec)https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/

Corrupted Microsoft Word files used to launch phishing attacks (3 dec)https://www.techradar.com/pro/security/corrupted-microsoft-word-files-used-to-launch-phishing-attacks

No company too small for Phobos ransomware gang, indictment reveals (4 dec)https://www.malwarebytes.com/blog/news/2024/12/no-company-too-small-for-phobos-ransomware-gang-indictment-reveals

Rapporter och analyser

Top 10 Cyber-Attacks of 2024 (2 dec)https://www.infosecurity-magazine.com/news-features/top-cyber-attacks-2024/

Why OT environments are vulnerable – and what to do about it (2 dec)https://www.scworld.com/perspective/why-ot-environments-are-vulnerable-and-what-to-do-about-it

The cybersecurity landscape in 2025: Key trends and strategic shifts (3 dec)https://securitybrief.co.nz/story/the-cybersecurity-landscape-in-2025-key-trends-and-strategic-shifts

NCSC publishes Annual Review 2024 (3 dec)https://www.techuk.org/resource/ncsc-publishes-annual-review-2024.html

Why Phishers Love New TLDs Like .shop, .top and .xyz (3 dec)https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/

EU’s first ever report on the state of cybersecurity in the Union (3 dec)https://www.enisa.europa.eu/news/eus-first-ever-report-on-the-state-of-cybersecurity-in-the-union

FTC Takes Action Against Gravy Analytics, Venntel for Unlawfully Selling Location Data Tracking Consumers to Sensitive Sites (3 dec)https://www.ftc.gov/news-events/news/press-releases/2024/12/ftc-takes-action-against-gravy-analytics-venntel-unlawfully-selling-location-data-tracking-consumers

Gafgyt Malware Broadens Its Scope in Recent Attacks (3 dec)https://www.trendmicro.com/en_us/research/24/l/gafgyt-malware-targeting-docker-remote-api-servers.html

Cyber security evolves for software-defined vehicles (4 dec)https://www.automotiveworld.com/articles/connected-mobility-articles/cyber-security-evolves-for-software-defined-vehicles/

At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says (5 dec)https://therecord.media/eight-telcos-breached-salt-typhoon-nsc

Romania’s election systems targeted in over 85,000 cyberattacks (5 dec)https://www.bleepingcomputer.com/news/security/romanias-election-systems-targeted-in-over-85-000-cyberattacks/

Informationssäkerhet och blandat

The growing role of biometrics in identity verification (2 dec)https://www.biometricupdate.com/202412/the-growing-role-of-biometrics-in-identity-verification

Cybernav och insatsstyrkor – nu ska EU vässa cybersäkerheten (3 dec)https://computersweden.se/article/3616174/cybernav-och-insatsstyrkor-nu-ska-eu-vassa-cybersakerheten.html

New EU Regulation Establishes European ‘Cybersecurity Shield’ (3 dec)https://www.securityweek.com/new-eu-regulation-establishes-european-cybersecurity-shield/

INTERPOL campaign warns against cyber and financial crimes (3 dec)https://www.interpol.int/News-and-Events/News/2024/INTERPOL-campaign-warns-against-cyber-and-financial-crimes

Enhanced Visibility and Hardening Guidance for Communications Infrastructure (4 dec)https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure

CERT-SE i veckan

Kritiska sårbarheter i IBM Security Verify Access Appliance (3 dec)https://www.cert.se/2024/12/kritiska-sarbarheter-i-ibm-security-verify-access-appliance.html

Kritisk sårbarhet i Veeam Service Provider Console (4 dec)https://www.cert.se/2024/12/kritisk-sarbarhet-i-veeam-service-provider-console.html

VECKOBREV

Blandade nyheter från veckan. Vi vill särskilt trycka på att NCSC har släppt en vägledning om hantering av överbelastningsangrepp.

Trevlig första advent önskar CERT-SE!

Nyheter i veckan

Varningen: ”Ryska cyberattacker kan slå ut elnätet för miljontals” (24 nov)https://sverigesradio.se/artikel/storbritannien-varnar-for-ryska-cyberattacker-kan-sla-ut-elnatet

Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack (25 nov)https://www.securityweek.com/russian-cyberspies-hacked-building-across-street-from-target-for-wi-fi-attack/

Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (25 nov)https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-impacts-exchange-online-teams-sharepoint/

Are Law Enforcement Takedowns Against Ransomware Working? (25 nov)https://www.darkreading.com/vulnerabilities-threats/blackbasta-ransomware-group-conti

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot (25 nov)https://thehackernews.com/2024/11/pypi-python-library-aiocpa-found.html

Malware Turns Trusted Avast Driver Into a Weapon (26 nov)https://informationsecuritybuzz.com/malware-turns-avast-driver-a-weapon/

Hackers abuse popular Godot game engine to infect thousands of PCs (27 nov)https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/

Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels (27 nov)https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks (29 nov)https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html

Rapporter och analyser

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 (26 nov)https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html

Expert Cybersecurity Predictions for 2025: What Lies Ahead? (27 nov)https://informationsecuritybuzz.com/isb-cybersecurity-predictions-2025-1/

Ransomware-driven data exfiltration: techniques and implications (27 nov)https://blog.sekoia.io/ransomware-driven-data-exfiltration-techniques-and-implications/

Vägledning om överbelastningsangrepp (27 nov)https://www.ncsc.se/sv/aktuellt/vagledning-om-overbelastningsangrepp/

SIRIUS EU Electronic Evidence Situation Report 2024 (28 nov)https://www.europol.europa.eu/publications-events/publications/sirius-eu-electronic-evidence-situation-report-2024

Informationssäkerhet och blandat

The threats of USB-based attacks for critical infrastructurehttps://www.techradar.com/pro/the-threats-of-usb-based-attacks-for-critical-infrastructure

Så arbetar Polisen med cyberbrott – ”vi har bra kompetens” (25 nov)https://computersweden.se/article/3610197/sa-arbetar-polisen-med-cyberbrott-vi-har-en-bra-kompetens.html

Collaboration is key to tackling cybercrime. Recent takedowns show why (26 nov)https://www.weforum.org/stories/2024/11/collaboration-key-tackling-cybercrime-cybersecurity/

AI-kommissionens Färdplan för Sverige (26 nov)https://regeringen.se/rapporter/2024/11/ai-kommissionens-fardplan-for-sverige/

Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa (26 nov)https://www.securityweek.com/interpol-clamps-down-on-cybercrime-and-arrests-over-1000-suspects-in-africa/

NCSC-konferensen 2024: Säkra verksamheten vid en cyberattack (26 nov)https://www.ncsc.se/sv/aktuellt/sakra-verksamheten-vid-en-cyberattack/

New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products (27 nov)https://www.securityweek.com/new-vpn-attack-demonstrated-against-palo-alto-networks-sonicwall-products/

Growing Matrix Botnet Poses Escalating Global Threat (27 nov)https://informationsecuritybuzz.com/matrix-botnet-escalating-global-threat/

170 000 personnummer kan ha hanterats fel – i över tio år (28 nov)https://sverigesradio.se/artikel/170-000-personnummer-kan-ha-hanterats-fel-i-over-tio-ar

Why cybersecurity leaders trust the MITRE ATT&CK Evaluations (28 nov)https://www.helpnetsecurity.com/2024/11/28/cynet-mitre-attck-evaluations/

Analog utlåning i Kumla efter cyberangrepp (28 nov)https://www.biblioteksbladet.se/nyheter/analog-utlaning-i-kumla-efter-cyberangrepp/