VECKOBREV
Vill du vara med och bidra till ett säkrare samhälle? Vi på CERT-SE, Sveriges nationella CSIRT, söker fler medarbetare.
Enhetschef Operativ Cybersäkerhetsanalys
Vill du ta en ledande roll i att skydda Sveriges digitala framtid? Vi söker en enhetschef för att bygga upp och leda vår nya operativa analysenhet – en nyckelroll i att skydda våra samhällskritiska funktioner mot cyberangrepp.
Mer information finns här: https://msb.varbi.com/se/what:job/jobID:773438/type:job/where:4/apply:1
Intresseanmälan
Vi söker fler medarbetare för att öka vår operativa förmåga och ge ytterligare stöd för att hantera och förebygga it-säkerhetsincidenter och cyberangrepp. Skicka in din intresseanmälan och bli en del av vårt viktiga uppdrag. Vi hanterar intresseanmälningar löpande.
Mer information finns här:https://www.msb.se/sv/om-msb/jobba-hos-oss/lediga-jobb/intresseanmalan-ar-du-var-nasta-medarbetare-till-cert-se-sveriges-nationella-csirt/
Trevlig helg önskar CERT-SE!
Nyheter i veckan
NSO Group used another WhatsApp zero-day after being sued, court docs say (15 nov)https://www.bleepingcomputer.com/news/security/nso-group-used-another-whatsapp-zero-day-after-being-sued-court-docs-say/
Kritik mot regeringens cybersatsning: ”För lite” (17 nov)https://sverigesradio.se/artikel/kritik-mot-regeringens-cybersatsning-for-lite
T-Mobile Network Reportedly Breached in Chinese Hacking Campaign (17 nov)https://www.pymnts.com/cybersecurity/2024/t-mobile-network-reportedly-breached-in-chinese-hacking-campaign/
Cyberattacken slog hårt mot biblioteket – nu är allt analogt (17 nov)https://www.svt.se/nyheter/lokalt/orebro/cyberattacken-slog-hart-mot-biblioteket-nu-ar-allt-analogt
Fler kommuner i Sydnärke drabbade av cyberattacken i Kumla (18 nov)https://www.svt.se/nyheter/lokalt/orebro/fler-kommuner-i-sydnarke-drabbade-av-cyberattacken-i-kumla
Swiss cheesed off as postal service used to spread malware (18 nov)https://www.theregister.com/2024/11/16/swiss_malware_qr
UK cyber security agency warns of major attacks coming on November 29 (18 nov)https://www.devonlive.com/news/uk-world-news/uk-cyber-security-agency-warns-9722446
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information (18 nov)https://thehackernews.com/2024/11/fake-discount-sites-exploit-black.html
Ford ‘actively investigating’ after employee data allegedly parked on leak site (18 nov)https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/
Varning för bluffmejl från elbolag (18 nov)https://sakerhetskollen.se/aktuella-brott/varning-for-bluffmejl-fran-elbolag
Thames Water’s IT ‘falling apart’ and is hit by cyber-attacks, sources claim (18 nov)https://www.theguardian.com/business/2024/nov/18/thames-waters-it-falling-apart-and-is-hit-by-cyber-attacks-sources-claim
Nu skickas den nya krisbroschyren från MSB ut: ”Om krisen eller kriget kommer” (18 nov)https://www.svt.se/nyheter/inrikes/nu-skickas-den-nya-krisbroschyren-fran-msb-ut…https://www.theregister.com/2024/11/18/sweden_updates_war_guide/
300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks (18 nov)https://www.securityweek.com/300-drinking-water-systems-in-us-exposed-to-disruptive-damaging-hacker-attacks/
Hackaren: Så lätt är det att hacka ditt företag (18 nov)https://sakerhetskollen.se/nyheter/hackaren-sa-latt-ar-det-att-hacka-ditt-foretag
CISA Director Jen Easterly to Step Down (19 nov)https://www.securityweek.com/cisa-director-jen-easterly-to-step-down/
Cyber-espionage group Volt Typhoon resurfaces globally (19 nov)https://securitybrief.co.nz/story/cyber-espionage-group-volt-typhoon-resurfaces-globally
Säpo: Cyberhoten mot Sverige kommer bara att öka (20 nov)https://computersweden.se/article/3608733/sapo-cyberhoten-mot-sverige-kommer-bara-att-oka.html
Cyberattack at French hospital exposes health data of 750,000 patients (20 nov)https://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/
Security incident recovery times are over 7 months on average (20 nov)https://www.itpro.com/security/security-incident-recovery-times-are-over-7-months-on-average
5 charged in “Scattered Spider,” one of the most profitable phishing scams ever (21)https://arstechnica.com/information-technology/2024/11/prosecutors-charge-5-in-phishing-scams-that-stole-millions-of-dollars/
Winter is coming. So are Russia’s elite hackers (22 nov)https://www.politico.eu/article/russia-hackers-europe-winter-energy-infrastructure-moscow-gas-hike-digital/
SafePay ransomware gang claims Microlise attack that disrupted prison van tracking (22 nov)https://www.theregister.com/2024/11/22/safepay_microlise/
145,000+ Unsecured ICS Devices Exposed To Attackers (22 nov)https://cybersecuritynews.com/145000-unsecured-ics-devices-exposed/
Rapporter och analyser
Malware Spotlight: A Deep-Dive Analysis of WezRat (14 nov)https://research.checkpoint.com/2024/wezrat-malware-deep-dive/
Google thinks these are the biggest security threats facing businesses in 2025 (16 nov)https://www.techradar.com/pro/security/google-thinks-these-are-the-biggest-security-threats-facing-businesses-in-2025
Checkpoint: Threat Intelligence Report (18 nov)https://research.checkpoint.com/2024/18th-november-threat-intelligence-report/
Defeating Adversary-in-the-Middle phishing attacks (18 nov)https://techcommunity.microsoft.com/blog/identity/defeating-adversary-in-the-middle-phishing-attacks/1751777
Now Hackers Are Using Snail Mail In Cyber Attacks—Here’s How (18 nov)https://www.forbes.com/sites/daveywinder/2024/11/18/now-hackers-are-using-snail-mail-in-cyber-attacks-heres-how/
Threat Spotlight: Bad bots are evolving to become more ‘human’ (19 nov)https://blog.barracuda.com/2024/11/19/threat-spotlight-bad-bots-evolving-more-human
Crowdstrike: Unveiling LIMINAL PANDA: A Closer Look at China’s Cyber Threats to the Telecom Sector (19 nov)https://www.crowdstrike.com/en-us/blog/liminal-panda-telecom-sector-threats/?utm_source=newsletter&utm_medium=email&utm_campaign=sendto_newslettertest_technology&stream=top
Cisco reveals top cybersecurity threats trends (19 nov)https://www.electronicspecifier.com/products/cyber-security/cisco-reveals-top-cybersecurity-threats-trends
CISA #StopRansomware: BianLian Ransomware Group (20 nov)https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s Fast IDentity Online (FIDO) Implementation (20 nov)https://www.cisa.gov/resources-tools/resources/phishing-resistant-multi-factor-authentication-mfa-success-story-usdas-fast-identity-online-fido
97% of organisations hit by Gen AI-related security breaches, survey finds (20 nov)https://www.techmonitor.ai/technology/cybersecurity/97-of-organisations-hit-by-gen-ai-related-security-breaches-survey-finds?cf-view
Hackers Don’t Hack, They Log In – Stealer Logs and Identity Attacks (21 nov)https://socradar.io/hackers-dont-hack-they-log-in-stealer-logs-and-identity-attacks/
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine (21 nov)https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/
DDoS Attack Growing Bigger & Dangerous, New Report Reveals (21 nov)https://cybersecuritynews.com/ddos-attack-growing-bigger/
Report reveals a major ransomware entry point for cyberattacks (21 nov)https://www.insurancebusinessmag.com/us/news/cyber/report-reveals-a-major-ransomware-entry-point-for-cyberattacks-514943.aspx
Ransomware attacks primarily caused by poor cyber hygiene (21 nov)https://www.scworld.com/brief/ransomware-attacks-primarily-caused-by-poor-cyber-hygiene
Cybercriminals turn to pen testers to test ransomware efficiency (22 nov)https://www.helpnetsecurity.com/2024/11/22/pen-testers-ransomware-recruiting/
70% of Hong Kong companies saw cyberattacks this year, privacy watchdog survey finds (22 nov)https://hongkongfp.com/2024/11/22/70-of-hong-kong-companies-saw-cyberattacks-this-year-privacy-watchdog-survey-finds/
Informationssäkerhet och blandat
In cybersecurity bias is persistent, but so are women (19 nov)https://www.scworld.com/feature/in-cybersecurity-bias-is-persistent-but-so-are-women
Genombrottet nära för supersäkra lösennycklar – ”Alla företag bör börja med det direkt” (20 nov)https://www.nyteknik.se/tech/genombrottet-nara-for-supersakra-losennycklar-alla-foretag-bor-borja-med-det-direkt/4307192
Malicious QR Codes: How big of a problem is it, really? (20 nov)https://blog.talosintelligence.com/malicious_qr_codes/
Chinese Manufactured Batteries Pose Cybersecurity Threat to Critical Infrastructure (21 nov)https://www.jdsupra.com/legalnews/chinese-manufactured-batteries-pose-1640151/
Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization (21 nov)https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
ENISA: Navigating cybersecurity investments in the time of NIS 2 (21 nov)https://www.enisa.europa.eu/news/navigating-cybersecurity-investments-in-the-time-of-nis-2
Australien: Albanese Government delivers world-leading legislation to protect children online (21 nov)https://www.pm.gov.au/media/albanese-government-delivers-world-leading-legislation-protect-children-online
Secure Future Initiative (SFI)https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_November_2024_update.pdf
CWE Top 25 Most Dangerous Software Weaknesseshttps://cwe.mitre.org/top25/
CERT-SE i veckan
Kritisk sårbarhet i VMware vCenter Server (publicerad 18 sep, uppdaterad 19 nov)https://www.cert.se/2024/09/kritiska-sarbarheter-i-vmware-vcenter-server.html