CERT-SE:s veckobrev v.6

Senaste nytt om nya EU-riktlinjer, trender kring hur sårbarheter utnyttjas, utmaningar gällande cyberrelaterad brottslighet och så några lärdomar från Estland om samhällets motståndskraft mot cyberhot och cyberangrepp. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Indian tech giant Tata Technologies hit by ransomware attack (31 jan) https://www.bleepingcomputer.com/news/security/indian-tech-giant-tata-technologies-hit-by-ransomware-attack

Gmail Security Warning For 2.5 Billion Users—AI Hack Confirmed (1 feb) https://www.forbes.com/sites/daveywinder/2025/02/01/gmail-security-warning-for-25-billion-users-ai-hack-confirmed

2024 Trends in Vulnerability Exploitation (2 feb) https://vulncheck.com/blog/2024-exploitation-trends

Microsoft kills off Defender ‘Privacy Protection’ VPN feature (3 feb) https://www.bleepingcomputer.com/news/microsoft/microsoft-kills-off-defender-privacy-protection-vpn-feature ..
Upphörande av support-Sekretessskydd (VPN) i Microsoft Defender för enskilda användare https://support.microsoft.com/sv-se/topic/end-of-support-privacy-protection-vpn-in-microsoft-defender-for-individuals-8b503da5-732a-4472-833a-e2ddca53036a

DeepSeek AI tools impersonated by infostealer malware on PyPI (3 feb) https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonated-by-infostealer-malware-on-pypi

Poisoned Go programming language package lay undetected for 3 years (4 feb) https://www.theregister.com/2025/02/04/golang_supply_chain_attack

Cyberattack on NHS causes hospitals to miss cancer care targets (4 feb) https://www.theregister.com/2025/02/04/cyberattack_on_nhs_hospitals_sees

Why Did Clicks on Phishing Links in the Workplace Triple in 2024? (5 feb) https://www.thefastmode.com/expert-opinion/39418-why-did-clicks-on-phishing-links-in-the-workplace-triple-in-2024

ICANN Publishes Internationalized Domain Names Reputation Block List Analysis (5 feb) https://www.icann.org/en/announcements/details/icann-publishes-internationalized-domain-names-reputation-block-list-analysis-05-02-2025-en

EU släpper riktlinjer för förbjuden användning av AI (5 feb) https://computersweden.se/article/3817233/eu-slapper-riktlinjer-for-forbjuden-anvandning-av-ai.html

Attackers Target Education Sector, Hijack Microsoft Accounts (5 feb) https://www.darkreading.com/cyberattacks-data-breaches/attackers-education-sector-hijack-microsoft-accounts

Klockan tickar för populära sportappen – personuppgifter kan släppas (5 feb) https://www.sverigesradio.se/artikel/klockan-tickar-for-populara-appen-personuppgifter-kan-slappas

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers (5 feb) https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers

SANS blog: Continuous Penetration Testing and the Rise of the Offensive SOC (5 feb) https://www.sans.org/blog/continuous-penetration-testing-and-the-rise-of-the-offensive-soc

Credential-stealing malware surges in 2024 (6 feb) https://informationsecuritybuzz.com/credential-stealing-malware-surges-in

Code injection attacks using publicly disclosed ASP.NET machine keys (6 feb) https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys

Rapporter och analyser

Samhällets motståndskraft mot cyberhot och cyberangrepp - Lärdomar från Estland (29 jan) https://foi.se/rapporter/rapportsammanfattning.html?reportNo=FOI-R--5625--SE

Common Challenges in Cybercrime (31 jan) https://www.europol.europa.eu/publications-events/publications/common-challenges-in-cybercrime

X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams (31 jan) https://www.sentinelone.com/labs/phishing-on-x-high-profile-account-targeting-campaign-returns

CERT-EU Cyber Brief (January 2025) (3 feb) https://www.cert.europa.eu/publications/threat-intelligence/cb25-02

Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst (4 feb) https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst

Stealers on the Rise: A Closer Look at a Growing macOS Threat (4 feb) https://unit42.paloaltonetworks.com/macos-stealers-growing

Guidance and Strategies to Protect Network Edge Devices (4 feb) https://www.cisa.gov/resources-tools/resources/guidance-and-strategies-protect-network-edge-devices ..
Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances (4 feb) https://www.ncsc.gov.uk/guidance/guidance-on-digital-forensics-protective-monitoring

Risiko 2025: Et sikkert Norge i en usikker verden (5 feb) https://nsm.no/aktuelt/risiko-2025-et-sikkert-norge-i-en-usikker-verden

Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam (5 feb) https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam

35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments (5 feb) https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025

SANS whitepaper: Evaluating Modern Network Protocol Fingerprinting: Defending Bastion Hosts in Hostile Networks (6 feb) https://www.sans.org/white-papers/evaluating-modern-network-protocol-fingerprinting-defending-bastion-hosts-hostile-networks

Informationssäkerhet och blandat

Cyber Monitoring Centre officially starts categorising cyber events (6 feb) https://cybermonitoringcentre.com/2025/02/06/cyber-monitoring-centre-officially-starts-categorising-cyber-events

CERT-SE i veckan

Kritiska sårbarheter i Cisco Identity Services Engine (6 feb) https://www.cert.se/2025/02/kritiska-sarbarheter-cisco-identity-services-engine.html

Kritisk sårbarhet i Veeam Backup (5 feb) https://www.cert.se/2025/02/kritisk-sarbarhet-i-veeam-backup.html