CERT-SE startsida
Sök inom CERT-SE
Publicerad: 2025-02-21 15:13

CERT-SE:s veckobrev v.8

Veckobrev

Malware och ransomware är tyvärr flitigt förekommande teman i veckobrevet även denna vecka, men även framsteg inom kvantdatorer och mycket annat. Trevlig helg önskar CERT-SE!

Nyheter i veckan

How AI was used in an advanced phishing campaign targeting Gmail users (13 feb) https://www.malwarebytes.com/blog/news/2025/02/how-ai-was-used-in-an-advanced-phishing-campaign-targeting-gmail-users

RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally (14 feb) https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html

Microsoft: Hackers steal emails in device code phishing attacks (15 feb) https://www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks

What is an encryption backdoor? (15 feb) https://techcrunch.com/2025/02/15/what-is-an-encryption-backdoor

New FinalDraft malware abuses Outlook mail service for stealthy comms (16 feb) https://www.bleepingcomputer.com/news/security/new-finaldraft-malware-abuses-outlook-mail-service-for-stealthy-comms

Ransomware gangs extort victims 17 hours after intrusion on average (17 feb) https://www.csoonline.com/article/3825444/ransomware-gangs-extort-victims-17-hours-after-intrusion-on-average.html

Telegram Used as C2 Channel for New Golang Malware (17 feb) https://www.infosecurity-magazine.com/news/telegram-c2-channel-golang-malware

Microsoft Warns of Improved XCSSET macOS Malware (18 feb) https://www.securityweek.com/microsoft-warns-of-improvements-to-xcsset-macos-malware

Cybercriminals shift focus to social media as attacks reach historic highs (18 feb) https://www.helpnetsecurity.com/2025/02/18/cybercriminals-social-media-attacks

Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions (18 feb) https://cybersecuritynews.com/weaponized-pdf-documents-deliver-lumma-infostealer

How Phished Data Turns into Apple & Google Wallets (18 feb) https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets

Microsoft reminds admins to prepare for WSUS driver sync deprecation (18 feb) https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-admins-to-prepare-for-wsus-driver-sync-deprecation

Vgod RANSOMWARE Encrypt Your Entire System and Set A Ransom Notes As Wallpaper (18 feb) https://cybersecuritynews.com/vgod-ransomware-encrypt-your-entire-system

Ecuador’s legislature says hackers attempted to access confidential information (18 feb) https://therecord.media/ecuador-national-assembly-cyberattack

Microsoft’s Majorana 1 chip carves new path for quantum computing (19 feb) https://news.microsoft.com/source/features/ai/microsofts-majorana-1-chip-carves-new-path-for-quantum-computing

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger (19 feb) https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

Threat Actors Using $10 Infostealer Malware To Breach Critical US Security (19 feb) https://cybersecuritynews.com/threat-actors-using-10-infostealer-malware

Stor undersökning med it-chefer: ”Uppenbart att många kämpar med…” (19 feb) https://techtidningen.se/it-stor-undersokning-med-it-chefer-uppenbart-att-manga-kampar-med

Medusa ransomware gang demands $2M from UK private health services provider (20 feb) https://www.theregister.com/2025/02/20/medusa_hcrg_ransomware

Inside a LockBit Ransomware Attack: A Firsthand Account of Financial and Security Fallout (20 feb) https://informationsecuritybuzz.com/lockbit-ransomware-a-firsthand-account

Poland to ask EU telecom ministers to sign cybersecurity declaration in Warsaw (21 feb) https://www.euronews.com/next/2025/02/21/poland-to-ask-eu-telecom-ministers-to-sign-cybersecurity-declaration-in-warsaw

Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors (21 feb) https://cybersecuritynews.com/pegasus-spyware-used-widely-to-target-individuals

Rapporter och analyser

RansomHub Never Sleeps Episode 1: The evolution of modern ransomware (12 feb) https://www.group-ib.com/blog/ransomhub-never-sleeps-episode-1

Cybercrime: A Multifaceted National Security Threat (12 feb) https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat

Crypto Scam Revenue 2024: Pig Butchering Grows Nearly 40% YoY as Fraud Industry Leverages AI and Increases in Sophistication (13 feb) https://www.chainalysis.com/blog/2024-pig-butchering-scam-revenue-grows-yoy

Threat hunting case study: SocGholish (13 feb) https://intel471.com/blog/threat-hunting-case-study-socgholish

XDR roundup 2024: Ransomware rises fourfold in a year of complex threats (13 feb) https://blog.barracuda.com/2025/02/13/xdr-roundup-2024-ransomware-rises-fourfold-complex-threats

Cyber Security in Estonia 2025 (17 feb) https://www.ria.ee/en/cyber-security-estonia-2025

An Update on Fake Updates: Two New Actors, and New Mac Malware (18 feb) https://www.proofpoint.com/us/blog/threat-insight/update-fake-updates-two-new-actors-and-new-mac-malware

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection (18 feb) https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html

CISA and Partners Release Advisory on Ghost (Cring) Ransomware (19 feb) https://www.cisa.gov/news-events/alerts/2025/02/19/cisa-and-partners-release-advisory-ghost-cring-ransomware

Darktrace Releases Annual 2024 Threat Insights (19 feb) https://darktrace.com/blog/darktrace-releases-annual-2024-threat-insights

Fingerprint Heists: How your browser fingerprint can be stolen and used by fraudsters (20 feb) https://www.group-ib.com/blog/fingerprint-heists

Cybersecurity for Electricity Distribution (2025 Update) (20 feb) https://www.tripwire.com/state-of-security/cybersecurity-electricity-distribution-2025-update

Informationssäkerhet och blandat

27 beredskapslägen till följd av it-attacker på tre år (19 feb) https://www.sjukhuslakaren.se/27-beredskapslagen-till-foljd-av-it-attacker-pa-tre-ar

Exchange Server 2016 och 2019 försvinner. Är du redo? (20 feb) https://computersweden.se/article/3827636/nu-hander-det-pa-riktigt-ar-du-forberedd-pa-att-exchange-server-2016-och-2019-kommer-att-tas-bort.html

CERT-SE i veckan

Ivanti rättar brister i Ivanti Endpoint Manager (uppdaterad 21 feb) https://www.cert.se/2025/01/ivanti-rattar-brister-i-ivanti-endpoint-manager.html

Palo Alto Networks rättar säkerhetsbrist i PAN-OS (uppdaterad 19 feb) https://www.cert.se/2025/02/palo-alto-networks-rattar-sakerhetsbrist-i-pan-os.html

Kritisk sårbarhet i Juniper-routrar (19 feb) https://www.cert.se/2025/02/kritisk-sarbarhet-i-juniper-routrar.html

Kritisk sårbarhet i SonicWall SonicOS (uppdaterad 19 feb) https://www.cert.se/2025/01/kritisk-sarbarhet-i-sonicwall-sonicos.html