CERT-SE:s veckobrev v.15

Den senaste veckan har vi noterat flera parallella nätfiskekampanjer mot kommuner. Se till att vara extra vaksam mot länkar och bilagor i mejl, och att sprida information om nätfiske internt i organisationen.

Mer info finns i vår artikel: https://www.cert.se/2025/04/cert-se-varnar-for-flera-fall-av-phishing.html

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Port of Seattle says ransomware breach impacts 90,000 people (4 apr) https://www.bleepingcomputer.com/news/security/port-of-seattle-says-ransomware-breach-impacts-90-000-people

EU-kommissionen vill se bakdörrar i kryptering (4 apr) https://computersweden.se/article/3954662/eu-kommissionen-vill-se-bakdorrar-i-kryptering.html

Europcar GitLab breach exposes data of up to 200,000 customers (4 apr) https://www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers

Australian superannuation funds hit by cyber attacks, with members’ money stolen (4 apr) https://www.abc.net.au/news/2025-04-04/superannuation-cyber-attack-rest-afsa/105137820

Food giant WK Kellogg discloses data breach linked to Clop ransomware (7 apr) https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware

Everest ransomware’s dark web leak site defaced, now offline (7 apr) https://www.bleepingcomputer.com/news/security/everest-ransomwares-dark-web-leak-site-defaced-now-offline

PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry (7 apr) https://www.securityweek.com/pci-dss-4-0-1-a-cybersecurity-blueprint-by-the-industry-for-the-industry

NIST to Implement ‘Deferred’ Status to Dated Vulnerabilities (7 apr) https://www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilities

EDR-as-a-Service makes the headlines in the cybercrime landscape (7 apr) https://securityaffairs.com/176266/cyber-crime/edr-as-a-service-edr-cybercrime.html

Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections (8 apr) https://cybersecuritynews.com/hackers-exploiting-windows-rdp-files-for-rogue-remote-desktop-connections

Trumps tullkrig slår hårt mot it-investeringarna (8 apr) https://computersweden.se/article/3956915/cioer-forbereder-sig-for-tullarnas-inverkan-pa-teknikindustrin-och-deras-foretag.html

New Mirai botnet behind surge in TVT DVR exploitation (8 apr) https://www.bleepingcomputer.com/news/security/new-mirai-botnet-behind-surge-in-tvt-dvr-exploitation

Svenska kommuner varnas för nätfiskekampanjer (8 apr) https://computersweden.se/article/3957030/svenska-kommuner-varnas-for-natfiskekampanjer.html

Undersökning visar småföretagarnas oro för cyberattacker (9 apr) https://sakerhetskollen.se/nyheter/ny-undersokning-visar-smaforetagarnas-oro-for-cyberattacker

Miljonböter till staden för brister i cybersäkerhet (9 apr) https://www.mitti.se/nyheter/miljonboter-till-staden-for-brister-i-cybersakerhet-6.3.287636.51ad971a90

Treasury’s OCC Says Hackers Had Access to 150,000 Emails (9 apr) https://www.securityweek.com/treasurys-occ-says-hackers-had-access-to-150000-emails

Oracle Faces Mounting Criticism as It Notifies Customers of Hack (9 apr) https://www.securityweek.com/oracle-faces-mounting-criticism-as-it-notifies-customers-of-hack

Ny cyberlag införs efter sommaren (9 apr) https://www.svt.se/nyheter/lokalt/jonkoping/ny-cyberlag-infors-efter-sommaren

Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns (9 apr) https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-follow-leads-to-five-detentions-and-interrogations-well-server-takedowns

Someone compromised US bank watchdog to access sensitive financial files (9 apr) https://www.theregister.com/2025/04/09/occ_bank_email_hack

Ransomware Groups Attacking Organizations to Exfiltrate Data & Blackmail via Leak Site Posts (10 apr) https://cybersecuritynews.com/ransomware-groups-attacking-organizations

Trump orders federal investigation into former CISA director Chris Krebs (10 apr) https://techcrunch.com/2025/04/10/trump-orders-federal-investigation-into-former-cisa-director-chris-krebs

Rapporter och analyser

Cybersäkerhetsbrister inom vården hotar patientsäkerheten (4 apr) https://www.inuit.se/nyheter/brister-i-cybersakerheten-inom-varden-ett-vaxande-hot-mot-patientsakerheten

India launches first Digital Threat Report 2024 to support cybersecurity in the Banking, Financial Services and Insurance (BFSI) sector (7 apr) https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2119801

HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials (8 apr) https://hackread.com/hellcat-ransomware-firms-infostealer-stolen-jira-credentials

Data from 2024 Phishing Tests Reveals How Human-Targeted Threats Are Evolving (8 apr) https://www.proofpoint.com/us/blog/email-and-cloud-threats/phish-tests-reveal-human-targeted-threats-evolving

Cisco Talos Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics (8 apr) https://blog.talosintelligence.com/year-in-review-exploring-vulnerabilities-email-threats-and-adversary-tooling

From Firewalls to AI: The Evolution of Real-Time Cyber Defense (8 apr) https://blogs.cisco.com/security/from-firewalls-to-ai-the-evolution-of-real-time-cyber-defense

The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground (8 apr) https://www.trendmicro.com/vinfo/se/security/news/cybercrime-and-digital-threats/the-ever-evolving-threat-of-the-russian-speaking-cybercriminal-underground

Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse (8 apr) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/inside-black-basta-uncovering-the-secrets-of-a-ransomware-powerhouse

Cyber Governance Code of Practice (8 apr) https://www.gov.uk/government/publications/cyber-governance-code-of-practice

New KnowBe4 Report Exposes Critical Cyber Threats in European Energy Sector (9 apr) https://www.knowbe4.com/press/new-knowbe4-report-exposes-critical-cyber-threats-in-european-energy-sector

The Cost of Ransomware: Shutdowns & Extortion (9 apr) https://www.tripwire.com/state-of-security/cost-ransomware-shutdowns-extortion

How cyberattackers exploit domain controllers using ransomware (9 apr) https://www.microsoft.com/en-us/security/blog/2025/04/09/how-cyberattackers-exploit-domain-controllers-using-ransomware

Cyber security breaches survey 2025 (10 apr) https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025#summary

Informationssäkerhet och blandat

Ivos verktyg tog bort maskning – skyddade uppgifter röjdes (6 apr) https://www.sverigesradio.se/artikel/ivos-verktyg-tog-bort-maskning-skyddade-uppgifter-rojdes

Regeringen inför nytt system för effektivare information till allmänheten vid kris och krig (10 apr) https://www.regeringen.se/pressmeddelanden/2025/04/regeringen-infor-nytt-system-for-effektivare-information-till-allmanheten-vid-kris-och-krig

CERT-SE i veckan

Kritisk sårbarhet i Ivanti-produkter utnyttjas aktivt (uppdaterad 11 apr) https://cert.se/2025/04/kritisk-sarbarhet-i-ivanti-produkter-utnyttjas-aktivt.html

SAP:s månatliga säkerhetsuppdateringar för april 2025 (9 apr) https://www.cert.se/2025/04/saps-manatliga-sakerhetsuppdateringar-for-april-2025.html

Adobes månatliga säkerhetsuppdateringar för april 2025 (9 apr) https://www.cert.se/2025/04/adobes-manatliga-sakerhetsuppdateringar-for-april-2025.html

Fortinets månatliga säkerhetsuppdateringar för april 2025 (9 apr) https://www.cert.se/2025/04/fortinets-manatliga-sakerhetsuppdateringar-for-april-2025.html

Microsofts månatliga säkerhetsuppdateringar för april 2025 (9 apr) https://www.cert.se/2025/04/microsofts-manatliga-sakerhetsuppdateringar-for-april-2025.html

Flera fall av nätfiske - öka vaksamheten (7 apr) https://www.cert.se/2025/04/cert-se-varnar-for-flera-fall-av-phishing.html