CERT-SE:s veckobrev v.17
MSB har utifrån tre uppdrag från regeringen tagit fram Cybersäkerhetskollen, ett verktyg för ökad motståndskraft och ett stärkt civilt försvar. Cybersäkerhetskollen mäter nivån på verksamhetens systematiska cybersäkerhetsarbete, samt ger stöd för förbättringsarbete.
Cybersäkerhetskollen innehåller Infosäkkollen, It-säkkollen, Ot-säkkollen och Leveranskedjekollen.
Mätningen av Cybersäkerhetskollen pågår mellan 23 april och 12 september 2025. Mer information finns här:
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Nytt samarbete om cybersäkerhet: ”Viktigt för små kommuner” (19 apr) https://www.sverigesradio.se/artikel/nytt-samarbete-om-cybersakerhet-viktigt-for-sma-kommuner
State-sponsored hackers embrace ClickFix social engineering tactic (20 apr) https://www.bleepingcomputer.com/news/security/state-sponsored-hackers-embrace-clickfix-social-engineering-tactic
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures (20 apr) https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html
Phishers abuse Google OAuth to spoof Google in DKIM replay attack (20 apr) https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack
Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts (21 apr) https://therecord.media/japan-warns-of-unauthorized-trades-hacked-accounts
Cyberfraud in the Mekong reaches inflection point, UNODC reveals (21 apr) https://www.unodc.org/roseap/en/2025/04/cyberfraud-inflection-point-mekong/story.html ..
Asiatiska ligor hotar Sverige: ”Oroväckande” (25 apr) https://www.svd.se/a/Mn8AE5/asiatiska-ligor-sprider-sig-orovackande
THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (21 apr) https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios (22 apr) https://cybersecuritynews.com/mitre-launches-new-d3fend-cad-tool
CISA Warns Threat Hunting Staff to Stop Using Censys & VirusTotal (22 apr) https://cybersecuritynews.com/cisa-threat-hunting-staff-censys-virustotal
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows (22 apr) https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows
Thousands of Baltimore students, teachers affected by data breach following February ransomware attack (23 apr) https://therecord.media/baltimore-public-schools-data-breach-ransomware
Korean Telco Giant SK Telecom Hacked (23 apr) https://www.securityweek.com/korean-telco-giant-sk-telecom-hacked
Phishing emails delivering infostealers surge 84% (23 apr) https://www.helpnetsecurity.com/2025/04/23/cybercriminals-credential-theft-tactics
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (23 apr) https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html
FBI: US lost record $16.6 billion to cybercrime in 2024 (23 apr) https://www.bleepingcomputer.com/news/security/fbi-us-lost-record-166-billion-to-cybercrime-in-2024
EU ger miljardböter till Apple och Meta (23 apr) https://computersweden.se/article/3968338/eu-ger-miljardboter-till-apple-och-meta.html
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure (24 apr) https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html
Linux ‘io_uring’ security blindspot allows stealthy rootkit attacks (24 apr) https://www.bleepingcomputer.com/news/security/linux-io-uring-security-blindspot-allows-stealthy-rootkit-attacks
Hacks Targeting Cloud Single Sign-On Rose in 2024 (24 apr) https://www.govinfosecurity.com/hacks-targeting-cloud-single-sign-on-rose-in-2024-a-28083
Ransomware now plays a role in nearly half of all breaches, new research finds (24 apr) https://therecord.media/ransomware-in-half-of-all-data-breaches-verizon
New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins (24 Apr) https://hackread.com/sessionshark-phishing-kit-bypass-mfa-steal-office-365-logins/
SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers (25 apr) https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html
Rapporter och analyser
Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis (16 apr) https://unit42.paloaltonetworks.com/phishing-campaign-with-complex-attack-chain
New Rust Botnet “RustoBot” is Routed via Routers (21 apr) https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers
The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases (22 apr) https://blog.checkpoint.com/research/the-state-of-ransomware-in-the-first-quarter-of-2025-a-126-increase-in-ransomware-yoy
Verizon’s 2025 Data Breach Investigations Report: System Intrusion Breaches Double in EMEA (23 apr) https://www.globenewswire.com/news-release/2025/04/23/3066052/0/en/Verizon-s-2025-Data-Breach-Investigations-Report-System-Intrusion-Breaches-Double-in-EMEA.html ..
2025 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/dbir
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines (23 apr) https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025
FBI Releases Annual Internet Crime Report (23 apr) https://www.fbi.gov/news/press-releases/fbi-releases-annual-internet-crime-report ..
Federal Bureau of Investigation - Internet Crime Report https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
Understanding 2024 cyber attack trends (24 Apr) https://www.helpnetsecurity.com/2025/04/24/understanding-2024-cyber-attack-trends
Informationssäkerhet och blandat
How to Write an Effective Ransomware Playbook https://red-goat.com/how-to-write-an-effective-ransomware-playbook
DslogdRAT Malware Installed in Ivanti Connect Secure (24 apr) https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html
Cybersäkerhetskollen (MSB) https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/arbeta-systematiskt-informationssakerhet-och-cybersakerhet/cybersakerhetskollen
CERT-SE i veckan
Kritisk sårbarhet i SAP NetWeaver (25 apr) https://www.cert.se/2025/04/kritisk-sarbarhet-i-sap-netweaver.html