CERT-SE:s veckobrev v.19

Nästa vecka kommer en ny funktionalitet att introduceras i tjänsten ANTS. Mottagare av ANTS-utskicken kommer framöver även att få information om misstänkt komprometterade enheter som identifierats i organisationens nätverk. Läs mer om ANTS här: https://www.cert.se/rad-och-stod/ants/

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Ransomware attacks on food and agriculture industry have doubled in 2025 (2 maj) https://therecord.media/ransomware-attacks-food-and-ag-double-2025

Tiktok skickar användardata till Kina – får GDPR-böter på 5 miljarder (2 maj) https://computersweden.se/article/3976433/tiktok-skickar-anvandardata-till-kina-far-gdpr-boter-pa-5-miljarder.html

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems (3 maj) https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html

Incidents impacting retailers – recommendations from the NCSC (4 maj) https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers

Hybridhoten mot de svenska energisystemen ökar (5 maj) https://www.svt.se/nyheter/lokalt/jonkoping/hybridhoten-mot-de-svenska-energisystemen-okar

Så motverkas cyberangrepp mot solcellsparken i Tranås (5 maj) https://www.svt.se/nyheter/lokalt/jonkoping/sa-motverkas-cyberangrepp-mot-solcellsparken-i-tranas

Ransomware Attacks Fall in April Amid RansomHub Outage (5 maj) https://www.infosecurity-magazine.com/news/ransomware-fall-april-ransomhub/

DDoS attackers are pouncing on unpatched vulnerabilities (5 maj) https://www.itpro.com/security/ddos-attackers-are-pouncing-on-unpatched-vulnerabilities

New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands (5 maj) https://cybersecuritynews.com/new-lummac-v2-stealer-using-clickfix-technique/

Kraftiga attacken utfördes av stort botnätverk: ”Vi såg nya mönster” (5 maj) https://www.tv4.se/artikel/NnUdLpQIHPpTEZjXOKmAt/kraftiga-attacken-utfoerdes-av-stort-botnaetverk-vi-sag-nya-moenster

White House Proposal Slashes Half-Billion From CISA Budget (5 maj) https://www.securityweek.com/white-house-proposal-slashes-half-billion-from-cisa-budget/

Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability (5 maj) https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability

Here Comes Mirai: IoT Devices RSVP to Active Exploitation (6 maj) https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations/ (6 maj)

South African Airways says cyberattack disrupted operational systems (7 maj) https://therecord.media/south-african-airways-cyberattack-disrupted

Dubbla cyberattacker mot Västtrafik: Misstänkt sabotage (8 maj) https://www.sverigesradio.se/artikel/dubbla-cyberattacker-mot-vasttrafik-misstankt-sabotage

Multilayered Email Attack: How a PDF Invoice and Geo-Fencing Led to RAT Malware (8 maj) https://www.fortinet.com/blog/threat-research/multilayered-email-attack-how-a-pdf-invoice-and-geofencing-led-to-rat-malware

Rapporter och analyser

Germany Most Targeted Country in Q1 2025 DDoS Attacks (5 maj) https://hackread.com/germany-most-targeted-country-q1-2025-ddos-attacks/

Ransomware attacks on food and agriculture industry have doubled in 2025 (5 maj) https://therecord.media/ransomware-attacks-food-and-ag-double-2025

CERT-EU Annual Report 2024 (5 maj) https://www.cert.europa.eu/iicb/annual-report-2024

Unsophisticated Cyber Actor(s) Targeting Operational Technology (6 maj) https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware (7 maj) https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html

Informationssäkerhet och blandat

Britain to warn companies cyber security must be ‘absolute priority’ (2 maj) https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html

The Hunt for Darcula (4 maj) https://www.nrk.no/dokumentar/xl/the-hunt-for-darcula-1.17399157

De tre största säkerhetshoten mot energiföretag (5 maj) https://www.energi.se/artiklar/2025/maj-2025/de-tre-storsta-sakerhetshoten-mot-energiforetag

EU must boost a single market of cybersecurity to protect healthcare (7 maj) https://www.sitra.fi/en/news/eu-must-boost-a-single-market-of-cybersecurity-to-protect-healthcare/

Exclusive: Nordics and Estonia rolling out offline card payment back-up in case internet cut (7 maj) https://www.reuters.com/business/finance/nordics-estonia-plan-offline-card-payment-back-up-if-internet-cut-2025-05-07/

Countries Begin NATO’s Locked Shields Cyber-Defense Exercise (7 maj) https://www.darkreading.com/cybersecurity-operations/countries-nato-locked-shields-cyber-defense-exercise

CERT-SE i veckan

Kritisk sårbarhet i Cisco IOS XE (8 maj) https://www.cert.se/2025/05/kritisk-sarbarhet-i-cisco-ios-xe.html

Ny funktion i ANTS - notifiering om komprometterade enheter (8 maj) https://www.cert.se/2025/05/ny-funktion-i-ants-notifiering-om-komprometterade-enheter.html