CERT-SE:s veckobrev v.23

Ett peppar, peppar något lugnare nyhetsflöde denna kortvecka men som oftast ett gäng matnyttiga fördjupningar att förkovra sig i.

En glad nationaldag och trevlig helg önskar CERT-SE!

Nyheter i veckan

China-linked hackers exploit Google Calendar in cyberattacks on governments (29 maj) https://therecord.media/china-linked-apt41-exploits-google-calendar-in-cyberattacks

Senators call on Trump admin to reinstate cyber review board for Salt Typhoon investigation (30 maj) https://therecord.media/senators-call-on-trump-admin-reinstate-csrb

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation (31 maj) https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html

Aussie businesses now have to fess up when they pay off ransomware crims (31 maj) https://www.theregister.com/2025/05/31/australian_ransomware_reporting/

Finansinspektionen varnar (2 jun) https://sakerhetskollen.se/aktuella-brott/finansinspektionen-varnar

Försäkringskassan varnar för bedrägeri (2 jun) https://sakerhetskollen.se/aktuella-brott/forsakringskassan-varnar-for-bedrageri

Nytt förband ska stoppa stora cyberangrepp (2 jun) https://www.sverigesradio.se/artikel/nytt-forband-ska-stoppa-stora-cyberangrepp

Counter Antivirus Service AVCheck Shut Down by Law Enforcement (2 jun) https://www.securityweek.com/authorities-take-down-counter-antivirus-service-avcheck/

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions (2 jun) https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html

Trump’s CISA budget lays out deep job cuts, program reductions (2 jun) https://www.cybersecuritydive.com/news/cisa-trump-2026-budget-proposal/749539/

7 av 10 företag överväger att flytta hem molnet (4 jun) https://computersweden.se/article/4000645/69-overvager-att-flytta-hem-molnet-broadcom-statistik-hypes-privata-molnvinster.html

CISA: Attacks involving ConnectWise ScreenConnect bug underway (4 jun) https://www.scworld.com/brief/cisa-attacks-involving-connectwise-screenconnect-bug-underway

Stora störningar för Swish (4 jun) https://www.svt.se/nyheter/inrikes/stora-storningar-for-swish

Rapporter och analyser

Cybersecurity in Manufacturing: Threats, Trends, and Preparation (29 maj) https://www.forescout.com/blog/cybersecurity-in-manufacturing-threats-trends-and-preparation/

Cybercriminals camouflaging threats as AI tool installers (29 maj) https://blog.talosintelligence.com/fake-ai-tool-installers/

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites (2 jun) https://www.malwarebytes.com/blog/news/2025/06/victims-risk-asyncrat-infection-after-being-redirected-to-fake-booking-sites

Check point research – Threat Intelligence Report (2 jun) https://research.checkpoint.com/2025/2nd-june-threat-intelligence-report/

The Security Risks of Internet-Exposed Solar Power Systems (3 jun) https://www.forescout.com/blog/the-security-risks-of-internet-exposed-solar-power-systems/

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization (3 jun) https://thehackernews.com/2025/06/scattered-spider-understanding-help.html

StormWall Reveals India, China and US Faced Most DDoS Attacks in Q1 2025 (4 jun) https://hackread.com/stormwall-india-china-us-most-ddos-attacks-q1-2025/

Phishing e-mail that hides malicious link from Outlook users (4 jun) https://isc.sans.edu/diary/Phishing%20e-mail%20that%20hides%20malicious%20link%20from%20Outlook%20users/32010

Updated guide on Play Ransomware (4 jun) https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ransomware

ConnectWise ScreenConnect Breach and CVE-2025-3935: What You Need to Know (4 jun) https://socradar.io/connectwise-screenconnect-breach-cve-2025-3935/

Honeywell 2025 Cyber Threat Report https://www.honeywell.com/content/dam/honeywellbt/en/documents/gated/hon-corp-honeywell-2025-cyber-threat-report.pdf

Informationssäkerhet och blandat

Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store (30 maj) https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html?m=1

Announcing a new strategic collaboration to bring clarity to threat actor naming (2 jun) https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/

Cyberförsvaret inifrån: Ett besök hos cybersoldaterna (2 jun) https://www.aktuellsakerhet.se/cyberforsvaret-inifran-ett-besok-hos-cybersoldaterna/

Stort AI-centrum etablerar sig i Strängnäs – väntas ge över 1 000 nya jobb (4 jun) https://www.svt.se/nyheter/lokalt/sormland/ai-centrum-etablerar-sig-i-strangnas-vantas-ge-1-000-nya-jobb

Dutch university’s rapid response saved it from ransomware devastation (4 jun) https://www.computerweekly.com/feature/Dutch-universitys-rapid-response-saved-it-from-ransomware-devastation

National Cybersecurity Strategies: What’s new in the EU’s national cybersecurity policymaking (4 jun) https://www.enisa.europa.eu/news/national-cybersecurity-strategies-whats-new-in-the-eus-national-cybersecurity-policymaking

Mikko Hyppönen slutar slåss mot skadlig kod – ska slåss mot drönare istället (4 jun) https://computersweden.se/article/4001763/mikko-hypponen-slutar-slass-mot-skadlig-kod-ska-slass-mot-dronare-istallet.html

CERT-SE i veckan

Kritisk sårbarhet i Roundcube (2 jun) https://www.cert.se/2025/06/kritisk-sarbarhet-i-roundcube.html

Sårbarheter i Ivanti EPMM (3 jun) https://www.cert.se/2025/05/sarbarheter-i-ivanti-epmm.html