CERT-SE startsida
Sök inom CERT-SE
Publicerad: 2025-12-12 13:00

CERT-SE:s veckobrev v.50

Veckobrev

I veckans läsning finns bland annat en artikel om vårt deltagande i NATO-övningen Cyber Coalition tillsammans med Nationellt cybersäkerhetscenter.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

New wave of VPN login attempts targets Palo Alto GlobalProtect portals (6 dec) https://www.bleepingcomputer.com/news/security/new-wave-of-vpn-login-attempts-targets-palo-alto-globalprotect-portals/

Tekniska problem hos Telia – telefonistrul i hela landet (9 dec) https://www.svt.se/nyheter/inrikes/it-strul-pa-tisdagen-coop-och-telia-paverkade

Nytt svårupptäckt nätfiskepaket ligger bakom mer än en miljon attacker (9 dec) https://www.securityuser.com/se/Nyheter/Samhalle/nytt-svarupptackt-natfiskepaket-ligger-bakom-mer-an-en-miljon-attacker

Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims (10 dec) https://cyberscoop.com/react2shell-attacks-surge-50-victims/

MITRE shares 2025’s top 25 most dangerous software weaknesses (12 dec) https://www.bleepingcomputer.com/news/security/mitre-shares-2025s-top-25-most-dangerous-software-weaknesses/

Rapporter och analyser

Threat Landscape Grows Increasingly Dangerous for Manufacturers (5 dec) https://www.darkreading.com/cyberattacks-data-breaches/threat-landscape-increasingly-dangerous-manufacturers

Prompt injection is not SQL injection (it may be worse) (8 dec) https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sql-injection
AMOS Stealer Exploits AI Trust: Malware Delivered Through ChatGPT and Grok (9 dec) https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure (9 dec) https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-343a

US Accounts for 44% of Cyber Attacks; Financial Gain Targets Public Administration (10 dec) https://cybersecuritynews.com/us-accounts-for-44-of-cyber-attacks/

OT Network Security Threats: Industrial Routers Under Attack (11 dec) https://www.forescout.com/blog/ot-network-security-threats-industrial-routers-under-attack/

Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks (11 dec) https://www.bleepingcomputer.com/news/security/hackers-exploit-gladinet-centrestack-cryptographic-flaw-in-rce-attacks/

Nanoremote Malware Uses Google Drive API for Hidden Control on Windows Systems (11 dec) https://thehackernews.com/2025/12/nanoremote-malware-uses-google-drive.html

Informationssäkerhet och blandat

AI-botar kan styra valdebatten – nytt säkerhetshot inför riksdagsvalet 2026 (8 dec) https://www.aktuellsakerhet.se/ai-botar-kan-styra-valdebatten-nytt-sakerhetshot-infor-riksdagsvalet-2026/

Ryska cyberattacker riktas mot västliga företag som stödjer Ukraina (9 dec) https://www.aktuellsakerhet.se/ryska-cyberattacker-riktas-mot-vastliga-foretag-som-stodjer-ukraina/

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR (9 dec) https://www.darkreading.com/threat-intelligence/packer-as-a-service-shanya-hides-ransomware-kills-edr

Behind the breaches: Case studies that reveal adversary motives and modus operandi (10 dec) https://www.csoonline.com/article/4103300/behind-the-breaches-case-studies-that-reveal-adversary-motives-and-modus-operandi.html

Nytt kostnadsfritt AI-verktyg ska hjälpa svenska verksamheter inför NIS2 (10 dec) https://www.aktuellsakerhet.se/nytt-kostnadsfritt-ai-verktyg-ska-hjalpa-svenska-verksamheter-infor-nis2/

NCSC övar cyberhot i Cyber Coalition (11 dec) https://www.ncsc.se/sv/aktuellt/ncsc-over-cyberhot-i-cyber-coalition/

Bolagsverket varnar för bedrägerier (12 dec) https://sakerhetskollen.se/aktuella-brott/bolagsverket-varnar-for-bedragerier

CERT-SE i veckan

Kritisk sårbarhet i React Server Components (RSC) (Uppdaterad 5 dec) https://www.cert.se/2025/12/kritisk-sarbarhet-i-react.html

Patchtisdag december 2025 – samlad information om månadens säkerhetsuppdateringar (10 dec) https://www.cert.se/2025/12/patchtisdag-december-2025-samlad-information-om-manadens-sakerhetsuppdateringar.html