CERT-SE:s veckobrev v.18

Veckobrev

Ett matigt svep mitt i långhelgen. Vi vill särskilt puffa för Försvarsmaktens nyhet om ett nyinrättat cyberförsvarsförband som ska försvara civil kritisk infrastruktur.

En fortsatt trevlig långhelg önskar CERT-SE!

Nyheter i veckan

Largest telecom in Africa warns of cyber incident exposing customer data (25 apr) https://therecord.media/largest-african-telecom-warns-of-data-exposure

Norra Hälsingland går samman – ska bli bättre på cybersäkerhet (27 apr) https://www.sverigesradio.se/artikel/norra-halsingland-gar-samman-ska-bli-battre-pa-cybersakerhet

Marks & Spencer breach linked to Scattered Spider ransomware attack (28 apr) https://www.bleepingcomputer.com/news/security/marks-and-spencer-breach-linked-to-scattered-spider-ransomware-attack/

Enorma strömavbrottet i Spanien: Så påverkades svensk-dansk HVDC-kabel (28 apr) https://www.nyteknik.se/energi/enorma-stromavbrottet-i-spanien-sa-paverkades-svensk-dansk-hvdc-kabel/4356324

Nytt cyberförsvarsförband försvarar civil infrastruktur (29 apr) https://www.forsvarsmakten.se/sv/aktuellt/2025/04/nytt-cyberforsvarsforband-forsvarar-civil-infrastruktur/

Elbolag utesluter cyberattack (29 apr) https://www.svt.se/nyheter/snabbkollen/elbolag-utesluter-cyberattack

Ett av Europas största strömavbrott – miljontals drabbades (29 apr) https://www.sverigesradio.se/artikel/ett-av-europas-storsta-stromavbrott-miljontals-drabbades

Nova Scotia energy provider takes some servers offline following cyber incident (29 apr) https://therecord.media/nova-scotia-energy-provider-takes-servers-offline

France accuses Russian intelligence of spate of high-profile cyberattacks (30 apr) https://www.euronews.com/2025/04/30/france-accuses-russian-intelligence-of-spate-of-high-profile-cyberattacks .. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-007.pdf

Alleged ‘Scattered Spider’ Member Extradited to U.S. (30 apr) https://krebsonsecurity.com/2025/04/alleged-scattered-spider-member-extradited-to-u-s/

Lopende DDoS-aanvallen op Nederlandse organisaties (30 apr) https://www.ncsc.nl/actueel/nieuws/2025/04/30/lopende-ddos-aanvallen-op-nederlandse-organisaties

Poland’s state registry temporarily blocked by cyber incident (1 maj) https://therecord.media/poland-pesel-system-state-registry-cyber-incident

Harrods is latest retailer to be hit by cyber-attack (1 maj) https://www.theguardian.com/business/2025/may/01/harrods-latest-retailer-hit-cyber-attack-website-shops

Thousands of LabHost PhaaS domains exposed by FBI (1 maj) https://www.scworld.com/brief/thousands-of-labhost-phaas-domains-exposed-by-fbi .. https://www.ic3.gov/CSA/2025/250429.pdf

Rapporter och analyser

Mobile Applications: A Cesspool of Security Issues (25 apr) https://www.darkreading.com/remote-workforce/mobile-applications-cesspool-security-issues

Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report (27 apr) https://blog.cloudflare.com/ddos-threat-report-for-2025-q1/

The rising threat of email attachments: Insights from Barracuda’s 2025 Email Threats Report (28 apr) https://blog.barracuda.com/2025/04/28/rising-threat-email-attachments-barracuda-2025-email-threats-report

What It Takes to Defend a Cybersecurity Company from Today’s Adversaries (28 apr) https://www.sentinelone.com/labs/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries/

CheckPoint Threat Intelligence Report (28 apr) https://research.checkpoint.com/2025/28th-april-threat-intelligence-report/

IR Trends Q1 2025: Phishing soars as identity-based attacks persist (28 apr) https://blog.talosintelligence.com/ir-trends-q1-2025/

Advanced Cryptography: new approaches to data privacy (28 apr) https://www.ncsc.gov.uk/whitepaper/advanced-cryptography

The State of State-Sponsored Hacktivist Attacks (29 apr) https://www.forescout.com/blog/the-state-of-state-sponsored-hacktivist-attacks/

Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis (29 apr) https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends

Gremlin Stealer: New Stealer on Sale in Underground Forum (29 apr) https://unit42.paloaltonetworks.com/new-malware-gremlin-stealer-for-sale-on-telegram/

Ransomware debris: an analysis of the RansomHub operation (30 apr) https://www.group-ib.com/blog/ransomware-debris/

Exploring PLeak: An Algorithmic Method for System Prompt Leakage (1 maj) https://www.trendmicro.com/en_se/research/25/e/exploring-pleak.html

AI Agents Are Here. So Are the Threats (1 maj) https://unit42.paloaltonetworks.com/agentic-ai-threats/

State-Of-The-Art Phishing: MFA Bypass (1 maj) https://blog.talosintelligence.com/state-of-the-art-phishing-mfa-bypass/

Informationssäkerhet och blandat

Nya utlysningar för att accelerera Europas tekniska utveckling genom DIGITAL-programmet (28 apr) https://www.digg.se/om-oss/nyheter/digital---programmet-for-ett-digitalt-europa/nyheter/2025-04-28-nya-utlysningar-for-att-accelerera-europas-tekniska-utveckling-genom-digital-programmet

What’s worth automating in cyber hygiene, and what’s not (29 Apr) https://www.helpnetsecurity.com/2025/04/29/automating-cyber-hygiene/

World Password Day 2025: All the news, updates and advice https://www.techradar.com/pro/live/world-password-day-2025-all-the-news-updates-and-advice-from-our-experts

AI-generated code could be a disaster for the software supply chain. Here’s why. (29 apr) https://arstechnica.com/security/2025/04/ai-generated-code-could-be-a-disaster-for-the-software-supply-chain-heres-why/

Svensk polis leder europeisk cyberinsats mot gängens ledare (29 apr) https://www.dn.se/sverige/svensk-polis-leder-europeisk-cyberinsats-mot-gangens-ledare/

RISE utsedd till Teknisk tjänst inom cybersäkerhet (29 apr) https://www.ri.se/sv/nyheter/rise-utsedd-till-teknisk-tjanst-inom-cybersakerhet

How Postal Code Data Impacts Cybersecurity, Privacy and Fraud Prevention (29 Apr) https://hackread.com/postal-code-data-impact-cybersecurity-fraud-prevention/

Scammers Use Spain-Portugal Blackout for TAP Air Refund Phishing Scam (1 Maj) https://hackread.com/spain-portugal-blackout-tap-air-refund-phishing-scam/

Phone theft is turning into a serious cybersecurity risk (2 Maj) https://www.helpnetsecurity.com/2025/05/02/phone-theft-cybersecurity-threat/

CERT-SE i veckan

Kritisk sårbarhet i SAP NetWeaver (25 apr, uppdaterad 30 apr) https://www.cert.se/2025/04/kritisk-sarbarhet-i-sap-netweaver.html