CERT-SE:s veckobrev v.19
Nästa vecka kommer en ny funktionalitet att introduceras i tjänsten ANTS. Mottagare av ANTS-utskicken kommer framöver även att få information om misstänkt komprometterade enheter som identifierats i organisationens nätverk. Läs mer om ANTS här: https://www.cert.se/rad-och-stod/ants/
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Ransomware attacks on food and agriculture industry have doubled in 2025 (2 maj) https://therecord.media/ransomware-attacks-food-and-ag-double-2025
Tiktok skickar användardata till Kina – får GDPR-böter på 5 miljarder (2 maj) https://computersweden.se/article/3976433/tiktok-skickar-anvandardata-till-kina-far-gdpr-boter-pa-5-miljarder.html
U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems (3 maj) https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html
Incidents impacting retailers – recommendations from the NCSC (4 maj) https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers
Hybridhoten mot de svenska energisystemen ökar (5 maj) https://www.svt.se/nyheter/lokalt/jonkoping/hybridhoten-mot-de-svenska-energisystemen-okar
Så motverkas cyberangrepp mot solcellsparken i Tranås (5 maj) https://www.svt.se/nyheter/lokalt/jonkoping/sa-motverkas-cyberangrepp-mot-solcellsparken-i-tranas
Ransomware Attacks Fall in April Amid RansomHub Outage (5 maj) https://www.infosecurity-magazine.com/news/ransomware-fall-april-ransomhub/
DDoS attackers are pouncing on unpatched vulnerabilities (5 maj) https://www.itpro.com/security/ddos-attackers-are-pouncing-on-unpatched-vulnerabilities
New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands (5 maj) https://cybersecuritynews.com/new-lummac-v2-stealer-using-clickfix-technique/
Kraftiga attacken utfördes av stort botnätverk: ”Vi såg nya mönster” (5 maj) https://www.tv4.se/artikel/NnUdLpQIHPpTEZjXOKmAt/kraftiga-attacken-utfoerdes-av-stort-botnaetverk-vi-sag-nya-moenster
White House Proposal Slashes Half-Billion From CISA Budget (5 maj) https://www.securityweek.com/white-house-proposal-slashes-half-billion-from-cisa-budget/
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability (5 maj) https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Here Comes Mirai: IoT Devices RSVP to Active Exploitation (6 maj) https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations/ (6 maj)
South African Airways says cyberattack disrupted operational systems (7 maj) https://therecord.media/south-african-airways-cyberattack-disrupted
Dubbla cyberattacker mot Västtrafik: Misstänkt sabotage (8 maj) https://www.sverigesradio.se/artikel/dubbla-cyberattacker-mot-vasttrafik-misstankt-sabotage
Multilayered Email Attack: How a PDF Invoice and Geo-Fencing Led to RAT Malware (8 maj) https://www.fortinet.com/blog/threat-research/multilayered-email-attack-how-a-pdf-invoice-and-geofencing-led-to-rat-malware
Rapporter och analyser
Germany Most Targeted Country in Q1 2025 DDoS Attacks (5 maj) https://hackread.com/germany-most-targeted-country-q1-2025-ddos-attacks/
Ransomware attacks on food and agriculture industry have doubled in 2025 (5 maj) https://therecord.media/ransomware-attacks-food-and-ag-double-2025
CERT-EU Annual Report 2024 (5 maj) https://www.cert.europa.eu/iicb/annual-report-2024
Unsophisticated Cyber Actor(s) Targeting Operational Technology (6 maj) https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology
NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware (7 maj) https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html
Informationssäkerhet och blandat
Britain to warn companies cyber security must be ‘absolute priority’ (2 maj) https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html
The Hunt for Darcula (4 maj) https://www.nrk.no/dokumentar/xl/the-hunt-for-darcula-1.17399157
De tre största säkerhetshoten mot energiföretag (5 maj) https://www.energi.se/artiklar/2025/maj-2025/de-tre-storsta-sakerhetshoten-mot-energiforetag
EU must boost a single market of cybersecurity to protect healthcare (7 maj) https://www.sitra.fi/en/news/eu-must-boost-a-single-market-of-cybersecurity-to-protect-healthcare/
Exclusive: Nordics and Estonia rolling out offline card payment back-up in case internet cut (7 maj) https://www.reuters.com/business/finance/nordics-estonia-plan-offline-card-payment-back-up-if-internet-cut-2025-05-07/
Countries Begin NATO’s Locked Shields Cyber-Defense Exercise (7 maj) https://www.darkreading.com/cybersecurity-operations/countries-nato-locked-shields-cyber-defense-exercise
CERT-SE i veckan
Kritisk sårbarhet i Cisco IOS XE (8 maj) https://www.cert.se/2025/05/kritisk-sarbarhet-i-cisco-ios-xe.html
Ny funktion i ANTS - notifiering om komprometterade enheter (8 maj) https://www.cert.se/2025/05/ny-funktion-i-ants-notifiering-om-komprometterade-enheter.html