CERT-SE:s veckobrev v.21

I veckans nyhetssvep rapporteras det om flera internationella insatser för att störa cyberkriminell aktivitet. Utöver detta, en hel drös läsvärda rapporter om allt från analyser av utpressningsangrepp till hur man bör agera när det är dags att ta digitala tillgångar av olika slag ur drift.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Legal aid hack: data from hundreds of thousands of people accessed, says MoJ (19 maj) https://www.theguardian.com/law/2025/may/19/significant-amount-of-personal-data-accessed-in-legal-aid-agency-data-breach-says-moj

Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks (19 maj) https://www.csoonline.com/article/3989785/ethical-hackers-exploited-zero-day-vulnerabilities-against-popular-os-browsers-vms-and-ai-frameworks.html

Arla Foods confirms cyberattack disrupts production, causes delays (19 maj) https://www.bleepingcomputer.com/news/security/arla-foods-confirms-cyberattack-disrupts-production-causes-delays

SolarWinds security chief on the risks and rewards of being a CISO (19 maj) https://therecord.media/solarwinds-security-chief-tim-brown-interview

The inside story of a council held to ransom in cyber-attack (19 maj) https://www.bbc.com/news/articles/cpw72pxrgdzo

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (20 maj) https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers ..
Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability (19 maj) https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.41.pdf

Report: Over 50% of top oil and gas firms hit by data breaches in last 30 days (20 maj) https://www.worldpipelines.com/equipment-and-safety/20052025/report-over-50-of-top-oil-and-gas-firms-hit-by-data-breaches-in-last-30-days

Dutch government passes law to criminalize cyber-espionage (20 maj) https://therecord.media/netherlands-law-criminalizes-cyber-espionage

Supplier to major supermarkets hit by cyber attack (20 maj) https://www.bbc.com/news/articles/czr88myp570o

Shipboard Cyberattack Risks are Increasing, U.S. Coast Guard Warns (20 maj) https://maritime-executive.com/article/shipboard-cyberattack-risks-are-increasing-u-s-coast-guard-warns

Moldova will gain access to European rapid response mechanism in case of major cyber attacks (20 maj) https://infomarket.md/en/analitics/371621

Småföretagare oroar sig för cyberhot (20 maj) https://computersweden.se/article/3990444/smaforetagare-oroar-sig-for-cyberhot.html

Cyber-attack threat keeps me awake at night, bank boss says (20 maj) https://www.bbc.com/news/articles/c4g3372vl3yo

Europol and Microsoft disrupt world’s largest infostealer Lumma (21 maj) https://www.europol.europa.eu/media-press/newsroom/news/europol-and-microsoft-disrupt-world%E2%80%99s-largest-infostealer-lumma ..
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer (21 maj) https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer

NSM oppfordrer virksomheter til å styrke egen sikkerhet (21 maj) https://nsm.no/aktuelt/nsm-oppfordrer-virksomheter-til-styrke-egen-sikkerhet

UK and allies expose Russian intelligence campaign targeting western logistics and technology organisations (21 maj) https://www.ncsc.gov.uk/news/uk-partners-expose-russian-intelligence-campaign ..
Stort cyberspionage avslöjat – ökänd rysk hackergrupp pekas ut (23 maj) https://www.dn.se/varlden/stort-cyberspionage-avslojat-okand-rysk-hackergrupp-pekas-ut

Everest Hacking Group Claims Coca-Cola Data Breach, Exfiltrates 23 Million Records (22 maj) https://cybersecuritynews.com/everest-hacking-coca-cola-data-breach

Operation ENDGAME strikes again: the ransomware kill chain broken at its source (23 maj) https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-strikes-again-ransomware-kill-chain-broken-its-source

Rapporter och analyser

Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain (19 maj) https://www.trendmicro.com/en_us/research/25/e/unmasking-fake-captcha-cases.html

Skitnet malware: The new ransomware favorite (20 maj) https://www.csoonline.com/article/3990488/skitnet-malware-the-new-ransomware-favorite.html

Threat Analysis: Malicious NPM Package Leveraged in O365 Phishing Attack (20 maj) https://www.fortra.com/blog/threat-analysis-malicious-npm-package-leveraged-o365-phishing-attack

NCSC-UK: Decommissioning assets (20 maj) https://www.ncsc.gov.uk/guidance/decommissioning-assets

Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor (20 maj) https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor

Duping Cloud Functions: An emerging serverless attack vector (20 maj) https://blog.talosintelligence.com/duping-cloud-functions-an-emerging-serverless-attack-vector

Shoplifting 2.0: When it’s Data the Thieves Steal (21 maj) https://www.sans.org/blog/shoplifting-when-its-data-thieves-steal

Dragos Industrial Ransomware Analysis: Q1 2025 (21 maj) https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q1-2025

Critical Condition: The Growing Threat of Healthcare Data Breaches (21 maj) https://www.forescout.com/blog/critical-condition-the-growing-threat-of-healthcare-data-breaches

Health-ISAC 2025 Report: Ransomware Still Reigns as #1 Threat to Healthcare (22 maj) https://www.tripwire.com/state-of-security/health-isac-report-ransomware-still-reigns-threat-healthcare

Informationssäkerhet och blandat

What Can We Learn About Cybersecurity for Space from Existing Safety Procedures? (16 maj) https://www.satellitetoday.com/opinion/2025/05/16/what-can-we-learn-about-cybersecurity-for-space-from-existing-safety-procedures

Securing space tech: Why we need to address cyber risks in orbit (21 maj) https://www.weforum.org/stories/2025/05/securing-space-why-we-need-to-address-cyber-risks-in-orbit

CERT-SE i veckan

Allvarlig sårbarhet i BIND (23 maj) https://cert.se/2025/05/allvarlig-sarbarhet-i-bind.html

Allvarliga sårbarheter i Cisco ISE och UIC (22 maj) https://cert.se/2025/05/allvarliga-sarbarheter-cisco-ise-och-uic.html