CERT-SE:s veckobrev v.40

Den här veckan vill vi informera om att både Nationellt cybersäkerhetscenter (NCSC) och Myndigheten för samhällsskydd och beredskap (MSB) används i en nätfiskekampanj. Mottagaren av dessa e-postmeddelanden ombeds göra brådskande cybersäkerhetsuppdateringar som påstås vara obligatoriska för alla svenska internetanvändare. CERT-SE uppmanar till vaksamhet.

Mer information finns här: https://www.ncsc.se/sv/aktuellt/nationellt-cybersakerhetscenters-namn-anvands-i-natfiskekampanj/

Vidare innehåller veckans läsning blandade nyheter, rapporter och analyser inom cybersäkerhetsområdet.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Akira ransomware breaching MFA-protected SonicWall VPN accounts (28 sep) https://www.bleepingcomputer.com/news/security/akira-ransomware-breaching-mfa-protected-sonicwall-vpn-accounts/

Japan’s largest brewer suspends operations due to cyberattack (29 sep) https://www.bleepingcomputer.com/news/security/japans-largest-brewer-suspends-operations-due-to-cyberattack/

Chinese hackers exploiting VMware zero-day since October 2024 (30 sep) https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-vmware-zero-day-since-october-2024/

Cisco firewall flaws endanger nearly 50,000 devices worldwide (30 sep) https://www.cybersecuritydive.com/news/cisco-firewall-vulnerabilities-shadowserver-initial-exposure/761490/

U.K. Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust (30 sep) https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users (1 okt) https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html

1.2 million people had information stolen during cyberattack on WestJet (1 okt) https://therecord.media/westjet-data-breach-disclosures

Hackers Extort Executives After Claiming Oracle Apps Breach (2 okt) https://www.bloomberg.com/news/articles/2025-10-02/cyber-group-extorting-executives-with-claims-of-stolen-data

Red Hat confirms security incident after hackers claim GitHub breach (2 okt) https://www.bleepingcomputer.com/news/security/red-hat-confirms-security-incident-after-hackers-claim-github-breach/

Rapporter och analyser

First-Ever Malicious MCP Server Found in the Wild Steals Emails via AI Agents (26 sep) https://cybersecuritynews.com/first-ever-malicious-mcp-server/

Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins (27 sep) https://cybersecuritynews.com/sonicwall-firewalls-akira-ransomware/

Can We Trust AI To Write Vulnerability Checks? Here’s What We Found (29 sep) https://www.bleepingcomputer.com/news/security/can-we-trust-ai-to-write-vulnerability-checks-heres-what-we-found/

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations (30 sep) https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html

Paperwork to Payload: From Shortcut Clicks to Rundll32 Execution (30 sep) https://blackpointcyber.com/blog/paperwork-to-payload-from-shortcut-clicks-to-rundll32-execution/

ENISA Threat Landscape 2025 (1 okt) https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025

Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details (1 okt) https://cybersecuritynews.com/hackers-posing-as-google-careers-recruiter/

New DNS Malware Detour Dog Delivers Strela Stealer Using DNS TXT Records (1 okt) https://cybersecuritynews.com/new-dns-malware-detour-dog/

Informationssäkerhet och blandat

Datacenter fire takes 647 South Korean government services offline (29 sep) https://www.theregister.com/2025/09/28/asia_tech_news_roundup/

Two-Thirds of Organizations Have Unfilled Cybersecurity Positions (29 sep) https://www.infosecurity-magazine.com/news/two-thirds-unfilled-cybersecurity/

Nu tvingas vd:n ta ansvar för cybersäkerheten (30 sep) https://computersweden.se/article/4063856/qantas-sankning-av-vd-lonen-signalerar-en-ny-era-av-cyberansvar.html

Click wisely: promoting online safety during European Cybersecurity Month (1 okt) https://commission.europa.eu/news-and-media/news/click-wisely-promoting-online-safety-during-european-cybersecurity-month-2025-10-01_en

NIST Publishes Guide for Protecting ICS Against USB-Borne Threats (1 okt) https://www.securityweek.com/nist-publishes-guide-for-protecting-ics-against-usb-borne-threats/

Nu drar Tänk Säkert 2025 i gång (1 okt) https://www.msb.se/sv/aktuellt/nyheter/2025/oktober/nu-drar-tank-sakert-2025-i-gang/

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users (1 okt) https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html

Nationellt cybersäkerhetscenters namn används i nätfiskekampanj (3 okt) https://www.ncsc.se/sv/aktuellt/nationellt-cybersakerhetscenters-namn-anvands-i-natfiskekampanj/

CERT-SE i veckan

Flertal sårbarheter i VMware (1 okt) https://www.cert.se/2025/10/flera-sarbarheter-i-vmware.html

Antar du vår utmaning? / Do you accept our challenge? (1 okt) https://www.cert.se/2025/10/antar-du-var-utmaning.html