CERT-SE startsida
Sök inom CERT-SE
Publicerad: 2025-11-14 15:00

CERT-SE:s veckobrev v.46

Veckobrev

Bland veckans läsning finns som vanligt en hel del intressanta rapporter och analyser. För er som deltagit i CERT-SE:s årliga CTF finns nu facit publicerat på vår webb och utskick av pris till de som har alla rätt kommer att ske inom en snar framtid.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Cyberattacken mot Jaguar Land Rover slog mot Storbritanniens BNP (7 nov) https://computersweden.se/article/4086763/cyberattacken-mot-jaguar-land-rover-slog-mot-storbritanniens-bnp.html

Kulturrådet: Personuppgifter kan ha läckt (10 nov) https://www.svt.se/kultur/kulturradet-personuppgifter-kan-ha-lackt

EU vill byta ut alla komponenter från Huawei och ZTE i mobilnäten (11 nov) https://computersweden.se/article/4088041/eu-vill-byta-ut-alla-komponenter-fran-huawei-och-zte-i-mobilnaten.html

End of the game for cybercrime infrastructure: 1025 servers taken down (13 nov) https://www.europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infrastructure-1025-servers-taken-down
Tre cyberkriminella nätverk nedtagna i Europol-tillslag (13 nov) https://computersweden.se/article/4089321/tre-cyberkriminella-natverk-nedtagna-i-europol-tillslag.html

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts (14 nov) https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html

Rapporter och analys

Optimizing IOC Retention Time (6 nov) https://www.netresec.com/?page=Blog&month=2025-11&post=Optimizing-IOC-Retention-Time

Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic (8 nov) https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html

5 reasons why attackers are phishing over LinkedIn (10 nov) https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/

GlassWorm Returns, Slices Back into VS Code Extensions (10 nov) https://www.darkreading.com/cyberattacks-data-breaches/glassworm-returns-vs-code-extensions

Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide (10 nov) https://www.bleepingcomputer.com/news/security/quantum-route-redirect-phaas-targets-microsoft-365-users-worldwide/

New Browser Security Report Reveals Emerging Threats for Enterprises (10 nov) https://thehackernews.com/2025/11/new-browser-security-report-reveals.html

Hackers Weaponizing Calendar Files as New Attack Vector Bypassing Traditional Email Defenses (11 nov) https://cybersecuritynews.com/calendar-files-weaponized-as-attack-vector/

The State of Ransomware – Q3 2025 (13 nov) https://research.checkpoint.com/2025/the-state-of-ransomware-q3-2025/

Informationssäkerhet och blandat

Här den mest skadliga toppdomänen – och det är inte den du tror (7 nov) https://computersweden.se/article/4085595/vilken-ar-den-mest-skadliga-toppdomanen-cloudflare-avslojar-overraskande-risker-och-anvandningsmonster.html

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation (7 nov) https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html

Malware Is Now Using AI to Rewrite Its Own Code to Avoid Detection (9 nov) https://futurism.com/artificial-intelligence/malware-using-rewrite-code-avoid-detection

CISA orders feds to patch Samsung zero-day used in spyware attacks (10 nov) https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-samsung-zero-day-used-in-spyware-attacks/

OWASP Highlights Supply Chain Risks in New Top 10 List (10 nov) https://www.darkreading.com/application-security/owasp-highlights-supply-chain-risks-new-top-10

Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland (11 nov) https://www.bleepingcomputer.com/news/security/synology-fixes-beestation-zero-days-demoed-at-pwn2own-ireland/

Cyber-Insurance Payouts Soar 230% in UK (12 nov) https://www.infosecurity-magazine.com/news/cyberinsurance-payouts-soar-230-in/

CISA, FBI and Partners Unveil Critical Guidance to Protect Against Akira Ransomware Threat (13 nov) https://www.cisa.gov/news-events/news/cisa-fbi-and-partners-unveil-critical-guidance-protect-against-akira-ransomware-threat

CERT-SE i veckan

Facit för CERT-SE CTF 2025 (10 nov) https://www.cert.se/2025/11/facit-for-cert-se-ctf-2025.html

Patchtisdag november 2025 – samlad information om månadens säkerhetsuppdateringar (Uppdaterad 13 nov) https://www.cert.se/2025/11/patchtisdag-november-2025-samlad-information-om-manadens-sakerhetsuppdateringar.html

Kritisk sårbarhet i WatchGuard Fireware OS (Uppdaterad 13 nov) https://www.cert.se/2025/10/kritisk-sarbarhet-i-watchguard-fireware-os.html