CERT-SE startsida
Sök inom CERT-SE
Publicerad: 2025-11-28 13:45

CERT-SE:s veckobrev v.48

Veckobrev

I veckans läsning hittar du blandade nyheter om olika cybersäkerhetsinitiativ i Sverige, bland annat information om att regeringen nu beslutat att ge Sveriges nationella cybersäkerhetscenter i uppdrag att öka säkerheten kopplat till valåret 2026. Även denna vecka finns en hel del rapporter och analyser att ta del av.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Sverige får nationell plattform för delning av cyberhot (21 nov) https://computersweden.se/article/4094573/sverige-far-nationell-plattform-for-delning-av-cyberhot.html

New Gainsight Supply Chain Hack Could Affect Salesforce Customers (21 nov) https://www.infosecurity-magazine.com/news/new-gainsight-supply-chain-hack/

Iberia discloses customer data leak after vendor security breach (23 nov) https://www.bleepingcomputer.com/news/security/iberia-discloses-customer-data-leak-after-vendor-security-breach/

NATO tecknar avtal med Google Cloud om suverän molntjänst (24 nov) https://www.aktuellsakerhet.se/nato-tecknar-avtal-med-google-cloud-om-suveran-molntjanst/

FBI: Cybercriminals stole $262M by impersonating bank support teams (25 nov) https://www.bleepingcomputer.com/news/security/fbi-cybercriminals-stole-262-million-by-impersonating-bank-support-teams-since-january/

Major US Banks Impacted by SitusAMC Hack (25 nov) https://www.securityweek.com/major-us-banks-impacted-by-situsamc-hack/

Ransomware Attack Disrupts Local Emergency Alert System Across US (26 nov) https://www.securityweek.com/ransomware-attack-disrupts-local-emergency-alert-system-across-us/

OpenAI admits data breach after analytics partner hit by phishing attack (27 nov) https://www.infoworld.com/article/4097479/openai-admits-data-breach-after-analytics-partner-hit-by-phishing-attack.html

Rapporter och analyser

ClickFix attack uses fake Windows Update screen to push malware (24 nov) https://www.bleepingcomputer.com/news/security/clickfix-attack-uses-fake-windows-update-screen-to-push-malware/

Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack (24 nov) https://hackread.com/shai-hulud-npm-worm-supply-chain-attack/

Kraftig ökning av falska butiker och bedrägerier inför Black Friday (24 nov) https://computersweden.se/article/4095213/kraftig-okning-av-falska-butiker-och-bedragerier-infor-black-friday.html
The Black Friday Cyber Crime Economy: Surge in Fraudulent Domains and eCommerce Scams (20 nov) https://blog.checkpoint.com/research/the-black-friday-cyber-crime-economy-surge-in-fraudulent-domains-and-ecommerce-scams/

Rapport: The AI-Fication of Cybersecurity (25 nov) https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/the-ai-fication-of-cyberthreats-trend-micro-security-predictions-for-2026

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys (25 nov) https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html

Informationssäkerhet och blandat

Regeringen stärker cybersäkerheten inför valåret 2026 (21 nov) https://regeringen.se/pressmeddelanden/2025/11/regeringen-starker-cybersakerheten-infor-valaret-2026/

Problem med nödsamtal: Mobiler kan spärras – ”Alternativet är värre” (24 nov) https://www.nyteknik.se/tech/problem-med-nodsamtal-mobiler-kan-sparras-alternativet-ar-varre/4414298

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ (24 nov) https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-target-users-messaging-applications

Your IP Address Might Be Someone Else’s Problem (And Here’s How to Find Out) (25 nov) https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem

Germany encourages enabling of 2FA by default for webmail providers (25 nov) https://cybernews.com/security/germany-enable-2fa-by-default-webmail-providers/

Polisen tar första steget mot nätpatrullering i spelvärlden (26 nov) https://polisen.se/aktuellt/nyheter/stockholm/2025/november/polisen-tar-forsta-steget-mot-natpatrullering-i-spelvarlden/

CERT-SE i veckan

Ny version av självreplikerande skadlig kod sprider sig via NPM (25 nov) https://www.cert.se/2025/11/ny-version-av-sjalvreplikerande-skadlig-kod-sprider-sig-via-npm.html

Kritisk sårbarhet i Fortinet FortiWeb (Uppdaterad 26 nov) https://www.cert.se/2025/11/kritisk-sarbarhet-i-fortinet-fortiweb.html