CERT-SE:s veckobrev v.32

CERT-SE:s veckobrev är tillbaka efter ett litet sommaruppehåll. Extra tjock utgåva denna gång, då vi också fångar upp en del av vad som hänt de senaste veckorna.

Trevlig helg önskar CERT-SE!

Nyheter senaste veckorna

UK launches vulnerability research program for external experts (14 jul) https://www.bleepingcomputer.com/news/security/uk-launches-vulnerability-research-program-for-external-experts/

NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure (15 jul) https://therecord.media/china-typhoon-hackers-nsa-fbi-response

Global operation targets NoName057(16) pro-Russian cybercrime network (16 jul) https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network

..

Tillslag mot hackergruppen NoName (16 jul) https://polisen.se/aktuellt/nyheter/nationell/2025/juli/tillslag-mot-hackergruppen-noname/

..

Svensk polis har slagit till mot prorysk hackergrupp (16 juli) https://www.sverigesradio.se/artikel/svensk-polis-har-slagit-till-mot-prorysk-hackergrupp

Co-op confirms data of 6.5 million members stolen in cyberattack (16 jul) https://www.bleepingcomputer.com/news/security/co-op-confirms-data-of-65-million-members-stolen-in-cyberattack/

Spies and SAS troops among UK nationals’ details in Afghan leak, BBC says (17 jul) https://www.reuters.com/business/media-telecom/spies-sas-troops-among-uk-nationals-details-afghan-leak-bbc-says-2025-07-17/

Major European healthcare network discloses security breach (22 jul) https://www.bleepingcomputer.com/news/security/major-european-healthcare-network-discloses-security-breach/

Allianz Life Data Breach Impacts Most of 1.4 Million US Customers (28 jul) https://www.securityweek.com/allianz-life-data-breach-impacts-most-of-1-4-million-us-customers/

Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights (28 jul) https://www.securityweek.com/cyberattack-on-russian-airline-aeroflot-causes-the-cancellation-of-more-than-100-flights/

NASCAR Confirms Personal Information Stolen in Ransomware Attack (28 jul) https://www.securityweek.com/nascar-confirms-personal-information-stolen-in-ransomware-attack/

Telenor varnar för falska sms (31 jul) https://sakerhetskollen.se/aktuella-brott/telenor-varnar-for-falska-sms

Ransomware Groups Using TrickBot Malware to Exfiltrate US$724 Million in Cryptocurrency (31 jul) https://cybersecuritynews.com/ransomware-groups-using-trickbot-malware/

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials (31 jul) https://thehackernews.com/2025/07/experts-detect-multi-layer-redirect.html

Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage (1 aug) https://therecord.media/luxembourg-telecom-outage-reported-cyberattack-huawei-tech

Populär kodsajt utnyttjas i ny nätfiskekampanj (1 aug) https://computersweden.se/article/4032730/popular-kodsajt-utnyttjas-i-ny-natfiskekampanj.html

Ryskt cyberspionage mot ambassader: “Ganska sofistikerad attack” (1 aug) https://www.dn.se/sverige/ryskt-cyberspionage-mot-ambassader-ganska-sofistikerad-attack/

..

Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign (1 aug) https://www.infosecurity-magazine.com/news/secret-blizzard-moscow-embassies/

New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft (2 aug) https://thehackernews.com/2025/08/new-plague-pam-backdoor-exposes.html

Avanza varnar för falska annonser (5 aug) https://sakerhetskollen.se/aktuella-brott/avanza-varnar-for-falska-annonser

Cisco Says User Data Stolen in CRM Hack (5 aug) https://www.securityweek.com/cisco-says-user-data-stolen-in-crm-hack/

PBS confirms data breach after employee info leaked on Discord servers (5 aug) https://www.bleepingcomputer.com/news/security/pbs-confirms-data-breach-after-employee-info-leaked-on-discord-servers/

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems (6 aug) https://thehackernews.com/2025/08/trend-micro-confirms-active.html

Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign (6 aug) https://hackread.com/chinese-stole-115-million-us-cards-smishing-campaign/

Clinical Data Stolen in Cyber-Attack on Kidney Dialysis Provider DaVita (6 aug) https://www.infosecurity-magazine.com/news/clinical-data-stolen-kidney/

Google’s Salesforce Instances Hacked in Ongoing Attack – Hackers Exfiltrate User Data (6 aug) https://cybersecuritynews.com/google-hacked/

KLM Confirms Customer Data Breach Linked to Third-Party System (6 aug) https://hackread.com/klm-customer-data-breach-linked-third-party-system/

Chanel and Pandora Breached as Salesforce Campaign Continues (6 aug) https://www.infosecurity-magazine.com/news/chanel-pandora-breach-salesforce

Air France and KLM disclose data breaches impacting customers (7 aug) https://www.bleepingcomputer.com/news/security/air-france-and-klm-disclose-data-breaches-impacting-customers/

Rapporter och analyser

Enisa: Telecom Security Incidents 2024 (15 jul) https://www.enisa.europa.eu/publications/telecom-security-incidents-2024

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats (31 jul) https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/

..

Secret Blizzard Group’s ApolloShadow Malware Install Root Certificates on Devices to Trust Malicious Sites (1 aug) https://cybersecuritynews.com/secret-blizzard-groups-apolloshadow-malware-install-root-certificates/

Social engineering attacks surged this past year, Palo Alto Networks report finds (1 aug) https://cyberscoop.com/social-engineering-top-attack-vector-unit-42/

Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds (1 aug) https://www.infosecurity-magazine.com/news/hackers-exploit-vulnerabilities/

Staggering 800% Rise in Infostealer Credential Theft (1 aug) https://www.infosecurity-magazine.com/news/staggering-800-rise-infostealer/

Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections (1 aug) https://thehackernews.com/2025/08/storm-2603-exploits-sharepoint-flaws-to.html

Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS (2 aug) https://cybersecuritynews.com/qilin-ransomware-surging/

LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One (2 aug) https://cybersecuritynews.com/lockbit-operators-using-stealthy-dll-sideloading-technique/

CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target (4 aug) https://www.crowdstrike.com/en-us/blog/crowdstrike-2025-threat-hunting-report-ai-weapon-target/

Ghost in the Zip Reveals Expanding Ecosystem Behind PXA Stealer (4 aug) https://www.infosecurity-magazine.com/news/ghost-zip-behind-pxa-stealer/

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections (5 aug) https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender (6 aug) https://www.bleepingcomputer.com/news/security/akira-ransomware-abuses-cpu-tuning-tool-to-disable-microsoft-defender/

Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration (6 aug) https://cyberscoop.com/sonicwall-firewalls-attack-spree-zero-day/

Top US energy companies frequently exposed to critical security flaws (6 aug) https://www.cybersecuritydive.com/news/top-us-energy-companies-frequently-exposed-to-critical-security-flaws/756950/

Cyber Attacks Against AI Infrastructure Are in The Rise With Key Vulnerabilities Uncovered (6 aug) https://cybersecuritynews.com/cyber-attacks-against-ai-infrastructure/

Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds (7 aug) https://cybersecuritynews.com/hacked-in-300-seconds/

Informationssäkerhet och blandat

Säkerhetsexperten varnar: AI kan läcka känslig patientinformation (16 jul) https://www.sverigesradio.se/artikel/sakerhetsexperten-varnar-ai-kan-lacka-kanslig-patientinformation

UK plans to ban public sector bodies from paying ransom to cyber criminals (22 jul) https://www.reuters.com/world/uk/uk-plans-ban-public-sector-bodies-paying-ransom-cyber-criminals-2025-07-22/

Scammers Unleash Flood of Slick Online Gaming Sites (30 jul) https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/

Gen Z Falls for Scams 2x More Than Older Generations (31 jul) https://www.darkreading.com/cyber-risk/gen-z-scams-2x-more-older-generations

Pwn2Own hacking contest pays $1 million for WhatsApp exploit (1 aug) https://www.bleepingcomputer.com/news/security/pwn2own-hacking-contest-pays-1-million-for-whatsapp-exploit/

Microsoft höjer ersättningen för buggjägare (4 aug) https://computersweden.se/article/4033463/microsoft-hojer-ersattningen-for-buggjagare.html

Threat Actors Leveraging GenAI for Phishing Attacks Impersonating Government Websites (6 aug) https://cybersecuritynews.com/threat-actors-leveraging-genai-for-phishing-attacks/

NCSC Updates Cyber Assessment Framework to Build UK CNI Resilience (6 aug) https://www.infosecurity-magazine.com/news/ncsc-updates-cyber-assessment/

The Role of Security Policies in Shaping Organisational Culture and Risk Awareness (6 aug) https://hackread.com/security-policies-role-organisational-culture-risk-awareness/

British intelligence warns cyber threat to critical infrastructure is increasing (6 aug) https://therecord.media/british-intel-cyber-threat-infrastructure

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT (7 aug) https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/

CERT-SE senaste veckorna

Kritisk sårbarhet i Windows SPNEGO Extended Negotiation (uppdaterad 14 jul) https://www.cert.se/2025/07/kritisk-sarbarhet-i-windows-spnego-extended-negotiation.html

Kritiska sårbarheter i VMware-produkter (17 jul) https://www.cert.se/2025/07/kritiska-sarbarheter-i-vmware.html

Oracles kvartalsvisa säkerhetsuppdatering för juli 2025 (17 jul) https://www.cert.se/2025/07/oracles-kvartalsvisa-sakerhetsuppdatering-for-juli-2025.html

Kritisk sårbarhet i Fortinet FortiWeb (uppdaterad 21 jul) https://www.cert.se/2025/07/sarbarhet-i-fortinet-fortiweb.html

Kritisk sårbarhet i CrushFTP (21 jul) https://www.cert.se/2025/07/kritisk-sarbarhet-i-crushftp.html

Kritisk sårbarhet i SonicWall SMA100 (24 jul) https://www.cert.se/2025/07/kritisk-sarbarhet-i-sonicwall-sma100.html

BM25-001 Kritisk sårbarhet i Microsoft SharePoint Server On-premises utnyttjas aktivt (uppdaterad 29 jul) https://www.cert.se/2025/07/bm25-001-kritisk-sarbarhet-i-microsofts-sharepoint-server-on-premises-utnyttjas-aktivt.html

Kritisk sårbarhet i Dell PowerProtect (5 aug) https://www.cert.se/2025/08/kritisk-sarbarhet-i-dell-power-protect.html

Kritisk sårbarhet i Adobe Experience Manager (6 aug) https://www.cert.se/2025/08/kritisk-sarbarhet-i-adobe-experience-manager.html

Misstänkt aktivitet riktad mot SonicWall-brandväggar (uppdaterad 7 aug) https://www.cert.se/2025/08/misstankt-aktivitet-riktad-mot-sonicwall-brandvaggar.html

Sårbarhet i Microsoft Exchange Server (8 aug) https://www.cert.se/2025/08/sarbarhet-i-microsoft-exchange-server.html