CERT-SE startsida
Sök inom CERT-SE
Publicerad: 2025-08-15 14:25

CERT-SE:s veckobrev v.33

Veckobrev

Veckans läsning innehåller bland annat lärdomar från den kritiska sårbarheten CVE-2025-53770 i Microsoft Sharepoint, artiklar om fortsatta utmaningar med utnyttjande av sårbarheter i Citrix NetScaler och genomgång av månadens patchtisdag.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

U.S. Judiciary confirms breach of court electronic records service (8 aug) https://www.bleepingcomputer.com/news/security/us-judiciary-confirms-breach-of-court-electronic-records-service/

Columbia University says hacker stole SSNs and other data of nearly 900,000 (8 aug) https://therecord.media/columbia-university-data-breach-cyberattack-notifications

WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware (9 aug) https://hackread.com/winrar-zero-day-cve-2025-8088-spread-romcom-malware/

..

CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild (13 aug) https://cybersecuritynews.com/cisa-added-winrar-zero-day-vulnerability/

Bouygues Telecom Hit by Cyberattack, 6.4 Million Customers Affected (10 aug) https://hackread.com/bouygues-telecom-cyberattack-6-4m-customers-affected/

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls (11 aug) https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html

Manpower discloses data breach affecting nearly 145,000 people (12 aug) https://www.bleepingcomputer.com/news/security/manpower-staffing-agency-discloses-data-breach-after-attack-claimed-by-ransomhub/

Hackers leak Allianz Life data stolen in Salesforce attacks (12 aug) https://www.bleepingcomputer.com/news/security/hackers-leak-allianz-life-data-stolen-in-salesforce-attacks/

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications (12 aug) https://thehackernews.com/2025/08/new-tetra-radio-encryption-flaws-expose.html

Hackers Raid Dutch Lab, Stealing Data on 500,000 Patients (12 aug) https://www.infosecurity-magazine.com/news/hackers-raid-dutch-lab-steal-data/

Financial Services Could Be Next in Line for ShinyHunters (12 aug) https://www.infosecurity-magazine.com/news/financial-services-next-line/

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug (12 aug) https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/

..

Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors (12 aug) https://thehackernews.com/2025/08/dutch-ncsc-confirms-active-exploitation.html

..

Hackare utnyttjar allvarlig sårbarhet i Citrix Netscaler (13 aug) https://computersweden.se/article/4038938/hackare-utnyttjar-allvarlig-sarbarhet-i-citrix-netscaler.html

New ‘Curly’ threat actor found targeting sensitive organizations in Georgia, Moldova (13 aug) https://therecord.media/curly-threat-actor-targeting-moldova

Norway spy chief blames Russian hackers for dam sabotage in April (13 aug) https://www.reuters.com/technology/norway-spy-chief-blames-russian-hackers-dam-sabotage-april-2025-08-13/

..

Norska polisen: Pro-ryska hackare bakom dammsabotage (14 aug) https://computersweden.se/article/4039694/norska-polisen-pro-ryska-hackare-bakom-dammsabotage.html

Canada’s House of Commons investigating data breach after cyberattack (14 aug) https://www.bleepingcomputer.com/news/security/canadas-house-of-commons-investigating-data-breach-after-cyberattack/

Rapporter och analyser

Can You Detect What You Can’t Predict? Lessons from SharePoint Vulnerability CVE-2025-53770 (4 aug) https://ctid.mitre.org/blog/2025/08/04/lessons-from-sharepoint-vulnerability-cve-2025-53770

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems (9 aug) https://thehackernews.com/2025/08/researchers-uncover-gpt-5-jailbreak-and.html

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation (10 aug) https://thehackernews.com/2025/08/researchers-detail-windows-epm.html

APT Sidewinder Spoofs Government and Military Institutions to Steal Login Credentials (11 aug) https://cybersecuritynews.com/apt-sidewinder-spoofs-government-and-military-institutions/

What is ClickFix Attack – How Hackers are Using it to Attack User Device With Malware (11 aug) https://cybersecuritynews.com/clickfix-attack/

Research shows AI agents are highly vulnerable to hijacking attacks (11 aug) https://www.cybersecuritydive.com/news/research-shows-ai-agents-are-highly-vulnerable-to-hijacking-attacks/757319/

Silent Watcher Attacking Windows Systems and Exfiltrate Data Using Discord Webhook (11 aug) https://cybersecuritynews.com/silent-watcher-attacking-windows-systems/

A Coordinated Brute Force Campaign Targets Fortinet SSL VPN (12 aug) https://www.greynoise.io/blog/vulnerability-fortinet-vpn-bruteforce-spike

UAC‑0099 Tactics, Techniques, Procedures and Attack Methods Unveiled (12 aug) https://cybersecuritynews.com/uac%e2%80%910099-tactics-techniques-unveiled/

Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk (12 aug) https://hackread.com/29k-microsoft-exchange-servers-unpatched-networks-risk/

PoisonSeed Phishing Kit Bypasses MFA to Acquire Credentials from Individuals and Organizations (12 aug) https://cybersecuritynews.com/poisonseed-phishing-kit-bypasses-mfa/

Cybercriminals Exploit Low-Cost Initial Access Broker Market (12 aug) https://www.infosecurity-magazine.com/news/cybercriminals-low-cost-initial/

MITRE: Russian APT28’s LameHug, a Pilot for Future AI Cyber-Attacks (12 aug) https://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/

North Korean Kimsuky Hackers Data Breach – Insiders Published the Data Online (12 aug) https://cybersecuritynews.com/kimsuky-hackers-data-breach/

Hackers Using ClickFix Technique to Attack Windows Machine and Execute Powershell Commands (12 aug) https://cybersecuritynews.com/hackers-using-clickfix-technique-to-attack-windows-machine/

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics (13 aug) https://thehackernews.com/2025/08/charon-ransomware-hits-middle-east.html

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks (13 aug) https://thehackernews.com/2025/08/new-ps1bot-malware-campaign-uses.html

Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability (13 aug) https://cybersecuritynews.com/hackers-could-gain-full-control-rooted-android-devices/

Web DDoS, App Exploitation Attacks Saw a Huge Surge in First Half of 2025 (14 aug) https://cybersecuritynews.com/web-ddos-app-exploitation-attacks/

Crypto24 ransomware hits large orgs with custom EDR evasion tool (14 aug) https://www.bleepingcomputer.com/news/security/crypto24-ransomware-hits-large-orgs-with-custom-edr-evasion-tool/

Informationssäkerhet och blandat

CISA pledges to continue backing CVE Program after April funding fiasco (8 aug) https://therecord.media/cisa-pledges-support-cve-program-black-hat

#DEFCON: AI Cyber Challenge Winners Revealed in DARPA’s $4M Cybersecurity Showdown (9 aug) https://www.infosecurity-magazine.com/news/defcon-ai-cyber-challenge-winners/

Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking (9 aug) https://www.securityweek.com/free-wi-fi-leaves-buses-vulnerable-to-remote-hacking/

DEF CON hackers plug security holes in US water systems amid tsunami of threats (10 aug) https://www.theregister.com/2025/08/10/def_con_hackers_water_security/

Carmaker Portal Flaw Could Let Hackers Unlock Cars, Steal Data (11 aug) https://hackread.com/carmaker-portal-flaw-hackers-unlock-cars-steal-data/

Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds (11 aug) https://cyberscoop.com/cloud-security-l1tf-reloaded-public-cloud-vulnerability-exploit/

Viljan att betala vid ransomware minskar (11 aug) https://www.securityworldmarket.com/se/Nyheter/Foretagsnyheter/viljan-att-betala-vid-ransomware-minskar

GPT-5 Safeguards Bypassed Using Storytelling-Driven Jailbreak (12 aug) https://www.infosecurity-magazine.com/news/chatgpt5-bypassed-using-story/

US agencies, international allies issue guidance on OT asset inventorying (13 aug) https://www.cybersecuritydive.com/news/ot-asset-inventory-guidance-cisa-international/757569/

De nominerade till Årets Säkerhetsprofil 2025 (14 aug) https://www.foretagsuniversitetet.se/Toppnavigering/Bloggar-nyheter/Saekerhet/De-nominerade-till-AArets-Saekerhetsprofil-2025

CERT-SE i veckan

Patchtisdag augusti 2025 – samlad information om månadens säkerhetsuppdateringar (13 aug) https://www.cert.se/2025/08/patchtisdag-augusti-2025-samlad-information-om-manadens-sakerhetsuppdateringar.html

Sårbarheter i produkter från Fortinet (13 aug) https://www.cert.se/2025/08/sarbarheter-i-produkter-fran-fortinet.html

Sårbarhet i Microsoft Exchange Server (uppdaterad 13 aug) https://www.cert.se/2025/08/sarbarhet-i-microsoft-exchange-server.html

Kritisk sårbarhet i Cisco Secure Firewall Management Center (15 aug) https://www.cert.se/2025/08/kritisk-sarbarhet-i-cisco-secure-firewall-management-center.html