CERT-SE:s veckobrev v.34

Blandade nyheter från veckan. Trevlig helg önskar CERT-SE!

Nyheter i veckan

New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data (15 aug) https://cybersecuritynews.com/new-firewood-malware-attacking-linux-systems/

U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator (17 aug) https://www.bleepingcomputer.com/news/security/us-seizes-28-million-in-crypto-from-zeppelin-ransomware-operator/

Workday Data Breach Bears Signs of Widespread Salesforce Hack (18 aug) https://www.securityweek.com/workday-data-breach-bears-signs-of-widespread-salesforce-hack/ ..

Hackare har stulit personuppgifter från HR-jätten Workday (19 aug) https://computersweden.se/article/4042109/hackare-har-stulit-personuppgifter-fran-hr-jatten-workday.html

Casino gaming company Bragg says hackers accessed ‘internal computer environment’ (18 aug) https://therecord.media/casino-gaming-company-cyber-incident-bragg

Popular npm Package Compromised in Phishing Attack (18 aug) https://www.infosecurity-magazine.com/news/popular-npm-package-compromised-in/

XenoRAT malware campaign hits multiple embassies in South Korea (18 aug) https://www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/ ..

North Korea-linked hackers target embassies in Seoul in new espionage campaign (19 aug) https://therecord.media/north-korean-hackers-target-foreign-embassies ..

North Korean Kimsuky Hackers Leveraged GitHub to Attack Foreign Embassies with XenoRAT Malware (19 aug) https://cybersecuritynews.com/north-korean-kimsuky-hackers-leveraged-github/

Svenska AI-plattformen Lovable utnyttjas för nätfiske (18 aug) https://computersweden.se/article/4043628/svenska-ai-plattformen-lovable-utnyttjas-for-natfiske.html

Colt Customers Face Prolonged Outages After Major Cyber Incident (18 aug) https://www.infosecurity-magazine.com/news/colt-outages-after-major-cyber/

Allianz Life Data Breach Exposes Personal Data of 1.1 Million Customers (19 aug) https://www.infosecurity-magazine.com/news/allianz-life-breach-exposes/

Australian ISP iiNet Reports Data Breach, Customer Accounts Stolen (19 aug) https://hackread.com/australia-isp-iinet-data-breach-customer-accounts-stolen/

Russian Hacktivists Take Aim at Polish Power Plant, Again (19 aug) https://www.darkreading.com/cyberattacks-data-breaches/russian-hacktivists-polish-power-plant-attack

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution (19 aug) https://thehackernews.com/2025/08/public-exploit-for-chained-sap-flaws.html

“Rapper Bot” malware seized, alleged developer identified and charged (20 aug) https://www.bleepingcomputer.com/news/legal/rapper-bot-malware-seized-alleged-developer-identified-and-charged/

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage (20 aug) https://thehackernews.com/2025/08/fbi-warns-russian-fsb-linked-hackers.html ..

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices (20 aug) https://blog.talosintelligence.com/static-tundra/

Intel Employee Data Exposed by Vulnerabilities (20 aug) https://www.securityweek.com/intel-employee-data-exposed-by-vulnerabilities/

Apple fixes new zero-day flaw exploited in targeted attacks (20 aug) https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/

British Telecoms Provider Colt Updates After Major Cyber Attack and Data Breach (20 aug) https://www.ispreview.co.uk/index.php/2025/08/british-telecoms-provider-colt-updates-after-major-cyber-attack-and-data-breach.html

Flaws in Software Used by Hundreds of Cities and Towns Exposed Sensitive Data (20 aug) https://www.securityweek.com/flaws-in-software-used-by-hundreds-of-cities-and-towns-exposed-sensitive-data/

Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (20 aug) https://www.infosecurity-magazine.com/news/warlock-ransomware-sharepoint/

Microsoft VS Code Remote-SSH Extension Hacked to Execute Malicious Code on Developer’s Machine (21 aug) https://cybersecuritynews.com/microsoft-vs-code-remote-ssh-extension-hacked/

Orange Belgium discloses data breach impacting 850,000 customers (21 aug) https://www.bleepingcomputer.com/news/security/orange-belgium-discloses-data-breach-impacting-850-000-customers/

Rapporter och analyser

Qilin Ransomware Leads The Attack Landscape With 70+ Claimed Victims in July (15 aug) https://cybersecuritynews.com/qilin-ransomware-leads-the-attack-landscape/

Threat Actors Using CrossC2 Tool to Expand Cobalt Strike to Operate on Linux and macOS (15 aug) https://cybersecuritynews.com/threat-actors-using-crossc2-tool/

Hackers Mimic IT Teams to Exploit Microsoft Teams Request to Gain System Remote Access (16 aug) https://cybersecuritynews.com/microsoft-teams-request-remote-access/

Ballooning PolarEdge Botnet a Suspected Cyberespionage Op (18 aug) https://www.databreachtoday.com/ballooning-polaredge-botnet-suspected-cyberespionage-op-a-29246

Evolution of the PipeMagic backdoor (18 aug) https://securelist.com/pipemagic/117270/

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework (18 aug) https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/

Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints (18 aug) https://www.morphisec.com/blog/noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints/

What is Use-After-Free Vulnerability? – Impact and Mitigation (18 aug) https://cybersecuritynews.com/use-after-free-vulnerability/

GodRAT – New RAT targeting financial institutions (19 aug) https://securelist.com/godrat/117119/

Technical Details of SAP 0-Day Exploitation Script Used to Achieve RCE Disclosed (19 aug) https://cybersecuritynews.com/technical-details-of-sap-0-day-exploitation-script/

Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in (19 aug) https://go.theregister.com/feed/www.theregister.com/2025/08/19/apache_activemq_patch_malware/

Increased Elasticsearch Recognizance Scans (19 aug) https://isc.sans.edu/diary/rss/32212

Unmasking Task Scams to Prevent Financial Fallout From Fraud (19 aug) https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/unmasking-task-scams-to-prevent-financial-fallout-from-fraud

New Research Uncovers Connection Between VPN Apps and Multiple Security Vulnerabilities (19 aug) https://cybersecuritynews.com/new-research-uncovers-connection-between-vpn-apps/

Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise (19 aug) https://cybersecuritynews.com/hacked-cisco-small-business-routers-raise/

Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer (19 aug) https://cybersecuritynews.com/threat-actors-attacking-employees-to-deliver-noodlophile-stealer/

How Businesses Stop Complex Social Engineering Attacks Early – An SOC Team Guide (20 aug) https://cybersecuritynews.com/how-businesses-stop-complex-social-engineering-attacks-early/

0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others (20 aug) https://cybersecuritynews.com/0-day-clickjacking-vulnerabilities/

Behind the Curtain: How Lumma Affiliates Operate (20 aug) https://www.recordedfuture.com/research/behind-the-curtain-how-lumma-affiliates-operate

Hackers Weaponize QR Codes in New ‘Quishing’ Attacks (20 aug) https://www.infosecurity-magazine.com/news/hackers-qr-codes-new-quishing/

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025 (21 aug) https://thehackernews.com/2025/08/weak-passwords-and-compromised-accounts.html

Informationssäkerhet och blandat

New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework (15 aug) https://hackread.com/nist-concept-paper-ai-specific-cybersecurity-framework/

Cyberattack on Dutch prosecution service is keeping speed cameras offline (15 aug) https://go.theregister.com/feed/www.theregister.com/2025/08/15/cyberattack_on_dutch_prosecution_service/

Cybersecurity ranks among top three risks to manufacturing sector (15 aug) https://www.cybersecuritydive.com/news/cybersecurity-ranks-among-top-three-risks-to-manufacturing-sector/757811/

Russia Is Cracking Down on End-to-End Encrypted Calls (16 aug) https://www.wired.com/story/russia-crack-down-end-to-end-encrypted-calling/

AI-agenter ska revolutionera cybersäkerheten – med vissa förbehåll (19 aug) https://computersweden.se/article/4041223/agentisk-ai-utlovar-en-revolution-inom-cybersakerhet-med-asterisker.html

Commodore Amiga turns 40, headlines UK exhibition (19 aug) https://www.theregister.com/2025/08/19/getting_handson_with_the_commodore/?td=rt-3a

Why Your Security Culture is Critical to Mitigating Cyber Risk (19 aug) https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html

Businesses focus on AI, cloud, despite cyber defense oversights (19 aug) https://www.cybersecuritydive.com/news/proactive-cyber-defense-artificial-intelligence-unisys/757968/

McFlaw: Hacker Breaches McDonald’s Portal With URL Trick (20 aug) https://www.inforisktoday.com/mcflaw-hacker-breaches-mcdonalds-portal-url-trick-a-29261

“PromptFix” Attacks Could Supercharge Agentic AI Threats (21 aug) https://www.infosecurity-magazine.com/news/promptfix-attacks-supercharge/

Microsoft stoppar kinesiska företag från att få tidig information om säkerhetsbrister (21 aug) https://computersweden.se/article/4043546/microsoft-stoppar-kinesiska-foretag-fran-att-fa-tidig-information-om-sakerhetsbrister.html

CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits (21 aug) https://cybersecuritynews.com/cisa-releases-four-ics-advisories/

China cut itself off from the global internet for an hour on Wednesday (21 aug) https://go.theregister.com/feed/www.theregister.com/2025/08/21/china_port_443_block_outage/

SSF varnar för falska butiksutförsäljningar (21 aug) https://sakerhetskollen.se/aktuella-brott/ssf-varnar-for-falska-butiksutforsaljningar

John Billow ny chef på NCSC (21 aug) https://www.ncsc.se/sv/aktuellt/john-billow-ny-chef-pa-ncsc/

CERT-SE i veckan

Rapporter om pågående kampanj med skadlig kod i PDF-verktyg (22 aug) https://www.cert.se/2025/08/rapporter-om-pagaende-kampanj-med-skadlig-kod-i-pdf-verktyg.html