CERT-SE:s veckobrev v.35

Vi har samlat länkar till blandade nyheter och händelser efter en händelserik vecka på cybersäkerhetsområdet.

Den här veckan vill vi även tipsa om vår kostnadsfria tjänst ANTS - Automatiska notifieringar av tekniska sårbarheter. ANTS är ett av CERT-SE:s verktyg för att öka motståndskraften mot cyberangrepp som riktas mot det svenska samhället och svenska verksamheter. Mer information finns på https://www.cert.se/rad-och-stod/ants/.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Interpol-led crackdown disrupts cybercrime networks in Africa that caused $485 million in losses (22 aug) https://cyberscoop.com/interpol-operation-serengeti-2-africa/

Farmers Insurance data breach impacts 1.1M people after Salesforce attack (25 aug) https://www.bleepingcomputer.com/news/security/farmers-insurance-data-breach-impacts-11m-people-after-salesforce-attack/

Surge in coordinated scans targets Microsoft RDP auth servers (25 aug) https://www.bleepingcomputer.com/news/security/surge-in-coordinated-scans-targets-microsoft-rdp-auth-servers/ ..

Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services From 30,000+ IPs (26 aug) https://cybersecuritynews.com/microsoft-remote-desktop-protocol-services/

Nevada state offices close after wide-ranging ‘network security incident’ (26 aug) https://www.reuters.com/world/us/nevada-state-offices-close-after-wide-ranging-network-security-incident-2025-08-26/

Nissan confirms design studio data breach claimed by Qilin ransomware (26 aug) https://www.bleepingcomputer.com/news/security/nissan-confirms-design-studio-data-breach-claimed-by-qilin-ransomware/

Cyberattack slår mot svenska kommuner – känsliga uppgifter kan ha läckt ut (26 aug) https://computersweden.se/article/4045917/cyberattack-slar-mot-svenska-kommuner-kansliga-uppgifter-kan-ha-lackt-ut.html

Mustang Panda hackers hijack network captive portals in diplomat attacks (26 aug) https://www.bleepingcomputer.com/news/security/mustang-panda-hackers-hijack-network-captive-portals-in-diplomat-attacks/

ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots (27 aug) https://thehackernews.com/2025/08/shadowsilk-hits-36-government-targets.html

CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors (27 aug) https://www.cisa.gov/news-events/alerts/2025/08/27/cisa-and-partners-release-joint-advisory-countering-chinese-state-sponsored-actors-compromise

Healthcare Services Group data breach impacts 624,000 people (27 aug) https://www.bleepingcomputer.com/news/security/healthcare-services-group-data-breach-impacts-624-000-people/

New Data Theft Campaign Targets Salesforce via Salesloft App (27 aug) https://www.infosecurity-magazine.com/news/data-theft-campaign-salesforce/

Global DDoS attacks exceed 8M amid geopolitical tensions (27 aug) https://www.telecomstechnews.com/news/global-ddos-attacks-exceed-8m-amid-geopolitical-tensions/

Dutch intelligence agencies report country was targeted by Chinese cyber spies (28 aug) https://therecord.media/dutch-intelligence-cyber-spies-salt

Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure (28 aug) https://www.infosecurity-magazine.com/news/ransomware-deletes-data-backups/

Rapporter och analyser

Murky Panda hackers exploit cloud trust to hack downstream customers (22 aug) https://www.bleepingcomputer.com/news/security/murky-panda-hackers-exploit-cloud-trust-to-hack-downstream-customers/

New HTTP Smuggling Attack Technique Let Hackers Inject Malicious Requests (22 aug) https://cybersecuritynews.com/http-smuggling-attack/

Fake CAPTCHA tests trick users into running malware - in depth ClickFix report (22 aug) https://go.theregister.com/feed/www.theregister.com/2025/08/22/clickfix_report/

Hackers Using PUP Advertisements to Silently Drop Windows Malware (25 aug) https://cybersecuritynews.com/hackers-using-pup-advertisements/

Cybercriminals Exploit Cheap VPS to Launch SaaS Hijacking Attacks (25 aug) https://hackread.com/cybercriminals-exploit-cheap-vps-saas-hijack-attacks/

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations (25 aug) https://thehackernews.com/2025/08/why-siem-rules-fail-and-how-to-fix-them.html

KorPlug Malware Unmasked – TTPs, Control Flow, IOCs Exposed (25 aug) https://cybersecuritynews.com/korplug-malware-unmasked/

New AI attack hides data-theft prompts in downscaled images (25 aug) https://www.bleepingcomputer.com/news/security/new-ai-attack-hides-data-theft-prompts-in-downscaled-images/

Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware (25 aug) https://cybersecuritynews.com/weaponized-ai-generated-summaries/

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats (26 aug) https://thehackernews.com/2025/08/unc6384-deploys-plugx-via-captive.html

WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study (26 aug) https://cybersecuritynews.com/winrar-0-day-vulnerabilities/

New ZipLine Campaign Attacks Critical Manufacturing Companies to Deploy In-memory Malware MixShell (27 aug) https://cybersecuritynews.com/new-zipline-campaign-attacks-critical-manufacturing-companies/

Storm-0501’s evolving techniques lead to cloud-based ransomware (27 aug) https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/

TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures (28 aug) https://cybersecuritynews.com/tag-144-actors-attacking-government-entities/

Chasing the Silver Fox: Cat & Mouse in Kernel Shadows (28 aug) https://research.checkpoint.com/2025/silver-fox-apt-vulnerable-drivers/

H1 2025 Malware and Vulnerability Trends (28 aug) https://www.recordedfuture.com/research/h1-2025-malware-and-vulnerability-trends

Informationssäkerhet och blandat

Happy Birthday Linux! Powering Numerous Devices Across the Globe for 34 Years (26 aug) https://cybersecuritynews.com/happy-34th-birthday-linux/

Ta hem AI-arbetet från molnet? En rejäl uppgradering av datacentret väntar (26 aug) https://computersweden.se/article/4045145/flyttar-du-ai-arbetsbelastningar-fran-molnet-en-rejal-uppgradering-av-datacentret-vantar.html

ENISA to Coordinate €36m EU-Wide Incident Response Scheme (27 aug) https://www.infosecurity-magazine.com/news/enisa-coordinate-36m-euwide/

China-based Threat Actor Mustang Panda’s Tactics, Techniques, and Procedures Unveiled (27 aug) https://cybersecuritynews.com/china-based-threat-actor-mustang-pandas-tactics/

Google Big Sleep AI Tool Finds Critical Chrome Vulnerability (28 aug) https://hackread.com/google-big-sleep-ai-tool-critical-chrome-vulnerability/

CERT-SE i veckan

Sårbarheter i Citrix NetScaler (Uppdaterad 27 aug) https://www.cert.se/2025/08/sarbarheter-i-citrix-netscaler.html

Kritiska sårbarheter i Arcserve UDP (28 aug) https://www.cert.se/2025/08/kritiska-sarbarheter-i-arvserve-UDP.html

Rapporter om pågående kampanj med skadlig kod i PDF-verktyg (Uppdaterad 29 aug) https://www.cert.se/2025/08/rapporter-om-pagaende-kampanj-med-skadlig-kod-i-pdf-verktyg.html