CERT-SE:s veckobrev v.37

Veckans läsning innehåller en hel del rapporter och analyser, men även nyheter som att Regeringen har gett MSB och PTS uppdraget att förbereda inför verkställandet av EU:s NIS 2-direktiv och i förlängningen den svenska cybersäkerhetslagen.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Bridgestone Confirms Cyberattack Disrupting North American Plants (6 sep) https://hackread.com/bridgestone-cyberattack-disrupt-north-american-plants/

Cyberattack on Jaguar Land Rover threatens to hit British economic growth (8 sep) https://therecord.media/cyberattack-jaguar-land-rover-economic-growth-uk-government ..
Jaguar Land Rover tvingas hålla fabriker stängda efter cyberattack (9 sep) https://computersweden.se/article/4053827/jaguar-land-rover-tvingas-halla-fabriker-stangda-efter-cyberattack.html

Plex tells users to reset passwords after new data breach (8 sep) https://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/

Tenable Confirms Data Breach – Hackers Accessed Customers’ Contact Details (8 sep) https://cybersecuritynews.com/tenable-confirms-data-breach/

Surge in networks scans targeting Cisco ASA devices raise concerns (8 sep) https://www.bleepingcomputer.com/news/security/surge-in-networks-scans-targeting-cisco-asa-devices-raise-concerns/

Drift massive attack traced back to loose Salesloft GitHub account (8 sep) https://www.theregister.com/2025/09/08/drift_breach_entry_salesloft_github/

Jätteläckage av uppgifter efter cyberattack (9 sep) https://www.svt.se/nyheter/inrikes/jattelackage-av-uppgifter-efter-cyberattack

Open Source Community Thwarts Massive npm Supply Chain Attack (9 sep) https://www.infosecurity-magazine.com/news/npm-supply-chain-attack-averted/

DDoS defender targeted in 1.5 Bpps denial-of-service attack (10 sep) https://www.bleepingcomputer.com/news/security/ddos-defender-targeted-in-15-bpps-denial-of-service-attack/

Dormant macOS Backdoor ChillyHell Resurfaces (10 sep) https://www.darkreading.com/endpoint-security/dormant-macos-backdoor-chillyhell-resurfaces

China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats (10 sep) https://cyberscoop.com/chinas-typhoons-changing-the-way-fbi-hunts-sophisticated-threats/

Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers (10 sep) https://cyberscoop.com/apple-memory-integrity-enforcement-iphone-ios-anti-spyware/

Cisco Patches High-Severity IOS XR Vulnerabilities (11 sep) https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities/amp/

France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks (11 sep) https://www.infosecurity-magazine.com/news/france-regional-healthcare/

Rapporter och analyser

VirusTotal finds hidden malware phishing campaign in SVG files (6 sep) https://www.bleepingcomputer.com/news/security/virustotal-finds-hidden-malware-phishing-campaign-in-svg-files/

“GPUGate” Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload (6 sep) https://cybersecuritynews.com/gpugate-abuses-google-ads/

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack (6 sep) https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/

Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data (8 sep) https://www.silentpush.com/blog/salt-typhoon-2025/

Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution (8 sep) https://cybersecuritynews.com/researchers-bypassed-web-application-firewall/

Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response (8 sep) https://blog.talosintelligence.com/stopping-ransomware-before-it-starts/

Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure (8 sep) https://cybersecuritynews.com/exposed-kim-dump-exposes-kimsuky-hackers/

You Didn’t Get Phished — You Onboarded the Attacker (8 sep) https://thehackernews.com/2025/09/you-didnt-get-phished-you-onboarded.html

Data security gaps stymy enterprise AI plans (8 sep) https://www.cybersecuritydive.com/news/data-complexity-cybersecurity-generative-ai-adoption-opentext/759503/

SpamGPT – AI-powered Attack Tool Used By Hackers For Massive Phishing Attack (9 sep) https://cybersecuritynews.com/spamgpt-phishing-tool/

MostereRAT Attacking Windows Systems With AnyDesk/TightVNC to Enable Remote Access (9 sep) https://cybersecuritynews.com/mostererat-attacking-windows-systems/

Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed (9 sep) https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html

Att införa zero trust har visat sig vara väldigt svårt (9 sep) https://computersweden.se/article/4052733/88-av-cisoerna-kampar-med-att-implementera-zero-trust.html

Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises (10 sep) https://thehackernews.com/2025/09/watch-out-for-salty2fa-new-phishing-kit.html

AsyncRAT Uses Fileless Loader to Bypass Detections and Gain Remote Access (10 sep) https://cybersecuritynews.com/asyncrat-uses-fileless-loader/

EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company (10 sep) https://www.bitdefender.com/en-gb/blog/businessinsights/eggstreme-fileless-malware-cyberattack-apac

New Buterat Backdoor Malware Found in Enterprise and Government Networks (10 sep) https://hackread.com/buterat-backdoor-malware-enterprise-govt-networks/

Ransomware Payments Plummet in Education Amid Enhanced Resiliency (10 sep) https://www.infosecurity-magazine.com/news/ransomware-payments-plummet/

Informationssäkerhet och blandat

The crazy, true story behind the first AI-powered ransomware (5 sep) https://go.theregister.com/feed/www.theregister.com/2025/09/05/real_story_ai_ransomware_promptlock/

Europas nya superdator Jupiter invigd – har nått exaskalanivå (8 sep) https://computersweden.se/article/4052897/europas-nya-superdator-jupiter-invigd-har-natt-exaskalaniva.html

National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries (9 sep) https://cyberscoop.com/us-cybersecurity-strategy-sean-cairncross-shift-risk-china-trump-biden-cisa/

Storsatsning på cybersäkerhet i regeringens budget (9 sep) https://computersweden.se/article/4053785/storsatsning-pa-cybersakerhet-i-regeringens-budget.html

Fortinet och Women4Cyber samarbetar för att minska kompetensbrist i cybersäkerhetsbranschen (10 sep) https://www.aktuellsakerhet.se/fortinet-och-women4cyber-samarbetar-for-att-minska-kompetensbrist-i-cybersakerhetsbranschen/

Laddstolpar sårbara – hackare kan slå ut elen (10 sep) https://www.dn.se/sverige/laddstolpar-sarbara-hackare-kan-sla-ut-elen/

MSB och PTS får uppdrag att förbereda ny cybersäkerhetslag (10 sep) https://www.aktuellsakerhet.se/msb-och-pts-far-uppdrag-att-forbereda-ny-cybersakerhetslag/

CERT-SE i veckan

Hantera utpressningsangrepp (ransomware) och nätfiske (phishing) (9 sep) https://www.cert.se/2025/09/hantera-utpressningsangrepp-och-natfiske.html

Patchtisdag september 2025 – samlad information om månadens säkerhetsuppdateringar (10 sep) https://www.cert.se/2025/09/patchtisdag-september-2025-samlad-information-om-manadens-sakerhetsuppdateringar.html

Allvarlig sårbarhet i Plex Media Server (11 sep) https://www.cert.se/2025/09/allvarlig-sarbarhet-i-plex-media-server.html