CERT-SE:s veckobrev v.43

Kommande vecka planerar vi att genomföra förändringar i det veckobrev som skickas ut via e-post. Vi justerar då avsändaradressen för veckobrevet till veckobrev@list.cert.se, och samtidigt avsändaradresssen gällande våra blixtmeddelanden till blixtmeddelande@list.cert.se. Om du skulle uppleva något problem med utskicken från oss, hör gärna av dig till cert@cert.se.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Over 266,000 F5 BIG-IP instances exposed to remote attacks (17 okt) https://www.bleepingcomputer.com/news/security/over-266-000-f5-big-ip-instances-exposed-to-remote-attacks/

Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates (17 okt) https://www.darkreading.com/threat-intelligence/microsoft-disrupts-ransomware-abusing-azure-certificates

Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft (19 okt) https://cybersecuritynews.com/volkswagen-ransomware-attack/

AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more (20 okt) https://www.bleepingcomputer.com/news/technology/aws-outage-crashes-amazon-prime-video-fortnite-perplexity-and-more/

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws (20 okt) https://www.csoonline.com/article/4074962/foreign-hackers-breached-a-us-nuclear-weapons-plant-via-sharepoint-flaws.html

Hackers are now a serious risk to patients’ lives as NHS records the first death due to a cyber crime (21 okt) https://www.dailymail.co.uk/health/article-15212337/Hackers-risk-patients-lives-NHS-records-death-cyber-crime.html

71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks (21 okt) https://cybersecuritynews.com/watchguard-devices-rce-attack/

Hackers exploit 34 zero-days on first day of Pwn2Own Ireland (21 okt) https://www.bleepingcomputer.com/news/security/hackers-exploit-34-zero-days-on-first-day-of-pwn2own-ireland/

Länsförsäkringar varnar för falska sms (22 okt) https://sakerhetskollen.se/aktuella-brott/lansforsakringar-varnar-for-falska-sms_2

Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable (22 okt) https://cybersecuritynews.com/xubuntu-website-compromised/

Man häktad efter hackerattack mot larmföretag (23 okt) https://www.sverigesradio.se/artikel/man-haktad-efter-hackerattack-mot-larmforetag

Lazarus Group’s Operation DreamJob Targets European Defense Firms (23 okt) https://www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/

Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories (24 okt) https://cybersecuritynews.com/threat-actors-attacking-azure-blob-storage/

Rapporter och analyser

Microsoft Dominates Phishing Impersonations in Q3 2025 (16 okt) https://blog.checkpoint.com/research/microsoft-dominates-phishing-impersonations-in-q3-2025/

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace (18 okt) https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace

Russian hackers evolve malware pushed in “I am not a robot” captchas (21 okt) https://www.bleepingcomputer.com/news/security/russian-hackers-evolve-malware-pushed-in-i-am-not-a-robot-clickfix-attacks/

How malware vaccines could stop ransomware’s rampage (21 okt) https://www.theregister.com/2025/10/21/malware_vaccines/

Ransomware Payouts Surge to $3.6m Amid Evolving Tactics (21 okt) https://www.infosecurity-magazine.com/news/ransomware-payouts-surge-dollar36m/

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files (22 okt) https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html

Attackers turn trusted OAuth apps into cloud backdoors (22 okt) https://www.helpnetsecurity.com/2025/10/22/attackers-turn-trusted-oauth-apps-into-cloud-backdoors/

Växande rädsla för AI-drivna ransomware-attacker – på goda grunder (24 okt) https://computersweden.se/article/4077754/ai-aktiverade-ransomware-attacker-cisos-storsta-sakerhetsproblem-med-goda-skal.html

Informationssäkerhet och blandat

Cybercrime-as-a-service takedown: 7 arrested (17 okt) https://www.europol.europa.eu/media-press/newsroom/news/cybercrime-service-takedown-7-arrested

Behind the struggle for control of the CVE program (20 okt) https://cyberscoop.com/cve-program-funding-crisis-nvd-cisa-alternatives/

Nätfiske-utbildningar fungerar inte. Så vad gör man? (20 okt) https://computersweden.se/article/4074436/natfiske-utbildningar-fungerar-inte-sa-vad-gor-man.html

Italy locks down its digital, 5G security (21 okt) https://decode39.com/12124/italy-locks-down-its-digital-security/

Notan för cyberattacken mot Jaguar Land Rover: 24 miljarder kronor (22 okt) https://computersweden.se/article/4077107/notan-for-cyberattacken-mot-jaguar-land-rover-24-miljarder-kronor.html

FOI lanserar övningskoncept för att stärka civilsamhällets cyberförmåga (22 okt) https://www.aktuellsakerhet.se/foi-lanserar-ovningskoncept-for-att-starka-civilsamhallets-cyberformaga/

Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk (23 okt) https://hackread.com/shadow-escape-0-click-attack-ai-assistants-risk/

Clippy rises from the dead in major update to Copilot and its voice interface (24 okt) https://www.theregister.com/2025/10/24/microsoft_clippy_copilot_update/

CERT-SE i veckan

Oracles kvartalsvisa säkerhetsuppdatering för oktober 2025 (22 okt) https://www.cert.se/2025/10/oracles-kvartalsvisa-sakerhetsuppdatering-for-oktober-2025.html

Kritisk sårbarhet i WatchGuard Fireware OS (Uppdaterad 22 okt) https://www.cert.se/2025/10/kritisk-sarbarhet-i-watchguard-fireware-os.html

Kritisk sårbarhet i WatchGuard Fireware OS (24 okt) https://www.cert.se/2025/10/kritisk-sarbarhet-i-watchguard-fireware-os.html