CERT-SE:s veckobrev v.28

Ett urval av nyheter och analyser från den senaste veckan. Nu blir det tre veckors uppehåll i veckobrevspubliceringen, nästa veckobrev kommer den 8 augusti. Övrig publicering fortsätter som vanligt.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Ingram Micro outage caused by SafePay ransomware attack (5 jul) https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack

…

Ingram Micro makes progress on restoring operations following attack (8 jul) https://www.cybersecuritydive.com/news/ingram-micro-progress-operations-attack/752438/

Massive spike in use of .es domains for phishing abuse (5 jul) https://go.theregister.com/feed/www.theregister.com/2025/07/05/spain_domains_phishing/

SatanLock Ransomware Ends Operations, Says Stolen Data Will Be Leaked (7 jul) https://hackread.com/satanlock-ransomware-ends-operations-stolen-data-leak/

Hundreds of Malicious Domains Registered Ahead of Prime Day (7 jul) https://www.infosecurity-magazine.com/news/hundreds-malicious-domains/

Flere kommuner rammet av dataangrep (7 jul) https://www.nrk.no/innlandet/flere-kommuner-rammet-av-dataangrep-1.17484210

Phishing platforms, infostealers blamed as identity attacks soar (7 jul) https://www.theregister.com/2025/07/07/phishing_platforms_infostealers_blamed_for

Nearly 300,000 people were impacted by cyberattack on Nova Scotia Power (7 jul) https://therecord.media/thousands-impacted-cyber-nova-scotia

Iran-Aligned Hacking Group Targets Middle Eastern Governments (7 jul) https://www.infosecurity-magazine.com/news/iran-hacking-group-targets-middle/

Brazilian police arrest IT worker over $100 million cyber theft (7 jul) https://therecord.media/brazil-police-arrest-worker-theft

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms (7 jul) https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html

Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war (7 jul) https://therecord.media/cyberattack-russia-firmware-blow-hackers

Massive browser hijacking campaign infects 2.3M Chrome, Edge users (8 jul) https://go.theregister.com/feed/www.theregister.com/2025/07/08/browser_hijacking_campaign/

Anatsa mobile malware returns to victimize North American bank customers (8 jul) https://therecord.media/anatsa-android-banking-malware-returns-north-america

Suspected contractor for China’s Hafnium group arrested in in Italy (8 jul) https://www.cybersecuritydive.com/news/suspected-contractor-for-chinas-hafnium-group-arrested-in-in-italy/752533/

M&S confirms social engineering led to massive ransomware attack (8 jul) https://www.bleepingcomputer.com/news/security/mands-confirms-social-engineering-led-to-massive-ransomware-attack

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension (8 jul) https://thehackernews.com/2025/07/malicious-pull-request-infects-6000.html

French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe (9 jul) https://therecord.media/french-intelligence-chief-russia-threat

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers (9 jul) https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/

Livvakternas Strava-data avslöjade Kristerssons position – ”Problematiskt” (9 jul) https://www.nyteknik.se/it-sakerhet/livvakternas-strava-data-avslojade-kristerssons-position-problematiskt/4376654

Rapporter och analyser

The dual reality of AI-augmented development: innovation and risk (7 jul) https://cyberscoop.com/ai-security-development-innovation-and-risk-op-ed/

Cyberattacks are changing the game for major sports events (8 jul) https://www.helpnetsecurity.com/2025/07/08/sport-events-cybercrime

Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results (8 jul) https://cybersecuritynews.com/trojan-versions-of-putty-and-winscp/

LLMs Fall Short in Vulnerability Discovery and Exploitation (10 jul) https://www.infosecurity-magazine.com/news/llms-fall-vulnerability-discovery/

Agentic AI’s Risky MCP Backbone Opens Brand-New Attack Vectors (10 jul) https://www.darkreading.com/application-security/agentic-ai-risky-mcp-backbone-attack-vectors

New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking (10 jul) https://cybersecuritynews.com/bluetooth-protocol-stack-vulnerabilities/

Browser Exploits Wane as Users Become the Attack Surface (10 jul) https://www.darkreading.com/vulnerabilities-threats/browser-exploits-wane-users-become-attack-surface

Informationssäkerhet och blandat

EU sticks with timeline for AI rules (4 jul) https://www.reuters.com/world/europe/artificial-intelligence-rules-go-ahead-no-pause-eu-commission-says-2025-07-04

Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies (4 jul) https://therecord.media/estonia-cyber-ambassador-interview

Call of Duty takes PC game offline after multiple reports of RCE attacks on players (7 jul) https://cyberscoop.com/call-of-duty-remote-code-execution-pc-game-offline/

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally (8 jul) https://thehackernews.com/2025/07/baittrap-over-17000-fake-news-websites.html

German court rules Meta tracking technology violates European privacy laws (9 jul) https://therecord.media/german-court-meta-tracking-tech

Ukraina får mobilt internet via Starlink år 2026 (10 jul) https://computersweden.se/article/4020155/ukraina-far-mobilt-internet-via-starlink-ar-2026.html

CERT-SE i veckan

Sårbarheter i Citrix NetScaler (uppdaterad 8 jul) https://www.cert.se/2025/06/sarbarheter-i-citrix-netscaler.html

Patchtisdag juli 2025 – samlad information om månadens säkerhetsuppdateringar (uppdaterad 10 jul) https://www.cert.se/2025/07/patchtisdag-juli-2025-samlad-information-om-manadens-sakerhetsuppdateringar.html

Kritisk sårbarhet i Windows SPNEGO Extended Negotiation (10 jul) https://www.cert.se/2025/07/kritisk-sarbarhet-i-windows-spnego-extended-negotiation.html