CERT-SE:s veckobrev v.36

Den här veckan vill vi informera extra om våra råd och rekommendationer gällande nätfiske. Nätfiske, eller phishing, är vanligt förekommande och en av de mest effektiva metoderna för angripare att tillskansa sig obehörig åtkomst till system och känslig information. Angreppen kan vara mer eller mindre skräddarsydda och riktas ofta mot organisationer som hanterar olika typer av personuppgifter, finansiella transaktioner och/eller annan känslig information.

Rekommendationer

• Använd multifaktorautentisering (MFA).
• Inför effektiv lösenordspolicy.
• Kontakta den påstådda avsändaren för att verifiera personens identitet och intention.
• Se över eventuella påverkade användarkonton och vidta åtgärder, exempelvis som att gå igenom konfigurationen av kontot.
• Informera internt för att göra medarbetare extra vaksamma på inkommande mejl.
• Uppmana användare som vet att de klickat på en länk och angett sina inloggningsuppgifter att meddela it-ansvarig så snart som möjligt.

Här hittar du mer information: https://www.cert.se/tema/natfiske/

Som stöd för uppföljning och förbättring av det systematiska informationssäkerhetsarbetet i kommuner, regioner och statliga myndigheter finns MSB:s Cybersäkerhetskollen: https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/arbeta-systematiskt-informationssakerhet-och-cybersakerhet/cybersakerhetskollen/

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Hackers Exploit Microsoft Teams, Posing as IT Help Desk for Screen Sharing and Remote Access (29 aug) https://cybersecuritynews.com/hackers-exploit-microsoft-teams/

US Homeland Security chief reports breach at FEMA, fires 23 employees (29 aug) https://www.reuters.com/world/us/us-homeland-security-chief-reports-breach-fema-fires-23-employees-2025-08-29/

Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations (29 aug) https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html ..
Salesloft Drift attacks hit Cloudflare, Palo Alto Networks, Zscaler (2 sep) https://cyberscoop.com/salesloft-drift-attacks-cloudflare-palo-alto-networks-zscaler/

TransUnion Hack Exposes 4M+ Customers Personal Information (29 aug) https://cybersecuritynews.com/transunion-hack/

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available (29 aug) https://thehackernews.com/2025/08/freepbx-servers-targeted-by-zero-day.html

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks (29 aug) https://www.securityweek.com/ransomware-group-exploits-hybrid-cloud-gaps-gains-full-azure-control-in-enterprise-attacks/

TransUnion says 4.4 million customers affected by third-party breach (29 aug) https://www.scworld.com/news/transunion-says-4-4-million-customers-affected-by-third-party-breach

WhatsApp finds new hacking campaign targeting fewer than 200 people (30 aug) https://www.reuters.com/sustainability/boards-policy-regulation/whatsapp-finds-new-hacking-campaign-targeting-fewer-than-200-people-2025-08-29/

Amazon disrupts Russian APT29 hackers targeting Microsoft 365 (1 sep) https://www.bleepingcomputer.com/news/security/amazon-disrupts-russian-apt29-hackers-targeting-microsoft-365/

Känsliga personuppgifter läckte – stora utredningar pågår (2 sep) https://www.sverigesradio.se/artikel/kansliga-personuppgifter-lackte-stora-utredningar-pagar

Jaguar Land Rover Confirms Cybersecurity Incident Impacts Global IT Systems (2 sep) https://cybersecuritynews.com/jaguar-land-rover-it-systems/

New TinkyWinkey Stealthily Attacking Windows Systems With Advanced Keylogging Capabilities (2 sep) https://cybersecuritynews.com/new-tinkywinkey-stealthily-attacking-windows-systems/

Britain’s JLR hit by cyber incident that disrupts production, sales (2 aug) https://www.reuters.com/business/autos-transportation/britains-jlr-hit-by-cyber-incident-that-disrupts-production-sales-2025-09-02/

Palo Alto Networks Confirms Data Breach – Hackers Stole Customer Data from Salesforce Instances (2 sep) https://cybersecuritynews.com/palo-alto-networks-data-breach/

Pennsylvania AG Office says ransomware attack behind recent outage (2 sep) https://www.bleepingcomputer.com/news/security/pennsylvania-ag-office-says-ransomware-attack-behind-recent-outage/

Austria’s Interior Ministry Says 100 Email Accounts Breached (1 sep) https://www.inforisktoday.com/austrias-interior-ministry-says-100-email-accounts-breached-a-29340

Hackers breach fintech firm in attempted $130M bank heist (2 sep) https://www.bleepingcomputer.com/news/security/hackers-breach-fintech-firm-in-attempted-130m-bank-heist/

New ClickFix Attack Mimic as AnyDesk Leverages Windows Search to Drop MetaStealer (2 sep) https://cybersecuritynews.com/new-clickfix-attack-mimic-as-anydesk/

Lazarus Hackers Deploying Three RATs on Compromised Systems Possibly Using 0-Day Vulnerability (2 sep) https://cybersecuritynews.com/lazarus-hackers-deploying-three-rats/

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure (3 sep) https://thehackernews.com/2025/09/threat-actors-weaponize-hexstrike-ai-to.html

PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability (3 sep) https://cybersecuritynews.com/poc-exploit-iis-vulnerability/

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack (3 sep) https://thehackernews.com/2025/09/cloudflare-blocks-record-breaking-115.html

Scientists discover 16,000 hacked servers using clever cybersecurity trick (3 sep) https://knowridge.com/2025/09/scientists-discover-16000-hacked-servers-using-clever-cybersecurity-trick/

Detecting Data Leaks Before Disaster (3 sep) https://thehackernews.com/2025/09/detecting-data-leaks-before-disaster.html

Tycoon Phishing Kit Utilizes New Capabilities to Hide Malicious Links (3 sep) https://www.infosecurity-magazine.com/news/tycoon-phishing-kit-hide-malicious/

Russia’s APT28 Targets Microsoft Outlook With ‘NotDoor’ Malware (3 sep) https://www.darkreading.com/endpoint-security/apt28-outlook-notdoor-backdoor

Threat actors abuse X’s Grok AI to spread malicious links (3 sep) https://www.bleepingcomputer.com/news/security/threat-actors-abuse-xs-grok-ai-to-spread-malicious-links/

Rapporter och analyser

Threat Actors Breach High Value Targets like Google in Salesforce Attacks – What Organizations Need to Know (29 aug) https://cybersecuritynews.com/salesforce-attacks/

New Research With PoC Explains Security Nightmares On Coding Using LLMs (29 aug) https://cybersecuritynews.com/security-nightmares-on-coding-using-llms/

Företagslösenord allt lättare att stjäla och missbruka (29 aug) https://computersweden.se/article/4047410/foretagslosenord-blir-annu-lattare-att-stjala-och-missbruka.html

Silver Fox APT Hackers Leveraging Vulnerable driver to Attack Windows 10 and 11 Systems by Evading EDR/AV (29 aug) https://cybersecuritynews.com/silver-fox-apt-hackers-leveraging-vulnerable-driver/

State-Sponsored Hackers Behind Majority of Vulnerability Exploits (29 aug) https://www.infosecurity-magazine.com/news/state-hackers-majority/

Ransomware gang takedowns causing explosion of new, smaller groups (29 aug) https://therecord.media/ransomware-gang-takedown-proliferation

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider (1 sep) https://thehackernews.com/2025/09/when-browsers-become-attack-surface.html

Informationssäkerhet och blandat

Applicant webinar for CRESCENDO Call https://www.forskningsradet.no/en/events/2025/applicant-webinar-crescendo/

In the rush to adopt hot new tech, security is often forgotten. AI is no exception (2 sep) https://go.theregister.com/feed/www.theregister.com/2025/09/02/exposed_ollama_servers_insecure_research/

Connected cars are smart, convenient, and open to cyberattacks (5 sep) https://www.helpnetsecurity.com/2025/09/05/connected-cars-cybersecurity-risk/