Update on 3 April 2024 (in blue and italics): added vulnerable Linux distributions, more specific malicious library behaviour, recommendations. A software developer discovered a backdoor in the lzma library, which is used for compression and is part of the xz-utils package. This library is used worldwide in software for archiving, multimedia handling and may be…
Update on 19 April 2024: Added affected versions and recommendations The National Cyber Security Center (NCSC) warns of a critical security vulnerability with a CVSS score of 10.0 in Palo Alto devices. Palo Alto has warned its customers that a critical flaw impacting PAN-OS software with GlobalProtect enabled is being actively exploited. The vulnerability has…
The National Cyber Security Centre warns of two critical vulnerabilities in VMware products (ESXi, Workstation, Fusion, and Cloud Foundation). The company documented a total of four vulnerabilities, warning that the most serious of them could allow a malicious actor with local administrative privileges on virtual machines to execute code as the virtual machine’s VMX process running…
UPDATE: Issue has been fixed. If you have such problem with our products, please contact us. In recent days, the National Cyber Security Centre SK-CERT has discovered that the Security Warnings and Security Bulletins that it produces and distributes in .pdf form are being identified by some systems as potentially harmful. It means that our…
The National Cyber Security Centre SK-CERT warns of a vulnerability in devices running Android versions 13 and 14. The vulnerability lies in the insufficient device security even when the screen is locked. A threat actor needs physical access to the device to exploit this particular vulnerability, and then can access sensitive data such as photos,…
A recent report by a blockchain security company Unciphered has revelead a critical vulnerability dubbed “Randstorm” affecting cryptocurrency wallets created between 2011 and 2015. It makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning blockchain platforms. The report disclosed that Randstorm could affect several blockchain projects in the…
The National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) warns parents about the group “Add as many people as possible” (Přidej co nejvíc lidí) on the social media platform Whatsapp, which is currently spreading among primary school pupils in the Czech Republic and Slovakia. According to reports from the Czech Republic, the group…
UPDATE on 24 October 2023 at 1.00 p.m.: Identification of additional vulnerability CVE-2023-2073, update of procedure for identifying compromised devices, addition of reference to firmware updates. The National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) warns of an actively exploited vulnerability in the Cisco IOS XE software interface. Cisco has identified the active…
UPDATE on 27 September 2023 at 11:40 p.m.: Completing the list of vulnerable applications The National Cyber Security Centre SK-CERT warns of a critical security vulnerability in the popular libwebp library that allows remote execution of arbitrary code. The vulnerability has reached a maximum CVSS score of 10.0. The library can be found in thousands…
The National Cyber Security Centre SK-CERT warns of a security update released for Adobe Reader and Acrobat for Windows and macOS systems. This update fixes a serious vulnerability that allows an attacker to execute arbitrary code. Adobe products are the world’s favourite tools for everyday use of computers and other devices. Adobe Reader and Acrobat…
