9 tips on how to build a secure organization

In the age of digitization and informatization, there are unusual possibilities of automation and increasing efficiency of processes, which facilitate manufacturing of products or the service providing. However, these advantages also carry the risk of their misuse or compromise. Every organization must have the cybersecurity among its priorities, through which the organization is protected, allowing...

Cybersecurity culture is important. How to build it up?

Every organization is just as secure as its weakest part. The experience of many companies shows that employees, either ordinary or management representatives, are often the most vulnerable. Cyberattacks are becoming more and more sophisticated and frequent. Attackers target companies regardless of their size or the sector in which they operate. And therefore, in today’s...
čítať celý článok

October is a cybersecurity month

October is traditionally the cybersecurity month. The European Union through its institutions runs an annual campaign dedicated to promoting cybersecurity among EU citizens and organisations and to raising cybersecurity awareness. This month, hundreds of activities take place across Europe, including trainings, conferences, webinars and presentations; this year mainly in on-line form. Their goal is to...
čítať celý článok

The Guardians returns after a year with an interesting topic.

Cyberspace is at risk again. In the background of the corona crisis, there is an important research of an effective vaccine that would solve many problems, but scientists are not the only ones interested in its development. Various hacking groups want to access sensitive data. And it is your job to protect sensitive data from...
čítať celý článok

SK-CERT actively participates on exercise BlueOLEX 2020

The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) is participating in the second edition of Blue Olex 2020 exercise.  Member States of the Union take turn to organize this event once a year under the auspices of the European Union Agency for Cybersecurity (ENISA). This year it is the Netherlands which hosts...
čítať celý článok

SK-CERT warns – EMOTET is on the rise again

The National Cyber Security Centre SK-CERT has recently detected an increase in the spread of malware from the EMOTET campaign in the European as well as the Slovak cyberspace. Malwares from the EMOTET campaign attempt to infiltrate into your computer, steal sensitive and private information, encrypt your data and demand a ransom, as well as...
čítať celý článok

Do you have calls from Microsoft tech support? It could be a scam

Warning against misuse of offers for technical support of technology companies Maybe, it happened to you too. You were contacted by a number from another country informing you that your computer is infected and offering you security solutions. But do not be fooled. These scams are constantly gaining momentum, with a large number of people...
čítať celý článok

Do you use WhatsApp? You should pay close attention – it contained 6 critical vulnerabilities

The WhatsApp communication application is popular worldwide and used by approximately 1.5 billion users[1]. Its advantage is an easy use and relatively good communication between individual users. However, the vulnerabilities do not avoid even this application, detected in its source code. WhatsApp has issued a warning about 6 critical vulnerabilities that allow: remote code execution...
čítať celý článok

The Slovak Republic has first certification scheme in cybersecurity

Responsibility for assessment of cybersecurity auditors in Slovakia was recently taken over by a brand-new Conformity Assessment Body, the Cyber Security Competence and Certification Centre. The point is that along with it: a completely new certification scheme has been introduced. The certification scheme is based on accreditation according to the ISO/IEC 17024 Conformity assessment –...
čítať celý článok

The National Cyber Security Centre SK-CERT has published basic information on cybersecurity of OT systems

The National Cyber Security Centre SK-CERT has published a set of basic information for all operators of industrial devices on security of OT systems. Industrial control systems, referred to as OT (operational technology), are an important part of various industrial, energy and operational systems. They are often part of critical infrastructure and for example energy,...
čítať celý článok

Parents, have you got cyber kids at home?

The current situation pushes all of us to use the Internet more than ever. We ourselves, our parents and also our children are in cyberspace every day, for several hours a day. According to data, our children, though not being in isolation, use the Internet more than ever before and this trend shows no signs...
čítať celý článok

The National Cyber Security Centre SK-CERT points to attacks by means of tools for remote mobile device management

The National Cyber Security Centre SK-CERT has detected a new attack vector, the essence of which is the compromise of the organization by means of tools for remote mobile device management (MDM). Attackers attack MDM through which a malicious code is installed to mobile devices. This results in the collection of sensitive information, such as...
čítať celý článok

Member States published a joint report on 5G toolbox implementation

ENISA and the European Commission published a joint report describing the progress in the implementation of 5G toolbox in Member States. The 5G toolbox was published on 29 January 2020. It contains a common approach to an objective assessment of identified risks and proportionate mitigating measures. Following the release of the toolbox, the Member States...
čítať celý článok

Do you run a Windows Active Directory Server? DNS service contains a critical vulnerability, warns the National Cyber Security Centre SK-CERT

On 15 July 2020, the National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) issued a security warning V20200715-01 about critical vulnerabilities in Microsoft products. The most serious vulnerability, known as “SIGRed”, can completely compromise a computer. Even worse is the fact that a vulnerable Windows DNS Server application is both a core component and an...
čítať celý článok

The Cyber Security Competence and Certification Centre published a list of cybersecurity auditors

Each operator of essential services is obliged to verify that he has effective security measures and meets the essential requirements. A cybersecurity audit is used for this purpose. The operator must be audited within two years since registration. A cybersecurity audit can be performed only by a cybersecurity auditor. The auditor must be certified beforehand...
čítať celý článok

The National Cyber Security Centre SK-CERT warns on critical vulnerabilities in SAP products

Today, the National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) issued a security warning addressing the vulnerability of SAP products, tracked as CVE-2020-6287[1]. SAP company is one of the largest software manufacturers in the world. Its products focus mainly on management of relations with customers, supply chain management, human resources, expenditure management and...
čítať celý článok

Approach of TikTok platform to privacy and security

With the development of information and communication technologies and their use for usual human activities, there are also growing concerns about the fundamental human right – privacy. Given the evolution of the situation, it can be said that the methods for misusing the private data are becoming more and more diverse. Payment cards of entrepreneurs...
čítať celý článok

The Slovak Republic has first certification scheme in cybersecurity

Responsibility for assessment of cybersecurity auditors in Slovakia was recently taken over by a brand-new Conformity Assessment Body, the Cyber Security Competence and Certification Centre. The point is that along with it: a completely new certification scheme has been introduced. The certification scheme is based on accreditation according to the ISO/IEC 17024 Conformity assessment –...
čítať celý článok

Slovakia has the first certification authority in cybersecurity

Protecting organizations from cybersecurity threats is particularly a matter of implementing security measures and, subsequently, implementing cybersecurity incident response processes. “Panta rhei” is Plato’s abbreviated interpretation of the ancient philosopher Heraclitus’ claim that everything is constantly changing. Nothing is permanent and nothing is forever. Every industry, technology or environment is gradually undergoing natural but also...
čítať celý článok

The National Cyber Security Centre SK-CERT warns against continuing abuse of critical vulnerabilities in DrayTek devices

On 31 March 2020, the National Cyber Security Centre SK-CERT issued a security warning on the critical vulnerability of Vigor switches and routers from the company DrayTek. According to the company Netlab 360[1], this vulnerability has been found in approximately 100,000 devices. Although it is an older vulnerability for which updates were already provided on...
čítať celý článok

The National Cyber Security Centre SK-CERT has achieved the highest level of international recognition of CSIRT, certified status at the Trusted Introducer

On 26 March, the National Cyber ​​Security Centre SK-CERT became the first certified Slovak CSIRT in the Trusted Introducer, which joins CSIRTs around the world. To achieve “Certified” status, the team must meet demanding conditions based on a CSIRT Advanced Measurement System known as SIM3 (Security Incident Management Maturity Model). This model is used as...
čítať celý článok

Security Warning for Public Authorities about Underestimating the Cybersecurity in Emergency State Caused by COVID-19

The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) warns all public authorities, organizations of state administration and municipalities about underestimating the importance of cybersecurity in the current situation related to the spread of COVID-19. The operations (and services) of information technologies of public administration have a direct and significant impact on the...
čítať celý článok

Security Warning to Operators of Essential Services in the Health Sector against Cyber Threats and Attacks

The National Cyber Security Centre SK-CERT warns operators of essential services in the health sector (hospitals, healthcare providers, testing laboratories and other healthcare facilities), as well as all other organizations of public administration and operators of essential services in other sectors against possible increasing of cyber threats and attacks on their systems and networks. As...
čítať celý článok

Security Recommendations of the National Cyber Security Centre SK-CERT for Operators of Essential Services Regarding to COVID-19 (updated measures)

On 3 March 2020, the National Cyber Security Centre SK-CERT published the first Recommendations for operators of essential services to ensure a high level of availability of their services. On Sunday, 15 March 2020, the Government of the Slovak Republic agreed on the Declaration of Emergency State according to Article 5 of the Constitutional Act...
čítať celý článok

Warning against malicious phishing campaigns related to coronavirus

The National Cyber Security Centre SK-CERT warns against large-scale sophisticated phishing campaigns that exploit concerns about the spread of Coronavirus Disease 2019 (COVID-19). Attackers impose the virus-induced fear atmosphere and the associated reduced people’s ability to detect malicious content. Their aim is to obtain sensitive data, spread malware, or for example scaremongering. Examples include phishing...
čítať celý článok

Warning Against Possible Growth Of Harmful Activities In Cyber Space Connected With Escalation Of Tension In The Middle East

National Cyber Security Centre SK-CERT is warning against possible increase of activities carried out by state-supported APT (Advanced Persistent Threats) groups or individuals in the global cyber security space, including the cyber space of the Slovak Republic, due to increased tensions in the Middle East region. Increased geopolitical tensions and threats of aggression may lead to...
čítať celý článok

Students Can Enrol in the Cyber Security Competition

AFCEA association in cooperation with National Cyber Security Centre SK-CERT is organizing the first national cyber security competition. This competition is intended for secondary school students at the age from 16 to 20. Registration is free of charge and students from any schools with any specializations can enrol. The competition has three rounds within the...
čítať celý článok

Recommendations for Travellers: Do Not Use Public Charging Stations

In November, the Los Angeles County District Attorney’s Office issued a warning against charging devices through USB-powered charging stations, at airports, in hotels, at railway stations, and other public places. Travellers are advised to avoid using public charging stations as the ports may be infected by malicious software or malware (malicious code, or software that...
čítať celý článok

Advices regarding Shopping on Black Friday and Cyber Monday

Black Friday and Cyber Monday are the days when retailers attract customers to sales and big discounts. Having said that, we would like to introduce some tips for the public, regarding fake stores, suspicious e-mails and phishing cases which are associated especially with these promotions. During these days, with extremely attractive discounts, customers often become...
čítať celý článok

SK-CERT Participating on ITAPA 2019 and CyberTAPA 2019

On 12 and 13 November 2019 the Crowne Plaza Hotel was hosting an International Conference ITAPA 2019, the largest event on Information Technologies in public administration in Slovakia. The conference lasted three days and was full of news from the world of digitization, artificial intelligence, big data, industry 4.0., cyber ​​security, smart health and smart...
čítať celý článok

EU Coordinated Risk Assessment on Cybersecurity in Fifth Generation (5G) Networks

The European Commission with the European Union Agency for Network and Information Security (ENISA) have published a high-level report on EU Coordinated Risk Assessment on Cybersecurity in Fifth Generation (5G) Networks. The risks connected with 5G networks and technologies are assessed in 5 basic areas: Threats and threat actors – the report includes threat scenarios that...
čítať celý článok

European Cyber Security Month

October is the European Cyber Security Month during which a campaign is organized under the auspices of the European Commission, the European Union Agency for Network and Information Security (ENISA) and their partners in order to raise interest in cyber security within the European Union and to raise awareness in this area. Awareness activities include...
čítať celý článok

Responsible Vulnerability Disclosure Guideline

On 7 October 2019 the National Cyber Security Centre SK-CERT has published The Vulnerability Reporting Guideline. This guideline is a tool for security researchers, software developers, hardware manufacturers as well as for the general public. It provides a detailed procedure and recommended steps for reporting newly discovered vulnerabilities and also a procedure for reporting already existing vulnerabilities found...
čítať celý článok

National Cybersecurity Centre SK-CERT

Bratislava 6 September 2019 – National Security Authority (hereinafter referred to as the Authority) established the National Cybersecurity Centre SK-CERT by transformation of the National Unit SK-CERT. By establishing the National Cybersecurity Centre SK-CERT (www.sk-cert.sk) the Authority performs the task of the Action Plan of Cybersecurity Concept Implementation of the Slovak Republic within the years...
čítať celý článok

High Level Table-Top Exercise BlueOLEX2019

A High Level Table-Top Exercise BlueOLEX2019 Joined Representatives of Member States in Response to Critical Cybersecurity Situation On 2 and 3 July 2019 Paris was hosting a high-level Table-Top exercise BlueOLEx 2019 based on Commission Recommendation on Coordinated response to large-scale cross-border cybersecurity incidents and crises.   The exercise was organized by French L’Agence Nationale de la...
čítať celý článok

OBSE Conference on Cybersecurity

On 17 and 18 July 2019, the Organization for Security and Co-operation in Europe hosted a conference in Vienna on cybersecurity and information and communication systems security, called Cyber/ICT Security for a safer future: The OSCE’s role in fostering regional cyber stability. The conference was attended by representatives of 36 OSCE participating countries and dozens...
čítať celý článok

Cybersecurity Act will come into Force on 27 June 2019

On 7 June 2019 the Cybersecurity Act was published in the EU Official Journal. The Act considerably strengthens the position of ENISA Agency and recognizes it as the EU Agency for Cybersecurity. The Act will come into force on 27 June 2019. Based on this Act the Agency will be able to provide more efficient...
čítať celý článok

The National Unit SK-CERT Participating In the Conference “Current Challenges of Cybersecurity”

On 4 June 2019, a scientific conference with international participation entitled “Current Challenges of Cybersecurity” was held at the Academy of the Police Force in Bratislava (hereinafter referred to as the Academy). The conference was organized by the Management and Information Science Department of the Academy in cooperation with the National Security Authority together with...
čítať celý článok

CyberSOPEx Exercise Tested the Cooperation of National CSIRT Units

On 15 May 2019 the National Unit SK-CERT of the National Security Authority took part in the international exercise CyberSOPEx. The exercise organized by the European Network and Information Security Agency (ENISA) was aimed at enhancing of coordination and cooperation of EU Member States in handling of large scale cybersecurity incidents which is one of...
čítať celý článok