TL;DR

TL; DR: Don’t trust even the courier – especially when they send you an odd e-mail

The number of vulnerability victims in enterprise content firewall Accellion is constantly increasing. Most recently, a Canadian airplane maker has been targeted. Hackers also targeted Microsoft’s e-mail accounts, whilst in other case Microsoft quite richly rewarded a security researcher. A Finnish company also had to disconnect its services and dozens of nurseries in Britain renounced...

What’s to come in 2021

In retrospect of the year 2020 it is obviously necessary to mention all the circumstances brought about by the pandemic. With the number of changes in social or economic life, the circumstances have also caused the emergence of lots of still unknown challenges, doubts and problems. From the point of view of cybersecurity, the most...
čítať celý článok

Critical vulnerability in Microsoft Exchange – update as soon as possible

The National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) warns of critical vulnerabilities in Microsoft Exchange Server product. The attacker can use these vulnerabilities to execute a malicious code, take control of a vulnerable system and access sensitive information. Abuse is possible without knowledge of the login name and password. These vulnerabilities are...
čítať celý článok
TL;DR

TL; DR: KIA company has a difficult decision to make (7th week)

South Korea has caught its neighbour in the act again, a leading car maker in the country far beyond the ocean is experiencing worries “costing several millions” and the first malware optimised for Apple Silicon processors has emerged. The Ukrainian security authorities have had a successful intervention and the Dutch Police have issued a warning...
čítať celý článok
TL;DR

TL; DR: Apple, Microsoft and Netflix. A researcher managed to breach the protection of several IT giants (6th week)

You will learn about an attempt to attack drinking water supply in the USA, as well as a popular android application or a streaming service Spotify. Security authorities have solved several successful cases, and North Korean hackers can say likewise, because they have enriched the state budget by hundreds of millions of dollars in cryptocurrencies....
čítať celý článok
TL;DR

TL; DR: Google and Apple were patching and Facebook didn’t protect half a billion data (4th week)

In the fourth week of this year, at least on the surface, the security authorities’ achievements seemed to outweigh the successes of the attackers. Apple has successfully fixed a serious vulnerability exploited by the attackers, Proofpoint researchers have published a research on banking Trojan DanaBot and organisations haven’t again avoided ransomware attacks of a larger...
čítať celý článok

Warning: Backdoor in Zyxel products

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Zyxel firewalls, VPN gateways and AP controllers that can grant a remote attacker root access to vulnerable devices. The vulnerability affects more than 100 000 Zyxel devices. The vulnerability tracked as CVE-2020-29583, is based on fact that the devices have a hidden, hardcoded admin-level...
čítať celý článok

Blow to reputation. According to an internal report, Huawei cooperated on surveillance of the ethnic group.

Currently, a lot is being written about Chinese IT companies. They are the subject of suspicion of our intelligence services too, in implementing 5G technologies. Even the latest findings won’t help the damaged reputation of Huawei company. The Chinese IT giant has cooperated with security suppliers to develop surveillance products, some of which may serve...
čítať celý článok
TL;DR

TL; DR: Banks’ mistake costing several millions and fake Cyberpunk 2077 (50th week)

Several banks faced a sophisticated attack; the American school didn’t avoid ransomware; and the attackers targeted logistics as well. The disadvantages of converting the cybersecurity company to cybercrime company were clear to Canadian company Phantom Secure. Iranian hackers don’t spare Israeli companies; and all that glitters, it’s not Cyberpunk… More in our regular summary. Banks...
čítať celý článok

Extremely critical vulnerability in your IT asset management system

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the SolarWinds Orion system, the software for monitoring and managing IT assets. Therefore, the National Cyber Security Centre SK-CERT recommends to take the following measures immediately: Separate all active SolarWinds Orion services, in any version, from the Internet and internal infrastructure If it...
čítať celý článok
TL;DR

TL; DR: Focusing on vaccine and revenge following the notice

Hackers didn’t surprise but confirmed the concerns of the intelligence services. Furthermore, even if you are a company specialized in cybersecurity, it doesn’t mean that you are protected. The proof is the society that has become a target of a sophisticated attack. An incident with delivery services in Russia was unique; the ransomware group published...
čítať celý článok
TL;DR

Weekly TL; DR (Week 43)

The National Cyber Security Centre SK-CERT introduces a new activity, the aim of which is to provide a weekly overview of important information in the field of cybersecurity. Its title is “TL; DR” (Too Long; Didn’t Read) and contains brief information from open sources along with a link to the original article. During the 43rd...
čítať celý článok
TL;DR

TL; DR: China will not tolerate anything from Japan. China has taken aim at several companies

The 45th week was also in the spirit of data leaks and ransomware campaigns. Attackers targeted business, medical and technology organizations. A large-scale attack was attributed to the Chinese state-sponsored APT 10 – Cicada. Security researchers from Birmingham managed to revive an old vulnerability of Intel processors, and Facebook fixed a vulnerability in Messenger. China...
čítať celý článok

Director of SK-CERT: The NATO exercise should prepare us for everything

Several Slovak security forces, including the National Security Authority, the Slovak Information Service, the Military Intelligence, as well as the government unit CSIRT.sk, are utilising various mechanisms and procedures of common cyber defence these days together with colleagues from the North Atlantic Treaty Organization. The Cyber Coalition runs from 16 to 20 November and is...
čítať celý článok
TL;DR

Weekly TL; DR (Week 42)

The National Cyber Security Centre SK-CERT introduces a new activity, the aim of which is to provide a weekly overview of important information in the field of cybersecurity. Its title is “TL; DR” (Too Long; Didn’t Read) and contains brief information from open sources along with a link to the original article. In today’s TL;...
čítať celý článok

Guardians 2020 is again under the auspices SK-CERT

Scientists, doctors, immunologists and research laboratories have never been under more pressure than today. The whole world is waiting for the development of the first vital vaccine against Covid-19. However, their work attracts not only the attention of the media, but also hackers. And this year, participants of the Guardians 2020 competition are facing exactly...
čítať celý článok

Another phishing campaign on the rise. This time focused on Office 365

The National Cyber Security Centre SK-CERT warns of an increased activity of phishing attacks aimed at obtaining login data for the Office 365 application package and cloud service, the Microsoft Teams application and the Zoom application. According to a Check Point report, in Q3 2020 Microsoft became the most frequently abused company in phishing attacks[1]....
čítať celý článok

9 tips on how to build a secure organization

In the age of digitization and informatization, there are unusual possibilities of automation and increasing efficiency of processes, which facilitate manufacturing of products or the service providing. However, these advantages also carry the risk of their misuse or compromise. Every organization must have the cybersecurity among its priorities, through which the organization is protected, allowing...
čítať celý článok

Cybersecurity culture is important. How to build it up?

Every organization is just as secure as its weakest part. The experience of many companies shows that employees, either ordinary or management representatives, are often the most vulnerable. Cyberattacks are becoming more and more sophisticated and frequent. Attackers target companies regardless of their size or the sector in which they operate. And therefore, in today’s...
čítať celý článok

October is a cybersecurity month

October is traditionally the cybersecurity month. The European Union through its institutions runs an annual campaign dedicated to promoting cybersecurity among EU citizens and organisations and to raising cybersecurity awareness. This month, hundreds of activities take place across Europe, including trainings, conferences, webinars and presentations; this year mainly in on-line form. Their goal is to...
čítať celý článok

The Guardians returns after a year with an interesting topic.

Cyberspace is at risk again. In the background of the corona crisis, there is an important research of an effective vaccine that would solve many problems, but scientists are not the only ones interested in its development. Various hacking groups want to access sensitive data. And it is your job to protect sensitive data from...
čítať celý článok

SK-CERT actively participates on exercise BlueOLEX 2020

The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) is participating in the second edition of Blue Olex 2020 exercise.  Member States of the Union take turn to organize this event once a year under the auspices of the European Union Agency for Cybersecurity (ENISA). This year it is the Netherlands which hosts...
čítať celý článok

SK-CERT warns – EMOTET is on the rise again

The National Cyber Security Centre SK-CERT has recently detected an increase in the spread of malware from the EMOTET campaign in the European as well as the Slovak cyberspace. Malwares from the EMOTET campaign attempt to infiltrate into your computer, steal sensitive and private information, encrypt your data and demand a ransom, as well as...
čítať celý článok

Do you have calls from Microsoft tech support? It could be a scam

Warning against misuse of offers for technical support of technology companies Maybe, it happened to you too. You were contacted by a number from another country informing you that your computer is infected and offering you security solutions. But do not be fooled. These scams are constantly gaining momentum, with a large number of people...
čítať celý článok

Do you use WhatsApp? You should pay close attention – it contained 6 critical vulnerabilities

The WhatsApp communication application is popular worldwide and used by approximately 1.5 billion users[1]. Its advantage is an easy use and relatively good communication between individual users. However, the vulnerabilities do not avoid even this application, detected in its source code. WhatsApp has issued a warning about 6 critical vulnerabilities that allow: remote code execution...
čítať celý článok

The Slovak Republic has first certification scheme in cybersecurity

Responsibility for assessment of cybersecurity auditors in Slovakia was recently taken over by a brand-new Conformity Assessment Body, the Cyber Security Competence and Certification Centre. The point is that along with it: a completely new certification scheme has been introduced. The certification scheme is based on accreditation according to the ISO/IEC 17024 Conformity assessment –...
čítať celý článok

The National Cyber Security Centre SK-CERT has published basic information on cybersecurity of OT systems

The National Cyber Security Centre SK-CERT has published a set of basic information for all operators of industrial devices on security of OT systems. Industrial control systems, referred to as OT (operational technology), are an important part of various industrial, energy and operational systems. They are often part of critical infrastructure and for example energy,...
čítať celý článok

Parents, have you got cyber kids at home?

The current situation pushes all of us to use the Internet more than ever. We ourselves, our parents and also our children are in cyberspace every day, for several hours a day. According to data, our children, though not being in isolation, use the Internet more than ever before and this trend shows no signs...
čítať celý článok

The National Cyber Security Centre SK-CERT points to attacks by means of tools for remote mobile device management

The National Cyber Security Centre SK-CERT has detected a new attack vector, the essence of which is the compromise of the organization by means of tools for remote mobile device management (MDM). Attackers attack MDM through which a malicious code is installed to mobile devices. This results in the collection of sensitive information, such as...
čítať celý článok

Member States published a joint report on 5G toolbox implementation

ENISA and the European Commission published a joint report describing the progress in the implementation of 5G toolbox in Member States. The 5G toolbox was published on 29 January 2020. It contains a common approach to an objective assessment of identified risks and proportionate mitigating measures. Following the release of the toolbox, the Member States...
čítať celý článok

Do you run a Windows Active Directory Server? DNS service contains a critical vulnerability, warns the National Cyber Security Centre SK-CERT

On 15 July 2020, the National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) issued a security warning V20200715-01 about critical vulnerabilities in Microsoft products. The most serious vulnerability, known as “SIGRed”, can completely compromise a computer. Even worse is the fact that a vulnerable Windows DNS Server application is both a core component and an...
čítať celý článok

The Cyber Security Competence and Certification Centre published a list of cybersecurity auditors

Each operator of essential services is obliged to verify that he has effective security measures and meets the essential requirements. A cybersecurity audit is used for this purpose. The operator must be audited within two years since registration. A cybersecurity audit can be performed only by a cybersecurity auditor. The auditor must be certified beforehand...
čítať celý článok

The National Cyber Security Centre SK-CERT warns on critical vulnerabilities in SAP products

Today, the National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) issued a security warning addressing the vulnerability of SAP products, tracked as CVE-2020-6287[1]. SAP company is one of the largest software manufacturers in the world. Its products focus mainly on management of relations with customers, supply chain management, human resources, expenditure management and...
čítať celý článok

Approach of TikTok platform to privacy and security

With the development of information and communication technologies and their use for usual human activities, there are also growing concerns about the fundamental human right – privacy. Given the evolution of the situation, it can be said that the methods for misusing the private data are becoming more and more diverse. Payment cards of entrepreneurs...
čítať celý článok

The Slovak Republic has first certification scheme in cybersecurity

Responsibility for assessment of cybersecurity auditors in Slovakia was recently taken over by a brand-new Conformity Assessment Body, the Cyber Security Competence and Certification Centre. The point is that along with it: a completely new certification scheme has been introduced. The certification scheme is based on accreditation according to the ISO/IEC 17024 Conformity assessment –...
čítať celý článok

Slovakia has the first certification authority in cybersecurity

Protecting organizations from cybersecurity threats is particularly a matter of implementing security measures and, subsequently, implementing cybersecurity incident response processes. “Panta rhei” is Plato’s abbreviated interpretation of the ancient philosopher Heraclitus’ claim that everything is constantly changing. Nothing is permanent and nothing is forever. Every industry, technology or environment is gradually undergoing natural but also...
čítať celý článok