Every organization is just as secure as its weakest part. The experience of many companies shows that employees, either ordinary or management representatives, are often the most vulnerable. Cyberattacks are becoming more and more sophisticated and frequent. Attackers target companies regardless of their size or the sector in which they operate. And therefore, in today’s...

Working for any company and being in any position, believe it or not, you are on the front line in protecting your organization. Therefore, it is important to follow the basic security rules. It is the easiest way to keep your data as well as your organization’s data safe and secure. In the past, particularly...

October is traditionally the cybersecurity month. The European Union through its institutions runs an annual campaign dedicated to promoting cybersecurity among EU citizens and organisations and to raising cybersecurity awareness. This month, hundreds of activities take place across Europe, including trainings, conferences, webinars and presentations; this year mainly in on-line form. Their goal is to...

Cyberspace is at risk again. In the background of the corona crisis, there is an important research of an effective vaccine that would solve many problems, but scientists are not the only ones interested in its development. Various hacking groups want to access sensitive data. And it is your job to protect sensitive data from...

The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) is participating in the second edition of Blue Olex 2020 exercise.  Member States of the Union take turn to organize this event once a year under the auspices of the European Union Agency for Cybersecurity (ENISA). This year it is the Netherlands which hosts...

The National Cyber Security Centre SK-CERT has recently detected an increase in the spread of malware from the EMOTET campaign in the European as well as the Slovak cyberspace. Malwares from the EMOTET campaign attempt to infiltrate into your computer, steal sensitive and private information, encrypt your data and demand a ransom, as well as...

Warning against misuse of offers for technical support of technology companies Maybe, it happened to you too. You were contacted by a number from another country informing you that your computer is infected and offering you security solutions. But do not be fooled. These scams are constantly gaining momentum, with a large number of people...

The WhatsApp communication application is popular worldwide and used by approximately 1.5 billion users[1]. Its advantage is an easy use and relatively good communication between individual users. However, the vulnerabilities do not avoid even this application, detected in its source code. WhatsApp has issued a warning about 6 critical vulnerabilities that allow: remote code execution...

Responsibility for assessment of cybersecurity auditors in Slovakia was recently taken over by a brand-new Conformity Assessment Body, the Cyber Security Competence and Certification Centre. The point is that along with it: a completely new certification scheme has been introduced. The certification scheme is based on accreditation according to the ISO/IEC 17024 Conformity assessment –...

The National Cyber Security Centre SK-CERT has published a set of basic information for all operators of industrial devices on security of OT systems. Industrial control systems, referred to as OT (operational technology), are an important part of various industrial, energy and operational systems. They are often part of critical infrastructure and for example energy,...

The current situation pushes all of us to use the Internet more than ever. We ourselves, our parents and also our children are in cyberspace every day, for several hours a day. According to data, our children, though not being in isolation, use the Internet more than ever before and this trend shows no signs...

The National Cyber Security Centre SK-CERT has detected a new attack vector, the essence of which is the compromise of the organization by means of tools for remote mobile device management (MDM). Attackers attack MDM through which a malicious code is installed to mobile devices. This results in the collection of sensitive information, such as...

A current situation, connected with the spread of COVID-19, has caused that many people had to change their daily habits and are spending most of their time at home. Many people are engaged in various hobbies that might be limited at the moment, so they try to look for other ways of using their spare...

ENISA and the European Commission published a joint report describing the progress in the implementation of 5G toolbox in Member States. The 5G toolbox was published on 29 January 2020. It contains a common approach to an objective assessment of identified risks and proportionate mitigating measures. Following the release of the toolbox, the Member States...

On 15 July 2020, the National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) issued a security warning V20200715-01 about critical vulnerabilities in Microsoft products. The most serious vulnerability, known as “SIGRed”, can completely compromise a computer. Even worse is the fact that a vulnerable Windows DNS Server application is both a core component and an...

Each operator of essential services is obliged to verify that he has effective security measures and meets the essential requirements. A cybersecurity audit is used for this purpose. The operator must be audited within two years since registration. A cybersecurity audit can be performed only by a cybersecurity auditor. The auditor must be certified beforehand...

Today, the National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) issued a security warning addressing the vulnerability of SAP products, tracked as CVE-2020-6287[1]. SAP company is one of the largest software manufacturers in the world. Its products focus mainly on management of relations with customers, supply chain management, human resources, expenditure management and...

With the development of information and communication technologies and their use for usual human activities, there are also growing concerns about the fundamental human right – privacy. Given the evolution of the situation, it can be said that the methods for misusing the private data are becoming more and more diverse. Payment cards of entrepreneurs...

Slovakia is among the 10 best countries according to internationally recognized National Cyber Security Index (the NCSI). It is an e-Governance Academy think-tank project. Currently, regularly evaluated index ranks 160 countries around the world. Respective countries can add data any time and advance in ranking. This is not our best position – in 2018 Slovakia...

The popular Firefox Send service has been a target of an active abuse by attackers to distribute malicious software aimed to damage or steal information from the victim’s device. The attacks are still ongoing and have been reported in Slovak cyberspace. Firefox Send providing users free private file transfers. It also offers optional security features that...

Responsibility for assessment of cybersecurity auditors in Slovakia was recently taken over by a brand-new Conformity Assessment Body, the Cyber Security Competence and Certification Centre. The point is that along with it: a completely new certification scheme has been introduced. The certification scheme is based on accreditation according to the ISO/IEC 17024 Conformity assessment –...

Protecting organizations from cybersecurity threats is particularly a matter of implementing security measures and, subsequently, implementing cybersecurity incident response processes. “Panta rhei” is Plato’s abbreviated interpretation of the ancient philosopher Heraclitus’ claim that everything is constantly changing. Nothing is permanent and nothing is forever. Every industry, technology or environment is gradually undergoing natural but also...

On 31 March 2020, the National Cyber Security Centre SK-CERT issued a security warning on the critical vulnerability of Vigor switches and routers from the company DrayTek. According to the company Netlab 360[1], this vulnerability has been found in approximately 100,000 devices. Although it is an older vulnerability for which updates were already provided on...

The spread of COVID – 19 has forced many companies and organizations to work remotely. While this precautionary measure is a good measure to care for employee’s health while maintaining good productivity, it also opens up opportunities for cyber attackers to exploit successful attacks. There are several ways to abuse the current situation: Unauthorized access...

A Chinese government has ordered all government offices and public institutions to withdraw software and hardware equipment coming from foreign suppliers within next three years. Replacement that involves approximately 20 to 30 million pieces of equipment and systems will be carried out according to a 3-5-2 key, i.e. 30% of the equipment will be replaced...

On 26 March, the National Cyber ​​Security Centre SK-CERT became the first certified Slovak CSIRT in the Trusted Introducer, which joins CSIRTs around the world. To achieve “Certified” status, the team must meet demanding conditions based on a CSIRT Advanced Measurement System known as SIM3 (Security Incident Management Maturity Model). This model is used as...

The model of working from home, so-called “Home-office” or teleworking is in the current situation of quarantine measures due to the spread of COVID-19, a frequently used way for a large part of society and institutions to separate their employees and reduce the risk of transmitting the disease. At the same time, some of the...

A large number of companies and institutions have in recent days introduced a compulsory policy of working from home — a “home office”. It is realistic to assume that the transition to a “home office” will become a new reality for many of us, also considering that, according to the World Health Organisation, the spread...

The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) warns all public authorities, organizations of state administration and municipalities about underestimating the importance of cybersecurity in the current situation related to the spread of COVID-19. The operations (and services) of information technologies of public administration have a direct and significant impact on the...

The National Cyber Security Centre SK-CERT warns operators of essential services in the health sector (hospitals, healthcare providers, testing laboratories and other healthcare facilities), as well as all other organizations of public administration and operators of essential services in other sectors against possible increasing of cyber threats and attacks on their systems and networks. As...

On 3 March 2020, the National Cyber Security Centre SK-CERT published the first Recommendations for operators of essential services to ensure a high level of availability of their services. On Sunday, 15 March 2020, the Government of the Slovak Republic agreed on the Declaration of Emergency State according to Article 5 of the Constitutional Act...

As reported in a previous warning on February 27, 2020 attackers are trying to exploit the situation where people are afraid and uncertain about the spread of COVID-19. In such situations, people are prone to believe various and false reports about COVID-19 and thus have a reduced ability to detect harmful content. The National Cyber ​​Security...

The National Cyber Security Centre SK-CERT warns against large-scale sophisticated phishing campaigns that exploit concerns about the spread of Coronavirus Disease 2019 (COVID-19). Attackers impose the virus-induced fear atmosphere and the associated reduced people’s ability to detect malicious content. Their aim is to obtain sensitive data, spread malware, or for example scaremongering. Examples include phishing...

National Cyber Security Centre SK-CERT is warning against possible increase of activities carried out by state-supported APT (Advanced Persistent Threats) groups or individuals in the global cyber security space, including the cyber space of the Slovak Republic, due to increased tensions in the Middle East region. Increased geopolitical tensions and threats of aggression may lead to...

AFCEA association in cooperation with National Cyber Security Centre SK-CERT is organizing the first national cyber security competition. This competition is intended for secondary school students at the age from 16 to 20. Registration is free of charge and students from any schools with any specializations can enrol. The competition has three rounds within the...

In November, the Los Angeles County District Attorney’s Office issued a warning against charging devices through USB-powered charging stations, at airports, in hotels, at railway stations, and other public places. Travellers are advised to avoid using public charging stations as the ports may be infected by malicious software or malware (malicious code, or software that...

Black Friday and Cyber Monday are the days when retailers attract customers to sales and big discounts. Having said that, we would like to introduce some tips for the public, regarding fake stores, suspicious e-mails and phishing cases which are associated especially with these promotions. During these days, with extremely attractive discounts, customers often become...

On 12 and 13 November 2019 the Crowne Plaza Hotel was hosting an International Conference ITAPA 2019, the largest event on Information Technologies in public administration in Slovakia. The conference lasted three days and was full of news from the world of digitization, artificial intelligence, big data, industry 4.0., cyber ​​security, smart health and smart...

The National Cyber Security Centre SK-CERT is organising another of the series of National Table-Top Exercises that will test preparedness of particular participants for cyber threats.   The goal of the exercise will be again to test the management procedures and decisions in handling cyber security incidents and to show the overlap of cyber security...

The European Commission with the European Union Agency for Network and Information Security (ENISA) have published a high-level report on EU Coordinated Risk Assessment on Cybersecurity in Fifth Generation (5G) Networks. The risks connected with 5G networks and technologies are assessed in 5 basic areas: Threats and threat actors – the report includes threat scenarios that...

October is the European Cyber Security Month during which a campaign is organized under the auspices of the European Commission, the European Union Agency for Network and Information Security (ENISA) and their partners in order to raise interest in cyber security within the European Union and to raise awareness in this area. Awareness activities include...

On 7 October 2019 the National Cyber Security Centre SK-CERT has published The Vulnerability Reporting Guideline. This guideline is a tool for security researchers, software developers, hardware manufacturers as well as for the general public. It provides a detailed procedure and recommended steps for reporting newly discovered vulnerabilities and also a procedure for reporting already existing vulnerabilities found...

Bratislava 6 September 2019 – National Security Authority (hereinafter referred to as the Authority) established the National Cybersecurity Centre SK-CERT by transformation of the National Unit SK-CERT. By establishing the National Cybersecurity Centre SK-CERT (www.sk-cert.sk) the Authority performs the task of the Action Plan of Cybersecurity Concept Implementation of the Slovak Republic within the years...

A High Level Table-Top Exercise BlueOLEX2019 Joined Representatives of Member States in Response to Critical Cybersecurity Situation On 2 and 3 July 2019 Paris was hosting a high-level Table-Top exercise BlueOLEx 2019 based on Commission Recommendation on Coordinated response to large-scale cross-border cybersecurity incidents and crises.   The exercise was organized by French L’Agence Nationale de la...

On 17 and 18 July 2019, the Organization for Security and Co-operation in Europe hosted a conference in Vienna on cybersecurity and information and communication systems security, called Cyber/ICT Security for a safer future: The OSCE’s role in fostering regional cyber stability. The conference was attended by representatives of 36 OSCE participating countries and dozens...

On 7 June 2019 the Cybersecurity Act was published in the EU Official Journal. The Act considerably strengthens the position of ENISA Agency and recognizes it as the EU Agency for Cybersecurity. The Act will come into force on 27 June 2019. Based on this Act the Agency will be able to provide more efficient...

On 4 June 2019, a scientific conference with international participation entitled “Current Challenges of Cybersecurity” was held at the Academy of the Police Force in Bratislava (hereinafter referred to as the Academy). The conference was organized by the Management and Information Science Department of the Academy in cooperation with the National Security Authority together with...

During his visit of the Globsec 2019 Forum in Bratislava, Roman Konečný, the director of National Security Authority (NSA) announced the beginning of closer cooperation between NSA and Globsec in area of cyber security. GLOBSEC is a global think-tank committed to enhancing security, prosperity and sustainability in Europe and throughout the world. The director emphasized...

On 15 May 2019 the National Unit SK-CERT of the National Security Authority took part in the international exercise CyberSOPEx. The exercise organized by the European Network and Information Security Agency (ENISA) was aimed at enhancing of coordination and cooperation of EU Member States in handling of large scale cybersecurity incidents which is one of...