The second season of the Slovak cyber security competition CyberGame emphasises the search for talent in the field of cyber security regardless of age. The scenarios are inspired by current events, as the tasks are also prepared by professionals from the National Cyber Security Centre SK-CERT. The National Security Authority is the expert guarantor of...

Microsoft faces an incident that may have resulted in the data leak of tens of thousands of entities, security forces arrested members of a car-jacking gang, and an Australian insurance company was the victim of a ransomware attack. Microsoft incident A configuration error led to a potential leak of Microsoft customer and partner information. SOCRadar...

A Japanese car company has been sharing access keys to some of its systems on its GitHub for five years, a US hospital network is battling a ransomware infection, and users of unofficial WhatsApp clients should consider returning to the original. After Slovak airports, US ones also faced a DDoS attack and AVAST has published...

The National Security Authority has been granted CVE Numbering Authority (CNA) status. This will give it greater flexibility in assigning vulnerability identifiers (CVE numbers). The National Cyber Security Centre SK-CERT will be one of 12 CERTs from around the world to have this status. It will be only the third of its kind in Europe....

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the Zimbra Collaboration Suite. Zimbra is a popular web-based email server that is often used in Slovak cyberspace. Recent vulnerabilities in this product cause an attacker to upload arbitrary files, which can lead to unauthorized code execution. Exploiting the vulnerabilities will allow full...

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in FortinetOS and FortiProxy products. FortinetOS and FortiProxy are Fortinet products. FortinetOS is an operating system that is used in other Fortinet products, FortiProxy is a web proxy used mainly for URL filtering, threat protection and malware detection. The latest vulnerability is a flaw...

The security forces have had much success in arresting, investigating and trying cyber criminals, a chess genius has been branded a fraudster, and data leaks by telecommunications companies in Australia have been a prominent theme. Arrests in Germany German police carried out house searches of three people accused of carrying out phishing attacks leading to...

Update 10.10.2022 09:50: update recommendations (another change in URL rewrite rule) Update 5.10.2022 14:00: update recommendations (small change in URL rewrite rule) Update 30.09.2022 13:00: attacker must be authenticated The National Cyber Security Centre SK-CERT warns of actively exploited zero-day vulnerabilities in the Microsoft Exchange Server product. By exploiting unspecified vulnerabilities, a remote unauthenticated authenticated...

Security researchers have published information about malware that installs a large number of others, a new tool is spreading on hacker forums, and Brazilian payment portal hackers have returned after a year-long hiatus. Malware mixer Security researchers from Kaspersky have released information about the new NullMixer malware. It spreads via websites that share cracked software....

Security researchers published an analysis on the misuse of games to distribute malware, a network of hotels fell victim to a potential attack, and security forces saw significant successes in arresting several cybercriminals and dismantling a large cybercrime forum. Gaming risk analysis Kaspersky security researchers have published a detailed analysis of cyber threats related to...

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the e-commerce web platform PrestaShop, which is currently being actively exploited by attackers. PrestaShop is a popular e-commerce web platform used worldwide, including in Slovak cyberspace, to create and manage web shops (e-shops). The latest vulnerability in this system causes an unauthenticated attacker...

Timely reporting of the incident and subsequent cooperation led to the recovery of the ransom money, not only for the reporter, but also for other victims of the ransomware gang. The Belgian Ministry of Foreign Affairs accused Chinese state-sponsored groups of cyberattacks on ministries, fake Youtube ads were spread on Google, and the NFT platform...

A ransomware cybercriminal has rearmed for cryptojacking, an international hotel chain has another data leak, and a potential data theft of record proportions is under investigation. Another Marriott International data leak The Marriott International hotel chain has been the target of another data leak following the November 2018 and March 2021 attacks. Attackers managed to...

Cybersecurity forces in Ukraine have made other successful arrests of cybercriminals, a Singaporean cybercriminal was convicted after pleading guilty to 11 felonies and two counts of identity theft, and an unknown attacker successfully stole $100 million in cryptocurrencies, but if he tells how he did it and returns it, he will receive a $1 million...

The National Cyber Security Centre SK-CERT warns of an increased risk of cyberattacks, especially on the infrastructure of operators of essential services and critical infrastructure elements. The ongoing war in Ukraine is characterised not only by Russia’s devastating physical attacks on Ukraine’s infrastructure and population, but also by continuous cyberattacks both on Ukraine’s infrastructure and...

Ransomware group BlackCat trended in cybersecurity media, Cloudflare prevented another record-breaking DDoS attack, and security forces did not slack off, with a huge wave of international arrests and seizures of illegally acquired assets. Disclosure of stolen data Ransomware group BlackCat is employing a new strategy – posting stolen information to publicly available/popular sites. The strategy...

Security researchers have uncovered ransomware that forces victims to perform socially beneficial activities. The director of the US NSA has publicly acknowledged the involvement of US military hackers in the Ukraine conflict, and widespread activity by the international security community has led to multiple arrests, infrastructure seizures, and convictions. Ransomware to help the underprivileged Cyber...

Cybersecurity in healthcare. Let’s discuss responsibilities and solutions Tuesday 21st June Bratislava 13:30 (Hotel Hilton Trnavská cesta 27/a) Wednesday 22nd June Banská Bystrica 13:30 (Hotel Lux Námestie Slobody 2) Thursday 23rd June Košice 8:30 (Hotel Hilton Hlavná 1) Programme registration, coffee presentation and discussion Rastislav Janota, Director, National Cyber Security Centre SK-CERT The pillars of...

UPDATE 01.06.2022 at 17:20: Warning of active vulnerability exploitation and added mitigation recommendations UPDATE 31.05.2022 at 13:40: Added CVE and vulnerability mitigation method The National Cyber Security Centre SK-CERT warns of a critical 0-day vulnerability in Microsoft Office. The vulnerability is currently being actively exploited by attackers and there is a very high assumption that...

The National Cyber Security Centre SK-CERT warns against the spread of the Flubot malware, which targets mobile devices running the Android operating system. The malware is currently spreading via SMS and MMS in several EU countries and there is a high probability that attackers will also target Slovak cyberspace. NCKB SK-CERT has been tracking Flubot...

Security researchers have published information about a phishing campaign targeting German car companies, the malicious Flubot malware is spreading in the Czech Republic, and cybercriminals have exploited the theft of a well-known car company’s subdomain. A long-term phishing campaign Security researchers at CheckPoint have released information about a persistent phishing campaign that began in July...

Over a thousand registered players, hundreds of active players, surprise victories and the youngest participants aged 12. Such was the CyberGame The first edition of the Slovak cybersecurity game CyberGame, where more than one thousand and two hundred participants registered, has ended. 581 players of different ages and professions “collected flags” on the gaming platform,...

Russian payment service QIWI was the target of a ransomware attack and data theft, which was subsequently made public. Security researchers uncovered a large-scale spying campaign and Google will allow some data to be removed from search results on request. Chinese APT espionage campaign Cybereason security researchers uncovered an operation by the Chinese APT group...

A new ransomware group Black Basta has emerged, a new cybercrime group Onyx is mixing ransomware with vipers, Google has changed the terms for Android app developers, and a (un)clever cybercriminal has successfully stolen a million in cryptocurrencies. An attack on a wind turbine manufacturer German wind turbine manufacturing company Deutsche Windtechnik was the target...

As of the beginning of March, there are more than one thousand and two hundred registered participants in the Slovak CyberGame and 540 male players and 32 female players are actively playing. The extraordinary interest of different age categories and professions surprised the official sponsor of the competition, which is the National Cyber Security Centre...

On 31 March 2021, the National Cyber Security Centre SK-CERT warned of a 0-day vulnerability in the Spring Framework, which is used to develop applications in Java. Since this is a widely used framework and there have been cases of exploiting this 0-day vulnerability, we are supplementing the previous warning with this article. What is...

An original Slovak cybersecurity game CyberGame has attracted students, teachers as well as professionals from various fields. After two weeks, more than seven hundred and seventy participants (772) have been registered. At least one task has already been solved by more than three hundred men and seventeen women. According to the registration form, three hundred...

Europe lacks 168 thousand cybersecurity professionals[1]. Slovakia estimates the current need of 10 thousand professionals in all segments and various specializations. Demand has increased worldwide in the last two years. Teleworking and remote learning, the take-off of cloud and virtual technologies and the aggressive increase in cybercrime have contributed to this need. “Technologies, legislation and...

The National Cyber Security Centre SK-CERT warns against the use of suspicious websites the purpose of which is to conduct DDoS attacks via a web browser targeting different websites. In connection with the war in Ukraine, in the Slovak cyberspace there have been calls for distributed attacks on websites in Russia, using a simple web...

The National Cyber Security Centre SK-CERT warns against a large-scale phishing email campaign exploiting the ZOHO Assist remote access service to gain an unauthorised access to the system. The campaign has been running since 8 January 2022 and messages have been addressed to both private and company email addresses. In today’s known cases, the attacker...

Large multinational companies did not avoid heavy fines. Thousands of school websites were disconnected due to a ransomware threat and the University in Japan lost a large amount of data due to backup error. Data leaks dominated in that week and a new ransomware group called Night Sky was also revealed. Fines for Facebook and...

The Emotet infrastructure is gradually gaining strength and cooperation with the Trickbot botnet is also repeated. Security forces managed to arrest three cybercriminals, one sentenced; and a large database from the British security forces was donated to the Password Control Service Have I been Pwned. Database in Ghana exposed Due to misconfiguration, Ghana’s National Service...

The National Cyber Security Centre SK-CERT warns of the ongoing campaign aimed at biomedical and biotech companies. The international platform for cooperation of biochemists BIO-ISAC released an advisory regarding the long-term APT campaign called Tardigrade. The attacks are targeting biomedical companies and the biotech manufacturing sector. Attackers use a new type of malware from the...

The National Cyber Security Centre SK-CERT warns against a critical zero-day vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022. The vulnerability allows that any user account can become an administrator one without authorization. On 22 November 2021, a security researcher publicly disclosed the information and an exploit (a code representing a guide...

The National Cyber Security Centre SK-CERT warns against the resumption of activities of a recently dismantled EMOTET botnet. Since we experienced incidents related to EMOTET botnet also in Slovakia in the past, it is very likely to expect this botnet to reappear in the Slovak cyberspace as well. What is EMOTET? EMOTET malware is considered...

One ransomware gang ends, while another one apologises to the royal family. Two independent groups managed to break the protection of PlayStation 5 console on the same day and Microsoft patched a zero-day vulnerability. Successful hacking contest The hacking contest Zero Day Initiative’s Pwn2Own conducted in Texas City of Austin led to detection of 61...

The National Cyber Security Centre SK-CERT warns against fraudulent e-mails designed to give the impression that they are sent by the Ministry of Finance of the Slovak Republic. The e-mail promises a refund. This is a large-scale phishing campaign. It abuses claims that are not based on truth. A real aim of the campaign is...

Acer Company that manufactures laptops has not been lucky in the cybersecurity field recently. However, this can also be said about the REvil ransomware gang whose website has been inaccessible. 42nd week also brought interesting surveys, one of which says that sometimes we are too cautious. Acer again under attack Acer, PC and Device Maker,...

Europe is preparing a new regulation. This time for domain registration. REvil is behind most of ransomware attacks, but Pacific City Bank was attacked by AvosLocker ransomware. However, there are also good news – Security Service of Ukraine arrested another cybercriminal. Odd practices in Apple Apple has again silently fixed a zero-day vulnerability with the...

October is the month of cyber security; a new ransomware has been found; and today, malware is sold very cheaply.  In addition, a former member of the REvil group is arguing with his former colleagues for money and young cybersecurity talents were competing in Prague. Cybersecurity month has started As every year, also this October...

Apple has not been able to update the Finder; cybercriminals are being associated with Mafia and the data leaks continue. There also appeared a manual of Conti ransomware attack and finally one attacker got into jail for his role in a seven-year scheme. Botched update In the latest macOS Big Sur update, Apple tried to...

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in SAP products. SAP is one of the largest software manufacturers in the world. Its products focus mainly on customer relationship management, supply chain management, human resources, expenditure management and other areas. Software solutions from SAP are used worldwide not only in the private but...

On Friday, July 2, in the evening, the world was shaken by a massive ransomware attack targeting a remote server management application called the Kaseya Virtual Server Administrator, used for remote management of end user stations [1]. It is not uncommon that the major attack took place just before the Fourth of July holiday with a shorter...

The cybercriminal group REvil seems unstoppable and is beginning to realize its value. After the attack on hundreds of companies, they demand a record amount as a ransom. After the ransomware attacks on Irish hospitals and healthcare organisations, state budget reserves are likely to be depleted due to bailout provision.  Recently, however, security forces have...

On 1 July, the US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the British National Cyber Security Centre (NCSC) issued a joint security recommendation containing information on malicious activities of the Russian military intelligence service GRU, which started in 2019 and continues to this...

The National Cyber Security Centre SK-CERT warns against the ongoing campaign that abuses the identity of Slovenská pošta. The campaign is currently running via SMS messages (also called smishing). However, the attacker may also abuse other forms of communication (e.g. e-mails). This is a large-scale phishing campaign. It uses statements that are not based on...

Another massive leak from LinkedIn social network can be added to a huge data leak of April this year. Data from more than 700 million users of this social network has leaked and has been put up for sale on the black market at this time. LinkedIn has approximately 756 million users, this would mean...

A new, already the fourth version of the Global Cybersecurity Index (GCI) published by the International Telecommunication Union, has been released. The Slovak Republic has again moved significantly up. In 2018 it was ranked 45th, while in a new version of the index dated from 2020 it has reached 34th place with a total score...

The National Cyber Security Centre SK-CERT warns against a fraudulent campaign. The actors pretend to be police officers and contact their victims by phone. They try to extract various data from them – including personal and access data. In this campaign, the attacker introduces himself as the police and after an initial talk, the victim...