Warning of critical vulnerabilities in Cisco telephony devices

The National Cyber Security Centre SK-CERT is warning of vulnerabilities in Cisco telephony devices that could be exploited by remote unauthenticated attackers for arbitrary code execution (ACE) or denial of service (DoS). Critical vulnerabilities identified by CVE-2023-20078 and CVE-2023-20079 could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service....

The national cybersecurity game CyberGame starts its second season: Because we believe there is talent among you!

The second season of the Slovak cyber security competition CyberGame emphasises the search for talent in the field of cyber security regardless of age. The scenarios are inspired by current events, as the tasks are also prepared by professionals from the National Cyber Security Centre SK-CERT. The National Security Authority is the expert guarantor of...
čítať celý článok
TL;DR

TL; DR: REvil in new clothes? (Week 42)

Microsoft faces an incident that may have resulted in the data leak of tens of thousands of entities, security forces arrested members of a car-jacking gang, and an Australian insurance company was the victim of a ransomware attack. Microsoft incident A configuration error led to a potential leak of Microsoft customer and partner information. SOCRadar...
čítať celý článok
TL;DR

TL; DR: The five-year mistake (Week 41)

A Japanese car company has been sharing access keys to some of its systems on its GitHub for five years, a US hospital network is battling a ransomware infection, and users of unofficial WhatsApp clients should consider returning to the original. After Slovak airports, US ones also faced a DDoS attack and AVAST has published...
čítať celý článok

Warning of critical vulnerabilities in Zimbra Collaboration Suite

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the Zimbra Collaboration Suite. Zimbra is a popular web-based email server that is often used in Slovak cyberspace. Recent vulnerabilities in this product cause an attacker to upload arbitrary files, which can lead to unauthorized code execution. Exploiting the vulnerabilities will allow full...
čítať celý článok

Critical vulnerability warning in FortinetOS and FortiProxy

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in FortinetOS and FortiProxy products. FortinetOS and FortiProxy are Fortinet products. FortinetOS is an operating system that is used in other Fortinet products, FortiProxy is a web proxy used mainly for URL filtering, threat protection and malware detection. The latest vulnerability is a flaw...
čítať celý článok
TL;DR

TL; DR: In the hands of justice (Week 40)

The security forces have had much success in arresting, investigating and trying cyber criminals, a chess genius has been branded a fraudster, and data leaks by telecommunications companies in Australia have been a prominent theme. Arrests in Germany German police carried out house searches of three people accused of carrying out phishing attacks leading to...
čítať celý článok

Warning: actively exploited zero-day vulnerability in Microsoft Exchange

Update 10.10.2022 09:50: update recommendations (another change in URL rewrite rule) Update 5.10.2022 14:00: update recommendations (small change in URL rewrite rule) Update 30.09.2022 13:00: attacker must be authenticated The National Cyber Security Centre SK-CERT warns of actively exploited zero-day vulnerabilities in the Microsoft Exchange Server product. By exploiting unspecified vulnerabilities, a remote unauthenticated authenticated...
čítať celý článok
TL;DR

TL; DR: One malware for all (Week 39)

Security researchers have published information about malware that installs a large number of others, a new tool is spreading on hacker forums, and Brazilian payment portal hackers have returned after a year-long hiatus. Malware mixer Security researchers from Kaspersky have released information about the new NullMixer malware. It spreads via websites that share cracked software....
čítať celý článok
TL;DR

TL; DR: The game as an attack vector (Week 36)

Security researchers published an analysis on the misuse of games to distribute malware, a network of hotels fell victim to a potential attack, and security forces saw significant successes in arresting several cybercriminals and dismantling a large cybercrime forum. Gaming risk analysis Kaspersky security researchers have published a detailed analysis of cyber threats related to...
čítať celý článok

Warning about a critical vulnerability in the PrestaShop e-commerce platform

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the e-commerce web platform PrestaShop, which is currently being actively exploited by attackers. PrestaShop is a popular e-commerce web platform used worldwide, including in Slovak cyberspace, to create and manage web shops (e-shops). The latest vulnerability in this system causes an unauthenticated attacker...
čítať celý článok

Warning of increased risk of cybersecurity attacks (21.06.2022)

The National Cyber Security Centre SK-CERT warns of an increased risk of cyberattacks, especially on the infrastructure of operators of essential services and critical infrastructure elements. The ongoing war in Ukraine is characterised not only by Russia’s devastating physical attacks on Ukraine’s infrastructure and population, but also by continuous cyberattacks both on Ukraine’s infrastructure and...
čítať celý článok
TL;DR

Ransomware group innovations and a wave of arrests (Week 24)

Ransomware group BlackCat trended in cybersecurity media, Cloudflare prevented another record-breaking DDoS attack, and security forces did not slack off, with a huge wave of international arrests and seizures of illegally acquired assets. Disclosure of stolen data Ransomware group BlackCat is employing a new strategy – posting stolen information to publicly available/popular sites. The strategy...
čítať celý článok
TL;DR

Ransomware “goodwill” and arrested cybercriminals (Week 22)

Security researchers have uncovered ransomware that forces victims to perform socially beneficial activities. The director of the US NSA has publicly acknowledged the involvement of US military hackers in the Ukraine conflict, and widespread activity by the international security community has led to multiple arrests, infrastructure seizures, and convictions. Ransomware to help the underprivileged Cyber...
čítať celý článok

Regional workshops for senior management of health facilities

Cybersecurity in healthcare. Let’s discuss responsibilities and solutions Tuesday 21st June Bratislava 13:30 (Hotel Hilton Trnavská cesta 27/a) Wednesday 22nd June Banská Bystrica 13:30 (Hotel Lux Námestie Slobody 2) Thursday 23rd June Košice 8:30 (Hotel Hilton Hlavná 1) Programme registration, coffee presentation and discussion Rastislav Janota, Director, National Cyber Security Centre SK-CERT The pillars of...
čítať celý článok

Warning about exploitation of 0-day vulnerability in Microsoft Office – Word ms-msdt (Follina)

UPDATE 01.06.2022 at 17:20: Warning of active vulnerability exploitation and added mitigation recommendations UPDATE 31.05.2022 at 13:40: Added CVE and vulnerability mitigation method The National Cyber Security Centre SK-CERT warns of a critical 0-day vulnerability in Microsoft Office. The vulnerability is currently being actively exploited by attackers and there is a very high assumption that...
čítať celý článok

NCSC SK-CERT warns against the spread of Flubot malware

The National Cyber Security Centre SK-CERT warns against the spread of the Flubot malware, which targets mobile devices running the Android operating system. The malware is currently spreading via SMS and MMS in several EU countries and there is a high probability that attackers will also target Slovak cyberspace. NCKB SK-CERT has been tracking Flubot...
čítať celý článok
TL;DR

TL; DR: Persistent phishing campaign and Flubot beyond Slovakia’s borders (week 19 and 20)

Security researchers have published information about a phishing campaign targeting German car companies, the malicious Flubot malware is spreading in the Czech Republic, and cybercriminals have exploited the theft of a well-known car company’s subdomain. A long-term phishing campaign Security researchers at CheckPoint have released information about a persistent phishing campaign that began in July...
čítať celý článok

The largest Slovak CTF exercise is over. The results are surprising!

Over a thousand registered players, hundreds of active players, surprise victories and the youngest participants aged 12. Such was the CyberGame The first edition of the Slovak cybersecurity game CyberGame, where more than one thousand and two hundred participants registered, has ended. 581 players of different ages and professions “collected flags” on the gaming platform,...
čítať celý článok
TL;DR

TL;DR: Google changes rules and new ransomware groups (Week 17)

A new ransomware group Black Basta has emerged, a new cybercrime group Onyx is mixing ransomware with vipers, Google has changed the terms for Android app developers, and a (un)clever cybercriminal has successfully stolen a million in cryptocurrencies. An attack on a wind turbine manufacturer German wind turbine manufacturing company Deutsche Windtechnik was the target...
čítať celý článok

More than seven hundred participants in cybersecurity game

An original Slovak cybersecurity game CyberGame has attracted students, teachers as well as professionals from various fields. After two weeks, more than seven hundred and seventy participants (772) have been registered. At least one task has already been solved by more than three hundred men and seventeen women. According to the registration form, three hundred...
čítať celý článok

We are badly lacking both cybersecurity professionals and cybersecurity awareness. Professionals as well as students can experience taking part in a cybersecurity game

Europe lacks 168 thousand cybersecurity professionals[1]. Slovakia estimates the current need of 10 thousand professionals in all segments and various specializations. Demand has increased worldwide in the last two years. Teleworking and remote learning, the take-off of cloud and virtual technologies and the aggressive increase in cybercrime have contributed to this need. “Technologies, legislation and...
čítať celý článok

Warning against suspicious websites conducting DDoS attacks

The National Cyber Security Centre SK-CERT warns against the use of suspicious websites the purpose of which is to conduct DDoS attacks via a web browser targeting different websites. In connection with the war in Ukraine, in the Slovak cyberspace there have been calls for distributed attacks on websites in Russia, using a simple web...
čítať celý článok
TL;DR

TL; DR: A fine for Facebook and a new ransomware (1st week)

Large multinational companies did not avoid heavy fines. Thousands of school websites were disconnected due to a ransomware threat and the University in Japan lost a large amount of data due to backup error. Data leaks dominated in that week and a new ransomware group called Night Sky was also revealed. Fines for Facebook and...
čítať celý článok
TL;DR

TL; DR: Emotet again active and leak from the government database in Albania (52nd week)

The Emotet infrastructure is gradually gaining strength and cooperation with the Trickbot botnet is also repeated. Security forces managed to arrest three cybercriminals, one sentenced; and a large database from the British security forces was donated to the Password Control Service Have I been Pwned. Database in Ghana exposed Due to misconfiguration, Ghana’s National Service...
čítať celý článok

Warning of possible attacks on the biomedical sector

The National Cyber Security Centre SK-CERT warns of the ongoing campaign aimed at biomedical and biotech companies. The international platform for cooperation of biochemists BIO-ISAC released an advisory regarding the long-term APT campaign called Tardigrade. The attacks are targeting biomedical companies and the biotech manufacturing sector. Attackers use a new type of malware from the...
čítať celý článok

Warning — critical vulnerability in Microsoft Windows

The National Cyber Security Centre SK-CERT warns against a critical zero-day vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022. The vulnerability allows that any user account can become an administrator one without authorization. On 22 November 2021, a security researcher publicly disclosed the information and an exploit (a code representing a guide...
čítať celý článok
TL;DR

TL; DR: Attackers apologised to the royal family (45th week)

One ransomware gang ends, while another one apologises to the royal family. Two independent groups managed to break the protection of PlayStation 5 console on the same day and Microsoft patched a zero-day vulnerability. Successful hacking contest The hacking contest Zero Day Initiative’s Pwn2Own conducted in Texas City of Austin led to detection of 61...
čítať celý článok
TL;DR

TL; DR: Acer again under attack and Candy Maker at risk (42nd week)

Acer Company that manufactures laptops has not been lucky in the cybersecurity field recently. However, this can also be said about the REvil ransomware gang whose website has been inaccessible. 42nd week also brought interesting surveys, one of which says that sometimes we are too cautious. Acer again under attack Acer, PC and Device Maker,...
čítať celý článok
TL;DR

TL; DR: Unstoppable REvil and the arrest of a cybercriminal (41st week)

Europe is preparing a new regulation. This time for domain registration. REvil is behind most of ransomware attacks, but Pacific City Bank was attacked by AvosLocker ransomware. However, there are also good news – Security Service of Ukraine arrested another cybercriminal. Odd practices in Apple Apple has again silently fixed a zero-day vulnerability with the...
čítať celý článok
TL;DR

TL; DR Young talent competition and cheap malware (39th week)

October is the month of cyber security; a new ransomware has been found; and today, malware is sold very cheaply.  In addition, a former member of the REvil group is arguing with his former colleagues for money and young cybersecurity talents were competing in Prague. Cybersecurity month has started As every year, also this October...
čítať celý článok

Critical vulnerabilities in SAP products – update immediately

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in SAP products. SAP is one of the largest software manufacturers in the world. Its products focus mainly on customer relationship management, supply chain management, human resources, expenditure management and other areas. Software solutions from SAP are used worldwide not only in the private but...
čítať celý článok

Kaseya VSA – a target of the largest ransomware attack ever

On Friday, July 2, in the evening, the world was shaken by a massive ransomware attack targeting a remote server management application called the Kaseya Virtual Server Administrator, used for remote management of end user stations [1]. It is not uncommon that the major attack took place just before the Fourth of July holiday with a shorter...
čítať celý článok
TL;DR

TL; DR: REvil demands more and more, Irish healthcare system will assess the damages in hundreds of millions after the attack (27th week)

The cybercriminal group REvil seems unstoppable and is beginning to realize its value. After the attack on hundreds of companies, they demand a record amount as a ransom. After the ransomware attacks on Irish hospitals and healthcare organisations, state budget reserves are likely to be depleted due to bailout provision.  Recently, however, security forces have...
čítať celý článok

The United States and the United Kingdom have once again pointed to Russia. Attacks on cloud and enterprise networks are attributed to military intelligence

On 1 July, the US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the British National Cyber Security Centre (NCSC) issued a joint security recommendation containing information on malicious activities of the Russian military intelligence service GRU, which started in 2019 and continues to this...
čítať celý článok

URGENT: Warning about the campaign of fraudulent phone calls

The National Cyber Security Centre SK-CERT warns against a fraudulent campaign. The actors pretend to be police officers and contact their victims by phone. They try to extract various data from them – including personal and access data. In this campaign, the attacker introduces himself as the police and after an initial talk, the victim...
čítať celý článok