Warning of possible attacks on the biomedical sector

The National Cyber Security Centre SK-CERT warns of the ongoing campaign aimed at biomedical and biotech companies. The international platform for cooperation of biochemists BIO-ISAC released an advisory regarding the long-term APT campaign called Tardigrade. The attacks are targeting biomedical companies and the biotech manufacturing sector. Attackers use a new type of malware from the...

Warning — critical vulnerability in Microsoft Windows

The National Cyber Security Centre SK-CERT warns against a critical zero-day vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022. The vulnerability allows that any user account can become an administrator one without authorization. On 22 November 2021, a security researcher publicly disclosed the information and an exploit (a code representing a guide...
čítať celý článok
TL;DR

TL; DR: Attackers apologised to the royal family (45th week)

One ransomware gang ends, while another one apologises to the royal family. Two independent groups managed to break the protection of PlayStation 5 console on the same day and Microsoft patched a zero-day vulnerability. Successful hacking contest The hacking contest Zero Day Initiative’s Pwn2Own conducted in Texas City of Austin led to detection of 61...
čítať celý článok
TL;DR

TL; DR: Acer again under attack and Candy Maker at risk (42nd week)

Acer Company that manufactures laptops has not been lucky in the cybersecurity field recently. However, this can also be said about the REvil ransomware gang whose website has been inaccessible. 42nd week also brought interesting surveys, one of which says that sometimes we are too cautious. Acer again under attack Acer, PC and Device Maker,...
čítať celý článok
TL;DR

TL; DR: Unstoppable REvil and the arrest of a cybercriminal (41st week)

Europe is preparing a new regulation. This time for domain registration. REvil is behind most of ransomware attacks, but Pacific City Bank was attacked by AvosLocker ransomware. However, there are also good news – Security Service of Ukraine arrested another cybercriminal. Odd practices in Apple Apple has again silently fixed a zero-day vulnerability with the...
čítať celý článok
TL;DR

TL; DR Young talent competition and cheap malware (39th week)

October is the month of cyber security; a new ransomware has been found; and today, malware is sold very cheaply.  In addition, a former member of the REvil group is arguing with his former colleagues for money and young cybersecurity talents were competing in Prague. Cybersecurity month has started As every year, also this October...
čítať celý článok

Critical vulnerabilities in SAP products – update immediately

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in SAP products. SAP is one of the largest software manufacturers in the world. Its products focus mainly on customer relationship management, supply chain management, human resources, expenditure management and other areas. Software solutions from SAP are used worldwide not only in the private but...
čítať celý článok

Kaseya VSA – a target of the largest ransomware attack ever

On Friday, July 2, in the evening, the world was shaken by a massive ransomware attack targeting a remote server management application called the Kaseya Virtual Server Administrator, used for remote management of end user stations [1]. It is not uncommon that the major attack took place just before the Fourth of July holiday with a shorter...
čítať celý článok
TL;DR

TL; DR: REvil demands more and more, Irish healthcare system will assess the damages in hundreds of millions after the attack (27th week)

The cybercriminal group REvil seems unstoppable and is beginning to realize its value. After the attack on hundreds of companies, they demand a record amount as a ransom. After the ransomware attacks on Irish hospitals and healthcare organisations, state budget reserves are likely to be depleted due to bailout provision.  Recently, however, security forces have...
čítať celý článok

The United States and the United Kingdom have once again pointed to Russia. Attacks on cloud and enterprise networks are attributed to military intelligence

On 1 July, the US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the British National Cyber Security Centre (NCSC) issued a joint security recommendation containing information on malicious activities of the Russian military intelligence service GRU, which started in 2019 and continues to this...
čítať celý článok

URGENT: Warning about the campaign of fraudulent phone calls

The National Cyber Security Centre SK-CERT warns against a fraudulent campaign. The actors pretend to be police officers and contact their victims by phone. They try to extract various data from them – including personal and access data. In this campaign, the attacker introduces himself as the police and after an initial talk, the victim...
čítať celý článok

SK-CERT again warns of 0-day vulnerability in Google Chrome

The National Cyber Security Centre SK-CERT once again warns of another 0-day vulnerability in Google Chrome browser, which allows an attacker to remotely execute malicious code. Google Chrome is one of the most widely used web browsers available on most devices that users use for website browsing. On 17 June, Google released an update of...
čítať celý článok

SK-CERT warns: 0-day vulnerabilities in iOS 12.5.3, update immediately

The National Cyber Security Centre SK-CERT warns of 0-day vulnerabilities in the iOS operating system for older Apple devices in version 12.5.3, which allow an attacker to remotely execute arbitrary code. According to available information, vulnerability is being actively exploited by attackers. Apple also uses older versions of the iOS operating system on its older...
čítať celý článok

Protect yourself from smishing

Attackers in cyberspace are constantly looking for ways to extract information or money from their victims. Perhaps, the most popular way is phishing, i.e. fraudulent messages, in which the attacker tricks the victim into handing over financial or personal data. Phishing can take many forms – via e-mails, chat services and even phone calls. However,...
čítať celý článok

Ransomware and its reality today

It is certainly not necessary to explain again what ransomware is. In short, it is a malicious activity that leads to encryption of data (disks, and with poorly designed infrastructure even of backups if they exist). Subsequently, the attacker blackmails the victim and asks to pay a certain amount (so-called ransom) most often in bitcoins...
čítať celý článok

UPDATE: Warning against fraud abusing the identity of Financial Administration

Attacks that abuse the identity of the Financial Administration are constantly continuing. The National Cyber Security Centre SK-CERT has again detected an increased incidence of phishing e-mails that have the same method of execution. The attacker uses a new domain hXXps://earl-cherpeau[.]fr The National Cyber Security Centre SK-CERT, in cooperation with the Financial Administration, warns against...
čítať celý článok

URGENT: Warning of fraudulent phone calls

The National Cyber Security Centre SK-CERT warns against a large-scale fraudulent campaign conducted through phone calls. The principle of this campaign is to extract different data from the victim, including personal and access data, through phone calls (so-called phishing/vishing). A phone call from an attacker (regardless of where the phone call really comes from) appears...
čítať celý článok
TL;DR

URGENT: Warning against fraud abusing the identity of tercio.sk

URGENT: Warning against fraud abusing the identity of tercio.sk The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) warns against fraudulent e-mails designed to give the impression that their sender is the operator of the Internet store tercio.sk. The e-mail promises a refund. Based on SK-CERT activities and in cooperation with partners, it...
čítať celý článok

The US attributed a number of malicious activities to the Russian Foreign Intelligence Service

The United States’ National Security Agency  (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) jointly issued a common Cybersecurity Advisory directly attributing the exploitation of multiple vulnerabilities for conducting attacks against US targets and allied networks to the Russian Foreign Intelligence Service (SVR). In the report, the agencies stated that...
čítať celý článok

The National Cyber Security Centre SK-CERT analysed recently published attacks. Details and recommendations are the following

Updated on 21 April 2021 – extended IOC List To the warning of 16.04.2021, the National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) publishes the following additional information and technical identifiers: SK-CERT observed in a short time sequence ransomware infections in a number of organisations in IT sectors of public administration, telecommunications, energy...
čítať celý článok

National Security Authority has detected an increased number of cyberattacks. Read the recommendations on how to secure your system

The National Cyber Security Centre SK-CERT has recorded an increased incidence of significant and successful ransomware attacks in Slovakia. Recently, similar activities have intensified in the Central Europe. The National Security Authority (hereinafter referred to as NSA) warns companies and institutions to secure and make a backup of their systems without delay. If they neglect...
čítať celý článok

The National Cyber Security Centre SK-CERT warns against new vulnerabilities in DNS implementations

The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) warns against nine vulnerabilities in DNS implementations that allow attackers to render the service unavailable (DoS) and to execute any code. Vulnerabilities reported as NAME:WRECK, can be found: in popular open-source operating system FreeBSD, which is used, for example, for high-performance servers in millions...
čítať celý článok

April impacted by data leaks

It seems that the second week in April has been the worst week for social media platforms in terms of data leaks. It looks like now, just a few days after a billion LinkedIn and Facebook profiles leaked, it is the upstart platform Clubhouse’s turn. 1.3 million user records leaked from this platform. The leaked...
čítať celý článok
TL;DR

TL; DR: Don’t trust even the courier – especially when they send you an odd e-mail

The number of vulnerability victims in enterprise content firewall Accellion is constantly increasing. Most recently, a Canadian airplane maker has been targeted. Hackers also targeted Microsoft’s e-mail accounts, whilst in other case Microsoft quite richly rewarded a security researcher. A Finnish company also had to disconnect its services and dozens of nurseries in Britain renounced...
čítať celý článok

What’s to come in 2021

In retrospect of the year 2020 it is obviously necessary to mention all the circumstances brought about by the pandemic. With the number of changes in social or economic life, the circumstances have also caused the emergence of lots of still unknown challenges, doubts and problems. From the point of view of cybersecurity, the most...
čítať celý článok

Critical vulnerability in Microsoft Exchange – update as soon as possible

The National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) warns of critical vulnerabilities in Microsoft Exchange Server product. The attacker can use these vulnerabilities to execute a malicious code, take control of a vulnerable system and access sensitive information. Abuse is possible without knowledge of the login name and password. These vulnerabilities are...
čítať celý článok
TL;DR

TL; DR: KIA company has a difficult decision to make (7th week)

South Korea has caught its neighbour in the act again, a leading car maker in the country far beyond the ocean is experiencing worries “costing several millions” and the first malware optimised for Apple Silicon processors has emerged. The Ukrainian security authorities have had a successful intervention and the Dutch Police have issued a warning...
čítať celý článok
TL;DR

TL; DR: Apple, Microsoft and Netflix. A researcher managed to breach the protection of several IT giants (6th week)

You will learn about an attempt to attack drinking water supply in the USA, as well as a popular android application or a streaming service Spotify. Security authorities have solved several successful cases, and North Korean hackers can say likewise, because they have enriched the state budget by hundreds of millions of dollars in cryptocurrencies....
čítať celý článok
TL;DR

TL; DR: Google and Apple were patching and Facebook didn’t protect half a billion data (4th week)

In the fourth week of this year, at least on the surface, the security authorities’ achievements seemed to outweigh the successes of the attackers. Apple has successfully fixed a serious vulnerability exploited by the attackers, Proofpoint researchers have published a research on banking Trojan DanaBot and organisations haven’t again avoided ransomware attacks of a larger...
čítať celý článok

Warning: Backdoor in Zyxel products

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Zyxel firewalls, VPN gateways and AP controllers that can grant a remote attacker root access to vulnerable devices. The vulnerability affects more than 100 000 Zyxel devices. The vulnerability tracked as CVE-2020-29583, is based on fact that the devices have a hidden, hardcoded admin-level...
čítať celý článok

Blow to reputation. According to an internal report, Huawei cooperated on surveillance of the ethnic group.

Currently, a lot is being written about Chinese IT companies. They are the subject of suspicion of our intelligence services too, in implementing 5G technologies. Even the latest findings won’t help the damaged reputation of Huawei company. The Chinese IT giant has cooperated with security suppliers to develop surveillance products, some of which may serve...
čítať celý článok
TL;DR

TL; DR: Banks’ mistake costing several millions and fake Cyberpunk 2077 (50th week)

Several banks faced a sophisticated attack; the American school didn’t avoid ransomware; and the attackers targeted logistics as well. The disadvantages of converting the cybersecurity company to cybercrime company were clear to Canadian company Phantom Secure. Iranian hackers don’t spare Israeli companies; and all that glitters, it’s not Cyberpunk… More in our regular summary. Banks...
čítať celý článok

Extremely critical vulnerability in your IT asset management system

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the SolarWinds Orion system, the software for monitoring and managing IT assets. Therefore, the National Cyber Security Centre SK-CERT recommends to take the following measures immediately: Separate all active SolarWinds Orion services, in any version, from the Internet and internal infrastructure If it...
čítať celý článok
TL;DR

TL; DR: Focusing on vaccine and revenge following the notice

Hackers didn’t surprise but confirmed the concerns of the intelligence services. Furthermore, even if you are a company specialized in cybersecurity, it doesn’t mean that you are protected. The proof is the society that has become a target of a sophisticated attack. An incident with delivery services in Russia was unique; the ransomware group published...
čítať celý článok