Backdoor in SSH Server Caused by XZ/LZMA Compression Library – Update Immediately!

Update on 3 April 2024 (in blue and italics): added vulnerable Linux distributions, more specific malicious library behaviour, recommendations. A software developer discovered a backdoor in the lzma library, which is used for compression and is part of the xz-utils package. This library is used worldwide in software for archiving, multimedia handling and may be...

Warning of Vulnerability in Palo Alto Networks Firewall

Update on 19 April 2024: Added affected versions and recommendations The National Cyber Security Center (NCSC) warns of a critical security vulnerability with a CVSS score of 10.0 in Palo Alto devices. Palo Alto has warned its customers that a critical flaw impacting PAN-OS software with GlobalProtect enabled is being actively exploited. The vulnerability has...
čítať celý článok

VMware Released Security Patches for Critical Vulnerabilities in ESXi

The National Cyber Security Centre warns of two critical vulnerabilities in VMware products (ESXi, Workstation, Fusion, and Cloud Foundation). The company documented a total of four vulnerabilities, warning that the most serious of them could allow a malicious actor with local administrative privileges on virtual machines to execute code as the virtual machine’s VMX process running...
čítať celý článok

Warning of Vulnerability in Android devices

The National Cyber Security Centre SK-CERT warns of a vulnerability in devices running Android versions 13 and 14. The vulnerability lies in the insufficient device security even when the screen is locked. A threat actor needs physical access to the device to exploit this particular vulnerability, and then can access sensitive data such as photos,...
čítať celý článok

Warning of Critical Randstorm Vulnerability in Crypto Wallets

A recent report by a blockchain security company Unciphered has revelead a critical vulnerability dubbed “Randstorm” affecting cryptocurrency wallets created between 2011 and 2015. It makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning blockchain platforms. The report disclosed that Randstorm could affect several blockchain projects in the...
čítať celý článok
sociálne siete

Warning to Parents about a Dangerous Group on WhatsApp

The National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) warns parents about the group “Add as many people as possible” (Přidej co nejvíc lidí) on the social media platform Whatsapp, which is currently spreading among primary school pupils in the Czech Republic and Slovakia. According to reports from the Czech Republic, the group...
čítať celý článok

Warning of Actively Exploited Zero-Day Vulnerability in Cisco IOS XE

UPDATE on 24 October 2023 at 1.00 p.m.: Identification of additional vulnerability CVE-2023-2073, update of procedure for identifying compromised devices, addition of reference to firmware updates. The National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) warns of an actively exploited vulnerability in the Cisco IOS XE software interface. Cisco has identified the active...
čítať celý článok

Warning of Vulnerability in Adobe Reader and Acrobat

The National Cyber Security Centre SK-CERT warns of a security update released for Adobe Reader and Acrobat for Windows and macOS systems. This update fixes a serious vulnerability that allows an attacker to execute arbitrary code. Adobe products are the world’s favourite tools for everyday use of computers and other devices. Adobe Reader and Acrobat...
čítať celý článok

Threats Associated with Artificial Intelligence Technologies

Applied artificial intelligence is becoming one of the greatest technological advances of our time. With its great potential, however, there come significant concerns about potential misuse, as well as unintended consequences in its deployment. Therefore, it is necessary to focus on the risks that arise from the use of artificial intelligence. What is artificial intelligence?...
čítať celý článok

Warning of Vulnerabilities in AMI MegaRAC

The National Cyber Security Centre SK-CERT warns of two vulnerabilities in the MegaRAC Baseboard Management Controller (BMC) that enable bypassing authentication and injecting arbitrary code. Regarding the nature of the vulnerable systems, physical damage to vulnerable servers is also possible. The MegaRAC Baseboard Management Controller is a component that is used for server management, independent...
čítať celý článok

Warning of Spearphishing Activities by North Korean Hacking Groups

The National Security Authority warns of potential cyberattack threats in connection with the increase in the use of social engineering techniques by DPRK-sponsored hacking groups. The most prominent of these groups is Kimsuky (APT 43). Their activities focus on spearphishing campaigns in which cyber actors impersonate journalists or academic scholars to collect information and documents...
čítať celý článok

Warning of Zero-Day Vulnerability in VMware ESXi System

The National Cyber Security Centre SK-CERT warns of a zero-day vulnerability in VMware ESXi system, which can be exploited using valid ESXi credentials. The vulnerability allows code execution in virtual servers under a privileged user without knowledge of credentials to virtual servers. In order to exploit the vulnerability, access to the ESXi administrative interface is...
čítať celý článok

CyberGame 2023: All-Star Players, Artificial Intelligence Usage and the Slovak National Team Formation

The 2nd edition of the national cybersecurity CyberGame competition registered a total of 2,334 participants on both the Slovak and English playing platforms. The expert guarantor of the contest is the National Security Authority. 1,788 players were registered on the Slovak playing platform, 832 of them were active players, which means a significant increase in...
čítať celý článok

Warning of Critical Vulnerability in Fortinet Products

The National Cyber Security Centre SK-CERT warns of a new critical vulnerability in the FortiOS operating system included in various Fortinet products. Fortinet products are widely used by organizations in the Slovak cyberspace, including operators of essential services. The warning is issued by the National Security Authority pursuant to Article 27(1) a) of the ....
čítať celý článok

Warning of GIGABYTE Motherboard Vulnerability

The National Cyber Security Centre SK-CERT warns of a vulnerability in motherboards from the manufacturer GIGABYTE, which are popular and often used in the Slovak market as well. GIGABYTE motherboards have a built-in motherboard firmware update mechanism that contains security vulnerabilities. Each time the computer reboots, the firmware initiates an update programme, and thus downloading...
čítať celý článok
TL;DR

TL;DR: Open VPN Database (21st Week)

A VPN service claiming that it does not log communications had again logs leaked. An illegal IPTV service was taken down in the Netherlands; and a large amount of medical and financial information was leaked in the US. An 18 year old hacker was discovered and charged with serious crimes by security forces; the founder...
čítať celý článok

Warning about an actively exploited vulnerability in a WordPress plugin

The National Cyber Security Center SK-CERT warns about an actively exploited vulnerability in the Beautiful Cookie Consent Banner plugin of the WordPress content management system. The mentioned plugin is used to create a graphical notification about the use of cookies. The plugin has over 40,000 active installations. The vulnerability allows for a XSS attack, where...
čítať celý článok

CyberGame: First Evaluation 24 Hours after the Game and a New Dimension. Participants Used Artificial Intelligence!

The 2nd edition of the national cybersecurity CyberGame competition ended up with 2,334 registered participants on both the Slovak and English playing platforms. The expert guarantor of the contest is the National Security Authority. 1,788 players were registered on the Slovak playing platform, 832 of them were active players, which means a significant increase in...
čítať celý článok
TL;DR

TL;DR: Cybercrime Services Dismantled (18th Week)

Security forces successfully dismantled a credit card checking service, seized nine crypto exchange websites exploited by cybercriminals; and nearly 300 people were arrested. Ukraine’s CERT warns against phishing with malicious update instructions; and a mobile operator reported its second data breach this year. Dismantling the cybercrime service The U.S. Department of Justice has dismantled the...
čítať celý článok

SK-CERT Recommends: Do Not Use Public USB Charging Stations

As part of the “SK-CERT recommends” series, we bring you recommendation on how to charge your devices on your journeys and what to avoid in order not to become a victim of a cyberattack. The FBI Denver Department posted a warning on Twitter in April against charging the devices through public USB ports in airports,...
čítať celý článok
TL;DR

TL;DR: Record-Breaking March (16th Week)

Security researchers have discovered several new malwares; a campaign in North Korea targets yet another operating system; and security forces have successfully arrested Internet fraudsters. The month of March was a record-breaking month in the number of ransomware attacks; and possible victims of ransomware groups include a Canadian hospital and a German superyacht manufacturer. Library...
čítať celý článok
TL;DR

TL;DR: Serious Ransomware Attacks (15th Week)

A ransomware gang claims responsibility for an attack on a multinational corporation that admitted the attack but remains silent about the consequences; security researchers warn of a phishing campaign masquerading as a browser update; and forum members received a warning from the Dutch Police. OpenAI company promises rewards for discovering vulnerabilities; and an unknown cybercriminal...
čítať celý článok

Warning of Critical Vulnerabilities in Apple Products

The National Cyber Security Centre SK-CERT warns of critical security vulnerabilities in Apple products that could be exploited by attackers for remote code execution, resulting in a complete breach of confidentiality, integrity and availability of affected systems. These vulnerabilities are currently being actively exploited by attackers. The security vulnerability tracked as CVE-2023-28205 can be found...
čítať celý článok
TL;DR

TL;DR: New Threat Actors on the Scene (13th and 14th Weeks)

New threat actors have been identified on the ransomware and phishing scene, including the threat actor who has the new and currently fastest encryption binary in the world. A multinational corporation has become a target of a major cyberattack and has been forced to suspend services. Security forces have had a success in a number...
čítať celý článok
TL;DR

TL;DR: Leak of the Year in March? (11th Week)

An unknown attacker gained access to personal and health data of millions of American patients; a cybersecurity firm successfully fended off a cyberattack; and an unknown U.S. agency has become an easy target for cybercriminals thanks to an out-of-date system. The VPN provider increased transparency by publishing its source code; and security forces had a...
čítať celý článok

Warning of a critical vulnerability in Microsoft Outlook

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in Microsoft Outlook that could be exploited by remote unauthenticated attackers to elevate privileges and gain access to a victim’s network. Microsoft Outlook is a popular and frequently used email management application. It is widespread globally, also in the Slovak cyberspace. The application vulnerability,...
čítať celý článok
TL;DR

TL;DR: Even Banks Cannot Avoid Cyberattacks (9th and 10th Weeks)

A hacker sells the data of a multinational corporation and a subsidiary of an Indian bank; Emotet has resumed its activity; there has been a major ransomware attack on a hospital; and a manual for decrypting the MortalKombat ransomware has been published. Security forces arrested members of a well-known ransomware gang; and also managed to...
čítať celý článok

Warning of critical vulnerabilities in Cisco telephony devices

The National Cyber Security Centre SK-CERT is warning of vulnerabilities in Cisco telephony devices that could be exploited by remote unauthenticated attackers for arbitrary code execution (ACE) or denial of service (DoS). Critical vulnerabilities identified by CVE-2023-20078 and CVE-2023-20079 could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service....
čítať celý článok

The national cybersecurity game CyberGame starts its second season: Because we believe there is talent among you!

The second season of the Slovak cyber security competition CyberGame emphasises the search for talent in the field of cyber security regardless of age. The scenarios are inspired by current events, as the tasks are also prepared by professionals from the National Cyber Security Centre SK-CERT. The National Security Authority is the expert guarantor of...
čítať celý článok

Warning of Increased Risk of Cyberattacks

The National Security Authority (hereinafter referred to as “the NSA”) issues a warning of an increased risk of cybersecurity incidents by pro-Russian oriented community hacker groups against Slovak targets in relation to securing the networks and information systems of operators of essential services, including elements of critical infrastructure and other organisations. The warning is valid...
čítať celý článok
TL;DR

TL;DR: Beware of Attacking SMS! (8th Week)

Two major cyberattacks started with a text message from an attacker; and data of tens of millions of Indian railway travellers leaked. Cybercriminals have started to actively exploit the chatbot to attract potential victims; a ransomware gang makes money from insurance companies; and security forces achieved successes and one failure. Did the investigators underestimate the...
čítať celý článok

ENISA Updated the Risk Analysis Methodology

The European Union Agency for Cybersecurity (ENISA) yesterday published the “Interoperable EU Risk Management Toolbox” which provides a comprehensive framework for managing cybersecurity risks across different sectors. The toolbox is designed to enable organisations to identify, assess and manage risks in a consistent and effective manner regardless of the size of the organisation, sector or...
čítať celý článok

Warning of OpenSSH vulnerability

The National Cyber Security Centre SK-CERT warns of a vulnerability in OpenSSH that could be exploited by remote unauthenticated attackers for remote code execution (RCE) or denial of service (DoS). OpenSSH is a popular tool used for secure communication, remote access or secure data transfer. It is an open-source implementation of the Secure Shell (SSH)...
čítať celý článok
TL;DR

TL;DR: State of Emergency (6th and 7th Week)

A city in California had to declare a state of emergency after a ransomware attack; a source code leaked from a social news aggregation platform; Dota players need to be more careful with game modes; and Cloudflare successfully blocked a record-breaking DDoS attack. Ransomware decryptors were also released; and the slowdown of the Tor anonymization...
čítať celý článok

Warning of Multiple Vulnerabilities in Apple Products

The National Cyber Security Centre SK-CERT warns of several vulnerabilities in Apple products that could be exploited by attackers for remote code execution or information theft. Apple has released a patch for several vulnerabilities, including several critical ones that allow attackers to perform several malicious activities, such as denial of service, privilege escalation, remote code...
čítať celý článok
TL;DR

TL;DR: Recycling Differently (5th Week)

A ransomware gang has shown that they take unusual care of nature; users whom leaked data due to a T-Mobile attack and use Google Fi have been advised to change out their SIM cards; and security researchers have pointed to cooperation between companies to raise awareness of supply chain attacks. The source code of a...
čítať celý článok

Warning of Multiply Vulnerabilities in Apple Products

The National Cyber Security Centre SK-CERT warns of several vulnerabilities in Apple products that could be exploited by attackers for remote code execution, denial of service or information theft. Apple has released a patch for several vulnerabilities, including several critical ones that allow attackers to execute several malicious activities – denial of service, privilege escalation,...
čítať celý článok
TL;DR

TL;DR: Thieves Scream “We Robbed a Thief” (3rd Week)

Security researchers have released decryption keys for ransomware; criminals have stolen Darkweb business from other criminals; and hacktivists are freely distributing data from two forensic companies. Europol and the security forces carried out several successful international interventions against fraudsters in call centres. The success of security forces Europol, in cooperation with the law enforcement and...
čítať celý článok

Warning of Critical Vulnerabilities in Git System

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Git system that could be exploited by attackers for remote code execution. Git is a distributed revision control tool. Git is a popular open-source tool used worldwide. Critical vulnerabilities are tracked as CVE-2022-23521 and CVE-2022-41903. The vulnerabilities allow an unauthenticated attacker to execute code...
čítať celý článok

Warning of Programmable Logic Controllers Vulnerability from Siemens

The National Cyber Security Centre SK-CERT warns of a new vulnerability in the firmware of programmable logic controllers (PLC) from Siemens. PLC devices from Siemens are also popular and widely used in Slovakia in various areas of manufacturing and industry. The vulnerability allows an attacker to bypass all protected boot features allowing him to modify...
čítať celý článok
TL;DR

TL;DR: Christmas SMS (1st and 2nd Week)

A corporation was fined for illegal advertising; schoolchildren in the US were given three days of cyber holiday; and a British medical centre gave its patients an unwanted gift in the form of a text message. Security researchers published decryption keys for ransomware; and cybercriminals started using artificial intelligence to write malware. Fine for advertising...
čítať celý článok
TL;DR

TL;DR: Attack on the Children’s Hospital and Success of the Ukrainian Police (51st Week)

Security forces in Ukraine managed to achieve another success in the fight against cybercrime. The LastPass data breach is escalating; and there is also more recent information about the sports betting company DraftKings’ data leak. Cybercriminals attacked a children’s hospital in Canada; and several charges were laid and several sentences handed down. Ransomware attack on...
čítať celý článok

Warning of a New Critical Vulnerability in FortiOS and FortiProxy

The National Cyber Security Centre SK-CERT (hereinafter referred to as “NCSC SK-CERT”) warns of a new critical vulnerability in FortiOS and FortiProxy products. FortiOS and FortiProxy are Fortinet products. FortiOS is an operating system that is used in other Fortinet products, FortiProxy is a web proxy used mainly for URL filtering, threat protection and malware...
čítať celý článok
TL;DR

TL;DR: LastPass and Zero Knowledge (47th and 48th Weeks)

A company focusing on secure password storage has become a victim of a data leak; two cybercriminals have been arrested with millions in profits; and a French energy company has discovered that weak password encryption does not pay off. Passwords are “safe” LastPass became a target of another cyberattack, leading to a data breach. Cybercriminals...
čítať celý článok

Upgrade Your Traffic Light Protocol – Move to TLP 2.0!

Although a new version of the TLP standard has been available for a longer time (the National Cyber Security Centre SK-CERT already published the relevant article in August), not all organizations have adopted these changes into their processes. The National Cyber Security Centre SK-CERT (hereinafter referred to as “NCSC SK-CERT”) therefore appeals to all those...
čítať celý článok
[Spooky SSL logo]

Critical vulnerability in OpenSSL – updated on 1 November 2022

The National Cyber Security Centre SK-CERT reminds that the OpenSSL developers have announced the release of a patch for a critical security vulnerability on Tuesday, 1 November 2022 at 2:00 p.m. (winter time). Please note that details will be published during our bank holiday. Operators of essential services are therefore strongly advised to place necessary...
čítať celý článok