The National Cyber Security Centre SK-CERT (hereinafter referred to as “NCKB SK-CERT”) warns of an increased risk of ransomware attacks by the Medusa group, which are particularly targeted on educational institutions. A successful attack will cause a total unavailability of systems and services and a leak of sensitive information. What is the Medusa group? According...

The National Security Authority warns of potential cyberattack threats in connection with the increase in the use of social engineering techniques by DPRK-sponsored hacking groups. The most prominent of these groups is Kimsuky (APT 43). Their activities focus on spearphishing campaigns in which cyber actors impersonate journalists or academic scholars to collect information and documents...

The National Cyber Security Centre SK-CERT warns of a zero-day vulnerability in VMware ESXi system, which can be exploited using valid ESXi credentials. The vulnerability allows code execution in virtual servers under a privileged user without knowledge of credentials to virtual servers. In order to exploit the vulnerability, access to the ESXi administrative interface is...

The 2nd edition of the national cybersecurity CyberGame competition registered a total of 2,334 participants on both the Slovak and English playing platforms. The expert guarantor of the contest is the National Security Authority. 1,788 players were registered on the Slovak playing platform, 832 of them were active players, which means a significant increase in...

The National Cyber Security Centre SK-CERT warns of a new critical vulnerability in the FortiOS operating system included in various Fortinet products. Fortinet products are widely used by organizations in the Slovak cyberspace, including operators of essential services. The warning is issued by the National Security Authority pursuant to Article 27(1) a) of the ....

The National Cyber Security Centre SK-CERT warns of a vulnerability in motherboards from the manufacturer GIGABYTE, which are popular and often used in the Slovak market as well. GIGABYTE motherboards have a built-in motherboard firmware update mechanism that contains security vulnerabilities. Each time the computer reboots, the firmware initiates an update programme, and thus downloading...

A VPN service claiming that it does not log communications had again logs leaked. An illegal IPTV service was taken down in the Netherlands; and a large amount of medical and financial information was leaked in the US. An 18 year old hacker was discovered and charged with serious crimes by security forces; the founder...

The National Cyber Security Center SK-CERT warns about an actively exploited vulnerability in the Beautiful Cookie Consent Banner plugin of the WordPress content management system. The mentioned plugin is used to create a graphical notification about the use of cookies. The plugin has over 40,000 active installations. The vulnerability allows for a XSS attack, where...

The 2nd edition of the national cybersecurity CyberGame competition ended up with 2,334 registered participants on both the Slovak and English playing platforms. The expert guarantor of the contest is the National Security Authority. 1,788 players were registered on the Slovak playing platform, 832 of them were active players, which means a significant increase in...

Security forces successfully dismantled a credit card checking service, seized nine crypto exchange websites exploited by cybercriminals; and nearly 300 people were arrested. Ukraine’s CERT warns against phishing with malicious update instructions; and a mobile operator reported its second data breach this year. Dismantling the cybercrime service The U.S. Department of Justice has dismantled the...

As part of the “SK-CERT recommends” series, we bring you recommendation on how to charge your devices on your journeys and what to avoid in order not to become a victim of a cyberattack. The FBI Denver Department posted a warning on Twitter in April against charging the devices through public USB ports in airports,...

As part of the “SK-CERT recommends” series, we bring you recommendation on what to do if your supplier may have been attacked by ransomware, had data leaked, or may have been hit by another type of cyber incident. Does this supplier provide you with IT services? Does this supplier provide you with any external services...

Security researchers have discovered several new malwares; a campaign in North Korea targets yet another operating system; and security forces have successfully arrested Internet fraudsters. The month of March was a record-breaking month in the number of ransomware attacks; and possible victims of ransomware groups include a Canadian hospital and a German superyacht manufacturer. Library...

A ransomware gang claims responsibility for an attack on a multinational corporation that admitted the attack but remains silent about the consequences; security researchers warn of a phishing campaign masquerading as a browser update; and forum members received a warning from the Dutch Police. OpenAI company promises rewards for discovering vulnerabilities; and an unknown cybercriminal...

The National Cyber Security Centre SK-CERT warns of critical security vulnerabilities in Apple products that could be exploited by attackers for remote code execution, resulting in a complete breach of confidentiality, integrity and availability of affected systems. These vulnerabilities are currently being actively exploited by attackers. The security vulnerability tracked as CVE-2023-28205 can be found...

New threat actors have been identified on the ransomware and phishing scene, including the threat actor who has the new and currently fastest encryption binary in the world. A multinational corporation has become a target of a major cyberattack and has been forced to suspend services. Security forces have had a success in a number...

An unknown attacker gained access to personal and health data of millions of American patients; a cybersecurity firm successfully fended off a cyberattack; and an unknown U.S. agency has become an easy target for cybercriminals thanks to an out-of-date system. The VPN provider increased transparency by publishing its source code; and security forces had a...

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in Microsoft Outlook that could be exploited by remote unauthenticated attackers to elevate privileges and gain access to a victim’s network. Microsoft Outlook is a popular and frequently used email management application. It is widespread globally, also in the Slovak cyberspace. The application vulnerability,...

A hacker sells the data of a multinational corporation and a subsidiary of an Indian bank; Emotet has resumed its activity; there has been a major ransomware attack on a hospital; and a manual for decrypting the MortalKombat ransomware has been published. Security forces arrested members of a well-known ransomware gang; and also managed to...

The National Cyber Security Centre SK-CERT is warning of vulnerabilities in Cisco telephony devices that could be exploited by remote unauthenticated attackers for arbitrary code execution (ACE) or denial of service (DoS). Critical vulnerabilities identified by CVE-2023-20078 and CVE-2023-20079 could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service....

The second season of the Slovak cyber security competition CyberGame emphasises the search for talent in the field of cyber security regardless of age. The scenarios are inspired by current events, as the tasks are also prepared by professionals from the National Cyber Security Centre SK-CERT. The National Security Authority is the expert guarantor of...

The National Security Authority (hereinafter referred to as “the NSA”) issues a warning of an increased risk of cybersecurity incidents by pro-Russian oriented community hacker groups against Slovak targets in relation to securing the networks and information systems of operators of essential services, including elements of critical infrastructure and other organisations. The warning is valid...

Two major cyberattacks started with a text message from an attacker; and data of tens of millions of Indian railway travellers leaked. Cybercriminals have started to actively exploit the chatbot to attract potential victims; a ransomware gang makes money from insurance companies; and security forces achieved successes and one failure. Did the investigators underestimate the...

The European Union Agency for Cybersecurity (ENISA) yesterday published the “Interoperable EU Risk Management Toolbox” which provides a comprehensive framework for managing cybersecurity risks across different sectors. The toolbox is designed to enable organisations to identify, assess and manage risks in a consistent and effective manner regardless of the size of the organisation, sector or...

The National Cyber Security Centre SK-CERT warns of a vulnerability in OpenSSH that could be exploited by remote unauthenticated attackers for remote code execution (RCE) or denial of service (DoS). OpenSSH is a popular tool used for secure communication, remote access or secure data transfer. It is an open-source implementation of the Secure Shell (SSH)...

A city in California had to declare a state of emergency after a ransomware attack; a source code leaked from a social news aggregation platform; Dota players need to be more careful with game modes; and Cloudflare successfully blocked a record-breaking DDoS attack. Ransomware decryptors were also released; and the slowdown of the Tor anonymization...

The National Cyber Security Centre SK-CERT warns of several vulnerabilities in Apple products that could be exploited by attackers for remote code execution or information theft. Apple has released a patch for several vulnerabilities, including several critical ones that allow attackers to perform several malicious activities, such as denial of service, privilege escalation, remote code...

A ransomware gang has shown that they take unusual care of nature; users whom leaked data due to a T-Mobile attack and use Google Fi have been advised to change out their SIM cards; and security researchers have pointed to cooperation between companies to raise awareness of supply chain attacks. The source code of a...

The National Cyber Security Centre SK-CERT warns of several vulnerabilities in Apple products that could be exploited by attackers for remote code execution, denial of service or information theft. Apple has released a patch for several vulnerabilities, including several critical ones that allow attackers to execute several malicious activities – denial of service, privilege escalation,...

Security researchers have released decryption keys for ransomware; criminals have stolen Darkweb business from other criminals; and hacktivists are freely distributing data from two forensic companies. Europol and the security forces carried out several successful international interventions against fraudsters in call centres. The success of security forces Europol, in cooperation with the law enforcement and...

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Git system that could be exploited by attackers for remote code execution. Git is a distributed revision control tool. Git is a popular open-source tool used worldwide. Critical vulnerabilities are tracked as CVE-2022-23521 and CVE-2022-41903. The vulnerabilities allow an unauthenticated attacker to execute code...

The National Cyber Security Centre SK-CERT warns of a new vulnerability in the firmware of programmable logic controllers (PLC) from Siemens. PLC devices from Siemens are also popular and widely used in Slovakia in various areas of manufacturing and industry. The vulnerability allows an attacker to bypass all protected boot features allowing him to modify...

A corporation was fined for illegal advertising; schoolchildren in the US were given three days of cyber holiday; and a British medical centre gave its patients an unwanted gift in the form of a text message. Security researchers published decryption keys for ransomware; and cybercriminals started using artificial intelligence to write malware. Fine for advertising...

Security forces in Ukraine managed to achieve another success in the fight against cybercrime. The LastPass data breach is escalating; and there is also more recent information about the sports betting company DraftKings’ data leak. Cybercriminals attacked a children’s hospital in Canada; and several charges were laid and several sentences handed down. Ransomware attack on...

The National Cyber Security Centre SK-CERT (hereinafter referred to as “NCSC SK-CERT”) warns of a new critical vulnerability in FortiOS and FortiProxy products. FortiOS and FortiProxy are Fortinet products. FortiOS is an operating system that is used in other Fortinet products, FortiProxy is a web proxy used mainly for URL filtering, threat protection and malware...

A company focusing on secure password storage has become a victim of a data leak; two cybercriminals have been arrested with millions in profits; and a French energy company has discovered that weak password encryption does not pay off. Passwords are “safe” LastPass became a target of another cyberattack, leading to a data breach. Cybercriminals...

Although a new version of the TLP standard has been available for a longer time (the National Cyber Security Centre SK-CERT already published the relevant article in August), not all organizations have adopted these changes into their processes. The National Cyber Security Centre SK-CERT (hereinafter referred to as “NCSC SK-CERT”) therefore appeals to all those...

The National Cyber Security Centre SK-CERT reminds that the OpenSSL developers have announced the release of a patch for a critical security vulnerability on Tuesday, 1 November 2022 at 2:00 p.m. (winter time). Please note that details will be published during our bank holiday. Operators of essential services are therefore strongly advised to place necessary...

Microsoft faces an incident that may have resulted in the data leak of tens of thousands of entities, security forces arrested members of a car-jacking gang, and an Australian insurance company was the victim of a ransomware attack. Microsoft incident A configuration error led to a potential leak of Microsoft customer and partner information. SOCRadar...

A Japanese car company has been sharing access keys to some of its systems on its GitHub for five years, a US hospital network is battling a ransomware infection, and users of unofficial WhatsApp clients should consider returning to the original. After Slovak airports, US ones also faced a DDoS attack and AVAST has published...

The National Security Authority has been granted CVE Numbering Authority (CNA) status. This will give it greater flexibility in assigning vulnerability identifiers (CVE numbers). The National Cyber Security Centre SK-CERT will be one of 12 CERTs from around the world to have this status. It will be only the third of its kind in Europe....

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the Zimbra Collaboration Suite. Zimbra is a popular web-based email server that is often used in Slovak cyberspace. Recent vulnerabilities in this product cause an attacker to upload arbitrary files, which can lead to unauthorized code execution. Exploiting the vulnerabilities will allow full...

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in FortinetOS and FortiProxy products. FortinetOS and FortiProxy are Fortinet products. FortinetOS is an operating system that is used in other Fortinet products, FortiProxy is a web proxy used mainly for URL filtering, threat protection and malware detection. The latest vulnerability is a flaw...

The security forces have had much success in arresting, investigating and trying cyber criminals, a chess genius has been branded a fraudster, and data leaks by telecommunications companies in Australia have been a prominent theme. Arrests in Germany German police carried out house searches of three people accused of carrying out phishing attacks leading to...

Update 10.10.2022 09:50: update recommendations (another change in URL rewrite rule) Update 5.10.2022 14:00: update recommendations (small change in URL rewrite rule) Update 30.09.2022 13:00: attacker must be authenticated The National Cyber Security Centre SK-CERT warns of actively exploited zero-day vulnerabilities in the Microsoft Exchange Server product. By exploiting unspecified vulnerabilities, a remote unauthenticated authenticated...

Security researchers have published information about malware that installs a large number of others, a new tool is spreading on hacker forums, and Brazilian payment portal hackers have returned after a year-long hiatus. Malware mixer Security researchers from Kaspersky have released information about the new NullMixer malware. It spreads via websites that share cracked software....

Security researchers published an analysis on the misuse of games to distribute malware, a network of hotels fell victim to a potential attack, and security forces saw significant successes in arresting several cybercriminals and dismantling a large cybercrime forum. Gaming risk analysis Kaspersky security researchers have published a detailed analysis of cyber threats related to...

Twitter’s former chief of cybersecurity has released a great deal of serious information about the state of the social network’s cybersecurity. Cybercriminals have found out what it’s like to be the target of a DDoS attack, being a crumb in its intensity compared to a new DDoS record successfully repelled by Google. Extreme accusations Twitter’s...

A ransomware group misidentified their victims with similar organisation and began to blackmail them; security researchers detected a unique vector for spreading malware; and a hacking enthusiast described at a conference how he took control of a satellite. Cyber-hoax of ransomware group South Staffordshire Water, a company supplying drinking water to 1.6 million consumers in...