National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

18 Μαΐου 2020

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.

18 Μαΐου 2020

Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft’s Remote Desktop Protocol, Microsoft though  had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.

14 Μαΐου 2020

More than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are ‘unknowingly’ leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.

14 Μαΐου 2020

Malware analysts have found multiple samples of a new malware toolkit that can collect sensitive files from systems isolated from the internet. They call it Ramsay and there are few known victims to date.

13 Μαΐου 2020

Enterprise software maker SAP released its May security patches, which cover six critical issues in several of its products, three of them with a severity score very close to maximum.

13 Μαΐου 2020

Fortune 500 company Magellan Health Inc announced today that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.

12 Μαΐου 2020

f you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability.

12 Μαΐου 2020

A cybersecurity researcher uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports.

11 Μαΐου 2020

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties.

11 Μαΐου 2020

Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group.

11 Μαΐου 2020

The Sodinokibi (REvil) ransomware has added a new feature that allows it to encrypt more of a victim’s files, even those that are opened and locked by another process.

08 Μαΐου 2020

Hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins with the end goal of remotely executing arbitrary code and fully compromising unpatched targets.

07 Μαΐου 2020

An advanced hacker group running cyber-espionage campaigns since at least 2010 has been operating stealthily over the past five years. They deliver a new backdoor called Aria-body and use victims’ infrastructure to carry attacks against other targets.

06 Μαΐου 2020

Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defences might be lowered due to the shift of focus to the health crisis.

PDF: Global landscape on COVID-19 cyberthreat

06 Μαΐου 2020

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform.

05 Μαΐου 2020

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert.

04 Μαΐου 2020

A hacker is selling a database containing the information of 91 million Tokopedia accounts on a dark web market for as little as $5,000. Other threat actors have already started to crack passwords and share them online.

04 Μαΐου 2020

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) addressing the issues, rated with CVSS score 10.

29 Απριλίου 2020

A threat actor focusing on Android systems has expanded their malware-as-a-service (MaaS) business with file-encrypting capabilities for ransomware operations.

28 Απριλίου 2020

As people socially isolate and work from home, shopping online and home deliveries have increased.

ENISA: Cyber threats require heightened defences

#CyberSecMonth 2017 - Cyber Security in the Home