National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

25 September 2021

Guardicore Team has uncovered a design-level flaw in Microsoft Exchange Autodiscover, which could result in the leak of millions of usernames and passwords across the globe.

24 September 2021

VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

23 September 2021

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations.

17 September 2021

In early September 2021 QRATOR labs published an article about a new wave of DDoS attacks, which are originating from a botnet involving MikroTik devices. 

16 September 2021

Βορειοκορεατική ομάδα χάκερ εξαπέλυσε πρόσφατα κυβερνοεπίθέσεις χρησιμοποιώντας τα μέσα κοινωνικής δικτύωσης ως το μέσο προσέλκυσης υποψήφιων θυμάτων για την εγκατάσταση κακόβουλου λογισμικού στον υπολογιστή τους.

15 September 2021

Microsoft Azure users with Linux VMs or virtual machines running are exposed to the latest security vulnerabilities dubbed as OMIGOD.

14 September 2021

Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones.

10 May 2021

Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks.

23 April 2021

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators’ army of Monero (XMR) cryptocurrency mining bots.

23 April 2021

QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.

21 April 2021

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products.

21 April 2021

Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks.

06 April 2021

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.”

05 April 2021

First discovered in 1998, SQL injections (SQLi) are still a devastatingly effective attack technique and remain a top database security priority.

31 March 2021

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers.

30 March 2021

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with.

30 March 2021

Popular npm library netmask has a critical networking vulnerability.

24 March 2021

To «σκοτεινό διαδίκτυο» γνωστό και ως Dark Web είναι ένα μέρος του Διαδικτύου που δεν ανιχνεύεται από μηχανές αναζήτησης και οι κυβερνοεγκληματίες συχνά πωλούν και αγοράζουν παράνομα προϊόντα ή υπηρεσίες. Οι επικοινωνίες γίνονται μέσω εφαρμογών κρυπτογραφημένων μηνυμάτων, ενώ οι πληρωμές ζητούνται με τη μορφή κρυπτονομισμάτων, το οποία είναι πολύ δύσκολα να εντοπιστούν.

22 March 2021

Energy giant Shell has disclosed a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA).

ENISA: Cyber threats require heightened defences

#CyberSecMonth 2017 - Cyber Security in the Home