National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications.

The U.S. Federal Bureau of Investigation (FBI) warned government agencies and health care organizations of ongoing BEC schemes exploiting the COVID-19 pandemic, as well as an overall increase in cryptocurrency and health care fraud scam activity targeting consumers.

Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).

In our previous posts, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money.

Το Universal Plug and Play (UPnP) είναι ένα σύνολο πρωτοκόλλων δικτύωσης που επιτρέπει σε δικτυωμένες συσκευές, όπως προσωπικούς υπολογιστές, εκτυπωτές, Internet gateways, σημεία πρόσβασης Wi-Fi και κινητές συσκευές, να αναγνωρίζουν αδιάλειπτα την παρουσία άλλων συσκευών στο δίκτυο και να δημιουργήσουν λειτουργικές υπηρεσίες δικτύου για κοινή χρήση δεδομένων, πικοινωνίες και ψυχαγωγία. Το UPnP προορίζεται κυρίως για οικιακά δίκτυα χωρίς συσκευές enterprise-class.

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service’ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services.

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to gym classes amidst the ongoing coronavirus outbreak and work from home became the new normal.

Microsoft says that Basic Authentication’s removal from Exchange Online is being postponed until the second half of 2021 due to the current situation created by the COVID-19 pandemic.

Over 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven’t yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions.