National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday.

icrosoft has confirmed that a bug in Windows 10 version 1607 and Windows Server 2016 is causing the Group Policy Editor to display errors.

In a report this week, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks.

QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device’s data, and in some cases, steal files from the victim.

Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates.

A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages of the attack.

The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine.

The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently.

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities.

Palo Alto Networks has fixed a new critical vulnerability affecting multiple versions of PAN-OS, the operating system affecting its next-generation firewalls.

Attackers who are actively exploiting a critical remote code execution flaw affecting over 600,000 of WordPress sites running vulnerable File Manager plugin versions have also been seen protecting the sites they compromise from other threat actors’ attacks.

Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day.

A vulnerability exists in certain implementations of Bluetooth 4.0 through 5.0 which allows an attacker to overwrite or lower the strength of the pairing key, giving them access to authenticated services.

The French national cyber-security agency today published an alert warning of a surge in Emotet attacks targeting the private sector and public administration entities throughout the country.

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.

Threat researchers discovered a new malware family that is fully focused on getting as much cryptocurrency as possible from its victims. For this purpose, it steals wallets, hijacks transactions, and starts mining on infected machines.

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware.

It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used as “hackers for hire” by competing private companies to make away with confidential information.

The Lemon_Duck cryptomining malware has been updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances.