1. October 2019

October – Cyber Security Month

Regulatory Agency for Electronic Communications and Postal Services along with its National CERT (SRB-CERT) is celebrating October, the European and global cyber security month, with a campaign "Active and Safe on the Internet". This campaign promotes the importance of information security to citizens, state organizations, public and private companies and aims to raise awareness and change behavioral patterns by providing basic information to all Internet users about available protection measures while being online.

As part of the Cyber Security Month, RATEL i.e. National CERT will hold a set of workshops intended for different user profiles, such as "Improvement of protection measures for safe Internet business" designed for small and medium enterprises in the Republic of Serbia (promotion of the Safety Act model), in cooperation with Serbian Chamber of Commerce.

In cooperation with NALED, with the participation of the Ministry of Trade, Tourism and Telecommunications and the Office for Information Technologies and e-Government, workshops are organized for local self-government units (Kragujevac, Belgrade, Niš, Novi Sad).

By means of the workshop titled "Active and Safe on the Internet", intended for the press and media companies in the Republic of Serbia, National CERT informs the journalists about current security risks on the Internet.

According to the National CERT's statistical data, the most frequent attack types remain phishing (in the region, different phishing campaigns in the banking sector are currently under way) and ransomware, followed by cryptomining and theft and leakage of personal and business data.

Cyber crime activities such as phishing, ransomware, data breach, DDoS and cryptomining account for 81.7% of the malware content, cyber espionage for 16%, while cyber warfare and hacktivism account for 1.2%  each.

21. August 2019

New Type of Ransom on the Internet

The National CERT of the Republic of Serbia (SRB-CERT) is informing and warning all computer and mobile device users about new type of Ransom detected on the Internet in which hackers require payment of a certain amount of money in the Bitcoin cryptocurrency.

Specifically, hackers select a potential victim and through the search of social network accounts (Facebook, Instagram, etc.) analyze the collected data about the victim and their family members. Based on the information collected, such as name of primary or secondary school, sports school, music school, etc., they pass the threat to the victim, stating that they will attack the child if the victim does not pay the required amount of money in the Bitcoin cryptocurrency.

Among the victims there were some SME companies, which reported that hackers were threatening food or animal poisoning that the company produces or breeds on its farms, or the burning of goods stored in certain company warehouses.

SRB-CERT advises all user to act preventively, by paying attention to the information and photos they publish on social networks and thus prevent abuse of this type of extortion on the Internet.

If users receive such a threat, it is imperative that they report the incident to the Ministry of the Interior - Department for the High-Tech Crime, at e-mail account

16. July 2019

End of Support for Windows 7 OS

Until January 14, 2020. Microsoft will continue to create new software and security updates of Windows 7 OS, after which users of this OS should upgrade to Windows 10. This upgrade is not a must for users, but after this date users of Windows 7 will no longer be able to access the latest software and security updates offered by this company.

As a form of prevention and protection against possible misuse of discovered vulnerabilities in operating systems after it’s End of Support date, the National CERT recommends users to upgrade their OS to Windows 10 in a timely manner.

More details on this topic please visit Microsoft link.

15. May 2019

Facebook Urges Users to Update WhatsApp Application

Facebook has discovered the vulnerability of its WhatsApp application. The detected vulnerability allows attackers to install malicious software (spyware) into the user's mobile device, through the function of calling other users of this popular application. The attacker can infect the mobile device by simply calling the user, regardless of whether the called user accepts the call or not.

Facebook has detected this vulnerability in May. Development Facebook teams reacted quickly and created an appropriate patch to protect their users by preventing further exploitation of the vulnerability.

The National CERT recommends users to update their mobile devices by downloading the latest available version of WhatsApp application and thus preventing any possible misuse of detected vulnerability. As an additional form of protection, users can also update the operating systems of their devices.



Source: The Guardian


27. February 2019

Vulnerability of application solutions and services for signing .PDF documents revealed

Many popular .PDF viewers and online validation services contain vulnerabilities that can be used to make unauthorized changes to signed а .PDF documents without invalidating their signature.

The signature of the .PDF documents rely on cryptographic protection, which prevents the entry of unauthorized changes into a document signed this way.

This type of signing .PDF documents are widely used by many governments around the world, but also by companies and large corporations such as Amazon, who sign their documents such as invoices by using those apps and services.

The team of researchers from Germany analyzed 22 desktop applications (including Windows, Linux and MacOS operating systems) and 7 online validation services for signing .PDF documents.

The list of vulnerable applications includes Adobe Reader, Foxit Reader, LibreOffice, Nitro Reader, PDF-Xchange and Soda PDF. The list of vulnerable online signature validation services includes DocuSign, eTR Validation Service, DSS Demonstration WebApp, Evotrust and

The researchers shared their results with the vendors of these applications and online services. Application vendors have already published patches for those vulnerabilities, while some of the online service providers are actively working to find the right solutions.

The researchers published a document containing a report on their work, as well as a link in which an example of the abuse of detected vulnerability can be seen but their recommendations as well.

The National CERT of the Republic of Serbia recommends to all users to update their hardware and application solutions in a timely manner, as one of the most effective preventive measures.



Source: SecurityWeek

3. December 2018

Mandatory Registration of Company e-mail Addresses

The amendments to the Serbian Company Law adopted in June 2018 set down the obligation of all companies registered in the Republic of Serbia to register their e-mail addresses. The provisions of the Law related to the obligation of newly founded companies to register their business e-mail address came into force on 1 October 2019, while the deadline for the existing companies is 1 October 2019.

10. October 2018

A Root Key Signing Key (KSK) Rollover Announced by ICANN

On October 11, 2018, at 16:00 UTC, the Internet Corporation for Assigned Names and Numbers (ICANN) will be performing a root Key Signing Key (KSK) rollover for the first time.

ICANN is the world leading Internet governing organization, responsible for the Internet's global Domain Name System (DNS), including policy development for internationalization of the DNS system. The DNS system resolves domain and computer names to IP addresses and DNSSEC is the DNS Security Extension which prevents user redirection to websites containing malware.

Rolling the KSK means generating a new cryptographic public and private key pair and distributing the new public component to parties who operate validating resolvers.

More information about how to prepare for the root zone KSK rollover can be found at:

1. October 2018

Facebook Vulnerability Impacted 50 Million Accounts

On 25.09.2018 Facebook's engineering team discovered a vulnerability in Facebook's code that impacted "View As" feature that lets people see what their own profile looks like to someone else. This vulnerability allowed attackers to steal Facebook access tokens and take over users' accounts. The security issue affected almost 50 million accounts.

Facebook declared to have fixed the vulnerability and informed law enforcement.

Facebook has reset the access tokens of the 50 million affected accounts to protect their security, and of another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back into Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

Facebook temporarily turned off the "View As" feature while they conduct a thorough security review.

Facebook stated that there was no need for anyone to change their password. Additionally, if anyone wants to take the precautionary action of logging out of Facebook, they should visit the "Security and Login" section in Settings. It lists the places people are logged into Facebook, including a one-click option to log out of them all.





Аdditional info:


9. July 2018

Rakhni Trojan - Multifunctional Malicious Software

The Kaspersky Lab has detected a new type of malicious software called Rakhni Trojan (Trojan-Ransom.Win32.Rakhni). This type of malicious software has multifunctional abilities. It can be run as ransomware, crypto-miner or net-worm depending on the attacker's decision. Initially, it runs content checks on the victim's PC after which the attacker triggers one of the three possible options.

This type of malicious software emerges on the territory of Russia and spreads further via spam and phishing campaigns. It contains e-mails with fake corporate financial documents. Once they have opened the e-mail, users get instructions on how to open the attached PDF file. By clicking on the PDF, the victim launches an executable file written in Delphi which uses a fake Adobe Systems Incorporated digital signature.

If an attacker decides to launch the ransomware option, the user will receive a MESSAGE.txt file with the ransom request (please visit decryption tools).

If an attacker decides to start the crypto-mining option, a VBS script will start mining Monero and Dashcoin cryptocurrency.

If the previous two options are not suitable, the attacker may decide to run net-worm option which allows the Trojan to copy itself on all computers of the local network.

For more details please visit:





4. May 2018

Twitter urging all 330 million users to change password

The National CERT of the Republic of Serbia (SRB-CERT) is informing and warning all Twitter users to change their passwords after a bug expose them in plain text. If not your account can be misused. Apparently, passwords were being saved in plain text, instead of masking them in with the hashing process. Twitter claims that they have found the bug and removed all passwords immediately. There is no official statement regarding how many passwords were exposed before they found and fixed this issue.
National CERT recommends password change to all Twitter users in order to avoid any kind of misuse of their account.

For more details, please visit