A very convincing phishing campaign is under way against clients of several banks doing business in the Republic of Serbia. The phishing email seemingly sent out on behalf of several banks and appearing to be arriving from a legitimate domain, contains a notification on foreign exchange inflow and a malicious .pdf zip file attachment, activating a malicious code in the background. The malicous attachment is very sophisticated and has been recognized only by a few anitvirus softwares. For more details, please visit:
Based on the available information, we notify the public that these emails are not being sent from the banks' servers.
The National CERT urges all bank clients who receive silimar emails to delete them right away and, under any circumstances, not to open the attachment.
This September, the Greenbone Networks organization published a report where it is stated that, due to a discovered PACS server vulnerability, several million x-ray snapshots in 52 countries around the world were exposed, which could lead to an array of abuse. One of these countries was the Republic of Serbia.
After a 60-day period, this organization updated its report, saying that 11 countries from the September account (among which the Republic of Serbia; see Section 2.1 Good) undertook appropriate measures to prevent further leakage of their citizens' healthcare data.
For more details, please visit:
The National CERT warns all users about new malicious campaign which spoofs urgent update emails from Microsoft to infect user's systems with the Cyborg ransomware. Fake notices are sent via email to Windows 10 Operating System users, with either the subject line Install Latest Microsoft Windows Update now! or Critical Microsoft Windows Update!
The malicious email itself contains just one line of text which reads “Please install the latest critical update from Microsoft attached to this email”.
Upon clicking on the email's attachment, and once activated, the ransomware encrypts all of the files on the infected user's system, locking all the files on the PC, while displaying a ransom message on the screen.
The National CERT informs all users that Microsoft forwards its update notices and information exclusively through its Operating System and NEVER via email.
It is recommended by the National CERT that users who receive similar emails delete them right away. We remind all Internet users not to open any email attachments or links from unknown or untrusted sources.
Regulatory Agency for Electronic Communications and Postal Services along with its National CERT (SRB-CERT) is celebrating October, the European and global cyber security month, with a campaign "Active and Safe on the Internet". This campaign promotes the importance of information security to citizens, state organizations, public and private companies and aims to raise awareness and change behavioral patterns by providing basic information to all Internet users about available protection measures while being online.
As part of the Cyber Security Month, RATEL i.e. National CERT will hold a set of workshops intended for different user profiles, such as "Improvement of protection measures for safe Internet business" designed for small and medium enterprises in the Republic of Serbia (promotion of the Safety Act model), in cooperation with Serbian Chamber of Commerce.
In cooperation with NALED, with the participation of the Ministry of Trade, Tourism and Telecommunications and the Office for Information Technologies and e-Government, workshops are organized for local self-government units (Kragujevac, Belgrade, Niš, Novi Sad).
By means of the workshop titled "Active and Safe on the Internet", intended for the press and media companies in the Republic of Serbia, National CERT informs the journalists about current security risks on the Internet.
According to the National CERT's statistical data, the most frequent attack types remain phishing (in the region, different phishing campaigns in the banking sector are currently under way) and ransomware, followed by cryptomining and theft and leakage of personal and business data.
Cyber crime activities such as phishing, ransomware, data breach, DDoS and cryptomining account for 81.7% of the malware content, cyber espionage for 16%, while cyber warfare and hacktivism account for 1.2% each.
Until January 14, 2020. Microsoft will continue to create new software and security updates of Windows 7 OS, after which users of this OS should upgrade to Windows 10. This upgrade is not a must for users, but after this date users of Windows 7 will no longer be able to access the latest software and security updates offered by this company.
As a form of prevention and protection against possible misuse of discovered vulnerabilities in operating systems after it’s End of Support date, the National CERT recommends users to upgrade their OS to Windows 10 in a timely manner.
More details on this topic please visit Microsoft link.
The National CERT of the Republic of Serbia (SRB-CERT) is informing and warning all computer and mobile device users about new type of Ransom detected on the Internet in which hackers require payment of a certain amount of money in the Bitcoin cryptocurrency.
Specifically, hackers select a potential victim and through the search of social network accounts (Facebook, Instagram, etc.) analyze the collected data about the victim and their family members. Based on the information collected, such as name of primary or secondary school, sports school, music school, etc., they pass the threat to the victim, stating that they will attack the child if the victim does not pay the required amount of money in the Bitcoin cryptocurrency.
Among the victims there were some SME companies, which reported that hackers were threatening food or animal poisoning that the company produces or breeds on its farms, or the burning of goods stored in certain company warehouses.
SRB-CERT advises all user to act preventively, by paying attention to the information and photos they publish on social networks and thus prevent abuse of this type of extortion on the Internet.
If users receive such a threat, it is imperative that they report the incident to the Ministry of the Interior - Department for the High-Tech Crime, at e-mail account firstname.lastname@example.org.
Facebook has discovered the vulnerability of its WhatsApp application. The detected vulnerability allows attackers to install malicious software (spyware) into the user's mobile device, through the function of calling other users of this popular application. The attacker can infect the mobile device by simply calling the user, regardless of whether the called user accepts the call or not.
Facebook has detected this vulnerability in May. Development Facebook teams reacted quickly and created an appropriate patch to protect their users by preventing further exploitation of the vulnerability.
The National CERT recommends users to update their mobile devices by downloading the latest available version of WhatsApp application and thus preventing any possible misuse of detected vulnerability. As an additional form of protection, users can also update the operating systems of their devices.
Source: The Guardian
Many popular .PDF viewers and online validation services contain vulnerabilities that can be used to make unauthorized changes to signed а .PDF documents without invalidating their signature.
The signature of the .PDF documents rely on cryptographic protection, which prevents the entry of unauthorized changes into a document signed this way.
This type of signing .PDF documents are widely used by many governments around the world, but also by companies and large corporations such as Amazon, who sign their documents such as invoices by using those apps and services.
The team of researchers from Germany analyzed 22 desktop applications (including Windows, Linux and MacOS operating systems) and 7 online validation services for signing .PDF documents.
The list of vulnerable applications includes Adobe Reader, Foxit Reader, LibreOffice, Nitro Reader, PDF-Xchange and Soda PDF. The list of vulnerable online signature validation services includes DocuSign, eTR Validation Service, DSS Demonstration WebApp, Evotrust and VEP.si.
The researchers shared their results with the vendors of these applications and online services. Application vendors have already published patches for those vulnerabilities, while some of the online service providers are actively working to find the right solutions.
The National CERT of the Republic of Serbia recommends to all users to update their hardware and application solutions in a timely manner, as one of the most effective preventive measures.
The amendments to the Serbian Company Law adopted in June 2018 set down the obligation of all companies registered in the Republic of Serbia to register their e-mail addresses. The provisions of the Law related to the obligation of newly founded companies to register their business e-mail address came into force on 1 October 2019, while the deadline for the existing companies is 1 October 2019.
On October 11, 2018, at 16:00 UTC, the Internet Corporation for Assigned Names and Numbers (ICANN) will be performing a root Key Signing Key (KSK) rollover for the first time.
ICANN is the world leading Internet governing organization, responsible for the Internet's global Domain Name System (DNS), including policy development for internationalization of the DNS system. The DNS system resolves domain and computer names to IP addresses and DNSSEC is the DNS Security Extension which prevents user redirection to websites containing malware.
Rolling the KSK means generating a new cryptographic public and private key pair and distributing the new public component to parties who operate validating resolvers.
More information about how to prepare for the root zone KSK rollover can be found at: