Author Archives: CSIRT

BRATA Malware Poses as Android Security Scanners on Google Play Store

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. “These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of […]

Locked Shields 2021 largest cyber defense exercise worldwide

This year’s high-level cyber security Exercise Locked Shields is the largest of its kind, organizers, the Tallinn-based NATO Cooperative Cyber Defense Center of Excellence (CCDCOE), have announced. Under a new format for 2021, this year’s event will be the largest global live-fire cyber defense exercise worldwide, the CCDCOE says, and will aim to highlight the […]

Critical vulnerabilities in Microsoft Edge Chromium and Google Chrome browsers

Vulnerability detected (CVE-2021-21193) on Chromium Blink Engine that allows malicious users to execute arbitrary code, gain unauthorized access, access sensitive information, or deny service (denial -of-service). Microsoft and Google have published the following versions to patch these exploited vulnerabilities: • Edge Chromium 89.0.774.54 • Google Chrome 89.0.4389.90 More information can be found at Source: […]

Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities

Abnormal activity on Microsoft Exchange servers was detected in January 2021. In particular, an attacker exploiting a manually compromised vulnerability (SSRF) on Microsoft Exchange servers (CVE-2021-26855) could steal the full contents of a single user mailbox. This vulnerability can be exploited remotely and does not require authentication of any kind, nor does it require special […]