-
Ad fraud on large online platforms
Fraudsters on social media lure users with fake ads promising easy money from celebrities or insider access to government investment programs. These advertisements lead to harmful websites designed to trick or exploit users.
Read more -
The Dark Knight Returns: Joker malware analysis
CERT Polska has recently observed new samples of the “Joker” mobile malware. The applications are present in the Google Play Store and target Polish users, among others.
Read more -
MailGoose: Your Solution to Curb E-mail Spoofing
Protect organizations in your constituency from e-mail spoofing with our tool – mailgoose. In Poland it has already been used by over 25,000 users!
Read more -
APT28 campaign targeting Polish government institutions
CERT Polska is observing a malicious e-mail campaign targeting Polish government institutions conducted by the APT28 group.
Read more -
Vulnerabilities in Comarch ERP XL software
CERT Poland has received a report about three vulnerabilities (CVE-2023-4537, CVE-2023-4538, CVE-2023-4539) found in Comarch ERP XL software.
Read more -
Cybersecurity Unites Across Borders: FETTA Project Launched to Strengthen EU Cyber Threat Intelligence
One of the key cybersecurity challenges in Europe is reducing reliance on threat intelligence from non-EU countries. The FETTA (Federated European Team for Threat Analysis) project aims to address this issue by creating a federated team that spans across borders, providing Cyber Threat Intelligence (CTI) products and tooling.
Read more -
The Artemis security scanner
Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.
Read more -
Russian Foreign Intelligence Service (SVR) Cyber Actors Use JetBrains TeamCity CVE in Global Targeting
CERT Polska, Polish Military Counterintelligence Service (SKW), and external partners assess Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, are exploiting CVE-2023-42793 at a large scale.
Read more -
Malware stories: Deworming the XWorm
XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.
Read more -
Unpacking what's packed: DotRunPeX analysis
When, what and why As a national CERT we analyse all kinds of incidents. Some of them involve widespread APT campaigns, othertimes we just focus on everyday threats. Recently we got notified about a new malspam campaign targeting Polish users and decided to investigate. It all started with this phishing …
Read more