Aktuálne
Mesačná správa CSIRT.SK - Január 2021
Tlačové správy
23.02.2021
Mesačný prehľad zraniteľností za mesiac január 2021
Tlačové správy
08.02.2021
Mesačná správa CSIRT.SK - December 2020
Tlačové správy
25.01.2021
Oznámenia a varovania
Spoločnosť Microsoft vydáva núdzové opravy aktívne zneužívaných zraniteľností serveru Microsoft Exchange
Varovanie
03.03.2021
Bola opravená kritická zraniteľnosť v prehliadači Chrome Varovanie
03.03.2021
V komponente V8 prehliadača Chrome bola opravená aktívne zneužívaná zero-day zraniteľnosť Varovanie
23.02.2021
Zahraničné zdroje
Nahlásené incidenty
How to report security incident
You can report a security incident by sending an e-mail to incident (at) csirt.gov.sk. You may add an attachment and use the file PGP key (6,25 kB) if encryption is necessary (you may use free GNU GPG tool).
For incident reporting the following rules apply:
- It is necessary to give the correct email address, which will serve as the primary contact.
- The description of the incident has to be unambiguous.
- Please indicate as much information as possible for further analysis and proceedings and subsequent processing. Even seemingly useless information may be very useful.
Description of the incident should contain the following:
-
Information about the reporter of the incident:
- title / position,
- name of organization, type of organization (government, private, educational, ...),
- other affected organizations;
-
Information about the incident:
- start time of the incident (if known),
- time and way of finding,
- is this is an ongoing incident? (yes/no/maybe),
- any known vulnerabilities were abused? (yes/no/maybe),
- what countermeasures were made,
- detailed description - description of the course of the incident, what types of attacks have been used, where was the attack coming from, what controls were implemented (firewall, antivirus, ...), were they breached, etc.,
- regarding spam - please attach the full header and body of the email message,
- regarding virus - please add affected file to protected ZIP archive and secure it using password „incident“,
- regarding phishing or pharming - please attach complete URL,
- regarding network scanning or denial of service (DoS) type of attack - please attach time stamps, time zone, source and destination IP (or MAC) addresses and ports, protocol type (TCP, UDP, ICMP, ...), and samples of captured packets (using Wireshark or other packet analyzer) if possible;
-
Information on affected devices and impacts:
- type and function of device,
- IP address, hostname,
- destination protocol and port,
- description of hardware,
- operating system (type, version),
- affected software or files,
- is it critical device in terms of business continuity?,
- is affected device still in use?,
- contact person responsible for providing access to affected device,
- o does the device contain nonpublic information?