02.12.2022 - Based on the growing significance of cybersecurity and the good work done in recent years to establish the National Cybersecurity Centre (NCSC) in the Federal Department of Finance (FDF), the NCSC is to become a federal office. During its meeting on 2 December 2022, the Federal Council decided that the new federal office will be located in the Federal Department of Defence, Civil Protection and Sport (DDPS). It instructed the DDPS, in collaboration with the FDF, to define the structures of the new federal office by end-March 2023.
02.12.2022 - The Federal Council wants to introduce a reporting duty for cyberattacks on critical infrastructures. To this end, during its meeting on 2 December 2022, it adopted the dispatch on amending the Information Security Act and submitted it to Parliament. The proposal creates the legal basis for the reporting obligation for the operators of critical infrastructures and defines the tasks of the National Cybersecurity Centre (NCSC), which is intended to be the central reporting office for cyberattacks.
01.12.2022 - Just over a fortnight ago, the NCSC called for the security patches provided by Microsoft to be installed in order to fix the ProxyNotShell vulnerability. Despite the urgency, there are still some operators that have failed to heed this call to date. Therefore, the NCSC has sent more than 2,000 registered letters to those concerned, urging them to act now.
29.11.2022 - Last week, the NCSC received 647 reports, fewer than in the previous week. A Microsoft Office 365 phishing scam drew particular interest. In the targeted attempt, the phishers not only chose an internet address that looked very similar to the company's actual address, but also used a trick to try to obtain other valuable information in addition to the password.
24.11.2022 - Online retailers and online shops advertise fantastic discounts for Black Friday and Cyber Monday at the end of November. But these promotion days are of interest not only to trustworthy merchants. Cybercriminals also exploit them by creating fake shops or sending fake parcel notifications via text message and email.
22.11.2022 - Last week, the NCSC received its 30,000th report for this year. Among them was a report concerning several unsolicited parcels that were delivered in what turned out to be an attempted brushing scam. The fraudsters typically pay for the parcels, but the victim in this case did not receive the parcels as a gift, and is now supposed to pay the outstanding invoices.
18.11.2022 - The NCSC is aware of over 2,800 Microsoft Exchange servers in Switzerland that have a ProxyNotShell critical vulnerability. As these Exchange servers are connected to the internet and accessible from everywhere, it is possible for attackers to exploit the vulnerability remotely and execute code (Remote Code Execution Vulnerability – RCE). Therefore, attackers can exploit the vulnerability to compromise Microsoft Exchange Server.
15.11.2022 - The number of reports received by the NCSC rose sharply compared to the previous week. Once again, threatening emails in the name of the police were the reason. An email sent to the NCSC in Cyrillic script also attempted to distribute the Xloader/Formbook malware.
08.11.2022 - The number of reports received by the NCSC was once again up slightly on the previous week. In recent weeks, there has been a considerable jump in the number of reports submitted to the NCSC about hacked accounts for a wide range of online services. The damage caused by stolen login credentials can be greatly reduced by using different passwords and a password manager.
03.11.2022 - The latest semi-annual report of the National Cybersecurity Centre NCSC deals with the most important cyberincidents of the first half of 2022 both in Switzerland and internationally. The focus topic concerns cyberspace and armed conflicts.
