CERT.at: Review of the first third of 2021

In its report, CERT.at, an initiative of the domain registry nic.at, informs about incidents, projects as well as conferences of the first third of the year.

Among other topics, the blog post reports on SilverFish APT and Microsoft Exchange emergency patches:
 
In March, the IT security company PRODAFT was able to access the infrastructure of the highly professionalized hacking group "SilverFish". In the course of their work, PRODAFT also identified victims. Among other national CERTs/CSIRTs of countries that had been affected, CERT.at was contacted and received a list with the (few) victims in Austria, which were immediately informed.
 
Also in March, Microsoft published emergency patches for its e-mail server "Microsoft Exchange". However, these contained several weaknesses, enabling attackers to execute arbitrary code as NT Authority\SYSTEM on unleased servers without any authentication. With the help of a script published by Microsoft, in which vulnerable installations could be identified externally, CERT.at was able to quickly create a scan for Austria and inform potentially affected persons.
 
These and other topics can be explored in the blog post.

December 2021

Learn more

Further Information

netidee projects: K8 Mailserver

Read more about netidee projects: K8 Mailserver

netidee funding 2025: Submit now!

Read more about netidee funding 2025: Submit now!

netidee projects: TurtleStitchRise

Read more about netidee projects: TurtleStitchRise

netidee projects: PATHfindr

Read more about netidee projects: PATHfindr

netidee: Online information evening

Read more about netidee: Online information evening

The netidee Call 20/2025 has started!

Read more about The netidee Call 20/2025 has started!
All news

Internet Stiftung

The Internet Stiftung promotes the development of the internet in Austria and an unrestricted and orderly access to networks and services in compliance with international obligations. In particular, the Internet Stiftung is responsible for the administration of the .at domain.