CIRCL Newsroom - Press Release on CIRCL

A glance into Hack.lu 2016 and the 2017 edition announced

Mon, 01 Jan 0001 00:00:00 +0000

The 12th edition of hack.lu - “Nothing is beyond a good hack” - gathered in Luxembourg 420 world-class security professionals from 40 different countries.

Following, the continuous success of the event as well as the quality of the speakers and the presentations, a 13th edition is now announced: October 16-19, 2017 at the Alvisse Parc Hotel Luxembourg.

Hack.lu has positioned itself as one of the largest and oldest IT conferences in Europe, where people openly talk about computer security, privacy, information technology and its cultural/technical implication on society.

A Hackathon "Made in ... MISP"

Mon, 01 Jan 0001 00:00:00 +0000

An initiative - taking place at the Level2 Hackerspace on August 4th - designed to improve the usage and functionalities of MISP and to allow all users and developers to dig into its “bits/bytes and pieces”. This Hackathon is a first!

MISP (Malware Information Sharing Platform) is a project led by various organizations including the Computer Incident Response Center Luxembourg (CIRCL), with the aim to facilitate the exchange of Indicators of Compromise (IOCs) about targeted malware and attacks within a community of trusted members.

A new wave of crypto ransomware targeting Luxembourg

Mon, 01 Jan 0001 00:00:00 +0000

A new wave of attacks impacting companies and individuals is on the rise in Luxembourg since a few days. The infection known as ‘CTB-Locker’ or ‘Critroni crypto ransomware’ is delivered mainly through spam messages and email attachments (i.e. ZIP files, via Flash…).

This type of malware encrypts the victims’ files on logical drives like local hard drives, removable drives and server shares (mapped network drives), which usually contain a lot of sensitive information. When the encryption process is finished, the malware demands a payment in order to receive the decryption key. The amount requested ranges currently from ~500 to ~1.500 Euro and it has been reported that this malware is quite financially successful for the attackers. Infections with a crypto ransomware can be devastating to impacted organizations especially when critical company information is no longer accessible.

A Successful 2015 Hack.lu

Mon, 01 Jan 0001 00:00:00 +0000

The 11th edition of hack.lu closed after 4 days of workshops, presentations, networking and fun. The next edition is already announced and will take place on October 18-20, 2016 in Luxembourg. This year again, more than 400 world-class security professionals from around 40 different countries met in Luxembourg for one of the oldest and largest conferences in Europe on Information Security. Hack.lu is truly unique and allows professionals to openly talk about security vulnerabilities and to present their own discoveries.

An Open Source Security Software Hackathon coming to Luxembourg

Mon, 01 Jan 0001 00:00:00 +0000

The hack.lu team organizes an Open Source Security Software Hackathon on May 2nd and 3rd at the University of Luxembourg (SnT) in the JFK Building in Kirchberg.

This 2-day Hackathon is dedicated to free/open source software. The aim is to gather various developer groups to collaborate on challenging programming problems in the field of cybersecurity (from information sharing, network/system forensic, data mining challenges or even crypto-currencies).

“Since 12 years, our team organizes the hack.lu security conference, which brings many security professionals together. We have observed that many people and organizations create open source software to support their security activities, ranging from reverse engineering, digital forensic, incident response (DFIR), threat analysis to network security. Many of the security tools are developed on a long-term commitment and they provide viable solutions to improve security globally. In order to support the continuity of innovation, development and integration of such open source security tools, we have decided to organize this Hackathon and bring people together”, explains Alexandre Dulaunoy from Hack.lu.

Appareils (téléphones, tablettes, ...) perdus ? Saisis ? - Comment se protéger ?

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL publie le « Digital First Aid Kit », développé en collaboration avec FF, Global Voices, Hivos & the Digital Defenders Partnership, Front Line Defenders, Internews, Freedom House, Access, Qurium, CIRCL, IWPR, Open Technology Fund et des experts actifs dans le domaine de la sécurité numérique.

Le First Aid Kit vise à proposer des directives, un support préliminaire et des outils d’auto-diagnostics pour les personnes confrontées aux menaces numériques les plus communes. Il couvre 6 domaines : appareils perdus, saisis, volés ; DDoS Mitigation ; détournement de compte ; malware ; communication sécurisée et un glossaire. CIRCL a récemment reçu un nombre élevé de demandes d’information concernant les appareils volés ou perdus (téléphone portable, ordinateur et tablette). « En cas de perte, vol ou saisie par une tierce personne de votre appareil, il est important de se poser un certain nombre de questions : que s’est-il passé et quand est-ce que cela s’est passé ? Quelles mesures de sécurité étaient installées sur mon appareil : mot de passe, système d’exploitation ? Quels comptes et données pourraient être vulnérables ? Il est également primordial de faire un inventaire des informations sensibles et des comptes protégés par un mot de passe ; cela vous permettra ainsi de comprendre les étapes nécessaires à suivre afin de prévenir les fuites et toute utilisation abusive de vos informations, contacts et comptes », explique Alexandre Dulaunoy du CIRCL.

BGP Ranking used as key evaluation reference in an international academic paper

Mon, 01 Jan 0001 00:00:00 +0000

“If I have seen further than others, it is by standing upon the shoulders of giants”, Isaac Newton.

Three researchers from Georgia Tech, University of Georgia and Princeton University have just released a paper on bulletproof hosting Autonomous Systems (ASes), using CIRCL’s BGP Ranking project and open data as a key reference to evaluate the results of their own model, ASwatch.

Bulletproof hosting ASes are often used by cyber criminals as they include the hosting of a wide range of illegal content, botnet C&C servers, and other malicious resources. They provide cyber criminals with a large number of resources to operate with.

CERTs publics et privés, plus forts ensemble

Mon, 01 Jan 0001 00:00:00 +0000

En février 2015, les CERTs publics et privés luxembourgeois se sont réunis au Ministère de l’Economie afin d’échanger sur des projets communs, de discuter sur le processus d’échange d’information concernant les vulnérabilités et les menaces, et de travailler sur des projets communs de recherche – dans l’ensemble, afin de collaborer plus étroitement et de créer des synergies.

Pour le secteur public étaient présents : DBG-CERT, CERT-XLM, Malware.lu CERT (iTrust) et POST. Du coté privé, HealthNet CSIRT, CIRCL, RESTENA CSIRT, GOVCERT.LU et HCPN étaient représentés.

CERTs publics et privés, plus forts ensemble

Mon, 01 Jan 0001 00:00:00 +0000

Pour le secteur public étaient présents : DBG-CERT, CERT-XLM, Malware.lu CERT (iTrust) et POST. Du coté privé, HealthNet CSIRT, CIRCL, RESTENA CSIRT, GOVCERT.LU et HCPN étaient représentés.

CIRCL announces its 3 first MISP events in 2017 in Valencia and Luxembourg

Mon, 01 Jan 0001 00:00:00 +0000

In Valencia

An introductory MISP training will be organized on January 25th, during the 50th TF-CSIRT meeting and the FIRST Regional Symposium for Europe. This event takes place in Valencia and will bring together a wide variety of security and incident response teams including especially product security teams from the government, commercial, and academic sectors. The exact agenda is as follows:

From 09:00 until 12:30: Introduction to MISP and information sharing. MISP user perspective (demo) from MISP usage to viper. MISP administration.

CIRCL at Borderless Cyber Europe

Mon, 01 Jan 0001 00:00:00 +0000

Alexandre Dulaunoy will be presenting at Borderless Cyber Europe on September 8th on the topic: “Best Practices in Information Sharing Across Governments, SMEs, and Vertical Communities”. Alexandre will talk about the 5 years journey of information sharing through the development of the MISP (Malware Information Sharing Platform) platform, which allows to share, store and correlate Indicators of Compromises (IoCs) from attacks and cybersecurity threats. He will also highlight the benefits and errors regularly encountered on MISP.

CIRCL at Information Security Days - There are no small incidents

Mon, 01 Jan 0001 00:00:00 +0000

The ISDays took place on April 1st and 2nd. Raphael Vinot from CIRCL gave a keynote speech titled “the Luxembourg Cybersecurity threat landscape. Diving into real incidents, what can you expect from the attackers…”

Raphael explained that in 2014, a total of 83610 events were processed and the CIRCL team conducted around 3209 technical investigations. The attacks are separated in 3 different categories: cybercriminals with a financial objective; government-supported attackers with an information objective and the cyberactivists who have a political or fun objective.

CIRCL at the European Parliament - cyber criminality in the light of data protection

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg, March 25th, 2014 - The Computer Incident Response Center Luxembourg (CIRCL) has been invited at the European Parliament to give an overview on the security incidents targeting citizens and “how the attackers are deceiving us”.

In the light of the data protection day, the Data protection service of the European Parliament organized on the 25th of March, 2014, a conference titled “Cyber criminality in the light of data protection: risks, consequences and prevention”.

CIRCL at Troopers conference

Mon, 01 Jan 0001 00:00:00 +0000

The 9th edition of TROOPERS took place in the week of March 14th, with two days of trainings and hands on experience, followed by a two days of multi-tracks’ conference. TROOPER16 is a “great IT-Security Conference, Where the World’s Leading Experts and Hackers Present Their Latest Research”. One of the highlights of the conference, named “THE KINGS IN YOUR CASTLE - All the lame threats that own you but will never make you famous” was presented by Marion Marschalek, Security Researcher and Raphaël Vinot, CERT operator at CIRCL.

CIRCL becomes member of the international Forum of Incident Response and Security Teams - FIRST

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg, June 16th, 2014 – CIRCL is proud to announce its membership to the Forum of Incident Response and Security Teams (FIRST), a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) from Asia, Europe, Americas and Oceania. The organisation gathers response teams from over 240 corporations, government bodies, universities and other institutions.

The aim of FIRST is to facilitate communication between incident response and security teams across the globe in order to contribute to a fast and effective resolution of computer security incidents, and to promote incident prevention programs.

CIRCL détecte une variante du malware NetWiredRC

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL a analysé un échantillon de malware, qui n’a été que sporadiquement détecté par un petit nombre de moteurs antivirus, et qui plus est, par un mode de détection heuristique. CIRCL a examiné la structure de commande du malware, ce qui leur a permis de l’associer au malware NetWiredRC.

NetWiredRC est un cheval de Troie d’accès à distance, utilisé pour prendre le contrôle complet de l’ordinateur de la victime. Il permet aux attaquants d’établir une connexion non autorisée à un ordinateur infecté et de le contrôler à distance. Grâce à ce malware, les criminels peuvent voler des informations, installer d’autres menaces et même directement contrôler l’ordinateur.

CIRCL detects a NetWiredRC malware variant

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL has analyzed a malware sample, which was only sporadically detected by just a handful of antivirus engines, based on heuristic detection. CIRCL has examined the entire command structure of the malware and was able to attribute it to the malware NetWiredRC.

NetWiredRC is a remote access Trojan that is used to gain complete control over a victim’s computer. It allows attackers to establish an unauthorized connection to an infected computer and control it remotely. Thanks to this malware, criminals can steal information, install other threats and even control the computer directly. The malware is a feature-rich Remote Access Tool, and compared to its identified predecessors, this specific version implements even more features.

CIRCL devient membre du "International Forum of Incident Response and Security Teams" - FIRST

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg, le 16 juin, 2014 - CIRCL est fier d’annoncer son adhésion au “Forum of Incident Response and Security Teams” (FIRST), une organisation mondiale sans but lucratif dédiée au regroupement des équipes d’intervention en cas d’incident lié à la sécurité informatique (CSIRTs). L’organisation rassemble des équipes d’intervention de plus de 240 entreprises, corps gouvernementaux, universités et institutions.

L’objectif de FIRST est de faciliter la communication entre les équipes d’intervention et de sécurité à travers le monde, afin de contribuer à une résolution rapide et efficace des incidents de sécurité informatique, ainsi que de promouvoir des programmes de prévention des incidents.

CIRCL fears an increase of cybersecurity breaches

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg, August 1st, 2013 - To face this threat, the Computer Incident Response Center Luxembourg (CIRCL) has developed a new tool whose aim is to counter this trend

The Computer Incident Response Center Luxembourg (CIRCL) has recently developed a new tool, called BGP Ranking https://bgpranking.circl.lu/trend. One of the major solutions it encloses is the possibility to see the evolution of infected machines by network or by countries in a graphical form. The way CIRCL acquires this data is by first gathering on the Internet the listings of infected machines and then joining them together. It enables to have particularly detailed and complete data.

CIRCL gives access to the common vulnerabilities and exposures data feeds for improved security

Mon, 01 Jan 0001 00:00:00 +0000

Accurate and most recent raw data on vulnerabilities and incidents available for all security experts, system engineers and ICT staff. Improve the security of your organization today.

CIRCL provides a contextual feed for all software vulnerabilities including visibility ranking in Luxembourg. The data feed originates from the aggregated data-sources of the most recent entries from the common vulnerability exposure platform: cve.circl.lu. This platform also gathers feeds from the following sources:

The aim of opening up these data feeds is to allow security experts to get the most recent and accurate raw data on common vulnerabilities. It is an important source that can be used and transformed as wished - for example, in activities such as vulnerability management and knowledge, anticipation, security measurement and compliance.

CIRCL joins Europol in the fight against ransomware

Mon, 01 Jan 0001 00:00:00 +0000

By becoming Supporting partner of “No More Ransom"

CIRCL is proud to announce its recent appointment as Supporting partner of the “No More Ransom” project, in the specific field titled: Fight against ransomware in large scale.

No More Ransom was launched in July 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab, introducing a new level of cooperation between law enforcement and the private sector to fight ransomware together. The aim of such a project is to provide users with information on what ransomware is and how to protect themselves and, equally important, victims can find tools to help them decrypt their blocked devices for free.

CIRCL lance officiellement sa Plateforme de Partage d’Information sur les Malwares

Mon, 01 Jan 0001 00:00:00 +0000

Une nouvelle Plateforme de Partage d’Information sur les Malwares par CIRCL, ou comment partager de manière efficace et légale les Indicateurs de Compromission dans un pays.

CIRCL est fier d’annoncer le lancement de sa Plateforme de Partage d’Information sur les Malwares (Malware Information Sharing Platform - MISP), qui permettra aux organisations de partager de l’information sur les malwares rencontrés et ainsi prendre conscience des malwares existants. Le but de cette plateforme de confiance est d’aider à améliorer les mesures utilisées contre les attaques ciblées et de mettre en place des actions préventives.

CIRCL met en garde contre « l’escroquerie au président » ciblant les dirigeants d’entreprise et leur département comptable

Mon, 01 Jan 0001 00:00:00 +0000

« L’escroquerie au président » est une variante très spéciale de phishing qui cible les grands groupes et les PME, et plus spécifiquement leurs départements financiers. Ces arnaques sont en augmentation ces derniers mois au Luxembourg.

Un rapport récent du Service Régional de la Police Judiciaire démontre que plus de 200 millions d’euros ont été dérobés de la sorte depuis 2010, en utilisant une technique bien rodée et très efficace.

CIRCL officially launches its Malware Information Sharing Platform

Mon, 01 Jan 0001 00:00:00 +0000

A new Malware Information Sharing Platform by CIRCL - How to share efficiently and legally Indicators of Compromise (IOC) within a country.

CIRCL is proud to announce the launch of its Malware Information Sharing Platform (MISP), which will allow organisations to share information about any malware they encounter and gain awareness about existing malware. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions.

CIRCL presenting at the ADPL general assembly

Mon, 01 Jan 0001 00:00:00 +0000

Wednesday, April 3rd, Alexandre Dulaunoy from CIRCL gave a keynote speech at a conference organised by the “Association pour la Protection des Données au Luxembourg” (APDL). The presentation was titled, “the Luxembourg Cybersecurity threat landscape. Diving into real incidents, what can you expect from the attackers…”

Alexandre explained that in 2014, a total of 83610 events were processed and the CIRCL team conducted around 3209 technical investigations. The attacks are separated in 3 different categories: cybercriminals with a financial objective; government-supported attackers with an information objective and the cyberactivists who have a political or fun objective.

CIRCL presenting at the ITDays

Mon, 01 Jan 0001 00:00:00 +0000

Alexandre Dulaunoy, from CIRCL, gave a keynote speech during the “IT Days: Security issues” conference in the afternoon on November 20th, in Luxembourg. He also participated in the morning on a panel titled “Security: Governance & Outsoursing”, with other security experts.

The title of Alexandre’s keynote was: “Why you are involved in the next governmental attack…”. He wanted to show that by connecting unsecure and/or misconfigured devices on the Internet, users often make it easier for attackers to take actions. He used the example of a concrete and real investigation in which a sophisticated malware attack was using different network levels through IPTV boxes.

CIRCL presents CIRCLean - a USB key sanitizer to avoid malware infections

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg July 9th, 2014 - CIRCL presented its independent hardware solution, CIRCLean, yesterday afternoon at the Technoport Belval.

CIRCLean is an innovative hardware that enables to clean documents from untrusted USB keys. The device also converts automatically untrusted documents into a readable format on a clean USB key.

“We have decided to make this technology available as a free software, ready for use and for commercialization. It is also highly customizable in terms of design and packaging. Besides, this device does not require any technical prerequisites of any kind and can be used by all. The code runs on a Raspberry Pi - a small hardware device. This also means that it is not required to plug or open the original USB key on a computer. CIRCLean can be seen as kind of air gap between the untrusted USB key and your operational computer”, explains Raphael Vinot, from CIRCL.

CIRCL publie le code source de son logiciel URL Abuse

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL annonce la publication du code source de son dernier logiciel URL Abuse, qui a été développé dans le cadre d’un projet de l’Union Européenne « phishing initiative » (EU PI). Ce projet est cordonné par le Cert-Lexsi et cofondé par le programme de financement ISEC pour prévenir et combattre la criminalité.

Les URLs sont utilisées comme une porte d’entrée par les attaquants, qui créent des liens malveillants redirigeant les utilisateurs vers des sites de phishing ou infectés. De nombreux sites de e-commerce sont régulièrement victimes de ces attaques et la légitimité d’une URL n’est souvent pas remise en question par l’utilisateur.

CIRCL releases its Dynamic Malware Analysis service

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg, March 20, 2014 - The Computer Incident Response Center Luxembourg (CIRCL) has recently released its own Dynamic Malware Analysis (DMA) service in order to detect sophisticated malware attacks, such as zero-day malware, malicious attachments and other advanced exploits. https://circl.lu/services/dynamic-malware-analysis/

CIRCL’s new service enables users to run any suspicious piece into the system in order to detect or/and confirm the presence of malware and analyse its behaviour, process and connections. One of the major differences with other existing tools is that CIRCL doesn’t share the uploaded samples with third parties. The malware analysis system technology developed by CIRCL uses sophisticated techniques to evaluate advanced threats and determine effectively whether the destination URL or an attachment under suspicion is malicious.

CIRCL releases the source code of its URL Abuse software

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL announces the release of the source code of its latest software URL Abuse, which is being developed as part of the “European Union anti-Phishing Initiative” (EU PI) project. This project is coordinated by Cert-Lexsi and co-funded by the Prevention of and Fight against Crime programme of the European Union.

URLs are often used as a point of access for attackers, who create malicious links that redirect to a phishing or malicious website. Many e-commerce sites encounter this issue and the legitimacy of the URL is often not questioned by the users. To react to this ongoing malicious trend and to provide users with a preliminary check before clicking or submitting a link to a security organisation, CIRCL has launched URL Abuse in January this year in order to review the security of an URL.

CIRCL takes part in the 2014 Data Breach Investigation Report

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg, April 24th

Verizon has just launched the long-awaited 2014 Data Breach Investigation Report (DBIR), which presents the major security trends, threats and attacks for the year 2013. The report’s dataset is made of a total 63,437 confirmed security incidents and 1,367 confirmed security breaches.

The report combines the expertise of 50 public and private organizations from a total of 95 countries around the globe, including Luxembourg with the contribution of the Computer Incident Response Center Luxembourg (CIRCL).

CIRCL takes part in the 2015 Data Breach Investigation Report

Mon, 01 Jan 0001 00:00:00 +0000

Verizon has just released its 2015 Data Breach Investigation Report DBIR, which presents the major security trends, threats and attacks for the year 2014. The report analyses more than 2,122 confirmed data breaches and 79,790 reported security incidents over the past year alone.

This year again, the Computer Incident Response Center Luxembourg (CIRCL) largely contributed to the report, among 70 other public and private organizations from around the world.

Unpatched vulnerabilities and big financial losses

The report reveals that the attacks have become increasingly sophisticated and that attackers still rely heavily on old techniques such as phishing and hacking. Besides, the total financial loss from the 700 million compromised records has been estimated to $400 million. As the report points out, the on-time or immediate patching of certain vulnerabilities would in turn cost much less for a company and contribute to diminish financial losses.

CIRCL Virtual Summer School - VSS 2025 A Look Back at Our Successful Virtual Summer School! Videos Are Now Available.

Mon, 01 Jan 0001 00:00:00 +0000

We are thrilled to announce the successful conclusion of the first CIRCL Virtual Summer School (VSS) 2025, which ran from July 7th to July 18th. It was a fantastic two weeks of learning, sharing, and community building, and we are incredibly grateful to everyone who participated.

We are especially proud to announce that this inaugural event brought together over 1000 participants from around the globe! Your enthusiasm and engagement made this event a truly special and memorable experience.

CIRCL warns about spear phishing scams targeting corporate executives and their accounting department

Mon, 01 Jan 0001 00:00:00 +0000

This is a specific variation of spear phishing which is targeting large companies and SMEs, and more specifically the financial departments of these companies. This scam has been on the rise in Luxembourg over the past months.

A recent report from French law enforcement stated that more than 200 millions of euros have been stolen since 2010, using this well developed and effective technique.

The process used to achieve this type of fraud, which primarily affects but is not limited to larger companies, is technically not very difficult. It requires some research and a good portion of preparation in order to generate legitimate looking documents and the ability to sell a good story to the target.

Cybersecurity Unites Across Borders - FETTA Project Launched to Strengthen EU Cyber Threat Intelligence

Mon, 01 Jan 0001 00:00:00 +0000

One of the key cybersecurity challenges in Europe is reducing reliance on threat intelligence from non-EU countries. The FETTA (Federated European Team for Threat Analysis) project aims to address this issue by creating a federated team that spans across borders, providing Cyber Threat Intelligence (CTI) products and tooling. FETTA is the result of a proposal submitted to the Cybersecurity and Trust initiative under the Digital Europe Programme. European Union is co-funding the project through the European Cybersecurity Competence Centre (ECCC) along with the partners. FETTA will focus on jointly analyzing data to develop actionable Cyber Threat Intelligence (CTI) products, primarily using data sourced within the EU.

Devices Seized? Lost? Stolen? - How should you protect yourself?

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL has just released the Digital First Aid Kit, developed in collaboration with EFF, Global Voices, Hivos & the Digital Defenders Partnership, Front Line Defenders, Internews, Freedom House, Access, Qurium, CIRCL, IWPR, Open Technology Fund and individual security experts working in the field of digital security and rapid response.

The First Aid Kit aims to provide guidelines for first responders, preliminary support and self-diagnostic tools for people facing the most common types of digital threats. It covers 6 main areas of concern: Devices seized, stolen or lost; DDoS Mitigation; Account Hijacking; Malware; Secure Communication and a Glossary.

Digital privacy salon at Level 2

Mon, 01 Jan 0001 00:00:00 +0000

Digital Privacy Salons are skill & knowledge sharing sessions to learn basic ways of protecting people & their data from surveillance.

This session was mostly about browsers and how to use them more securely by using some plugins such as HTTPS Everywhere but also avoiding being tracked by advertisers with Privacy Badger.

To make those concerns more understandable, we also showed how easy it is for a website to identify a browser, without requiring the user to do any actions but also how the advertising companies can track the users of multiple websites with cookies. A few images are also available on CIRCL website.

Discover how to organically build a threat Intel Sharing Standard

Mon, 01 Jan 0001 00:00:00 +0000

OASIS and FIRST are hosting a two-day conference on December 6-8 in Prague. The aim is to provide guidance and help organisations identify and avoid pitfalls in threat intelligence. The conference is thus bringing together communities from both OASIS Borderless Cyber and FIRST Technical Symposium.

CIRCL and the MISP Project are involved in these two organisations and strongly believe in diversity within the world of standardisation

On December 7th at 11am, Alexandre Dulaunoy and Andras Iklody, Security Researchers at CIRCL, will show how to organically build a Threat Intel Sharing Standard by describing the journey, challenges and mistakes the MISP Project made while designing the MISP standard as we know it today.

Don’t open attachment from printer@, scan@, fax@

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL has just spotted a new spam campaign that seeks to trick email users into downloading malware coming from messages such as:

printer@yourorganisationdomainname (i.e. printer@circl.lu)
scan@yourorganisationdomainname
copier@yourorganisationdomainname
fax@yourorganisationdomainname

There has been an improvement in the techniques used to persuade users that these emails are indeed sent from the printer.

The spam campaign’s email messages are delivered with a .doc attachment that contains macros, which attempt to download financial malware in general.

Données personnelles - CIRCL sous les projecteurs européens

Mon, 01 Jan 0001 00:00:00 +0000

Les 19 et 20 septembre 2014 s’est tenu un séminaire sur le thème des « Enjeux européens et mondiaux de la protection des données personnelles » à la Cour de Justice de l’Union européenne (CJUE), sous le Haut Patronage de M. Xavier BETTEL, Premier Ministre du Luxembourg et sous celui de M. Vassilios SKOURIS, Président de la Cour de Justice de l’Union européenne.

La protection des données personnelles est au cœur des préoccupations européennes et mondiales. La réforme européenne de la protection des données, actuellement en cours d’élaboration, suscite ainsi de nombreuses questions.

End-of-year message from CIRCL

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg’s CIRCL team wants to reach out to all clients, partners, CERT colleagues, research teams, abuse groups and information sharing parties regardless if they are local or remote [1], in order to express our gratitude we have for the successful collaboration during the last year and how much we appreciate the trust and confidence placed in us.

Thank you very much!

We hope that 2017 brings fewer incidents to our clients, an improved level of security for everyone and further excellent collaboration and information sharing.

First CryptoParty4Kids at hack.lu

Mon, 01 Jan 0001 00:00:00 +0000

The first CryptoParty4Kids will take place on October 22nd, during the 11th edition of the hack.lu conference, at the Alvisse Parc Hotel from 4pm until 5:30pm.

This event will allow children to make their first steps in the hacking culture and get introduced to the basics of practical cryptography. The aim of a CryptoParty is to present the most basic cryptography software and the fundamental concepts of their operation to the general public.

First Keynote announced for Hack.lu 2017

Mon, 01 Jan 0001 00:00:00 +0000

Hack.lu is proud to announce its first keynote speaker for the 13th edition of the conference, Sarah Jamie Lewis.

Sarah is an independent security researcher currently living in Vancouver Canada. She has a passion for privacy and anonymity. She runs Mascherari Press, an organization dedicated to conducting and promoting privacy research aimed at empowering marginalized and at risk communities.

This year, Sarah will tackle: “Queer Privacy & Building Consensual Systems”. The talk is about privacy. “I’m going to tell you stories. These stories belong to real people. People trying to live their lives, find love, find comfort and find happiness in a world that, at best, pretends they don’t exist, and at worst, punishes them for existing. These stories are from people who need privacy and security, but who are failed by our current tool, systems and communities. Not all of these stories have happy endings, but each one shines a light that can show us how to build tools, systems and communities that are more useful, more inclusive and safer for those who are marginalized by society”, states Sarah.

First MISP Training – Share your bloody indicators

Mon, 01 Jan 0001 00:00:00 +0000

On March 22nd and 23rd, 2016, more than 70 security experts from Luxembourg, France, Belgium, Germany, the UK, North America and the Netherlands, gathered over two days to attend the practical MISP training given by CIRCL.

MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises (IoCs) from attacks and cybersecurity threats. Today, MISP is used in multiple organizations to store, share, collaborate on malware, and also to use the IoCs to detect and prevent attacks. The aim of this trusted platform is to help improving the countermeasures used against targeted attacks and set up preventive actions. MISP becomes a full-feature information and threat sharing platform to support operational and tactical cybersecurity intelligence.

For Responsible Vulnerability Disclosure

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL receives a large number of reports regarding new vulnerabilities in software and hardware products, or often discovers them itself.

The process of responsible vulnerability disclosure is important in order to correct and improve the security of a software or hardware. CIRCL expects reporters, whether they want to be named or to remain anonymous, to provide a complete report of what they discovered and use their PGP key.

CIRCL will be responsible for notifying the vendor about the specific vulnerability. “This notification is the first step and the vendor will then have 30 days to resolve this issue. After this period, the vendor will have to provide CIRCL with an explanation about why the vulnerability wasn’t corrected. In this case, an additional grace period can of course be granted. CIRCL can also support and provide advice whenever needed”, explains Alexandre Dulaunoy from CIRCL.

Francine Closener chez SMILE g.i.e.

Mon, 01 Jan 0001 00:00:00 +0000

Dans le cadre de la promotion du Luxembourg comme centre d’excellence pour le secteur des TICs, le 26 juin 2014, Francine Closener, secrétaire d’État à l’Économie, a rendu visite au « Security Made In Lëtzebuerg » (SMILE) g.i.e qui héberge les trois initiatives gouvernementales CIRCL, CASES et BEE SECURE, destinées à assurer une meilleure sécurité de l’information en ligne.

Madame Closener s’est particulièrement intéressée aux outils élaborés par les experts du CIRCL, le CERT national, pour le domaine de la sécurité et la détection d’attaques en ligne, ainsi qu’à MONARC, une méthode optimisée d’analyse des risques, développée par les experts CASES.

Great success for the 9th edition of Hack.lu - cybersecurity at the heart of the debate

Mon, 01 Jan 0001 00:00:00 +0000

When technical excellence meets passion and fun!

Luxembourg, October 29th, 2013 – The 9th edition of hack.lu took place last week in Luxembourg over an intensive three days of interactive workshops, expert talks, intense networking and technological fun. Hack.lu http://2013.hack.lu/index.php/Main_Page has become one of the oldest and biggest Information Security conferences running in Europe and a key opportunity for the hacker community to get together and share security discoveries. The conference was organised by the Computer Incident Response Center Luxembourg on October 22nd to 24th, 2013. With 250 attendees from more than 40 different countries the conference has strongly positioned itself on the international cybersecurity scene, while somehow keeping an intimate and community driven atmosphere.

Growing Crypto Ransomware campaigns in Luxembourg

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL warns against a crypto ransomware campaign that has been on the rise in Luxembourg the past weeks, impacting companies from different industries.

This growing threat affects both Internet users and corporate networks users. The attackers have developed a meticulous and advanced method: they infect a system in order to encrypt all available files locally and remotely for the user. When the encryption is completed, users will not be able to access their files anymore and attackers will ransom them to allow the recovery of these encrypted files. “We have seen that these attacks have been highly successful and in Luxembourg a number of companies have been impacted. Knowing that within corporate networks, file servers are extensively used, it is a perfect channel and platform for attackers”, explains Alexandre Dulaunoy from CIRCL.

Hack.lu - 10 years of gathering worldwide security professionals

Mon, 01 Jan 0001 00:00:00 +0000

A unique conference in Europe where world-class security professionals meet and openly talk about security vulnerabilities and their own discoveries.

For the 10th time in a row, one of the oldest and largest conferences in Europe on Information Security will be held in Luxembourg on October 21-24 at Parc Hotel Alvisse. With more than 250 attendees from around 40 different countries, hack.lu has strongly positioned itself on the international security scene, while somehow keeping an intimate and community driven atmosphere.

Hack.lu - 10 years of success and 2015 edition announced

Mon, 01 Jan 0001 00:00:00 +0000

On October 21-24 more than 300 world-class security professionals from around 40 different countries met in Luxembourg for the 10th Hack.lu, one of the oldest and largest conferences in Europe on Information Security. After this year’s success, the team has already announced the dates for the 2015 edition: 20-22 October. Hack.lu is a unique conference in Europe during which professionals openly talk about security vulnerabilities and their own discoveries.

##From Cyber-Warfare in Ukraine to the Heartbleed adventure##

Hack.lu - 10 years of success and 2015 edition announced

Mon, 01 Jan 0001 00:00:00 +0000

On October 21-24 more than 300 world-class security professionals from around 40 different countries met in Luxembourg for the 10th Hack.lu, one of the oldest and largest conferences in Europe on Information Security. After this year’s success, the team has already announced the dates for the 2015 edition: 20-22 October 2015. Hack.lu is a unique conference in Europe during which professionals openly talk about security vulnerabilities and their own discoveries.

Hack.lu - le rendez-vous incontournable pour les professionnels de la sécurité depuis 10 ans

Mon, 01 Jan 0001 00:00:00 +0000

Une conférence unique en son genre en Europe au cours de laquelle les professionnels de la sécurité du monde entier se rencontrent pour discuter des failles de sécurité et de leurs propres découvertes.

La 10e édition de l’une des plus importantes conférences en Europe sur la sécurité de l’information aura lieu au Luxembourg du 21 au 24 octobre, à l’hôtel Parc Alvisse. Avec plus de 250 participants de 40 pays différents, hack.lu est devenu un rendez-vous incontournable sur la scène internationale de la sécurité, tout en conservant un caractère communautaire et intimiste.

Hack.lu 2015 - Call for papers and Registration now open

Mon, 01 Jan 0001 00:00:00 +0000

The 11th edition of Hack.lu will take place on October 20-22, 2015, at Parc Hotel Alvisse in Luxembourg.

With a yearly attendance of more than 250 people from around 40 different countries, hack.lu has become an internationally renowned convention for security professionals from around the world.

The purpose of hack.lu is to give an open and free playground where technical and non-technical people can discuss the implication of new technologies in society. The convention has managed to keep an intimate and community driven atmosphere while being a major event on the international security scene.

Hack.lu 2015 talks and workshops now announced

Mon, 01 Jan 0001 00:00:00 +0000

#The conference will open on a keynote presenting how a human being can become a fully integrated part of the Internet-of-Things#

The 11th edition of Hack.lu, taking place on October 20-22 at Parc Hotel Alvisse Luxembourg, will open with a keynote speech by Marie Moe titled: “Unpatchable: Living with a Vulnerable Implanted Device”. She will explain how her life depends on the functioning of a medical device, more specifically a pacemaker, which can fail due to potential hardware and software problems, misconfigurations or network-connectivity issues.

Hack.lu 2015, les speakers et les sujets annoncés

Mon, 01 Jan 0001 00:00:00 +0000

#La conférence s’ouvrira sur un keynote présentant comment l’être humain peut devenir une partie intégrale de l’Internet des objets.#

La 11ème édition de Hack.lu, qui aura lieu du 20 au 22 Octobre au Parc Hôtel Alvisse Luxembourg, débutera avec la présentation de Marie Moe intitulée: “Sans patch disponible: vivre avec un dispositif implanté vulnérable”. Elle expliquera combien sa vie dépend du fonctionnement d’un équipement médical, plus spécifiquement d’un pacemaker, qui peut échouer en raison de problèmes de hardware ou de software, d’erreurs de configuration et de problèmes de connectivité réseau.

Hack.lu 2016 - Call for Papers now open

Mon, 01 Jan 0001 00:00:00 +0000

The 12th edition of Hack.lu will take place on October 18-20, 2016, at Parc Hotel Alvisse in Luxembourg.

The opportunity to submit papers for presentation and workshop proposals is now open here. The proposals will be reviewed and selected by the hack.lu program committee.

Last year’s attendance reached a peak with more than 400 world-class security professionals from around 40 different countries. Hack.lu is one of the oldest and largest conferences in Europe on Information Security, which has become an internationally renowned convention within just a few years.

Hack.lu 2016, nothing is beyond a good hack

Mon, 01 Jan 0001 00:00:00 +0000

The full schedule of speakers and workshops now released

The 12th edition of hack.lu, taking place on October 18-20 at Alvisse Parc Hotel Luxembourg, is again a not-to-miss international event for all the computer security, privacy and information technology experts.

Some Key Talks

The impressive line up of speakers and workshops will cover various topics about computer security, privacy, information technology and its cultural/technical implication on society. This year’s talks include technical demonstrations, for instance on “how to remotely exploit and attack seismological networks” or a previous Defcon talk on “Cyber Grand Shellphish: Shellphish and the DARPA Cyber Grand Challenge”. Wayne and Sun Huang will unveil the attack chain of Russian-speaking cybercriminals. There will also be familiar names like Stefan Esser giving “An in-depth view into the iOS Kernel Vulnerabilities abused by PEGASUS”. Mahsa Alimardani, the Iran editor for Global Voices and Iranian-Canadian Internet researcher will explain the need to bridge the relationship between the practices of change actors and the decisions of technologists to ensure that they inform the technologies and digital security guidelines given to them - not the other way.

Hack.lu 2017 - Call for papers and for sponsors now open

Mon, 01 Jan 0001 00:00:00 +0000

The 13th edition of Hack.lu will take place on October 17-19, 2017, at Alvisse Parc Hotel in Luxembourg. Registrations are open here: https://2017.hack.lu/info/

The opportunity to submit papers for presentation and workshop proposals is now open until July 21st. The proposals will be reviewed and selected by the hack.lu program committee.

Last year’s attendance reached more than 400 world-class security professionals from around 40 different countries. Hack.lu is an internationally renowned convention. The purpose of this conference is to give an open and liberal playground where people can discuss the implication of new technologies within society. It is a balanced convention where technical and non-technical people can meet and share freely all kind of information. The most significant new discoveries about computer network attacks and defenses, commercial or free security products, and pragmatic real world security experience will be covered.

How secure is an URL? Check before you click

Mon, 01 Jan 0001 00:00:00 +0000

URLs are often used as a point of access for attackers, who create malicious links that redirect to a spam or malicious website. Many e-commerce sites encounter this issue and the legitimacy of the URL is often not questioned by the users.

To answer this ongoing trend and provide users with a preliminary check before clicking or submitting a link to a security organisation, CIRCL has just launched an URL Abuse tool in order to review the security of an URL.

Information Leaks affecting Luxembourg

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL has just released a web page listing the information leaks affecting Luxembourg and the related recommendations in order to raise awareness and provide a central point of up-to-date information for all.

It is important to understand the meaning behind the term information leak: it is the publication (or trusted anouncement of possession) of stolen or otherwise acquired digital information like user profiles, credentials or other digital assets.

“We have realized in the past years that it is difficult to inform individuals about a leak. People often suspect the warning to actually be a phishing email and they thus ignore it. Also, we face leaks that contain several million victims of stolen private information. To provide people in Luxembourg with a regularly updated online listing is in our opinion an additional way to go about it, to inform and raise awareness. We will of course still inform infected individuals and/or groups through dedicated channels whenever it is required, but additionally, we will point people to the page listing the leaks and the associated actions to take”, explains Sascha Rommelfangen from CIRCL.

Launch of X-ISAC, an Information Sharing and Analysis platform for all ISACs

Mon, 01 Jan 0001 00:00:00 +0000

X-ISAC (pronounced cross-ISAC) (https://www.x-isac.org) has just been launched to provide existing ISACs (Information Sharing and Analysis Centers), CSIRT networks and information sharing communities a dedicated, reliable and trusted platform for information sharing and analysis purposes.

Communities providing core software, cross sector threat intelligence, taxonomies and open standards will not only be able to create their own ISAC but will also be able to interconnect with others using this new tool.

Le projet « European Union anti-Phishing Initiative » présent à ICTSpring Europe 2015

Mon, 01 Jan 0001 00:00:00 +0000

Le projet « European Union anti-Phishing Initiative » (EU-PI) sera présenté à l’occasion de la conférence ICTSpring Europe, lors d’un événement spécial qui se déroulera le 20 mai prochain de 9h à 11h. L’initiative EU-PI est pilotée par LEXSI et co-financé par le programme Prévention et Lutte contre le Crime de l’Union Européenne. « Ce projet vise à encourager les Internautes à effectuer un geste citoyen en notifiant rapidement des adresses URLs suspectées de faciliter une attaque de phishing. Un autre objectif consiste à fédérer les acteurs publics et privés qui souhaitent combattre le phénomène du phishing » , explique Vincent Hinderer, responsable du Projet et expert en cybersécurité au sein du groupe LEXSI.

Live Data Destruction @Hack.lu 2016

Mon, 01 Jan 0001 00:00:00 +0000

Ever dreamed of destroying your old media storage? If yes, then visit hack.lu

The Data Destruction team from Streff (streff.lu)- the international and national moving, secure storage, archiving, document shredding and product destruction company - will be present on Thursday morning with a hardware shredder.

Bring your old Magnetic Tapes, Optical Media, Credit and Identity Cards, USB Sticks, SSD drives, mobile phones and PDAs to get them destroyed live and for free. It’s time!

Luxembourg National Anti-Botnet Support Center joins the European Advanced Cyber Defence Centre

Mon, 01 Jan 0001 00:00:00 +0000

The Computer Incident Response Center Luxembourg (CIRCL) is proud to announce the launch of botfree.lu the Luxembourgish complement of botfree.eu, an anti-botnet support platform, with the participation of 28 partners across Europe. botfree.eu is the outcome of European Advanced Cyber Defence Centre (ACDC). The aim of this European Project, driven by German ISP’s association ECO, is to create a community of stakeholders joining forces to fight botnets. In Luxembourg, University of Luxembourg is member of the ACDC project and works on the topic of Big Data for Security.

Meet CIRCL at FIRST Annual Conference in Berlin

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL is proud to announce its participation and support of the 27th annual Forum of Incident Response and Security Teams (FIRST) conference that will be held in Berlin Forum from June 14th to 19th.

FIRST is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) from Asia, Europe, Americas and Oceania. The organisation gathers response teams from over 240 corporations, government bodies, universities and other institutions.

MISP training in Luxembourg on March 22, 2016

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL will organize a first MISP training on March 22, 2016 at the Novotel Luxembourg Centre from 10am until 4pm.

MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises (IOCs) from attacks and cybersecurity threats. Today, MISP is used in multiple organizations to store, share, collaborate on malware, and also to use the IOCs to detect and prevent attacks. The aim of this trusted platform is to help improving the countermeasures used against targeted attacks and set up preventive actions. MISP becomes a full-feature information and threat sharing platform to support operational and tactical cybersecurity intelligence.

MISP training, “the Brussels Edition”, in collaboration with CERT.EU

Mon, 01 Jan 0001 00:00:00 +0000

On September 5th and after 3 successful editions, the MISP (Malware Information Sharing Platform) training is traveling to Brussels. This workshop is organized in collaboration with CERT-EU and will take place at the European Economic and Social Committee’s premises.

Previous MISP trainings, given by CIRCL, have gathered more than 100 security experts from Luxembourg, France, Belgium, Germany, the UK, Spain, North America and the Netherlands.

MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises (IoCs) from attacks and cybersecurity threats. Today, MISP is used in multiple organizations to store, share, collaborate on malware, and also to use the IoCs to detect and prevent attacks. The aim of this trusted platform is to help improving the countermeasures used against targeted attacks and set up preventive actions. MISP will become a full-feature information and threat sharing platform to support operational and tactical cybersecurity intelligence.

New wave of successful fake Microsoft callers in Luxembourg

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL warns that a wave of fake Microsoft support calls has been occurring the past days in Luxembourg. In the last weeks, a rising number of these scam calls were reported to the police.

What is happening?

The callers claim to be from Microsoft and that they have identified some issues with the users’ Microsoft Windows operating system. They propose help and while they are on it they make a contract in order to finalize the process. Then they ask for a credit card number in order to finalize the service offer. They also use remote access tools in order to access the users’ Microsoft Windows OS.

No More Ransom update. Belgian Federal Police releases free decryption keys for the Cryakl ransomware

Mon, 01 Jan 0001 00:00:00 +0000

The Belgian Federal Police has released free decryption keys for the Cryakl ransomware on Friday February 9, 2018, after working in close cooperation with Kaspersky Lab. The keys were obtained during an ongoing investigation; by sharing the keys with No More Ransom the Belgian Federal Police becomes a new associated partner of the project – the second law enforcement agency after the Dutch National Police.

In the last few years ransomware has eclipsed most other cyber threats, with global campaigns indiscriminately affecting organisations across multiple industries in both the public and private sector, as well as consumers. One of the most effective ways to fight ransomware is to prevent it. This is exactly why No More Ransom was launched more than a year ago.

OpenSSL Heartbeat, a critical vulnerability

Mon, 01 Jan 0001 00:00:00 +0000

Luxembourg, April 8, 2014 - CIRCL has just released an alert regarding the vulnerability of the OpenSSL software to memory leakage to the connected client or server. In other words, anyone can remotely retrieve sensitive information (i.e. secret keys, passwords, confidential documents) from the memory of the remote servers without leaving any traces.

Sascha Rommelfangen from CIRCL, states, “This is a critical vulnerability and you must patch your OpenSSL software as soon as possible. After patching, all sensitive information would still need to be evaluated, more especially private keys and credentials. We recommend at least to regenerate the X.509 key materials”.

Outcome of the first Open Source Security Software Hackathon and announcement of

Mon, 01 Jan 0001 00:00:00 +0000

On May 2nd and 3rd, 2017, around 40 free and open source software developers met in Luxembourg to take part in the first Open Source Security Software Hackathon (OS3 Hackathon). This 2 days event offered the opportunity to the developers to collaborate on various software projects in the information security field.

During this hackathon, significant achievements in existing projects were reached and new projects started:

MISP and Cortex integration to allow the information sharing platform MISP to connect and use Cortex intelligence services. Cortex 1.1.1: Two Way MISP Integration Now a Reality.
cve-search performed a new major release and reorganised the contribution aspect to ease the external contribution and improved its test suite.
shotovuln - an offensive bash script for pentesters to find generic privesc issue on Unix boxes.
MISP taxonomy improvement with assessment of the analysts.
MISP galaxy improved with an extended ransomware cluster.
Viper made significant progress towards its support of Python 3, including working on the Python 3 port of pefile and the creation of an open test suite for pefile
A new project has been evaluated for the exchange of software vulnerability information within open source projects supporting software evaluation, information security or assessment. The idea is to share a common format between cve-search, aboutcode to share information about software vulnerabilities within open source projects.
Updates in JSMF-Android - Analysis of Inter-Component Communication links (ICC) and source code of Android applications (AST).
The Seeker of IOC - CERTitude is a Python-based tool, which aims at assessing the compromised perimeter during incident response assignments.
Improvement of mail_to_misp with the support for Thunderbird was added.

A second Open Source Security Software Hackathon #2 (19-20 October 2017) will take place after the Hack.lu conference on Thursday October 19 from 18:00 until 22:00 with a kickoff meeting with all the projects and teams. The second part of the Hackathon will take place the full day of Friday Ocotober 20. As many speakers and participants of the hack.lu will be present, they can conclude their week by participating to the Hackathon.

Phishing-Initiative Luxembourg inauguré pendant l’ICTSpring 2015

Mon, 01 Jan 0001 00:00:00 +0000

Ce mardi et mercredi avaient lieu au Centre des Congrès International le plus important événement de l’année autour des technologies de l’information au Luxembourg : ICTSpring Europe 2015. Cette conférence a rassemblé des centaines de décideurs et entrepreneurs du monde entier actifs dans le numérique, l’innovation technologique, la finance, etc. C’est pourquoi les membres du projet EU-PI ont choisi de présenter à cette occasion aux participants la plateforme mise en ligne pour contribuer à la lutte contre les attaques de phishing (https://phishing-initiative.lu). Sept organisations publiques et privées de France, du Luxembourg et des Pay-Bas se sont en effet associées en 2014 pour initier ce projet. Le Ministère de l’Economie et son GIE SMILE comptent parmi les partenaires du projet co-financé par la Commission Européene.

Private and Public CERTs, stronger together

Mon, 01 Jan 0001 00:00:00 +0000

In February 2015, public and private CERTs from Luxembourg met at the Ministry of Economy in order to exchange on common projects, discuss threats and vulnerabilities information sharing, work on common research projects – all in all to collaborate more closely and create synergies.

From the private sector, were present: DBG-CERT, CERT-XLM, Malware.lu CERT (iTrust) and POST. From the public side, HealthNet CSIRT, CIRCL, RESTENA CSIRT, GOVCERT.LU and HCPN were represented.

“The idea is to create a CERT community gathering all the major actors and their expertise under a unique label and platform, CERT.LU. It is not only important for the local market but also when representing Luxembourg abroad”, explains Pascal Steichen Managing Director at Securitymadein.lu.

Private and Public CERTs, stronger together

Mon, 01 Jan 0001 00:00:00 +0000

From the private sector, were present: DBG-CERT, CERT-XLM, Malware.lu CERT (iTrust) and POST. From the public side, HealthNet CSIRT, CIRCL, RESTENA CSIRT, GOVCERT.LU and HCPN were represented.

Security challenges designed by CIRCL for the Morpheus Cup (19 May 2015 Luxembourg)

Mon, 01 Jan 0001 00:00:00 +0000

The Computer Incident Response Center Luxembourg (CIRCL) has just designed different security and coding challenges for the first Morpheus Cup that will take place on 19 May 2015, during the ICTSpring Europe Conference.

More than 90 teams, each composed of 3 students, have registered to the contest and will fly in to Luxembourg from all over Europe to participate in this premiere. The teams will compete in 10 thematic events and pitch a business project to a panel of high profile judges.

Take a peek into the 13th edition of Hack.lu

Mon, 01 Jan 0001 00:00:00 +0000

The 13th edition of Hack.lu that took place on October 17-19, 2017 at Alvisse Parc Hotel in Luxembourg, was another great success with more than 400 attendees coming from all around the world.

One of the keynote talks given by Vladimir Kropotov and Fyodor Yarochkin tackled Information Flows and Leaks in Social Media. They tried to understand the dynamics of information dissemination through a social network and demonstrated how these networks are frequently abused by all sorts of malfactors to pursue an agenda of their interest. “Our findings are presented in form of several case studies where we walk through series of major events and analyzed how these events were played online. Different regional groups, different linguistic groups: the behavior on social media could be a pre-requisite of activity in a kinetic world”.

Technical trainings made by CIRCL for improved information security in Luxembourg and abroad

Mon, 01 Jan 0001 00:00:00 +0000

CIRCL has developed a number of trainings for its members and the organisations based in Luxembourg as part of its mission to improve national information security.

The diversity of the competences and expertise within CIRCL’s team, allows to cover a large number of trainings and topics, which targets both technical experts and non-technical staff.

“Our trainings range from the introduction to incident response, forensics analysis, penetration testing and reverse engineering to the digital privacy salon. The latter targets all citizens using IT equipment and explains how to handle secure communication tools along with good Internet hygiene and understanding of the associated risks. We usually adapt the trainings to the knowledge of our audience”, explains Michael Hamm from CIRCL.

The "European Union anti-Phishing Initiative" presented at ICTSpring 2015

Mon, 01 Jan 0001 00:00:00 +0000

The “European Union anti-Phishing Initiative” (EU-PI) project will be presented during the 2015 ICTSpring Europe conference as a side event on May 20th, from 9am until 11am.

The EU-PI project is coordinated by Cert-Lexsi and co-funded by the Prevention of and Fight against Crime programme of the European Union. “Its aim is to promote Internet users’ civic mobilisation and fast notification of suspicious URLs that are usually linked to phishing. Another goal is also to facilitate the coordination between different public and private organisations willing to fight this phishing phenomenon”, explains Vincent Hinderer, Project leader and cybercrime expert at Lexsi.

The 10th Hack.lu - Workshops and speakers now announced

Mon, 01 Jan 0001 00:00:00 +0000

The workshops and speakers are now announced for a unique conference in Europe where world-class security professionals meet and openly talk about security vulnerabilities and their own discoveries

Luxembourg September 15th, 2014 - For the 10th time in a row, one of the oldest and largest conferences in Europe on Information Security will be held in Luxembourg on October 21-24 at Parc Hotel Alvisse. With more than 250 attendees from around 40 different countries, hack.lu has strongly positioned itself on the international security scene, while somehow keeping an intimate and community driven atmosphere.

The first international Malware Information & Threat Sharing Platform Summit

Mon, 01 Jan 0001 00:00:00 +0000

The first ever Malware Information Sharing Platform (MISP) Summit will be held on Monday 19 October from 14:00 to 17:00 at the Alvisse Parc Hotel, the day prior to the hack.lu conference.

MISP is an advanced platform for sharing, storing and correlating Indicators of Compromises from attacks and cybersecurity threats. Today, MISP is used in multiple organisations to store, share, collaborate on malware, and also to use the IOCs to detect and prevent attacks. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions.

The Inception Framework - Cloud-Hosted Targeted Malware Framework.

Mon, 01 Jan 0001 00:00:00 +0000

Blue Coat researchers, with the participation of CIRCL (Computer Incident Response Center Luxembourg) and various partners, have uncovered highly sophisticated and automated attacks targeting embassies, major corporations, politics, military and the financial sector, all over the globe.

The framework set for performing these targeted attacks is named Inception. It uses a cloud-based infrastructure located in Sweden, CloudMe, and the WebDAV protocol. It also includes randomized file names to prevent detection (in Hindi, Russian, Swedish and English), and malware components embedded in Rich Text Format (RTF) files. These malware payloads have been recovered in home routers and mobile devices. The malware indicators can be found on the MISP (Malware Information Sharing Platform), operated by CIRCL.

Une nouvelle vague de ransomware cible le Luxembourg

Mon, 01 Jan 0001 00:00:00 +0000

Une nouvelle vague d’attaques affectant les sociétés et les particuliers est en augmentation depuis quelques jours au Luxembourg. Cette infection connue sous le nom de CTB-Locker ou Critroni crypto ransomware est delivrée principalement par le biais des messages de spam et des pièces jointes (par exemple les fichiers ZIP, via Flash…). Voici le message qui s’affiche sur l’écran :

Ce type de malware chiffre les serveurs de fichiers des victimes ou leurs disques durs (incluant les « network map drives »), qui contiennent généralement des informations sensibles, et exige une rançon afin de recevoir la clé de déchiffrement et ainsi débloquer les fichiers. Le montant demandé va de 500 à 1.000 euros. D’après certains rapports, ce malware aurait été très fructueux pour les attaquants. Ces infections impliquant une crypto ransomware peuvent être dévastatrices pour les organisations touchées, en particulier lorsque les informations vitales de l’entreprise ne sont plus accessibles.

Workshop Invitation - Discover CIRCLean

Mon, 01 Jan 0001 00:00:00 +0000

Workshop Invitation: Discover the CIRCLean – a USB key sanitizer to avoid malware infections - Tuesday July 8th 2014 (4PM-6PM) at the Technoport Belval

It is our pleasure to invite you to the CIRCLean workshop on Tuesday July 8th at the Technoport Belval from 4pm to 6pm, located at 9, avenue des Hauts-Fourneaux, L-4362 Esch-sur-Alzette.

We will be presenting our independent hardware solution, CIRCLean, which enables to clean documents from untrusted USB keys. The device also converts automatically untrusted documents into a readable format on a clean USB key/stick.