Slovakia’s real estate registry has been the victim of a massive cyber attack, which is considered one of the largest in the country’s history. The attack was identified at 8:50 a.m. on Sunday, January 5, 2025, and caused the paralysis of all electronic services and information systems of the cadastre. It was an advanced targeted attack on the infrastructure of the Cadastre Office, in which the attackers used ransomware to encrypt the property database.

The consequences of the attack are significant. The cadastral departments of the district offices have been closed as a precautionary measure and key activities such as transfers of ownership or registration of liens have been paralysed. This situation has had a significant impact on the real estate market, the banking sector and ordinary citizens. For example, mortgage lending is restricted and the functioning of municipalities is disrupted due to the inability to access property data.

The Office of Geodesy, Cartography and Cadastre of the Slovak Republic is working intensively on the renewal of systems. According to the statement of the Office, they have multi-layered backups which should make it possible to restore the data. Lukáš Hlavička, the head of IstroSec, which is helping the authority to resolve the incident, said that the integrity of the files is being checked.

According to zive.sk’s findings, the office was using outdated and insecure computers from 2008 to 2012.

According to the latest information, the cadastral offices could start gradually resuming their activities next week. The office says it has data backups and that there has been no interference with the cadastre’s database. However, the exact date for the full restoration of services is not yet known.

This incident exposed the vulnerability of key state systems and highlighted the need to strengthen the cyber security of state institutions.

Banshee Stealer attacks macOS

Researchers at Check Point Research have discovered a new variant of the Banshee Stealer malware targeting macOS. The malware, which was first detected in mid-2024, has undergone a major update that has increased its ability to evade detection.

The key novelty of this variant is the use of an encryption algorithm taken from Apple’s XProtect antivirus tool. This technique allowed the malware to remain undetected for over two months, as antivirus programs considered this type of encryption a legitimate part of macOS. Another significant change is the removal of the Russian language check, suggesting that attackers are now targeting a wider range of users, including those in Russian-speaking countries.

Banshee Stealer is capable of stealing a wide range of sensitive information, including web browser logins, cryptocurrency wallet data, passwords stored in macOS Keychain, and information from two-factor authentication. The malware also collects detailed information about the system and network traffic of the infected device.

The distribution of this malware is mainly through phishing websites and fake repositories on GitHub. Attackers often disguise Banshee Stealer as popular software such as Google Chrome, Telegram or TradingView to trick potential victims. These fake repositories are often stamped with stars and reviews to make them look trustworthy.

Although the source code of Banshee Stealer was leaked back in November 2024, leading to better detection by antivirus programs, the threat still persists. Experts warn that this malware poses a significant risk to more than 100 million macOS users worldwide and stress the need to use advanced security solutions to protect against this threat.

Zero-click exploit attacks Samsung devices

A vulnerability in Monkey’s Audio Decoder (APE) tracked as CVE-2024-49415 with a CVSS score of 8.1 affects Galaxy S23, S24 and other models running Android versions 12, 13 and 14. This vulnerability, referred to as zero-click, allows remote execution of arbitrary code without user interaction.

The exploit exploits a memory overflow vulnerability in the libsaped.so library, which is part of the APE decoder implementation. The attack is executed via Rich Communication Services (RCS) in the Google Messages application, which is enabled by default on newer Galaxy models. An attacker can send a specially crafted audio file via RCS message to trigger the exploit.

A successful exploit allows an attacker to gain full access to the device, including the ability to exfiltrate sensitive data and eavesdrop on communications. The severity of this vulnerability is that it requires no user interaction, which greatly increases its danger in the context of APT campaigns and targeted attacks.

Samsung released a security patch in December 2024 that fixes this vulnerability.

Critical vulnerability in KerioControl

A critical security vulnerability has been discovered in GFI KerioControl, tracked as CVE-2024-52875, that allows remote code execution (RCE). This vulnerability affects versions 9.2.5 to 9.4.5 and consists of insufficient sanitization of inputs in several interfaces, specifically incorrect filtering of end-of-line characters in the “dest” parameter.

The vulnerability was initially considered minor, but further analysis revealed the possibility of exploiting it to perform a 1-click RCE attack. This led to a severity reassessment to high with a CVSS score of 8.8. Successful exploitation would allow an attacker to gain root access to the firewall, which could seriously compromise the entire network security infrastructure.

GFI Software released a patch on December 19, 2024 in the form of KerioControl 9.4.5 Patch 1. Users are strongly encouraged to apply this update as soon as possible to secure their systems against potential attacks.