Warnings

Languages

Service navigation

Search

Navigation

Warnings

E-mails with malware in the name of debt collection agencies and health insurance companies

02.12.2024 - The NCSC is currently receiving numerous reports of e-mails that claim to come from a debt collection agency or a health insurance company. They concern an alleged claim or reminder. Do not click on the link, as this is an attempt to distribute malware to Windows users.

Caution: Fake letters on behalf of MeteoSwiss – Instead of a ‘Severe Weather Warning App’, malware is downloaded

14.11.2024 - Physical letters with MeteoSwiss as the sender are currently being sent out. The letters ask the recipients to download a new ‘Severe Weather Warning App’ via a QR code. However, malware is downloaded to the smartphone instead. This looks similar to the Alertswiss app from the Federal Office for Civil Protection on the smartphone's home screen.

Caution: Phishing e-mails in the name of the OASI

04.11.2024 - The NCSC is currently receiving reports of phishing e-mails in the name of the OASI compensation office. The message advises recipients that an alleged refund is pending and that they should provide their personal data and credit card information for this. In reality, the cybercriminals are trying to make purchases with the phished credit card data in their favour.

Worldwide system failures due to faulty updates

19.07.2024 - The NCSC is aware of system failures worldwide and has received corresponding reports from various companies and critical infrastructures in Switzerland. It is a faulty update or misconfiguration by the company CrowdStrike that is causing these system failures. NCSC is in contact with the affected companies. There are currently no known outages in the Federal Administration.

Cybercriminals spread malware for macOS in emails purportedly from AGOV

28.06.2024 - On the evening of 27 June 2024, cyber criminals launched a major 'malspam' campaign against citizens in German-speaking Switzerland. An attempt is being made to infect computers using the macOS operating system with malware called 'Poseidon Stealer' via an email purporting to be from AGOV.

Update: Even after the conclusion of the high-level conference on peace in Ukraine, the overload attacks on websites of organisations involved continue

17.06.2024 - As expected, the overload attacks continue even after the conclusion of the high-level conference on peace in Ukraine. The websites of the organisations involved in the conference are still being targeted. The National Cyber Security Centre is monitoring the situation and is in contact with the organisations concerned.

Critical vulnerability in Palo Alto firewalls

18.04.2024 - The NCSC warns of the security vulnerability in Palo Alto's Next-Generation Firewall (NGFW). These firewalls are mainly used by companies and public authorities. They have a critical vulnerability that is already being exploited by cyber criminals. The attackers exploit the vulnerability to execute commands. The NCSC has already received corresponding reports from organisations in Switzerland. The NCSC recommends installing the security updates as quickly as possible or even reinstalling the NGFW if possible.

Critical vulnerability in file transfer software «MOVEit»: Apply Patch quickly

02.06.2023 - The file transfer software called «MOVEit», which is mainly used by businesses, has a critical vulnerability that is already being exploited by cybercriminals. The attackers are exploiting the vulnerability to steal files from the file transfer software. The NCSC started to receive corresponding reports from organisations in Switzerland on 1 June. The NCSC recommends applying the security patch as quickly as possible.

Microsoft Exchange servers still vulnerable in Switzerland (ProxyNotShell) despite NCSC warning

02.02.2023 - Back in November 2022, the National Cybersecurity Centre (NCSC) indicated that more than 2,800 Microsoft Exchange servers in Switzerland were vulnerable because of the critical vulnerability called ProxyNotShell. A month later, the NCSC sent registered letters to around 2,000 operators, asking them to patch the vulnerability. Nevertheless, the message has still not got through to everyone. More than 600 servers in Switzerland are still affected by the gateway for cybercriminals.

Update: Still over 2,000 unsecured Microsoft Exchange servers in Switzerland

01.12.2022 - Just over a fortnight ago, the NCSC called for the security patches provided by Microsoft to be installed in order to fix the ProxyNotShell vulnerability. Despite the urgency, there are still some operators that have failed to heed this call to date. Therefore, the NCSC has sent more than 2,000 registered letters to those concerned, urging them to act now.

Over 2,800 vulnerable Microsoft Exchange servers in Switzerland once again (ProxyNotShell)

18.11.2022 - The NCSC is aware of over 2,800 Microsoft Exchange servers in Switzerland that have a ProxyNotShell critical vulnerability. As these Exchange servers are connected to the internet and accessible from everywhere, it is possible for attackers to exploit the vulnerability remotely and execute code (Remote Code Execution Vulnerability – RCE). Therefore, attackers can exploit the vulnerability to compromise Microsoft Exchange Server.

Fraudulent emails in the name of the NCSC

06.07.2022 - Currently, cybercriminals are sending fraudulent emails in the name of the NCSC. The unknown perpetrators are using a domain name (ncscS.ch) that looks deceptively similar to that of the NCSC (ncsc.ch). Do not reply to these emails!

MS Exchange vulnerabilities still not patched

16.05.2022 - The NCSC has sent registered letters to more than 200 companies to notify and warn them once again about vulnerable Microsoft Exchange servers. The security vulnerability was discovered quite some time ago and is being actively exploited by cybercriminals.

QakBot malware active again

14.03.2022 - At the moment, cybercriminals are once again making increasing use of stolen email conversations to spread malware. This primarily affects companies, where employees who are contacted directly are used as a gateway for ransomware attacks.

High time to fix the security vulnerabilities in Microsoft Exchange Servers

16.02.2022 - The NCSC strongly urges businesses and communes to install the security patches for Microsoft Exchange Servers. The security vulnerabilities in Microsoft Exchange Servers, which have been known for a long time, are being actively exploited by cybercriminals to install encryption Trojans, for example.

Emails with malicious Office documents on the rise again

20.01.2022 - The use of emails with malicious Microsoft Office documents to spread malware is on the rise again. Once a computer has been infected, fraudsters have undetected access to the entire network. Help fight such cyberattacks and report suspicious emails to the NCSC at antiphishing.ch.

Update: Discovery of a new way of exploiting the Log4j critical security vulnerability

17.12.2021 - A new way of exploiting the Log4j security vulnerability allows attackers to execute arbitrary code remotely (remote code execution, or RCE). The security vulnerability is already being actively exploited by cybercriminals. The NCSC urgently recommends applying the security patches as soon as possible.

Critical security vulnerability in Java library Log4j

13.12.2021 - At the end of last week, a zero-day vulnerability in the popular Java library Log4j was disclosed. The security vulnerability is classified as critical, as the library is used in a great many Java applications. Moreover, the security vulnerability allows an attacker to execute arbitrary code remotely (remote code execution, or RCE). It is already being actively exploited by cybercriminals to infect vulnerable systems with malware. The NCSC recommends applying the security patches as quickly as possible.

Emotet malware back in Switzerland

29.11.2021 - In recent days, several countries have reported the return of Emotet. Now, such spam emails from .ch senders have also been observed. Emotet is often hidden in Microsoft Office files and requires macros to install the malware on the IT system, e.g. a computer. These attacks can affect private users, as well as companies, authorities and critical infrastructures. The NCSC recommends being extremely cautious, especially in the case of emails with attached files.

Further security vulnerabilities for Microsoft Exchange Server

09.08.2021 - During a conference last week, security researchers presented new vulnerabilities in Microsoft Exchange Server. Hackers are now trying to detect vulnerable systems by means of scanning in order to attack them. The NCSC recommends immediately applying the patches provided by Microsoft.

Patches available - Critical vulnerability affecting the Windows Print Spooler service of Microsoft systems

08.07.2021 -UPDATE: There is currently a critical vulnerability in printer spoolers of Microsoft systems. Microsoft has now made the first updates available. The NCSC recommends applying the patches immediately.

IT service provider Kaseya used to launch hacker attack

05.07.2021 - Hackers are currently exploiting a vulnerability at the US IT service provider Kaseya. The firm's customers, which include hundreds of companies worldwide, are now in the attackers' sights. They are encrypting company data and demanding a ransom. As yet, the NCSC has not received any reports of Swiss companies being affected.

Critical vulnerability affecting the Windows Print Spooler service of Microsoft systems

02.07.2021 - A critical vulnerability that affects the Windows Print Spooler service of Microsoft systems currently exists. Despite the updates provided by Microsoft at the beginning of June, the vulnerability can be exploited using PrintNightmare. The NCSC recommends, as a matter of urgency, disabling the print spooler service on servers that are not used for printing.

Critical zero-day vulnerability in Pulse Secure and SonicWall products

21.04.2021 - On the 20th April, security researchers have published information about several vulnerabilities in two Security-Products, affecting Pulse Secure and SonicWall. Current information shows that these vulnerabilities are already actively being exploited by unknown threat actors in targeted attacks, used to gain access to victim’s network (zero day exploitation).

Microsoft closes further Exchange Server vulnerabilities

15.04.2021 - Microsoft had already disclosed Exchange Server vulnerabilities in March and provided corresponding patches. New vulnerabilities have now emerged and need to be patched immediately.

Vulnerability in Exchange servers

12.03.2021 - During the last days, there have been numerous media reports about various vulnerabilities in Microsoft Exchange servers. The NCSC assumes that several hundred systems in Switzerland are affected by the vulnerability. Cybercriminals have now started to attack Microsoft Exchange servers that have previously been compromised, encrypting them with a new ransomware called "DoejCrypt" . We recommend to immediately patch and check your Exchange servers for infections!

Last modification 03.01.2025

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/warnungen.html