惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
F
Full Disclosure
Martin Fowler
Martin Fowler
The GitHub Blog
The GitHub Blog
L
LangChain Blog
T
The Blog of Author Tim Ferriss
D
DataBreaches.Net
GbyAI
GbyAI
Y
Y Combinator Blog
博客园 - Franky
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
A
About on SuperTechFans
Blog — PlanetScale
Blog — PlanetScale
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
G
Google Developers Blog
罗磊的独立博客
Hugging Face - Blog
Hugging Face - Blog
博客园 - 三生石上(FineUI控件)
IT之家
IT之家
Jina AI
Jina AI
N
Netflix TechBlog - Medium
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 聂微东
腾讯CDC
H
Help Net Security
H
Heimdal Security Blog
J
Java Code Geeks
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
The Exploit Database - CXSecurity.com
The Register - Security
The Register - Security
大猫的无限游戏
大猫的无限游戏
T
Threatpost
B
Blog RSS Feed
T
Threat Research - Cisco Blogs
Microsoft Security Blog
Microsoft Security Blog
S
Securelist
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
B
Blog
量子位
AWS News Blog
AWS News Blog
Project Zero
Project Zero
P
Proofpoint News Feed
Cisco Talos Blog
Cisco Talos Blog
Spread Privacy
Spread Privacy
S
Schneier on Security

Help Net Security

ChatGPT advanced account security adds passkeys and hardware keys Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months Automating Pentest Delivery: A Step-by-Step Guide - PlexTrac Open-source privacy proxy masks PII before prompts reach external AI services Shadow AI risks deepen as 31% of users get no employer training Identity is the control plane for distributed infrastructure AI traffic is getting bigger, louder, and less predictable New infosec products of the month: April 2026 cPanel zero-day exploited for months before patch release (CVE-2026-41940) Cisco releases open-source toolkit for verifying AI model lineage Met Police face criticism for using AI to spy on their own officers Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Hacker with a special interest in breaching sports institutions ends behind bars - Help Net Security IP Fabric MCP server adds governance and control to enterprise AIOps workflows - Help Net Security Aqua Compass MCP server enables real-time investigation and containment of runtime threats - Help Net Security Google brings instant email verification to Android, no OTP needed - Help Net Security If cyber espionage via HDMI worries you, NCSC built a device to stop it - Help Net Security Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) - Help Net Security GopherWhisper APT group hides command and control traffic in Slack and Discord - Help Net Security OpenAI tackles a bad habit people have when interacting with AI - Help Net Security A year in, Zoom's CISO reflects on balancing security and business - Help Net Security Scenario: Open-source framework for automated AI app red-teaming - Help Net Security GDPR works, but only where someone enforces it - Help Net Security Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security Google’s Workspace Intelligence promises privacy while running on your data - Help Net Security Cyberattack on French government agency triggers phishing alert - Help Net Security Claude Mythos finds 271 Firefox flaws, Mozilla believes zero-days are numbered - Help Net Security Prove Identity Platform connects verification, authentication, and fraud prevention - Help Net Security New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security Acronis GenAI Protection gives MSPs control over AI usage and data risks - Help Net Security Elastic MCP Apps bring security and observability workflows into AI tools - Help Net Security Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) - Help Net Security Tencent's QClaw AI agent app arrives on Windows and macOS - Help Net Security Phishing reclaims the top initial access spot, attackers experiment with AI tools - Help Net Security OneDrive updates focus on AI, access control, and compliance - Help Net Security PentAGI: Open-source autonomous AI penetration testing system - Help Net Security Apple Intelligence flaw kept stolen tokens reusable on another device - Help Net Security Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook - Help Net Security Thunderbird 150 arrives with encrypted message search and OpenPGP improvements - Help Net Security VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes - Help Net Security Ransomware negotiator admits role in attacks he was hired to resolve - Help Net Security Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency Ivanti Neurons AI automates IT operations, reducing manual work and security risk Silobreaker Mimir adds agentic AI to intelligence workflows with governance and transparency - Help Net Security OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) A single platform powers SIM farm proxy networks across 17 countries - Help Net Security NGate NFC malware targets Android users through trojanized payment app - Help Net Security Meta and PortSwigger drive offensive security further to find what others miss - Help Net Security EU pushes for stronger cloud sovereignty, awards €180 million to four providers - Help Net Security SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines - Help Net Security How to spot a North Korean fake in a job interview - Help Net Security Product showcase: Syncthing for secure, private file synchronization - Help Net Security Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits Google wipes out 602 million scam ads with Gemini on duty Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild GitLab 18.11 brings agentic AI to security fixes, CI pipelines, and delivery analytics Liongard upgrades LiongardIQ with AI access, live asset data, and deeper discovery Mozilla challenges enterprise AI providers with Thunderbolt, open-source AI client under your control Codex can now operate between apps. Where are the boundaries? Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits Apple AirTag tracking can be misled by replayed Bluetooth signals Social media bans might steer kids into riskier corners of the internet Workplace stress in 2026 is still worse than before the pandemic New infosec products of the week: April 17, 2026 - Help Net Security ImmuniWeb brings AI upgrades, post-quantum detection and more in Q1 2026 NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards - Help Net Security Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) - Help Net Security Google Play is changing how Android apps access your contacts and location Tails 7.6.2 patches vulnerability that could expose saved files Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug Two US nationals jailed over scheme that generated $5 million for the North Korean regime Product showcase: Ente Auth encrypts, backs up, and syncs 2FA Wi-Fi roaming security practices for access network providers and identity providers European AI spending set to hit $290 billion by 2029 Windows is getting stronger RDP file protections to fight phishing attacks Capsule Security debuts with $7 million funding to secure AI agent behavior Hackers hijacked CPUID downloads, served STX RAT to victims $12 million frozen, 20,000 victims identified in crypto scam crackdown Rockstar Games receives “pay or leak” warning after cyberattack Google makes it harder to exploit Pixel 10 modem firmware Siemens expands Industrial Automation DataCenter with edge AI and cybersecurity Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) Seized VerifTools servers expose 915,655 fake IDs, 8 arrested Fixing vulnerability data quality requires fixing the architecture first ZeroID: Open-source identity platform for autonomous AI agents MITRE releases a shared fraud-cyber framework built from real attack data The fully free Linux OS Trisquel gets a major update with version 12.0 Ecne Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast ClickFix campaign delivers Mac malware via fake Apple page Poisoned “Office 365” search results lead to stolen paychecks Gmail’s end-to-end encryption comes to mobile, no extra apps required To counter cookie theft, Chrome ships device-bound session credentials Product showcase: Session, a messenger without phone numbers or metadata Little Snitch for Linux shows what your apps are connecting to - Help Net Security Apiiro CLI turns AI coding assistants into full-stack security engineers - Help Net Security April 2026 Patch Tuesday forecast: Spring-cleaning of a preview - Help Net Security What vibe hunting gets right about AI threat hunting, and where it breaks down - Help Net Security Health insurance lead sites sell personal data within seconds of form submission - Help Net Security
A small Slovenian team handles 6,000 cyber incidents a year
Mirko Zorz · 2026-06-03 · via Help Net Security

Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts sorts through them. Gorazd Božič, who manages SI-CERT at the public agency ARNES, described that work in an interview conducted in person at the Span Cyber Security Arena conference. He put the original proposal for a Slovenian CERT to ARNES leadership in 1994, and the center now records about 6,000 incidents a year, up from roughly 300 ten to fifteen years earlier.

cyber incident response

How incidents get sorted

SI-CERT runs three triage lines. One handles routine reports, mostly online fraud where someone has lost money or encountered a scam attempt. These follow a linear path, with the team sending advice on options such as contacting the police or filing a complaint with a bank. A second line covers more serious incidents that need a senior analyst to weigh the technical details, decide which tools and logs matter, and coordinate with the reporter and other parties. A third line handles phishing reports on its own. The team began with one workflow for everything and split it into three lines as the workload grew, which let them streamline processing.

Each case gets classified with the ENISA reference taxonomy for security incidents, adapted with extra subcategories. Analysts label the incident type, such as denial of service, a compromised unprivileged account, or ransomware, record the victim’s sector, and add free-form tags that feed the center’s statistics.

A public-sector team that grew slowly

Božič put the original proposal to the director of Slovenia’s academic and research network in 1994, and SI-CERT became a department inside that public agency. Croatia took a similar route with CARNET. The team started with three people who each knew everything and specialized as it grew, adding staff for malware analysis, digital forensics, and threat intelligence. It remains small, with about 13 people aiming to reach 15 this year, and everyone works on the CERT as a paid, permanent role.

Earning the private sector’s trust

Through the 1990s and 2000s, governments paid little attention to CERTs, so the center had to prove its value to private companies on its own. A turning point came around 2012 during a Cyber Europe exercise built around attacks on banks. The ministry invited several banks, and the banks learned that SI-CERT could take over tasks such as phishing site takedowns, work they lacked the capacity and know-how to do themselves. The banking sector came around, and the energy and telecommunications sectors followed based on their maturity. The NIS and NIS2 directives now require entities deemed essential or important to report incidents, and Božič prefers to stress the help the center provides over the legal mandate.

He recalled a visit to a Slovenian power plant where staff asked how SI-CERT could help without knowing their SCADA and operational technology systems. His answer turned on a common entry point: many attacks on a plant begin with an infected Windows system that controls it. He asked how many malware analysts the plant kept on staff and guessed the number was zero, since keeping one on standby for years rarely pays off for a single company.

Government funding lets SI-CERT maintain a malware analysis lab and hand the plant a report it can use to judge the effect on its own systems. Božič said the center’s role still gets misread as an inspectorate or a branch of law enforcement, and closing that gap remains ongoing work.

Working alongside the police

SI-CERT and Slovenian law enforcement first worked a case together in 1998. Cooperation runs smoothly now, after early friction over roles and turf. The police run a strong digital forensics unit and excel at mobile device work, and they turn to SI-CERT for deep network knowledge, things like tracing IPv6 traffic or sifting passive DNS records, along with malware analysis.

Božič pointed to the Anatsa case from last year, an Android malware family used to drain bank accounts, where SI-CERT analyzed the residential proxy side. In one instance a Slovenian victim lost the money in a bank account, and a Slovenian IP address appeared to log in and move the funds. A dawn house search turned up a surprised Serbian construction worker with no IT background. He had bought a 10-euro HDMI dongle from a man in a Trieste cafe, plugged it in to watch football channels, and unknowingly joined a residential proxy network that criminals rent. Božič planned to present a map of such proxies in Slovenia, drawn from Shadowserver Foundation data, later that day.

Lessons from messy incidents

Every hard incident carries an element of chaos, even at organizations with response plans, business continuity policies, and working backups. SI-CERT itself adds to the coordination load as one more party at the table. Resolution goes smoothly when a capable local team is in place, and in those cases the center stays in an advisory role. Trouble comes when a company first considers an incident only after one hits, lacks crisis PR, and reaches for denial as reporters begin calling. He added that the truth comes out on the internet.

He described differing motivations during response. Management wants systems running again quickly, and the center wants to understand the entry point, the attack vector, and how it spread. Bringing systems back can destroy evidence, and a victim’s willingness to share tends to drop once operations recover. Follow-ups, the final reports, and the last pieces of information are the hard parts for a small team. In one router compromise, a cooperative administrator agreed to collect evidence remotely, then sent a short message saying he had wiped and rebuilt the machine.

Budget pressure and AI claims

SI-CERT justifies its budget each year and presses for more. The NIS directive, DORA, and the CRA direct member states to fund qualified staff, and in practice the center repeats its case to new officials after every election cycle. The CRA begins to apply in late September, with further provisions following, and it adds vulnerability handling duties that call for a separate group with skills distinct from digital forensics and a multi-year plan to train them.

On AI, Božič is skeptical of vendors selling automated security operations centers as a finished product. An analyst still needs to understand what an alert means, and building that knowledge takes time.

He compared the current hype to blockchain a decade ago, which promised to solve broad problems and settled into a narrower role. He recalled an EU strategy line about an AI-powered network of security operations centers serving as Europe’s cyber shield, and his questions about which centers, which standards, and which AI went unanswered. His message to the private sector stayed steady throughout: the CERT exists to help, keeps information confidential, follows community standards in place since 1989, and asks only for the information a case requires.

Download: Simplify security management with CIS SecureSuite Platform