National Cyber Alert System

Fake sites targeting local banks
There are several phishing (fake) sites operating on targeting on-line banking customers of major banks of Sri Lanka.
Online banking customers shoud be aware of the e-mails that they receive which may ask you to click on a given link and enter your user ID/account number and password to reactivate your account. If you receive such a mail
i.Do not click on the given links in the mail
ii.Do not enter your user ID and password
iii. Immediately notify the bank and Sri Lanka CERT|CC
Sri Lanka CERT|CC has already disabled several fake on-line banking web sites with the help of our international counterparts.

Microsoft Updates for Multiple Vulnerabilities - Jan 10, 2012
There are multiple vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software. Microsoft has leased updates to address these vulnerabilities.

Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.

Fake hacking incidents reported - Sept 1, 2011
Sri Lanka CERT |CC has noticed that some group of people who are pretending to be Sri Lankan Cyber Hackers are trying to get some publicity by publishing information collected from various DNS servers belonging to both national and international organizations. They have claimed that they have hacked those DNS servers by launching DNS poisoning attacks against those servers. But they haven't provide any acceptable evidence to prove that. Instead they have published some DNS data taken by server scanning which can be done using freely and widely available tools in the Internet. However scanning any systems without the permission of the owners is a punishable offense under the Computer Crimes Act of Sri Lanka. Sri Lanka CERT|CC would like to confirm that there is no hacking incident has happened and those systems are working in healthy condition.

Oracle Updates for Multiple Vulnerabilities - July 20, 2011
The Oracle Critical Patch Update Advisory - July 2011 addresses 78 vulnerabilities in various Oracle products and components. The advisory provides information about affected components, access, and authorization required for successful exploitation and the impact from the vulnerabilities on data confidentiality, integrity, and availability.

Security Tools

A tool to detect all viruses taking advantage of .lnk vulnerability - July 22, 2010
The tool can be used to help users check if their computers are infected with viruses exploiting the .lnk vulnerability.

Zabbix - Open Source Monitoring Solution - July 6, 2010
ZABBIX is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices and other IT resources. It supports distributed and WEB monitoring, auto-discovery, and more.