Lost24

Fraudsters impersonating the T-Mobile network encourage the victims to partake in a survey in which they can win a smartphone. The survey concerns only “selected” group of people, in addition the time to complete the survey is also limited.


T-Mobile’s Technical Security Department is working on blacklisting the domains that mediate in criminal activities. The operator warns people to pay attention to the short decision-making time, which is usually around 1 minute.




Lost24

Experts from Cyberus Technology have revealed another vulnerability of Intel CPU’s from the Core and Xeon families. After software patched Meltdown and Spectre vulnerabilities, Intel CPU’s are exposed to new vectors of attack in form of ZombieLoad, RIDL and Fallout.


According to the experts, ZombieLoad attack restores the browsing history and other sensitive data but also allows the leakage of information from other applications or the operating system. As the expert from Cyberus Technology explains in an interview with Chip portal, ZombieLoad gives malicious application an ability to read the memory of another app running on the same PC or server. As the experts points out, this threat is particularly dangerous for cloud services, as many

Lost24

Microsoft has detected a vulnerability in BLE (Bluetooth Low Energy) version of Titan Security Keys. Due to a high risk of attack, Google has offered free replacements of T1 or T2 variants of units.
The vulnerability is related to improper configuration of Bluetooth pairing protocols, and results in a person in near vicinity of the potential victim being able to easily access the key or the device with which it is paired.


The distance that allows for the attack is just over 9 meters. The attack can place in two ways:
-    When logging in to the account, as at this point users is asked to press a button on the BLE security key for activation purposes. During this stage, third party can conne

Lost24

Numerous people have received fraudulent e-mails impersonating Pekao Bank.


According to Niebezpiecznik, the link in the e-mail message looks legit, it is not suspicious, but the message itself is written in English. By clicking on the link attached to the message, victims are transferred to the bank’s fake website. After providing the login and password, victims are asked to choose the operating system: Android, iOS or another. In addition, they are also required to provide the phone number, on which the malicious app is likely to be sent next. According to the portal, after providing all the necessary details victims are asked to setup their phone.


However, in the case of iOS selected as an operating sy

Lost24

Experts from ESET have detected a new threat in a form of malware called LightNeuron. The malware was created by the Turla hacker group and targets Microsoft Exchange mail servers. The virus is able to take full control of the server, as well as impersonate an individual user by sending e-mails on his behalf.


For now, hackers have focused on governmental institutions such as Ministry of Foreign Affairs and a diplomatic organization from of the Eastern European countries.


Hackers control the virus by using hidden commands inside JPG files and PDF documents, thanks to which e-mails sent out do not raise suspicions.


According to Computerworld, which refers to the speciali

Lost24

Security experts have shown that the surveillance camera manufactured by D-Link, model: DCS-2132L, has security gaps. This is disturbing mainly because people who invested in the security of their homes in the form of a surveillance camera may have been exposed to cybercriminals. Security vulnerabilities have enabled third parties to tap into video stream.


Experts from ESET have shown that the camera did not encrypt the device-cloud-user app line of communication. In this way, the cybercriminal could intercept the feed from the camera. It has been proven that in addition to image capture, it was also possible to get a real time preview of the audio recorded by the camera. The fault of this is the improperly secured myDlink web-browser plugin.&

Lost24

Newest entry to the Avengers franchise entering the cinemas did not only results in giant ticket sales but also have led to increased number of phishing attacks.


Cybersecurity experts have noted a number of phishing attacks in which Avengers fans were targeted. Cybercriminals have prepared fake websites, where they offered the “opportunity” to watch the finale of the Avengers movie for free.


If any of the movie’s fans clicked on the video icon, a short scene from the movie appeared onscreen, but it was cut out from the official trailer. After a few seconds of playback, the victim is redirected to the registration page, where it is required to provide the credit card number along with the CVV2 code. I

Lost24

The city of Gdańsk, in order to encourage its residents to fill in their income tax, has organized a lottery. Over 18,000 people participated in the lottery, with one of the prizes being a hybrid car.


In order to participate in the lottery, you had to fill in a form where you were asked to fill in the details such as your name, social security number, phone number along with your e-mail address and the place where you have submitted the tax return.


However, one of participants of the competition has discovered a glaring error, the contest website pitwgdansku.pl enabled third parties the access to the data of the participants. The error was reported to the company responsible for the website – PlayPrint

Tuesday 30 April 2019, Safety Guide

Strong password – a key to security

Lost24

British National Cyber Security Centre has performed an analysis of passwords most commonly set up by internet users.


The research was based on the analysis of millions of passwords hacked worldwide. Usually most commonly used were simple combinations of numbers, with top being 1234, 123456789, qwerty, password, 111111, abc123 and names of pop music bands and sport teams.


ESET security experts warn against the use of weak password and advise to use Have I been Pwned – HIBP. This site allows you to verify if the password has ever been broken. If this happens, it is the best to set a new one and use a password manager.


Sunday 28 April 2019, Safety Guide

Criminal groups on Facebook

Lost24

Facebook has over 2 billion users, which means that it’s not that difficult to find out it’s used by organized crime. Talos report has revealed the existence of 74 criminal groups, consisting of over 385,000 users of the social network.


In order to find a group, Facebook users had to only type in the search engine relevant keywords, such as spam, carding or selling cvv. What’s more, Facebook has suggested associated groups to such person.


What did these groups offer?
-    Hacked credit cards
-    Financial information
-    Credentials
-    Mail spamm

Lost24

Users of Xiaomi phones were recently exposed to hacker attacks. This situation was caused by the preinstalled application called Xiaomi Guard Provider, which was suppose to ensure the security of the device.


However, the application did not protect the outgoing and incoming http protocol traffic from the application. According to Check Point, the attack could be initiated when the hacker connected to the same Wi-Fi network as the potential victim, so he could carry our what is called a man-in-the-middle type of attack. In addition, due to the vulnerabilities in communication between multiple SDKs hacker could enter any code, which enabled theft of password, or the installation of malicious software.


Check

Lost24

It looks like there’s another wave of incoming calls from unknown numbers from abroad, in this case from the Ascension Islands. If anyone tries to call them back, they will end up with a huge bill.


According to PROGET, one of its employees has noticed a call attempt from these islands. The calls are made in such a way that the recipient has no chance to answer the call because caller hangs up after a second. PROGET warns that if the potential victim does not verify the number and calls back it might cost from a couple up to a several hundred USD. In the case of PROGET, the situation is especially dangerous because employees of the company may try to call back to the unknown numbers from their company phones, thinking that a potential client

Lost24

Pen Test Partners have recently conducted research on the security of smart alarm systems. The research shows that over 3 million cars had security flaws that were linked to two companies, Pandora and Viper.


The vulnerabilities were quite serious, mainly due to the fact that they allowed to lock or unlock the doors, tune in to conversations inside the car, GPS tracking or even shut down the engine while driving. According to the research the cause for such exploit was poor authentication methods in the API, which caused password or e-mail change feature not to work properly.


Using the vulnerability the cybercriminals were able to change the e-mail address of the car owner, thanks to which they could reset

Lost24

Kaspersky Lab has revealed a hacking campaign utilizing ShadowHammer trojan, which targets users of Asus’ Live Update Utility.


Over 1 million users worldwide have possibly encountered the threat.


The campaign was based on the so-called supply chain attacks, in which cybercriminals used Taiwanese manufacturer’s servers to distribute the trojan.


ASUS Live Update Utility is a pre-installed software for most of the newest ASUS PCs that is used to automatically update the BIOS, UEFI, drivers and applications.


The campaign was mostly overlooked by the vast majority of security measures, as the tools containing the trojan were signed with authentic certi

Lost24

Research carried out by AV-Comparatives has shown that almost over 60 percent of antivirus applications that protect Android devices does not meet basic requirements.


Approximately 250 applications were taken under the microscope and 170 of them did not meet the minimum safety requirements. The tested antiviruses did not offer any sort of protection, but only burdened the processors with additional tasks. These apps showed that individual programs installed on the device are harmful, while in fact they did not contain any malicious code.


According to the ComputerWorld, the above situation results from the fact that most of the tested antiviruses do not scan the code and only work based on obsolete lists.&l