During the update cycle of one of InPost’s applications – Package Manager, there occurred an error due to which third parties could access shipping data of other users. According to Radio Krakow, after logging in to certain accounts users could access sensitive client data of over 7.4 million users. Therefore, third parties had unauthorized access to phone numbers, e-mail addresses and shipping addresses. What’s more, they could also monitor orders registered in the system.

In connection with the situation, InPost has issued following statement: “On 18-19.03.2019 during the update of the Package Manager application (https://manager.paczkomaty.pl) an incident related to the display of shipping information for packages that were not link

Cybercriminals have recently managed to fool one of Santander’s bank clients into falling for a popular phishing attack. The woman received a text message from an alleged telecommunications company asking her to settle the arrears in the invoice. The victim, wanting to settle the arrears of PLN 3 for the “invoice” from the telecommunications operator lost PLN 9,000 from her bank account.

The loss of money occurred by logging in to the fraudulent PayU website, the victim thus gave the cybercriminals her login credentials.

The woman wishing to recover her lost funds filed a complaint with her bank. However, according to the Bankier website the complaint was denied by the bank. The rationale in the stat

Beware of people calling you claiming to be EU subsidies advisors for companies. One of the readers of Zaufana Trzecia Strona website was scammed for a sum of approximately PLN 200. The “advisor” has offered his victim help with filling out the application for co-financing from regional operational programs. In the phone conversation the portal’s reader asked the “advisor” to send additional information via e-mail.

However, instead of an e-mail he received a cash on delivery shipment. Victim’s relatives in good faith have paid for the package which contained a book and a CD with information that can be downloaded for free from the website of the local Marshal Office. In addition, the attached materials were already out of date.<

If you are an owner of the DR-921 D-Link router be warned – your account can be credited with a fairly large bill, just like one of the Niebezpiecznik’s readers.
In his case the cybercriminals have increased the limits for premium rate services.
Cybercriminals have exploited the vulnerability in the router to change the limits set for premium services by Orange operator, in the first stage to PLN 300 and in the second to PLN 4,000.
According to Niebezpiecznik billing has shown 35 premium rate SMS being sent out. The victim received an SMS from the Orange network operator informing about exceeding a total of PLN 1,000 in charge and the SIM card being locked out of the network.
The consumer should be protected by the default limits enforced by

The World Wide Web Consortium has presented a new standard for authentication on websites. According to the Chip portal soon on some of the pages we will be able to log in to our user profiles the same way we do on our smartphones - with biometric data replacing regular passwords.

The system will allow to unlock encrypted services through use of hardware keys connected to the USB port. This proposed solution is much more secure than the regular internet passwords used by many users, such as (in)famous 1234.

New standards were already introduced by Microsoft and Dropbox, among others. It is possible, that soon biometrics will completely replace traditional passwords.

Many enterprise owners are receiving e-mail messages informing them about the commencement of fiscal audit.

The content of the message might seem scary, and can be read on the Zaufana Trzecia Strona website, which warns against similar types of scams. In the message the owner is informed about the set date of tax inspection and the obligation to prepare a set of documents. Owner’s absence on the day of audit will be treated as an offence.

The message contains plenty of grammar errors, which can be easily spotted by observant person.

Cybercriminals want to get the victim to open the attachment, which results in infection of the computer with malware, most probably Dan

Cybercriminals are impersonating the Ministry of Finance and send the victims an e-mail request for review.

Criminals are using the tax declaration period and in the message they inform their victims that there is an error in the filled in tax declaration. Recipient of the message has 7 days to make an official explanation by e-mail.

Copy of the attached message:
Na podstwawie art.274a par.2 ustawy z dnia 29.08.1997r. Ordynacja podatkowa (Dz.U.z 2012r.poz 749 za zam.)w mysl którego w razie watpliwosci co do poprawnosci zlozonej deklaracji organ podatkowy moze wezwac do udzielenia , w wyznaczonym terminie niezebdnych wyjasnien lub uzupelnienia deklaracji.
Po analizie dokumentów wystawion

Security experts from ESET are warning against a dangerous application called Word Translator. This application contains a Trojan horse that steals login credentials from banking apps.

So far Word Translator was downloaded over 10,000 times, it performed checks whether there is a mobile banking application installed on the victim’s phone and then download an add-on that worked in the background on the user’s phone. When the victim tried to log in to the banking application an invisible overlay was displayed which registered the login and password information. In addition to that, Trojan also intercepted SMS messages with one-off verification codes for online transactions.

Experts from ESET defined the

A tasty treat in form of data of 617 million users of 16 different websites and applications has recently appeared on the Tor network. Data was listed for sale with a price of 20,000 bitcoins, or over USD 70 million!

According to The Register, the stolen data comes from sites such as MyFitnessPal, Dubsmash, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CofeeMeets, Artsy and DataCamp.

Data leak from the Dubsmash app is “valuable” due to the fact that it is popular among such celebrities as Kim Kardashian and Selena Gomez.

Remember that your data may also leak, in such situations it is best to use password

Security experts from Google warn against attacks on Android smartphones. At risk are phones running software versions Nougat 7.0, Oreo 8.0 and Pie 9.0. The attack can be performed remotely by using a PNG image.

This happens when user views specially crafted graphics in form of a PNG image while surfing the web. Such image can be utilized by cybercriminals to take control of the phone, and at a later stage to successfully execute malicious code and launch attacks on other devices.

Experts from Google advise users to update their OS with the latest security updates.

CERT Orange Poland warns against suspiciously cheap items being offered on the Facebook Marketplace. The victim tempted by a “one in a lifetime special offer” arranges the payment details and delivery method through Facebook messenger.

Following this, criminal asks the victim to transfer PLN 40 (ca. 9 euro) as a payment for shipping. Due to the “fact” that there’s a “bank collector” watching his bank account criminal then asks the user to use PayU instead and provides the victim with a link to it.

According to CERT the provided link was an utter and complete failure of a scam attempt – “hxxps://payu.transakcja-029235464.pl/” but even with this the victim did not pay attention to it. Vic

Did you recently get a text message informing about a small fee for an expired listing or a surcharge for a package? Watch out, you might lose a large amount of money.

Police warns against dangerous scheme in which fraudsters send text messages concerning small charges with a link to a fake payment page. Thanks to this criminals can intercept login and password which are used to clear out your banking account.

Police stresses that such messages should be cautiously verified and if you decide to click on the link to the bank’s website, pay attention to the actual website address – make sure that it’s the matching the actual address and that it uses properly verified https certificates.

36.7 thousand – that’s the number of XLM.pl’s bookstore users whose data was recently offered for sale.

Bookshop customers have received e-mails with the subject “Hacked” in which a sale offer for store database was made. About one hundred of distressed users informed Niebezpiecznik cybersecurity website about this fact.

From the provided e-mail we can find out that leak contains information regarding almost 37 thousand users, about 88 thousand store orders and payments for the amount exceeding PLN 11 million. Interestingly, the criminals inform that they will sell the data to the first person willing to transfer 1 bitcoin to the provided wallet address.

Acco

CERT Orange Poland is warning PayPal users against a series of phishing emails. Such email informs users about recently received payment and in order to view the confirmation of the transaction all one has to do is to click on the provided link.

According to CERT the link in fact does not lead to the PayPal website where we are supposed to be presented with our account’s transaction history but instead is a download link to a .doc file. If we do click on it, an Emotet trojan infection is guaranteed

In the Google Play Store you can more often come across malicious applications acting as droppers, that is, inconspicuous-looking applications that aim to obtain the necessary permissions to download a trojan horse.

Niebezpiecznik portal provided two recent examples of such applications as BatterySaverMobi, which had over 5,000 downloads, as well as Currency Converter. Both applications have utilized motion sensors to prevent malicious code from running when the device was stationary.

As soon as the device was put in motion the application displayed an “update” notification. According to Niebezpiecznik, at this point both applications have downloaded the trojan horse by connecting to C&C server