Ch

Hackers attacked the Polish clothing company OCHNIK, gaining access to customer data such as names, surnames, delivery addresses, emails and phone numbers. The hack occurred on September 18, when cybercriminals hacked into the company's technical account using a software vulnerability. OCHNIK responded quickly, implementing preventive measures and securing the system. The company claims that no passwords or transaction history were stolen, and the risk of data misuse is low. Nevertheless, caution is advised against phishing, spam and suspicious messages.

Internet fraudsters are exploiting the floods that hit southwestern Poland to conduct fraud, including creating fake phishing sites and fake charity collections. The fake sites are often styled as authentic news sites, and their goal is to trick users into revealing their personal and financial information, such as credit card numbers or email addresses. Facebook posts are also being published, reporting on children allegedly missing during the floods. This false information often appears in the form of paid advertisements or articles that seem credible, but are in fact an attempt to scam people.

The Central Bureau for Combating Cybercrime has previously warned against such activities, including fake collections and fake RCB alerts that are designed to mislead p

Fortinet, a cybersecurity company, fell victim to a hacker attack. The company officially admitted responsibility for the incident. Hackers gained access to a Microsoft Sharepoint server, stealing approximately 440 GB of data, including online digital file storage credentials. The attack likely affected customers in the Asia-Pacific region. The hackers demanded a ransom, but Fortinet has not yet met their demands and is offering support to the victims.

Source: komputerswiat.pl

The data of 3.2 million WhatsApp users in Belgium has been put up for sale on the Dark Web, posing a serious risk to the privacy and security of users. The leak of this information, including phone numbers and user IDs, could lead to an increase in phishing attacks and the takeover of WhatsApp accounts. It is not yet known whether the leak also affects users from other countries.

Belgian platform Safeonweb, managed by the Cybersecurity Center, warned of the consequences of the incident, emphasizing that detecting the sellers will be difficult due to the cryptocurrency payment. The data could be used not only for fraud and intrusive marketing, but also to impersonate genuine users.

Meta, the owner of WhatsApp, has not yet issued an official sta

A group of hackers called RansomHub carried out an attack on the District Labor Office in Police, gaining access to computers belonging to employees of this institution. The attack was first revealed on August 14 on the blog of the hacker group, which announced its intention to make the stolen data public. RansomHub kept its promise by publishing this information on August 22 at 2:00 p.m., as announced.

The hackers gained access to the office's internal network infrastructure and individual computers, as suggested by the directory structure of the files they published. Analysis of the stolen data showed that cybercriminals did not manage to take over the full database of the office's petitioners, which could result in a mass leak of information, but this is not

The Helldown cybercrime group attacked seven organizations, including two Polish companies: Briju 1920 Limited and Vindix S.A. Stolen data has been published, including:

information about employees,
login details,
PESEL numbers,
residential addresses,
telephone numbers
date of birth.

Helldown claims to have obtained 103GB of data from Briju and 23GB from Vindix. Victims of data leaks should immediately withhold their PESEL numbers.

Source: cyberdefence24.pl
&l

Cybercriminals took advantage of vulnerabilities in the MOVEit software, stealing the data of up to 100 million people. This attack was one of the most serious security problems in 2023 and made it possible to extort a ransom of up to $100 million. In 2024, the number of vulnerabilities in edge services increased by 22%. compared to 2023

Software vulnerabilities published in the KEV catalog by CISA were responsible for 14 percent. security breaches last year, an increase of 180%. Every year. The average time from detecting a vulnerability to patching it is 175 days. Devices at the edge of the network, constantly connected to the Internet, are difficult to monitor and often do not have EDR installed.

In 2023, cybercriminals attacked 12 Norwegia

Agata S.A. issued a statement regarding the recent hacker attack that disrupted the operation of their IT system. Currently, the system works properly and shopping is possible both in stationary stores and online at agatameble.pl. Verification is in progress whether customer data (name, surname, address, telephone number, e-mail) has been leaked. The company urges customers to be cautious of suspicious calls and emails that may be phishing attempts. Customers should verify message senders, avoid opening suspicious attachments and not provide personal information to unknown people.

Source:

The United States arrested 35-year-old Chinese national YunHe Wang for offering free VPN programs that installed malware on millions of Windows computers. Wang allegedly used infected computers to create a huge botnet, offering it to cybercriminals for a fee. VPN programs such as MaskVPN, DewVPN, Shine VPN, and ProxyGate have been in operation since 2011, containing backdoors that allow control over infected computers.

The botnet, with 19 million IP addresses in nearly 200 countries, including 613,841 in the U.S., was likely the largest in history. Wang sold access to the botnet through a "911 S5" proxy service that allowed cybercriminals to anonymously conduct hacking activities, including financial fraud and other crimes.

The Depar

A new threat has been detected, which is a banking trojan that attacks Android users. Discovered by Cyble, the Antidot Trojan pretends to be an application and is distributed through unofficial sources as an "exclusive update" or "special version" of the application. It may also appear in suspicious emails and text messages.

Once installed, the Trojan displays a fake Google Play update page through which the user clicks "Continue" to give the Trojan full access to the device. The malware can then steal your bank login details and private messages.

Antidot uses advanced techniques such as overlay attacks, creating fake websites that look like real banking applications to capture entered passwords and account number

In 2013, a wallet was created secured with a long password generated by the RoboForm password manager. The owner couldn't guess the password he created because he only saw it for a fraction of a second. He only knew what the password consisted of, but he wasn't even sure about it. The wallet was secured with a password generated by the RoboForm program.


However, the old version of RoboForm had a bug that caused passwords to be based on the current time they were generated, making them less random. The owner of the Bitcoins, not remembering exactly when he generated the password, turned to the hacker to crack it. Using a brute force attack, the hacker checked all possible passwords over a specified period of time and discovered that the password was mAI

At the beginning of the year, Google introduced "Search Generative Experience" (SGE), aimed at simplifying information searches by generating short summaries of results through artificial intelligence. This was intended to replace the need to browse through multiple pages of information, but recently users have noticed that SGE often provides false and harmful advice. Examples include advising people to eat rocks during pregnancy, smoking cigarettes and staring at the sun, and using glue to stick cheese to pizza.


One of the strangest situations was when the AI ​​suggested jumping off the Golden Gate Bridge after entering "i'm feeling depressed" in the search field

Kris Kashtanova described an SGE test in which

Months after the New Hampshire presidential primaries, the Federal Communications Commission (FCC) issued a ruling regarding fake phone calls with President Joe Biden's AI-generated voice. FCC Chairwoman Jessica Rosenworcel announced the introduction of similar regulations as in Europe. During the New Hampshire primary, in the days before the vote, residents received calls in which AI imitated Biden's voice, encouraging them to stay home instead of voting.

The FCC imposed fines on political consultant Steve Kramer, responsible for these fraudulent calls, and on VoIP operator Lingo Management. Kramer was fined $6 million for violating the Truth in Caller ID Act by spoofing, and Lingo was fined $2 million for failing to verify caller information.

The fifth zero-day vulnerability this year, CVE-2024-4671, has been discovered in Google Chrome. This vulnerability, related to the browser's visual component, causes a "use after free" error, which may lead to random code execution or a crash. Google has already released a patch for Windows, Linux and Mac. However, the company hasn't shared much details about it, it will only do so once most users update their browsers. The update number is 124.0.6367.201 for Linux and Mac and 124.0.6367.202 for Windows.

Users are advised to check whether their browser has been updated by going to the Chrome About tab.

Source:

Read more

0 - Comment