Lost24

Some time ago, the sekurak.pl portal shared information about a very harmful but simple vulnerability on Linkedin.


Namely, it was possible to download each user's CV without logging in, without authorization or any unnecessary steps. It was enough to enter a specific address, e.g. "linkedin.com/api/v4/download_resume?id=827387" and successively enter random numbers to display more CVs of users.


The vulnerability was patched and a bounty of $5,000 was paid for finding it.


Source: 

Read more

0 - Comment

Lost24

Sad news for LastPass password manager users. As the creators informed, this time the passwords were leaked. Hackers have access to encrypted passwords. It is not known how many passwords have been leaked.


Relevant services and companies were engaged to patch the gap in the system and investigate the case.


Unfortunately, however, due to such an event, the application will no longer be perceived as the most secure. The password manager from which the passwords were stolen does not sound secure and is hard to trust.


Source: 

Read more

0 - Comment

Lost24

At one of the hacker forum occured ad/post with offer of sale of the Whatsapp user database. There are as many as 487 million entries in the data base. Most people are from Egypt (as many as 45 million)


In addition, there are also 2.6 million numbers from Poland. As indicated by the person listing the data for sale, the data is up-to-date, because it is from 2022.


Prices for specific countries below:


US - $7,000

Great Britain - $2,500

Germany - $2,500


Source: 

Read more

0 - Comment

Lost24

In August this year, there was information about a possible leak of Twitter users' data. We weren't sure about that back then. Today we know that it was true.


The hacking forum Breached, there was a post from the owner of this forum about having the data of about 5 million+ accounts. In addition, it has data on up to 1.4 million user accounts whose accounts have already been suspended. However, he only gave this data to a small group of people.


Were user passwords leaked? According

Lost24

Alphabet, the owner of Google, is ordered to pay $400 million. He lost a case brought against him by 40 American states. The owner of Google was supposed to illegally track the traffic of users who did not consent to it on the network.


What is Google User Tracking? The better they are personalized, the more people click on ads, and thus - thanks to this, Google has more money.


Google is already working on updating its terms of use.



Źródło: 

Lost24

As reported by the portal sekurak.pl, the Google search engine noticed a page pretending to be the popular design program GIMP - the free equivalent of Adobe Photoshop. After typing "gimp" in Google we could see ad in the search engine at the top. Everything looks as if it was a real advertisement of the program. The problem arose when we clicked on the link. After clicking on the link, it then took us to a page that looks identical to the official gimp site, but the site address was slightly changed to make it legit.


Read more

0 - Comment

Lost24

The Instalki portal informed that the EU intends to tighten the rules on the security of digital products due to numerous violations of the Internet infrastructure in the context of security by hackers supporting the Kremlin.


As it turns out, this will involve "providing security updates for products for their entire lifetime or for five years after their introduction to the market". Which seems to be a beneficial solution for users and a nuisance for corporations.


A total of 38 products will have to receive a cybersecurity rating, including smart products, password managers, firewalls, etc.


Read more

0 - Comment

Lost24

Polish University SGH reported some time ago that about 1,500 students were leaked due to a "programming error". These were people who went on student exchanges and applied for them. Student data was indexed and available on Bing for over a month. According to the university, after sending the appropriate message to Bing, the data was removed from the search results.



Data that could be displayed are:


  • login
  • number of album
  • first name and middle name
  • last name
  • PESEL
  • gender
  • mother's name
  • father's

Wednesday 28 September 2022, Safety Guide

Data of 50,000 users were stolen from Revolut

Lost24

The following were stolen in the attack:


  • names and surnames
  • e-mail addresses
  • residential addresses
  • information about transactions.


It is worth adding that passwords and card data have not been obtained. Unfortunately, it is not known how many Polish accounts were affected by this attack



Source: 

Lost24

Soon it will be possible that a new government application will be pre-installed on new smartphones. It is supposed to be obligatory. Many people have two government applications installed on their phones. These are the Regional Warning System and Alarm112. Both are freely installable, there is no obligation to have them. These are not as popular applications as they could be, so maybe hence the idea to pre-install government applications on all Poles' smartphones?


Will it come to this? At the moment, only a law has been prepared that would impose the obligation to install the government application on all new phones. What is worth adding, the act provides for the possibility of voluntarily uninstalling this application.

Tuesday 6 September 2022, Safety Guide

Samsung hacked (again)

Lost24

In March this year, Lapsu $ Group stole 190GB of data from Samsung. This time, Samsung was attacked again.


This took place in July. Among other things, the private data of some users were stolen, such as surnames, first names, contacts and demographic data. There were no card numbers or passwords in the leak, though. However, it is worth changing your password if you haven't done it since March.


Source: instalki.pl


Lost24

Is cryptocurrency investment a good option when you don't know the market?


A 72-year-old from Gdańsk tested it on his own skin and (unfortunately) it was not a good idea. After the investment, the man was to receive a very large profit. The credibility of this scam was strengthened by the images of famous people, good opinions and a "professional" looking website for investing (everything was false, of course). The man, encouraged by such positive opinions and encouraged by the criminals, transferred his savings and then additionally took out a loan. Only after doing the latter did he realize there was something wrong and reported it to the police.




Lost24

Due to a fairly serious case of contamination of the Odra River, many of us received SMSs today. The Government Center for Security has notified about the ecological threat

Despite the fact that we receive the message from the addressee "Alert RCB", the content of the SMS is slightly disturbing. A strange looking string of numbers that doesn't look random. After a while, however, we got the correct SMS.


What could it be?

  

It is possible that it was simply a failed test, or a bug in the software that is sending these alerts.

Therefore, you should not be afraid of such text messages, but it is still worth approaching them with a distanc

Lost24

As reported by the portal Bezprawnik.pl, the theft procedure could last several years. Sensitive data, i.e. PESEL number, name, surname were to be stolen. On the government website gov.pl, a message about a security audit was carried out, which showed that during this time, many times an unauthorized person could have access to data from the Land and Mortgage Register.




Recently, there has been a proposal to create a system that would allow for the reservation of the PESEL number. We described it in our other post. Reserve

Lost24

According to the Gazeta Prawna website, is to arise central base that will give you abilitiy to block your PESEL number for free. This will make it impossible to take out a PESEL loan or payday loan.

 

Such a solution:

- It will increase data security
- Ability to control the situation in the event of data leakage


At the moment, the method of operation of such a website is unknown. At one point, when signing the moment, it will be possible to unblock the PESEL number, then, after concluding a contract with a bank or telecommunication operator, block it.


This could be a breakthrough solution.


Source: <