It could have been expected that cybercriminals would use the tex settlement period to attack internet users. CERT Poland warns against emails with malware related to the tax settlement.

Hackers impersonate the Ministry of Finance in emails. The attack is aimed at people who use the possibility of settlement by the tax office.

Hackers inform their potential victims about sending the PIT-28 declaration and urge them to download the so-called UPO (official confirmation of receipt). UPO is then sent in a .pdf format, which contains a VBS script that launches the download of BrushaLoader malware. Next, ISFB/UR type malware is installed. Malware steals system information and attempts to steal credentials for el

85,000 files, including 30,000 sensitive records of pharmacy’s client information, leaked from an unsecure Amazon S3 server of the THSuite platform. THSuite is responsible for the supply of pharmacies offering legal access to medicinal marijuana.

THSuite is an international records system for patients using legal cannabis.
In this case, there was no need for a hack to take place, since as a result of the mistake the data was made publicly available.

According to Dziennik Internautów data belongs to US patients, included in the leak were such details as phone numbers, e-mail addresses, dates of birth and customer’s insurance details.
The server was shut down in mid-January.

PCMag and Vice conducted a journalistic investigation that uncovered the fact that the most popular manufacturer of free antivirus - Avast - trade data of its users.

Avast used Jumpshot to sell user click data. Jumpshot offers access to data from 100 million global users and 20 million application users. One could track Google searches, Google maps search history, YouTube videos, search data input for browser, Facebook and Instagram, Linkedin profiles, etc. Avast tries to defend itself with the fact that the data is anonymous, as it cannot be associated with a specific person. However, such accurate information as specific date, location and phrases entered into the search engine can be easily used to identify an individual.

Cybercriminals are sending fake emails about unsettled payments from an Energa Group, the message is dangerous due to the fact that it contains a dangerous attachment.

According to Dziennik Internautów, messages are sent from the address admin@zamira-company.com and sekretariat@torino-polska.com. Opening the attachment may cause damage to your device.

The subject of the message is related to the unsettled payment for the year 2019 - “Statement of unpaid Energa 2019 documents”. There are two types of messages, in the content of the first of them we learn that we have unsettled invoices, a list of which is included in the attachment, and we get instructions on how to open the file. The message body contains only the signat

WeLeakInfo.com, which was blocked by British and US agencies, offered data obtained from leaked password as a part of a paid service.

The service traded leaked information in a form of subscription service. The data collected by WeLeakInfo included over 12 billion records from over 10,000 leaks. As part of a daily, weekly, monthly or three-month subscription, you could access such data as names, email addresses, usernames, telephone numbers or passwords.

According to Niebezpiecznik, WeLeakInfo operators could have profited over GBP 200,000. Jailed owners of the website explain that their goal was to help people better secure their data. Anyone could determine if their password was leaked.

Kaspersky Lab experts warn of a new type of fraud, in which cybercriminals tell their victims that they should be compensated for data leak.

The potential victims are redirected to the Personal Data Protection Fund website, where they can check if their data has been leaked. For this purpose, the victim must provide their details such as name, surname, telephone number or social media account details. Then, a message appears that the above data has been leaked to the network, however, the victim can expect compensation of up to several thousand dollars. To obtain the compensation, the victim must provide a credit card number, as well as social security number (SSN). However, people outside of the USA may purchase a temporary insurance number.

If you are planning to spend your holidays in the Polish mountains, beware of false accommodation offers. Police warns that this practice is very common and only during the recent New Year’s Eve in Zakopane they have received several reports of frauds based on so called virtual accommodation.
Nevertheless, despite the fact that tourists are more cautious than in previous years, this type of fraud is reported almost on a daily basis.

Scammers place fraudulent ads on fake websites or auction sites with attractive pricing offers for accommodation in Zakopane and the surrounding area. Tourists should verify before paying for the offer, and the arrival, whether the guest house or cottage actually exists, and not just be guided by the bargain price

Postaj Ninja is popular among people who want to check the status of shipments ordered from AliExpress. However, the site could easily retrieve data on up to 800,000 shipments, which also included the name and the surname of the customer and the address to which the package is to be delivered. Tracking numbers were not randomly generated and were easy to predict.

One of the readers of the Trusted Third Party noticed a vulnerability in Postal Ninja, thanks to report from TTP it was quickly resolved. Speaking of speed, after reporting the gap, the TTP portal only had to wait three hours for Postal Ninja’s response. In their response, TTP ensured that the gap was patched within 24 hours. After removing the vulnerability, the status of the shipm

Cybercriminals are not idling by and in a span of few days have attacked Polish municipal offices in Lututów, Kościerzyna, as well as the Budzik clinic, which has also become a victim.

In the Lututów commune, data encompassing liabilities for municipal waste, water and rent were encrypted. The commune issued a statement in which it informed that in the case of payment of liabilities to the commune, it would not be possible to obtain the information on the amount of arrears. The cybercriminal demands a ransom of $6,000 for decrypting the data. The head of the commune has notified the police about the incident.

In the case of the Kościerzyna commune, the head of the commune has turned to CSIRT NASK and an external company f

Virtual New Year cards have become a phishing tools in the hands of fraudsters in order to obtain Facebook passwords.
Caution should be exercised due to the fact that we can also receive such “wishes” from our friends.

Dedicated sites can be found on the network for creating virtual cards. Entering the name in a specified field triggers the script that gains access to the victim’s Facebook account. If a takeover is successful the account begins to send out links to friends from the victim’s contact list.

If you use the same password as the one for Facebook on other websites, such as online banking or email, the situation becomes especially dangerous.

Source: Cyber Securi

Sensitive data of customers of Virgin Mobile’s cellular operator has been leaked from the database of one of its applications. Clients affected by the leak are receiving text messages informing them about the theft of personal data.

The leak occurred between 18th and 22nd of December and concerned customers using prepaid accounts. The stolen data includes full names as well as PESEL identification numbers. The operator announced the breach on December 25th.
The data of Virgin Mobile’s customers running monthly subscription plans is secure.

Virgin Mobile released a statement in which it informs that data leak concerned 12.5% of pre-paid customers registered with the company. Procedures preventing the use of subscr

Police department in Beringen, Belgium warns against incoming calls from Poland. The scammer is probably originating from Koszalin, as the prefix +48 94 points toward the town, and wants to force the victim to pay for the phone call.

The scenario is that the scammer calls once, the victim is shown an unanswered call and the scammer hopes that they will call back. According to the portal Next, the Belgian police warns not to return call and immediately block such a number. If the victim calls back, it is recommended to verify their account statement through an app or contact the mobile operator, as this connection can cost a lot.

People from Poland face similar problems, we have already warned you not to ca

Cybercriminals are again trying to extort money via a fake payment operator’s website. In this case, they used Google’s brand.
Experts from CERT Orange Poland have noticed increased traffic on the domain posing for a Google service. Cybercriminals are attempting to extort money under the guise of paying arrears on Google Play or Google Maps. The amount that is supposed to be paid is small and oscillates around PLN 1-2, the victim receives an SMS or an email about arrears.

The person that wants to settle the payment is redirected to a website posing for the payment operator’s site. Scammers hope that the victim will not double check the website address, enter the login and password for electronic banking and confirm the “transf

Expert from the portal Niebezpiecznik have received messages from their readers in which owners of phones running Android and iOS were concerned that their smartphone “sent out SMS’ to a strange Polish number”.
In this situation, you would expect they are premium SMS’ or a virus.

Niebezpiecznik reassures that the phone had not been hacked in this case.

If the phone sends an SMS to one of the following numbers:
732232988, 732232988, 732232986, 732232984, 732100230 with the text:
- Google is verifying phone # of this device Learn more: https://goo.gl/LHCS9W

It means that it is standard verification of the phone number listed under user�

Polish branch of the BNP Paribas bank warns of a site impersonating their own website. The fraudsters have created a logotype that resembles bank’s official ones, and the name of the website suggests that it is associated with the BNP Paribas Bank.

In the statement bank explains that it has no association with paribagroup.com platform. The fraudsters have used bank’s image to extort money. On the site one could find offers related to currency exchange, high-risk investments, as well as an option to setup a dedicated account, where victims were to transfer their savings. Cybercriminals promised high profits, asked for scan of ID’s and installed an application that allowed them to take control of the device.

In the statem