The city of Gdańsk, in order to encourage its residents to fill in their income tax, has organized a lottery. Over 18,000 people participated in the lottery, with one of the prizes being a hybrid car.

In order to participate in the lottery, you had to fill in a form where you were asked to fill in the details such as your name, social security number, phone number along with your e-mail address and the place where you have submitted the tax return.

However, one of participants of the competition has discovered a glaring error, the contest website pitwgdansku.pl enabled third parties the access to the data of the participants. The error was reported to the company responsible for the website – PlayPrint

British National Cyber Security Centre has performed an analysis of passwords most commonly set up by internet users.

The research was based on the analysis of millions of passwords hacked worldwide. Usually most commonly used were simple combinations of numbers, with top being 1234, 123456789, qwerty, password, 111111, abc123 and names of pop music bands and sport teams.

ESET security experts warn against the use of weak password and advise to use Have I been Pwned – HIBP. This site allows you to verify if the password has ever been broken. If this happens, it is the best to set a new one and use a password manager.

Facebook has over 2 billion users, which means that it’s not that difficult to find out it’s used by organized crime. Talos report has revealed the existence of 74 criminal groups, consisting of over 385,000 users of the social network.

In order to find a group, Facebook users had to only type in the search engine relevant keywords, such as spam, carding or selling cvv. What’s more, Facebook has suggested associated groups to such person.

What did these groups offer?
-    Hacked credit cards
-    Financial information
-    Credentials
-    Mail spamm

Users of Xiaomi phones were recently exposed to hacker attacks. This situation was caused by the preinstalled application called Xiaomi Guard Provider, which was suppose to ensure the security of the device.

However, the application did not protect the outgoing and incoming http protocol traffic from the application. According to Check Point, the attack could be initiated when the hacker connected to the same Wi-Fi network as the potential victim, so he could carry our what is called a man-in-the-middle type of attack. In addition, due to the vulnerabilities in communication between multiple SDKs hacker could enter any code, which enabled theft of password, or the installation of malicious software.

Check

It looks like there’s another wave of incoming calls from unknown numbers from abroad, in this case from the Ascension Islands. If anyone tries to call them back, they will end up with a huge bill.

According to PROGET, one of its employees has noticed a call attempt from these islands. The calls are made in such a way that the recipient has no chance to answer the call because caller hangs up after a second. PROGET warns that if the potential victim does not verify the number and calls back it might cost from a couple up to a several hundred USD. In the case of PROGET, the situation is especially dangerous because employees of the company may try to call back to the unknown numbers from their company phones, thinking that a potential client

Pen Test Partners have recently conducted research on the security of smart alarm systems. The research shows that over 3 million cars had security flaws that were linked to two companies, Pandora and Viper.

The vulnerabilities were quite serious, mainly due to the fact that they allowed to lock or unlock the doors, tune in to conversations inside the car, GPS tracking or even shut down the engine while driving. According to the research the cause for such exploit was poor authentication methods in the API, which caused password or e-mail change feature not to work properly.

Using the vulnerability the cybercriminals were able to change the e-mail address of the car owner, thanks to which they could reset

Kaspersky Lab has revealed a hacking campaign utilizing ShadowHammer trojan, which targets users of Asus’ Live Update Utility.

Over 1 million users worldwide have possibly encountered the threat.

The campaign was based on the so-called supply chain attacks, in which cybercriminals used Taiwanese manufacturer’s servers to distribute the trojan.

ASUS Live Update Utility is a pre-installed software for most of the newest ASUS PCs that is used to automatically update the BIOS, UEFI, drivers and applications.

The campaign was mostly overlooked by the vast majority of security measures, as the tools containing the trojan were signed with authentic certi

Research carried out by AV-Comparatives has shown that almost over 60 percent of antivirus applications that protect Android devices does not meet basic requirements.

Approximately 250 applications were taken under the microscope and 170 of them did not meet the minimum safety requirements. The tested antiviruses did not offer any sort of protection, but only burdened the processors with additional tasks. These apps showed that individual programs installed on the device are harmful, while in fact they did not contain any malicious code.

According to the ComputerWorld, the above situation results from the fact that most of the tested antiviruses do not scan the code and only work based on obsolete lists.&l

During the update cycle of one of InPost’s applications – Package Manager, there occurred an error due to which third parties could access shipping data of other users. According to Radio Krakow, after logging in to certain accounts users could access sensitive client data of over 7.4 million users. Therefore, third parties had unauthorized access to phone numbers, e-mail addresses and shipping addresses. What’s more, they could also monitor orders registered in the system.

In connection with the situation, InPost has issued following statement: “On 18-19.03.2019 during the update of the Package Manager application (https://manager.paczkomaty.pl) an incident related to the display of shipping information for packages that were not link

Cybercriminals have recently managed to fool one of Santander’s bank clients into falling for a popular phishing attack. The woman received a text message from an alleged telecommunications company asking her to settle the arrears in the invoice. The victim, wanting to settle the arrears of PLN 3 for the “invoice” from the telecommunications operator lost PLN 9,000 from her bank account.

The loss of money occurred by logging in to the fraudulent PayU website, the victim thus gave the cybercriminals her login credentials.

The woman wishing to recover her lost funds filed a complaint with her bank. However, according to the Bankier website the complaint was denied by the bank. The rationale in the stat

Beware of people calling you claiming to be EU subsidies advisors for companies. One of the readers of Zaufana Trzecia Strona website was scammed for a sum of approximately PLN 200. The “advisor” has offered his victim help with filling out the application for co-financing from regional operational programs. In the phone conversation the portal’s reader asked the “advisor” to send additional information via e-mail.

However, instead of an e-mail he received a cash on delivery shipment. Victim’s relatives in good faith have paid for the package which contained a book and a CD with information that can be downloaded for free from the website of the local Marshal Office. In addition, the attached materials were already out of date.<

If you are an owner of the DR-921 D-Link router be warned – your account can be credited with a fairly large bill, just like one of the Niebezpiecznik’s readers.
In his case the cybercriminals have increased the limits for premium rate services.
Cybercriminals have exploited the vulnerability in the router to change the limits set for premium services by Orange operator, in the first stage to PLN 300 and in the second to PLN 4,000.
According to Niebezpiecznik billing has shown 35 premium rate SMS being sent out. The victim received an SMS from the Orange network operator informing about exceeding a total of PLN 1,000 in charge and the SIM card being locked out of the network.
The consumer should be protected by the default limits enforced by

The World Wide Web Consortium has presented a new standard for authentication on websites. According to the Chip portal soon on some of the pages we will be able to log in to our user profiles the same way we do on our smartphones - with biometric data replacing regular passwords.

The system will allow to unlock encrypted services through use of hardware keys connected to the USB port. This proposed solution is much more secure than the regular internet passwords used by many users, such as (in)famous 1234.

New standards were already introduced by Microsoft and Dropbox, among others. It is possible, that soon biometrics will completely replace traditional passwords.

Many enterprise owners are receiving e-mail messages informing them about the commencement of fiscal audit.

The content of the message might seem scary, and can be read on the Zaufana Trzecia Strona website, which warns against similar types of scams. In the message the owner is informed about the set date of tax inspection and the obligation to prepare a set of documents. Owner’s absence on the day of audit will be treated as an offence.

The message contains plenty of grammar errors, which can be easily spotted by observant person.

Cybercriminals want to get the victim to open the attachment, which results in infection of the computer with malware, most probably Dan

Cybercriminals are impersonating the Ministry of Finance and send the victims an e-mail request for review.

Criminals are using the tax declaration period and in the message they inform their victims that there is an error in the filled in tax declaration. Recipient of the message has 7 days to make an official explanation by e-mail.

Copy of the attached message:
Na podstwawie art.274a par.2 ustawy z dnia 29.08.1997r. Ordynacja podatkowa (Dz.U.z 2012r.poz 749 za zam.)w mysl którego w razie watpliwosci co do poprawnosci zlozonej deklaracji organ podatkowy moze wezwac do udzielenia , w wyznaczonym terminie niezebdnych wyjasnien lub uzupelnienia deklaracji.
Po analizie dokumentów wystawion