News

Zaufana Trzecia Strona – a Polish security news portal – informed about a new attack on Polish user’s (link is in Polish) that used a Microsoft Office plugin install wizard as a decoy. In reality, the user not only installed the plugin, but also a malware called Smoke Loader. It allows …

CERT Polska along with 19 other partners from 11 countries have joined forces for CyberROAD – a 7FP project aimed to identify current and future issues in the fight against cyber-crime and cyber-terrorism in order to draw a strategic roadmap for cyber security research. A detailed snapshot of the technological, social …

In March 2015, S21sec published their analysis of the new e-banking trojan horse targetting Polish users. They named it “Slave”, because such a string was part of a path to one of the shared libraries. We think (in part thanks to the kernelmode.info thread) that Slave was made by …

Today, we published the annual CERT Polska report in its English version. This report presents the most important trends and observations that we think shaped Polish cybersecurity in 2014. This includes new, upcoming threats, their evolution and our responses to them. In 2014 CERT Polska continued its effort to better …

On the 7th of May, 2015 we observed a new malicious e-mail campaign, which used the logo and the name of Polish Post Office (”Poczta Polska”). The e-mail supposedly informed about an undelivered package – however, they also included a link which, after several redirects, lead to the download of a …

Call for Speakers for SECURE 2015 is now open. If you have an interesting topic and would like to share your ideas with a crowd of Polish and international IT security specialists, and/or are looking for a good reason to visit Warsaw, Poland, please consider submitting your proposal. You …

In the previous entry we showed examples of domains, which could be easily missclassified as DGA botnet domains. Most of them are machine generated and used in a non-malicious manner. In this entry, conversely, we will present examples of pseudo random domains, which could be used in attacks or be …

Polish team won third place in NATO Cyber Defence Exercise Locked Shields 2015. The Polish team included members from CERT Polska team. The winners this year was NATO CIRC team, and Estonian team took second place. The theme of the exercise is defending a simulated network of a fictious country …

Domain Generation Algorithms are often used in botnets to create specially crafted domain names which point to C&C servers. The main purpose of this is to make it more difficult to block connections to these servers (for example with domain blacklists) or to protect the C&C channel (and …

While researching incidents that are reported to us, we encountered a new campaign of attacks against Internet banking, this time utilizing hacked home routers. This is a variant of a method we have first observed more than a year ago. The criminals take over control of a home router and …