You're drinking your morning espresso. Check emails that arrived during the night, discard spam. Then one weirdly catches your eye.
The spam URL is obviously hosted on the domain of the public transport company of a polish city. 🤔 ("mpk.$cityname.pl" is a dead giveaway) #Poland 🇵🇱
So if you run a CMS from 2009 #TWOTHOUSANDNINE that wasn't ever updated and even if would have been EoL for 5+ years… 🤦 #infosec #ThatswhyIdrink
Mailed the listed contacts on the webpage. Next is hosting company.
@tbr I would suggest reaching out to the company (that's just the standard operating procedure, not that they'll give a fsck...), and then to a CERT: https://www.cert.pl/
@rysiek
Yeah, no reply from the company. Will still try to contact the hosting company.
Thanks for pointing to the CERT. Was wondering how it would be named, given a lot of abbreviations are hilariously weird in Polish. So this is quaint. 😉
@tbr infosec people like standardization. ;)
@rysiek OK, the spam URL started to return a 404. I do hope they do something about their CMS though. Else they'll have a fresh infestation within minutes…
@tbr yup. If you haven't still, do contact CERT anyway about this.
Also, pretty sure they have to be processing *some* personal information on that site. If so, if they don't patch their CMS, GDPR can come crashing down their heads like a wall of bricks.
This is a breach, after all.
@rysiek Yeah, will do. 👍
I did check and there were luckily no obvious signs of larger scale data processing. Obv. I have no idea what else that machine runs. 😑
Also I CC'd their IDO on the initial mail in the hope they'd understand the gravity. 😃
@tbr what you did is good and you should feel good.
@rysiek Poszło! 😎
Dla mnie to samo przez się zrozumiałe żeby takie coś popchnąć. Tylko szkoda że dużo nas nie jest, bo od 2009 sobie serwerek siedzi z przestarzałym oprogramowaniem. Kto wie co się tam wszystko zadomowiło. 😕
@tbr Bez dwóch zdań.
Any of my #polish #infosec followers have any specific hints about current best practices in following this up?
I haven't dealt with such stuff in Poland for years and a lot has changed since I moved away.
cc @rysiek
PS: Despite the appearance (Name, etc.) I'm actually Polish and sent the email to the MPK contacts in Polish. Can obviously follow up rest of process in Polish too.