Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
‘Revolution’ Crimeware & EMV Replay Attacks (KrebsonSecurity)
In October 2014, KrebsOnSecurity examined a novel “replay” attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards.
Spear Phishing, Malware and DDoS! Oh My! (IBM)
From an initial infection via the Upatre malware through a spear-phishing email to a distributed denial-of-service (DDoS) attack, the criminals carrying out this latest string of attacks are using numerous sophisticated techniques.
Google: Less Than 1% Of Androids Have Potentially Harmful App Installed (Dark Reading)
Google's Android security report shows that devices that only install apps from the Google Play store have fewer infections.
5 Biggest Hosting Companies Hacked by Syrian Electronic Army (The Hacker News)
Once again, Syrian Electronic Army (SEA) has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands.
Obama signs executive order to sanction foreign hackers (nakedsecurity)
President Obama just used perhaps the most effective tool in his arsenal to strike against the threat of foreign cyberattacks - that's right, his pen.
Hacked uni's admins hand ID theft prevention reward to data burglars (The Register)
An Illinois university's sysadmins have seemingly handed data burglars a year-long subscription to LifeLock, an identity alert and credit monitoring system, following a data breach at the US institution which left thousands vulnerable to identity theft.
Why you should be spending more on security (CSO)
Many CIOs endanger their companies simply by not spending enough on security. That may seem odd to posit, given that a recent Pricewaterhouse Coopers survey found that businesses now spend a higher percentage of their IT budgets on security than ever before.
All American C&E/ Nardin – energycalcs.net – Ed Wolfe – fake PDF malware (My Online Security)
All American C&E/ Nardin pretending to come from office <firstname.lastname@example.org>with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer.
Chinese Internet authority clashes with Google over digital certificates (PC World)
A Chinese Internet administrator blasted Google on Thursday, after the U.S. search giant decided to stop recognizing digital certificates issued by the group following a security lapse.
The Importance of Cyber Threat Intelligence to a Strong Security Posture (Poneman)
A new study by the Poneman Institute examines how companies are using, gathering and analyzing threat intelligence as part of their IT security strategy.