Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Zero-Day Flaw in WordPress Plugin Used to Inject Malware into Sites (SecurityWeek)
Cybercriminals have exploited a zero-day flaw in the popular FancyBox for WordPress plugin to inject malicious iframes into many websites. The vulnerability has been patched.
Health insurer Anthem hit by massive cybersecurity breach (Reuters)
Health insurer Anthem Inc (ANTM.N), which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.
Hacked Hotel Phones Fueled Bank Phishing Scams (KrebsOnSecurity)
A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south.
Malicious advertisements on major sites compromised many computers (CSO)
Attackers who have slipped malicious advertisements onto major websites over the last month have potentially compromised large numbers of computers.
Critroni Ransomware Masquerades as Google Chrome Update (InfoSecMag)
The ransomware threat known as CTB-Locker (aka Critroni) is making fresh rounds, sneakily infiltrating people’s machines via emails purporting to come from Google.
Hackers and Cybercrime: Financial Firms Increasingly Targeted For Fraud (IBTimes)
The email Keith McMurtry received in early June read, “This is a strictly confidential operation,” and it was signed by his boss, Chuck Elsea, CEO of the Scoular Co., a commodities-trading firm based in Omaha, Nebraska. So, McMurtry took the mysterious missive seriously, even though the address was unfamiliar.
Bankers: Retailers Are Wrong About EMV (BankInfoSecurity)
An interview conducted this week about why retailers say shifting to EMV credit cards without the PIN is a fruitless fraud-fighting effort spurred a debate among our readers about what needs to be done to ensure ongoing security of U.S. card payments.
Microsoft blunts hooks of nasty Internet Explorer phishing flaw (TheRegister)
Microsoft is investigating an alleged vulnerability in its flagship Internet Explorer browser.The cross-site scripting hole disclosed Saturday by hacker David Leo includes functional proof of concept code, according to confirmed reports.
Adware Android Apps Found in Google Play With Millions of Downloads (TheHackerNews)
With the rise in mobile market, last year we have seen sharp growth in malicious 'adware' — the most prevalent mobile threat in the world. And now, security researchers have once again found Google Play Store offering malicious apps that are infecting millions of Android users with adware.