Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
DDoS on the rise: the AK-47 of cybercrime (PhishLabs)
As 2014 came to a close, it was a record year for distributed-denial-of-service (DDoS) attacks, with increases in volume and sophistication level.
Spear-Phishing Campaign Uses Compromised Spear-Fishing Site (infosecurity)
Security researchers have discovered a spear-phishing campaign which uses a compromised Russian spear-fishing site to host an information-stealing Outlook page.
EMV: U.S. Won't Make October Deadline (BankInfoSecurity)
U.S. card issuers and merchants likely won't complete a shift to EMV for many years to come, despite the card brands' October 2015 liability shift date for counterfeit card fraud, many forecasters say.
How NSA Hacked North Korean Hackers (infoRisktoday)
The U.S. government's attribution of the Sony Pictures Entertainment hack attack to North Korea stems, in part, from the U.S. National Security Agency having infected a significant number of North Korean PCs with malware, which the intelligence agency has been using to monitor the country's hacking force.
Fewer than a third of retailers stay compliant between audits (CSOonline)
Only 28.6 percent of retailers remain compliant during the time between compliance assessments, according to a preview of the Verizon's 2015 PCI Report.
Malware found on POS systems at four Wingstop locations (SC Magazine)
Texas-based restaurant chain Wingstop is notifying an undisclosed number of customers that malware was found on point-of-sale (POS) systems at four locations, and it could have enabled attackers to capture customer payment card information.
Remote code execution vulns hit Atlassian kit (TheRegister)
Software development software house Atlassian has patched critical vulnerabilities found in all versions of its Confluence, Bamboo, FishEye, and Crucible products.
Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication (TheHackerNews)
A critical cross-site scripting (XSS) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain.
Alleged assistant to Silk Road 2.0 operator arrested (SC Magazine)
An alleged “key player” on the dark web marketplace Silk Road 2.0 was arrested on Tuesday in Washington.