Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Kaspersky discovers CAPTCHA-duping Podec malware (SC Magazine)
IT security firm Kaspersky has divulged details about what it believes is the first malware to successfully outwit the CAPTCHA image recognition system.
Fake CS:GO Lounge Phishes Steam Creds, Drops Malware (Malware Bytes)
We recently flagged a misspelled URL of a domain claiming to be the real CS:GO Lounge, a highly popular site where Steam users can trade in or bid on items specifically for Counter-Strike: Global Offensive (CS:GO) and place bets on group stage matches.
Patch Tuesday patches FREAK, Universal XSS (arstechnica)
Today's bumper crop of updates for Windows and other Microsoft products doesn't just fix a new version of the Stuxnet shortcut attack. It also provides fixes to two serious flaws, one in the operating system's handling of secure connections and the other in Internet Explorer.
Survey: Trust in certificates 'near breaking point' (CSO)
Half of all security professionals believe that trust in keys and certificates is in jeopardy, according to a new study of 2,300 information security professionals released today by the Ponemon Institute and Venafi.
11 Arrested in Insider ID Theft Scheme Former Blue Cross Blue Shield of Michigan Employee Charged (BankInfoSecurity)
A former customer service representative at Blue Cross Blue Shield of Michigan is among 11 individuals recently arrested in connection with an alleged identity theft scheme that affected more than 5,500 health plan members and resulted in hundreds of thousands of dollars in credit fraud.
- Apple Pay: Bridging Online and Big Box Fraud (KrebsOnSecurity)
Lost amid the media firestorm these past few weeks about fraudsters turning to Apple Pay is this stark and rather unsettling reality: Apple Pay makes it possible for cyber thieves to buy high-priced merchandise from brick-and-mortar stores using stolen credit and debit card numbers that were heretofore only useful for online fraud.
Panda antivirus labels itself as malware, then borks EVERYTHING (The Register)
Panda users had a bad hair day on Wednesday, after the Spanish security software firm released an update that classified components of its own technology as malign.
Hacking Facebook Account with ‘Reconnect” Tool (The Hacker News)
"Signup or Login with Facebook" ?? You might think twice before doing that next time. A security researcher has discovered a critical flaw that allows hackers take over Facebook accounts on websites that leverage 'Login with Facebook' feature.
Google error leaks owner personal info for nearly 300,000 websites (PC World)
A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private.