Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Highly-regarded threat researcher Don Jackson joins to serve as Director of Threat Intelligence and security analytics innovator Christopher O'Rourke joins as our Senior Product Manager.
- Full Disclosure List shuts down (Full Disclosure)
The longstanding mailing list for publishing vulnerabilities has closed it's doors. Full Disclosure has seen it's fair share of controversy over the years, and the announcement from admin John Cartwright credits a recent dispute with an "individual researcher" as the tipping point for the decision.
Want to know how professional phishing operations carry out attacks? Check out the Inside the Phishing Ecosystem blog series. The second posts focuses on launch steps after a phishing site has been staged. In the post, we walk through how phishers set up emailer programs, get their hands on email address lists, and craft convincing phishing emails.
- EA Games website hacked to steal Apple IDs (Netcraft)
One of EA Games' servers was hacked via a known vulnerability in the 2008 version of a PHP-based calendar application. From there, phishers installed a phishing site targeting Apple IDs. Web software and plugins are top targets for fraudsters looking to host malicious content. Especially those used on popular domains because they are less likely to be blacklisted in safe browsing filters...
- 3 Indicted in Cybercrime Scheme (BankInfoSecurity.com)
The U.S. Department of Justice has indicted 3 alleged cybercriminals for attempting to steal $15M by compromising customer bank accounts, transferring funds to accounts they controlled, and feeding the funds into cash out operations that used stolen identities. Good to see continued progress towards prosecuting cybercriminals - just wish there was more!