Recent Posts

Recent Blog Posts

The PhishLabs Blog

Community Banks Targeted, Hotel WiFi Vulnerability, DDoS Trends and more | TWIC - March 27, 2015

Posted by Lindsey Havens on Mar 27, '15


Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

  • Attackers Target Community Banks: Why Smaller Institutions Face Greater Threats Than Big Banks (Bank Info Secuirty)
    Cyber-attacks aren't just targeting top-tier banks and Fortune 500 businesses, says Scott McGillivray, senior vice president and chief information officer of Pacific Continental Bank, a $1.7 billion institution based in Eugene, Ore.

  • Hilton Honors Flaw Exposed All Accounts (KrebsOnSecurity)
    Hospitality giant Hilton Hotels & Resorts recently started offering Hilton HHonors Awards members 1,000 free awards points to those who agreed to change their passwords for the online service prior to April 1, 2015, when the company said the change would become mandatory.

  • Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware (Cisco Blogs)
    When consumers make purchases from a retailer, the transaction is processed through Point-of-Sale (PoS) systems. When a credit or debit card is used, a PoS system is used to read the information stored on the magnetic stripe on the back of the credit card.

  • Vulnerability in Hotel WiFi Network Exposes You to Hackers (The Hacker News)
    There is no end to users problem when it comes to security. Everything is easily hackable — from home wireless routers to the large web servers that leak users' personal data into the world in one shot.

  • Plenty of Fish hooked by Canada's anti-spam laws, faces 48k penalty (nakedsecuirty)
    Canada's strict anti-spam laws have come down hard on another offender, with the operators of dating website Plenty Of Fish paying a $48,000 penalty for failing to provide proper unsubscribe options in emails sent to its users.

  • Half of Android devices open to silent hijack: Two-pronged attack can turn legit apps into spyware (TheRegister)
    Hacker Zhi Xu has found that seemingly legitimate apps can unleash a hidden dark side to compromise almost half of all Android devices. The Palo Alto Networks senior engineer says legitimate Google Play apps can establish a kind of beachhead on devices that can be invaded by a second app installed from legitimate third party stores like Amazon.

  • DDOS attacks less frequent last year, more dangerous (CSO)
    The total number of distributed denial of service attacks declined steadily last year, from more than 450,000 attacks in the first quarter to fewer than 150,000 in the fourth quarter -- but the size and complexity of the average attack both increased, according to a new report from Black Lotus Communications.

  • New Dridex malware evades detection with AutoClose function (Security Affairs)
    Security experts at Proofpoint have discovered a new phishing campaign that exploits a Dridex variant that evades detection with AutoClose function. Criminal crews behind the Dridex banking malware are very prolific and are improving the popular malicious code. Recently we have discussed about a Dridex variant which was spread through phishing messages with Microsoft Office documents embedding malicious macros.

Topics: Phishing, Malware, DDoS, Vulnerability, The Week in Cybercrime, Android, Ransomware

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all