Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Inside Symantec's 2014 Threat Report (BankInfoSecurity)
Symantec's 2014 Internet Security Threat Report calls 2013 the year of the mega breach. Why? Because it's getting far too easy for the bad guys to pull off these breaches, says Symantec's Kevin Haley.
New POS Malware Uses Mailslots to Avoid Detection (Threat Post)
New point-of-sale malware, LogPOS, has been using technology that evades detection by allowing the malware to inject code and act like a client while it shuttles stolen credit card numbers off to its command and control server.
Credit Card Breach at Mandarin Oriental (KrebsOnSecurity)
In response to questions from KrebsOnSecurity, upscale hotel chain Mandarin Oriental Hotel Group today confirmed that its hotels have been affected by a credit card breach.
Microsoft: All Windows versions Vulnerable to FREAK Vulnerability (TheHackerNews)
Recently discovered FREAK vulnerability that apparently went undetected for more than a decade is reportedly affecting all supported versions of Microsoft Windows, making the flaw more creepy than what we thought.
Venmo mobile payment service under fire for security carelessness (naked security)
Venmo is taking heat after a news report last week revealed security holes you could "drive a truck through," in the words of one aggrieved Venmo user whose account was defrauded to the tune of $2,850.
Cyber Security Gaps Appear All Over Europe (info security)
A new report from anti-piracy body the Business Software Alliance has highlighted worrying gaps in national cyber security protection across Europe and called for a greater focus on building legal and policy frameworks and public-private partnerships within member states.
Attackers clone malware-laden copies of popular apps (CSO)
Criminal hackers have hacked/cloned most of the top 100 paid apps and top 20 free apps for Android and iOS, according to data from Arxan’s State of Mobile App Security report, 2014. These attackers use the infected apps to gain entry to the enterprise in order to compromise its most treasured information.
Fareit trojan pwns punters with devious DNS devilry (TheRegister)
DNS tricks used by the Fareit trojan mean users are tricked into downloading malware, seemingly from Google or Facebook.
New DDoS attack and tools use Google Maps plugin as proxy (Help Net Security)
Attackers are using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching DDoS attacks.