Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
PhishLabs investigated a recent vishing attack and uncovered a cache of stolen payment card data belonging to customers of dozens of financial institutions. We estimate the vishing crew responsible for the attack has stolen the data of 250 cards per day in this vishing campaign.
More than 25% of Web browsers in use are vulnerable to a zero-day IE exploit uncovered by FireEye. It appears the exploit has been used in targeted attacks. But it won't be long before it's included in exploit kits and used in broader attacks. Microsoft patched the vulnerability on Thursday.
- Security And/Or/Vs/Not Compliance? (Anton Chuvakin - Gartner Blog)
As Anton says in his post, "security =/= compliance" isn't exactly a new concept. Compliance is often a budget driver though, and can be a convenient way for savvy security leaders to actually make needed security improvements. That being said, there are a lot of organizations that have a complete disconnect between what they're doing for compliance versus what they're doing to actually be secure. And that's a problem.
- Why LOL and DID can't stop a WTF (Bromium)
The research team at Bromium makes a great point about layered security strategies being only as strong as the weakest link in the security chain. The post focuses on endpoint security (Bromium is an endpoint security product), but the same principle applies more strategically as well. We frequently run into financial institutions that have invested in layers upon layers of network and data security for their own environment while cybercriminals point their arsenal at banking customers instead...