Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
What can community banks and credit unions do to mitigate account takeover attacks? (PhishLabs)
In the past six months we’ve seen one security breach after another with retailers, community banks, and credit unions targeted by criminals seeking to takeover accounts and commit fraud. When authentication isn’t enough, what can financial institutions do?
Masque Attack — New iOS Vulnerability Allows Hackers to Replace Apps with Malware (TheHackerNews)
Android have been a long time target for cyber criminals, but now it seems that they have turned their way towards iOS devices. Apple always says that hacking their devices is too difficult for cyber crooks, but a single app has made it possible for anyone to hack an iPhone.
Network Hijackers Exploit Technical Loophole (KrebesOnSecurity)
Spammers have been working methodically to hijack large chunks of Internet real estate by exploiting a technical and bureaucratic loophole in the way that various regions of the globe keep track of the world’s Internet address ranges.
NOAA Blames China In Hack, Breaks Disclosure Rules (Dark Reading)
The National Oceanic and Atmospheric Administration (NOAA) has confirmed that an attack on a NOAA web server in September affected four websites and caused the office to temporarily cease delivering satellite data used globally for aviation, shipping, disaster preparedness, and other purposes.
Lads from Lagos using 'Predator Pain' on hapless 419 victims (The Register)
Advanced-fee fraudsters are adopting the tactics of state-sponsored hackers in attacks targeting small- to medium-sized businesses, rather than large corporates.
Microsoft fixes '19-year-old' bug with emergency patch (BBC)
Microsoft has patched a critical bug in its software that had existed for 19 years. IBM researchers discovered the flaw, which affects Windows and Office products, in May this year - but worked with Microsoft to fix the problem before going public.
Postal Service Suspends Telecommuting, VPN Access as Breach Investigation Continues (Security Week)
The United States Postal Service (USPS) has shut down employee VPN (virtual private network) access and suspended telecommuting until further notice for employees at Postal Service headquarters.