Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Analyzing Spear Phishing Attacks (PhishLabs)
Once an attack is detected, it needs to be analyzed to determine the best mitigation strategy. The objective of the Analyze phase is to quickly establish sufficient threat context to drive the appropriate next action.
- Magento sites targeted by Neutrino exploit kit (CSO)
Some websites running the e-commerce platform Magento appear to have been infected with code that directs victims to the Neutrino exploit kit.
- Stolen data on the dark web is cheaper than you might think (ZDNet)
For as little as $5, you can buy a US software-generated payment card for almost untraceable purchases. The price depends on region, with some of the most expensive items coming from Europe. For a debit card with name, address, PIN number and Social Security data attached to it for extra validity, the cost can go up to anywhere between $30 and $45.
- US High School Student Hacks AOL Account of CIA Boss (Info Security)
A US teen is claiming he managed to hack the email account of CIA director John Brennan and make off with sensitive government files.
- Malvertising meets the Daily Mail (Naked Security)
Reported cases are said to have redirected visitors to web pages containing the Angler exploit kit, an infamous "cybercrime as a service" tool that automatically loads a sequence of booby-trapped files into your browser, and tries them one by one in the hope of getting control over your computer.
- Long Island students busted for allegedly hacking into high school’s computer system, changing grades and schedules in Ferris Bueller-style scheme (Daily News)
Three Long Island teens were arrested Tuesday for committing a Ferris Bueller-style hack into their high school’s computer system, where they pumped up their grades and altered the schedules for 300 students, officials said.
- How Criminals Cracked EMV (Bank Info Security)
European criminals cannibalized stolen EMV cards, combining clipped smartcard chips with miniature microprocessors to construct fake payment cards that defeated point-of-sale security checks, enabling them to commit as much as 600,000 euros ($680,000) in fraud.
- Let’s Encrypt Free SSL/TLS Certificate Now Trusted by Major Web Browsers (The Hacker News )
Let's Encrypt – the free, automated, and open certificate authority (CA) – has announced that its Free HTTPS certificates are Now Trusted and Supported by All Major Browsers.
- TALKTALK HACKED: 4 million customers affected, stock plummeting, 'Russian jihadist hackers' claim responsibility (Business Insider)
British broadband provider TalkTalk has been hacked for the third time, the company announced late Thursday, and customers' data — including credit card details — may have been stolen.
- Capital One Launches SwiftID, A Way To Bypass Security Questions With Just A Swipe
Banks aren’t always known for being technical innovators – which is one thing that gives startups in the financial services space an edge. But this morning Capital One is attempting to change that perception with the launch of a new technology called SwiftID – a way to authenticate users with just a swipe on the smartphone’s screen. SwiftID, which aims to do away with the typical security questions like “name of your first pet?” or “mother’s maiden name?,” is the first offering of its kind in the financial services industry, Capital One claims.