Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- CISO’s Guide to Spear Phishing Defense Podcast (PhishLabs)
Everyone’s talking about business email compromise, but what they aren’t talking enough about is what’s at the root of these attacks – spear phishing. Joseph Opacki of PhishLabs discusses how security leaders must respond to the threat.
- Scammers up Their Game with New BEC Attacks (PhishLabs)
BEC is an acronym for "business email compromise." BEC refers to social engineering attacks used to convince those in charge of finances at an organization to send large payments to the scammers. These attacks are carried out over email conversations initiated by the scammer who spoofs the identity of an executive at the organization.
- The Dridex botnet is running again (CSO Online)
Spam emails containing the Dridex malware are being seen almost daily despite the arrest of one of its key operators in August.
CCTV cameras worldwide used in DDoS attacks (ZDNet)
In the past year, we've seen refrigerators being hacked, Jeeps being remotely controlled by attackers while the driver is a helpless passenger, and everything from baby monitors to routers being criticized for poor security which can place not only our Internet of Things (IoT) devices at risk, but our personal privacy and security.
- TalkTalk Hack: UK Police Bust Teenage Suspect (Bank Info Security)
TalkTalk has warned that the hack may have resulted in personal data on up to 4 million subscribers being stolen. The company recently confirmed that it received a ransom demand from the alleged hacking group behind the attack.
- Police nab 9 for allegedly spoofing bank employees in £60 million scam (Naked Security)
UK police have busted nine people over allegedly spoofing phone calls from victims' banks to drain them of a total of £60 million ($92 million).
- Library of Congress Says It’s OK to Hack Your Car (Wired)
Car hackers rejoice: today the Library of Congress approved copyright law exemptions that will allow you to modify the software on your car for purposes of security research, maintenance, or repair. The catch is that the exemptions don’t take effect for another year.
- Australian Federal Police cast net over Xero phishers (The Register)
The Australian Federal Police is investigating phishing attacks against accountants that some say has seen thousands lifted from bank accounts.
- Biggest Free Hosting Company Hacked; 13.5 Million Plaintext Passwords Leaked (The Hacker News)
The world’s most popular Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers' personal records.
- Second teenage boy arrested in connection with TalkTalk hack (CNET)
Police arrested a second teenage boy in London on Thursday over a cyberattack on UK broadband provider TalkTalk.
- Cybersecurity Information (Over)Sharing Act? (KrebsOnSecurity)
The U.S. Senate is preparing to vote on cybersecurity legislation that proponents say is sorely needed to better help companies and the government share information about the latest Internet threats. Critics of the bill and its many proposed amendments charge that it will do little, if anything, to address the very real problem of flawed cybersecurity while creating conditions that are ripe for privacy abuses. What follows is a breakdown of the arguments on both sides, and a personal analysis that seeks to add some important context to the debate.