Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Did FFIEC guidelines curb account takeover? Survey says… (PhishLabs)
In a recent study conducted by Info Security Media Group (ISMG), respondents indicated that, despite efforts to comply with updated authentication guidance set forth by the Federal Financial Institutions Examination Council (FFIEC), account takeover (ATO) has not decreased. In fact, 71 percent of respondents said that account takeover incidents either stayed the same or increased over the past year.
- One password gifts hacker with hundreds of Firefox bugs, vulnerabilities (ZD Net)
Mozilla has admitted an attacker was able to access a treasure trove of Firefox bugs and used at least one security vulnerability against users as a result.
- Sophisticated Carbanak Banking Malware Returns, With Upgrades (Bank Info Security)
Recently, four new variants of Carbanak have been used to target victims in the United States and Europe via spear-phishing attacks, warns Denmark-based CSIS Security Group (see Cybercrime Gang: Fraud Estimates Hit $1 Billion). CSIS says the attacks mark a resurgence of activity from the cybercrime gang, which experts say went quiet after their attack campaigns were described by three different security firms, beginning in December 2014.
- LogMeOnce: Password manager takes a photo of anyone trying to hack into your accounts (IB Times)
Police from around the UK, working with the country's National Crime Agency (NCA), have arrested six teenagers in connection with the ‘malicious deployment’ of Lizard Squad DDoS tool LizardStresser.
- UK Tops European Data Breach Table (Info Security)
The UK suffered the most data breaches in Europe during the first half of 2015, coming second globally only to the United States, according to new data from Gemalto.
- Turla cyberespionage group exploits satellite Internet links for anonymity (CSO)
A cyberespionage group of Russian origin that targets governmental, diplomatic, military, educational and research organizations is hijacking satellite-based Internet connections in order to hide their servers from security researchers and law enforcement agencies.
- This big U.S. health insurer just got hacked (Fortune)
Excellus BlueCross BlueShield announced Wednesday that more than 10 million of its customers’ information has been exposed in a massive cyberattack. The breach mainly affects residents of upstate New York, where the health insurance company is based.
- Stolen storage device leads to loss of customer bank and personal data (Naked Security)
The personal details of thousands of Lloyds Bank account holders have gone missing following the suspected theft of a data storage box.