Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Account Takeovers: Did FFIEC Guidance Make a Difference? (Bank Info Security)
It's been four years since the Federal Financial Institutions Examination Council issued its updated authentication guidance, which focuses on helping banks and credit unions defend against account takeover schemes. Since then, institutions have made significant investments to shore up their defenses and boost their ability to detect and prevent account takeovers.
- Amazon dumps Flash, and the Web is better off (CSO)
Amazon will stop accepting Flash ads on its advertising network on Tuesday, and it will help make the entire Web more secure, security experts say.
- Teenagers Collared for Using Lizard Squad DDoS Tool (Info Security)
Police from around the UK, working with the country's National Crime Agency (NCA), have arrested six teenagers in connection with the ‘malicious deployment’ of Lizard Squad DDoS tool LizardStresser.
- Jailbreaking pirates popped in world's largest iCloud raid – 225,000 accounts hit (The Register)
The largest Apple iCloud raid in history has seen nearly a quarter of a million accounts compromised by malware targeting app pirates.
- Big hacks, big data add up to blackmailer's dream (ZDNet)
While breach reports often fixate on the number of records stolen, accounts compromised and people affected, the real question is what will hackers eventually do with the data they've collected.
- 9 baby monitors wide open to hacks that expose users’ most private moments (ARS Technica)
The security of Internet-connected baby monitors got a failing grade from researchers who found critical vulnerabilities in all nine of the models they reviewed.
- Match.com UK Daters Spread Nasty Infection -- From Malware (IB Times)
Security researchers discovered that by paying just 36 cents, operators of the malware campaign were able to place malicious ads on the company's website. If a visitor clicked on one of these ads, they would be led through a series of links to a site that would check if the browser being used had any one of a number of flaws. If it discovered one, then malware or ransomware would be silently downloaded onto a victim's PC without their knowledge.
- Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals (Krebs on Security)
A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company’s eponymous chief executive — Eugene Kaspersky — who called the story “complete BS” and noted that his firm was a victim of such activity. But according to interviews with the CEO of Dr.Web — Kaspersky’s main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms.