Cybercrime Week in Review 11 July 2015
Meeting the Digital Identity Challenge (Bank Info Security)
Security leaders across enterprises observe that the digitization of the customer experience has taken the market by storm, and it is imperative for CISOs to adapt to these changes immediately.
Hacktivist group possibly compromised hundreds of websites (CSO)
A hacker group known as Team GhostShell is publishing snippets of sensitive data allegedly stolen from the databases of hundreds of compromised websites.
Insight into advances of adversary TTPs (Dragon Threat Labs)
As most spearphishing stories begin, Mary receives an email from John, except the email isn’t really from John, it’s from somebody pretending to be John in an attempt to gain Mary’s trust so that she’ll open an email attachment that contains malware.
Hacking Team hit by breach; leak suggests it sold spyware to oppressive regimes (ZD Net)
One of the most elusive spyware and malware providers to government agencies has been hit by hackers who have turned over what appears to be most of, if not all of the company’s corporate data.
Adobe patches Hacking Team’s zero-day Flash flaw being exploited in the wild (Network World)
Don’t twiddle your thumbs or otherwise procrastinate, update Flash Player now as the Hacking Team’s zero-day is being actively exploited in the wild. Whether you use Windows, Mac or Linux, it’s a critical vulnerability and “all Flash Player users are at risk.” Adobe warned that a “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”
Hacking Team: Oh great, good job, guys … now the TERRORISTS have our zero-day exploits (The Register)
Spyware peddler Hacking Team is moaning that, since its internal source code was leaked online, its tools for infecting PCs with malware are now in the hands of “terrorists and extortionists.”
The Hunt for the Financial Industry’s Most-Wanted Hacker (Bloomberg)
The malware known as ZeuS and its rogue creator have been at the cutting edge of cyber-crime for nearly a decade.
Finnish Decision is Win for Internet Trolls (Krebs on Security)
In a win for Internet trolls and teenage cybercriminals everywhere, a Finnish court has decided not to incarcerate a 17-year-old found guilty of more than 50,000 cybercrimes, including data breaches, payment fraud, operating a huge botnet and calling in bomb threats, among other violations.
Critical OpenSSL Flaw Allows Hackers to Impersonate Any Trusted SSL Certificate (Hacker News)
The mysterious security vulnerability in the widely used OpenSSL code library is neither HeartBleed nor FREAK, but it’s critical enough to be patched by sysadmins without any delay.