Google says just 2 percent of the recent dump of nearly 5 million credentials to Russian cybercrime forums contained valid Gmail username and password combinations. But anyone who reused the same passwords on other sites remains at risk from hackers.
News reports of a suspected attack against JPMorgan Chase, and perhaps other banks, serve as an important reminder for financial institutions to ramp-up their security efforts, especially to guard against phishing attacks.
A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.
An online gang with ties to Romania and Russia has been bypassing two-factor, Android-based authentication systems - used by 34 different banks to authenticate customers - via the sophisticated Operation Emmental cybercrime campaign.
An ongoing APT campaign employs decoy documents to lure potential victims into installing malicious remote-control tools. Targets include at least one bank, the BBC and many U.S. and EU government agencies.
On Christmas Eve, Target issued a warning about phishing scams linked to its breach recovery efforts. In response, the retailer says it is launching a dedicated resource page on its website for official communications.