This week's trending cybercrime events include breaches at the NBA's Milwaukee Bucks and the furry site "Fur Affinity," a two-year cyber-espionage campaign against Swiss military contractor Ruag, payment card skimmers found at Walmart, and DDoS-for-hire services found on the online marketplace Fiverr. Researchers discussed several new types of malware including a stealthy new malware dubbed "Furtim," a new variant of Cerber ransomware, and changes to DMA Locker – which is being upgraded for a potential "massive" distribution. On the legal front, the transfer of data between the U.S. and the EU continues to be questioned in court, Wells Fargo was ordered to pay a $1.1 million fine related to employee data theft, another W-2-related breach lawsuit was filed, and various individuals were arrested and cybercriminal groups disrupted. Also, people continue to get in trouble by hacking road signs.
The hacker forum Nulled.io was breached and the sensitive information of its members was made publicly available. SWIFT warned of more attacks against banks at the same time the Anonymous OpIcarus campaign hit more financial sector targets. LinkedIn discovered its 2012 breach was much bigger than previously thought. And a couple of researches upset OkCupid by publishing data on 70,000 of the dating site's users. This week's advisories included more developments in the cat-and-mouse game around the CryptXXX ransomware, an alert on an old SAP vulnerability, an Android banking Trojan and click-fraud botnet, and more PayPal phishing scams. This week also saw a highly anticipated Supreme court ruling on a privacy-related class action lawsuit, the continuation of financial institutions lawsuit against Home Depot, and a new lawsuit around a breach of W-2 information at aircraft maintenance company Haeco. A judge also ruled the FBI did not have disclose a vulnerability in the Firefox browser, and the U.S. saw its first conviction in the hack of newswires that generated $100 million in profit. Also, the LinkedIn breach revealed another round of terrible password habits.
This week's trending cybercrime events included data breaches at Google, Kiddicare, and InvestBank as well as a ransomware infection that led to YahooMail being temporarily banned from the House of Representatives and a series of Anonymous-led DDoS attacks against banks. Researchers discovered several new mobile threats including RuMMS and Viking Horde Botnet malware. Blogger, PerezHilton and CBS-affilitiated websites were hit with malvertising. A new credit card scam was uncovered in Kuala Lumpur. Legal news includes Walmart suing Visa over chip-and-signature practices, the FTC and FCC partnering to investigate mobile security updates, and updated information on several stories including the Wendy's data breach and the signing of the Defend Against Trade Secrets Act of 2016. Lastly, a Lego robot can bypass screen pattern security.
Details on more than 7 million user accounts for Minecraft community Lifeboat were compromised. A German nuclear plant discovered malware on its systems. A ransomware attack hit the Lansing Board of Water and Light. Huge amounts of data were leaked from Canadian gold-mining firm Goldcorp and the Kenya Ministry of Defense. Trending advisories include vulnerabilities in Android, increased extortion and ransomware activity, and massive dumps of user credentials being leaked from several sources. On the legal side, the New York Attorney General announced the state is on pace for a record number of data breach notices this year, a new version of PCI DSS was released, and a hacker claims to have accessed Hillary Clinton's email server. Finally, a 10-year-old boy won a $10,000 bug bounty.