Several significant cybercrimes came to light over the weekend. Online stockbroker Scottrade was breached, with the probable loss of 4.6 million customers' personal information. Scottrade says neither the trading platform nor client funds were compromised. Apparently the company learned of the breach when the FBI so informed it.
Patreon (a "content creation donation" site) was also compromised. The vulnerability is instructive: Werkzeug debugging running in a production environment was exploited for remote code execution. Detectify is said to have warned Patreon of the vulnerability five days before the compromise.
Data stolen from Experian last week is already being sold in the black market. T-Mobile, whose customers are most affected, is livid.
Hillstone CTO Liu notes that two days' exfiltration in the Experian breach is "practically a lifetime for cyber criminals," and Fortscale's Tendler says, "Entrusting third-party vendors with sensitive information is always a risky proposition." Looking at Scottrade, Ziften's Hamilton calls promised stronger defenses "too little, too late" for customers at risk of identity theft.
Morphisec warns that an encrypted Flash exploit is distributing the Nuclear exploit kit.
Palo Alto identifies YiSpecter, API-abusing malware infesting iOS devices, mostly in China and Taiwan.
The Los Angeles Police Department struggles with gang violence inspired by "cyber banging," which appears resistant to the usual forms of community engagement. Cyber banging seems first cousin to ISIS online recruitment and incitement: wounded pride and a frustrated search for transcendence meet Internet disinhibition. (And how could a GED and a minimum wage job compete with that?)