Top 10 Stories

Threatpost - An Android banking Trojan known as Svpeng has added phishing capabilities to its arsenal, and researchers have spotted it attacking Russian banking clients in what is perceived to be a dry run before it is adapted for other countries. “Typically, however, cybercriminals first test-run a technology on the Russian sector of the Internet and then roll it out globally, attacking users in other countries,” said Kaspersky Lab researcher Roman Unuchek on the Securelist blog today.

Net Security - In a praiseworthy move, Microsoft has extended the multifactor authentication option to all users of Office 365, its popular subscription-based online office software suite. "Today we’re adding Multi-Factor Authentication for Office 365 to Office 365 Midsize Business, Enterprise plans, Academic plans, Nonprofit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online," announced Paul Andrew, technical product manager for Office 365.

Washington Post – The rash of attacks against Target and other top retailers is likely to be the leading edge of a wave of serious cybercrime, as hackers become increasingly skilled at breaching the nation’s antiquated payment systems, experts say. Traditional defenses such as installing antivirus software and monitoring accounts for unusual activity have offered little resistance against Eastern European criminal gangs whose programmers write malicious code aimed at specific companies or buy inexpensive hacking...

The Hacker News – The denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and free of cost to make the application more secure by disclosing flaws Later, the denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and...

Yahoo News - Hackers breached the websites of all Las Vegas Sands Corp. websites Tuesday morning, and the home pages of some of the world's largest casinos remained down through the day. The Nevada State Gaming Control Board was investigating the breach, and the FBI was also aware of the matter.

USA Today - PayPal President David Marcus said on Monday that his credit card details were stolen and the information was used to finance a fraudulent spending spree. Marcus said the card was probably "skimmed" at the hotel he was staying at, or at a merchant he visited, during a recent trip to the U.K. "They then cloned it and went on a shopping spree," the executive wrote on Twitter.

SecureMac: SecureMac  has discovered a new Trojan Horse called OSX/CoinThief.A, which targets Mac OS X and spies on web traffic to steal Bitcoins. This malware has been found in the wild, and there are multiple user reports of stolen Bitcoins. The malware, which comes disguised as an app to send and receive payments on Bitcoin Stealth Addresses, instead covertly monitors all web browsing traffic in order to steal login credentials for Bitcoin wallets.

Wall Street Journal: FBI Document Says Some Retailers Targeted by Hackers Have Not Yet Come Forward  

CNet: Tumblr has begun to catch up with modern security standards by activating SSL on Monday. There's a catch, though: You have to enable SSL on Tumblr manually. If you're not familiar, Secure Sockets Layer, or SSL, allows for the data being transmitted from the Tumblr server to your computer to be encrypted. SSL decreases the likelihood of casually eavesdropping on people who visit sites with it enabled.

Security Week: Web performance and security firm CloudFlare said late Monday that a customer running on its platform was hit with a massive DDoS attack today that affected service in much of Europe and then into some of its US infrastructure. “It was a very large DDoS targeting a CloudFlare customer,” Matthew Prince, CEO of Cloudflare told SecurityWeek. “We're still gathering the log data to get exact numbers but know it was well over 300Gbps and...