Articles of interest from the week of July 15, 2019

Cybercriminals are Increasingly Targeting the Financial Services Industry

Universally, consumers and small and large businesses alike, are increasingly aware of the well-established fact that cybercrime is on the rise. Last year, 4iQ discovered nearly 15 billion identity records that had been stolen from companies and were circulating the deep and dark web, including 3.6 billion new and verified records. There were also over 12,000 identity breaches, more than four times as many as the previous year. While high-profile data breaches such as Facebook and Equifax may be stealing headlines on the basis of endangering consumer privacy, the untold story is that the businesses that employ those consumers also suffer huge expansions in their risk profiles after such events. And arguably, the industry that truly faces the most danger is the financial services industry. (By Monica Pal, SC Media) 

Failures in Cybersecurity Fundamentals Still Primary Cause of Compromise: Report 

While adversaries continuously refine their attack methodologies -- primarily towards greater efficiency, simpler operation and more effective outcomes -- security analysts are struck by the static nature of their recommendations to business. "The same issues and security gaps are blighting organizations' ability to identify and respond to threats," they say. (By Kevin Townsend, Security Week) 

Researcher Bypasses Instagram 2FA to Hack Any Account 

A researcher earned a $30,000 bug bounty from Facebook after discovering a weakness in the Instagram mobile recovery process that would allow account takeover for any user, via mass brute-force campaigns. (By Tara Seals ThreatPost)

Is 2019 the Year of the CISO? 

PwC reported that 81% of investors and analysts responding to its 2018 Global Investor Survey ranked cybersecurity among the top three threats to business; more than half of those said that cybersecurity was the No. 1 biggest threat to business. The natural upshot should be that the CISO is more important to business strategy — but in many cases, that's an uphill climb. (By Terry Ray, DarkReading)

TrickBot Adds New Spam Module, Harvests 250M Email Addresses 

Malicious actors behind the information-stealing malware TrickBot have added a new module that has helped them illicitly gather a database of 250 million legitimate email addresses. (By Bradley Barth, SC Media)