Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Siemens Energy Automation Device Vulnerable to Authentication Bypass (Info Security)
An authentication bypass vulnerability has been discovered in a Siemens energy automation device—meaning that an attacker can gain control of the device without having to enter login details.
- RC4 NOMORE crypto exploit used to decrypt user cookies in mere hours (ZD Net)
A fresh warning concerning the use of RC4 to support secure communication channels online has been issued after researchers were able to exploit the protocol to decrypt user data in mere hours.
- Attacks on Critical Infrastructure Organizations Resulted in Physical Damage: Survey (Security Week)
A survey commissioned by The Aspen Institute and Intel Security shows that critical infrastructure organizations often deal with cyberattacks, and many of them have reported suffering physical damage as a result of these attacks.
- Beyond the breaches: Understanding the Angler exploit kit (Naked Security)
The big security news stories these days are often about "this big breach", "that sneaky malware" or "these latest new exploits".
- Five arrested in JPMorgan hacking case (CSO )
Bloomberg sources claim a recent set of arrests are related to the 2014 JPMorgan computer compromise affecting 83 million people
- Hackers Remotely Kill a Jeep on the Highway—With Me in It (Wired)
I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
- Even Script Kids Have a Right to Be Forgotten (Krebs on Security)
Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That’s because the breached databases crawled by this search engine are mostly sites frequented by young ne’er-do-wells who are just getting their feet wet in the cybercrime business.
- How Are Spear Phishing and Cyber Threats Impacting Pharma? (Health IT Security)
Spear phishing is becoming an increasingly important issue in the healthcare industry. Cyber criminals have evolved their approach, and are even beginning to target high-ranking healthcare professionals in attempts to gain access to sensitive information, including PHI.
- RCSAndroid – Advanced Android Hacking Tool Leaked Online (Hacker News)
As digging deeper and deeper into the huge Hacking Team data dump, security researchers are finding more and more source code, including an advanced Android Hacking Tool.
- It’s time to take cyberattacks seriously and install a deterrence plan (Washington Post)
As a member of the House Select Committee on Intelligence, I am reminded every day that we live in a dangerous world. It is violent and chaotic, and it’s becoming more so all the time. But among the many national security threats that we face, in no area are we more vulnerable, and do we face so great a destructive potential, than the cyber realm. Our power grid, banking system, energy pipelines, air traffic control and other critical systems all are at risk. The recent cyberattack on the Office of Personnel Management is a clear demonstration of our vulnerabilities.