Risk Radar Free Cyber Newsletter – Apr. 12, 2016

Latest Flash Zero Day Being Used to Push Ransomware
Adobe issued an emergency update on Thursday April 7th, hopefully you have already updated flash if you are using flash. The flash zero day is being used in Nuclear and Magnitude exploit kits to spread Locky and Cerber ransomware. This just reinforces the need for a good patch management program, with an emphasis on rapid Flash updates.
FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen
The FBI issued an alert in February that states that US government computer systems have been hacked as far back as 2011. The attack was done by a group named Advanced Persistent Threat 6 (APT6). The details of the systems attacked and how they were attacked are not released at this point.
Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
The data breach of Mossack Fonseca law firm resulted in 2.6 terabytes of confidential documents being stolen. The repercussions of this breach should be far reaching considering the information that has been released so far. Sensitive data like this must have been protected with the best security possible. Not so much, apparently the website was trivial to exploit. Your data may not be as sensitive as this breach but it pays to have data security in your enterprise security plan.
Dridex Malware Now Used For Stealing Payment Card Data
Improvements in malware are not just for ransomware, the banking Trojan Dridex is now collecting credit card data. This new version of Dridex is mainly focused on English speaking countries like the US, UK and Australia.
The Feds’ Battle With Apple Isn’t Over—It Just Moved to New York
The battle between Apple and the FBI regarding the 5C phone is California is over. The FBI is not ready to quit yet, they filed an appeal in the New York case regarding a 5s phone used in a drug case. The positions of the FBI and Apple on the New York case are very similar to the previous case in California.
The 8 Most Convincing Phishing Schemes Of 2016
Phishing is one of the most common ways malware and ransomware are being delivered right now. End user training to avoid phishing schemes is an important part of minimizing the threat of the latest malware. This article covers the best phishing attacks of 2016 in detail, it gives good information to end users. Make sure your governance addresses these common vectors!