Risk Radar Free Cyber Newsletter – Apr. 26, 2016

Report: Huge Spike in Online Fraud Attacks Since October 2015
Online fraud attacks have spiked since October 2015, one of the reasons why may surprise you. The move to chip and pin cards have reduced the fraud rate in brick and mortar stores, the unintended effects is the fraud attacks have moved online. These online fraud attacks have been made more effective by using Botnets.
Your Package Has Been Successfully Encrypted: TeslaCrypt 4.1A and the Malware Attack Chain
This article breaks down TeslaCrypt 4.1A and gives a history back to 2012 of Ransomware. Ransomware has increased each year since 2012, but 2016 is looking to be a big year for ransomware with the activity so far. TeslaCrypt 4.1A has shown how sophisticated ransomware is becoming, it attacks in targeted and opportunistic ways while making reverse engineering harder for security professionals. Angler Exploit Kit (EK) is at it again with new ransomware and malware. OS X is getting some ransomware protection that hopefully comes to Windows.
Blackberry Thinks Tech Companies Should Comply With ‘Reasonable Requests’ From Cops
Blackberry does not agree with Apple when it comes to decrypting phones for law enforcement. Apparently Blackberry has given the Royal Canadian Mounted Police (RCMP) access to all Blackberry messages not sent through a corporate server, these messages are encrypted with one unique global key maintained by Blackberry. Here are some pro and con stories on Blackberry giving Canadian law enforcement the unique global Key.
Adobe Customers May Have to Stick with Buggy QuickTime
If you use Adobe video, audio, and digital imaging applications in Windows you may have a hard time removing Apple’s QuickTime. These Adobe applications are still dependent on QuickTime being installed to handle some codecs. Adobe is continuing to work on the elimination of QuickTime, Adobe has no time frame for the elimination of QuickTime.
Nearly One Third of Android Users Don’t Get Patches
Google has been doing a better job of addressing security issues, with one caveat. Is your android phone getting the latest OS version and security patches? Many android phones are not, one way to insure you get the latest OS versions and security patches is to get a Nexus device. If you don’t get a Nexus device try to get a flagship device. I have older flagship LG and Samsung phones in the house that are one or two generations from the latest flagship devices. These devices have Android 6.0/6.0.1 and the March/April security patch releases.
The problems with forcing regular password expiry
We all love to change our work password every three months. Not so much I am guessing most users would say. Anybody who has to play this password game knows the shortcuts to make the password change less painful. This article makes a point that these shortcuts compromise password security more than not forcing a password change.