Risk Radar Free Cyber Newsletter – Jan 17, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Gmail hack: Even tech-savvy users fooled by sophisticated phishing technique
Do you think you know enough security information to not get fooled by phishing emails? There is a new Gmail phishing attack that is getting many tech-savvy users out there. The article does a good job of covering the attack and what to do if you have been hacked.
Yule be sorry: Belated Merry Christmas ransomware festively encrypts files, drops DiamondFox malware
It seems a little late for a Christmas themed ransomware to be making the rounds, but Merry Christmas ransomware is here. The ransomware also brings in DiamondFox malware to the infected PC. DiamondFox malware is very versatile and can infect PC’s in multiple ways. This ransomware is being spread by spam emails.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Trump Cyber Advisor Giuliani Runs Outdated, Hackable Website
President-elect Trumps choice for cybersecurity advisor is getting some push back from some in the information security community. Giuliani is being questioned on his ability to handle these turbulent times in information security. Time will tell, hopefully smart experienced InfoSec people will be brought in to Giuliani’s team.

The FTC’s Internet of Things (IoT) Challenge
The FTC is aware of the coming challenge to security the IoT represents. FTC is starting a challenge to create a technical solution to ensure IoT devices are secure on home networks. A cash prize of up to 25,000 for the best technical solution is available.
White House Approves New Rules for Sharing of Raw Intelligence Data
The EFF is raising concern on a new rule change concerning the NSA’s sharing of raw intelligence data with the U.S. intelligence community. This change was made by the Obama administration using an executive order. Previously, the NSA data was screened for unnecessary personal date before it was shared. The government is making the case that this rule change just broadens the groups in the intelligence community that can use the data, the data protection is still there.
How to Encourage Employees to Not Only Practice, but Actually Promote Cybersecurity Awareness
End-user security awareness training is something that needs to be done in most information security plans. There are so many ways to go about end-user security awareness training. This article covers an interesting approach to the end-user security awareness issue.