Risk Radar Free Cyber Newsletter – Jan 24, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

St. Louis Public Library Recovers from Ransomware Attack
The St. Louis Public Library made a bold choice in their response to a ransomware attack. They refused to pay the 35,000.00 ransom demand and wiped the servers and restored from backups. The St. Louis library is working with the FBI to get information on the attack. A robust online and offline backup system is very helpful in recovering from a ransomware attack.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Cisco Patches Critical Flaw in WebEx Chrome Plugin
A critical flaw in the WebEx Chrome plugin has opened up users to an exploit that allows remote code execution. Cisco has patched this flaw which was discovered by Tavis Ormandy. If you are using the WebEx Chrome plugin make sure you get the latest update.
Buzz off, hackers! Fruitfly spyware infests Mac-based biomedical facilities
Malware aimed at Mac-based biomedical facilities has been discovered. This attack seems to have been in place as early as 2014. The attack seems to be very in narrow in scope, most likely a very specific attack on specific facilities. Apple has released an update that will be installed in the background that fixes this exploit.
AG Nominee Backs Law Enforcement’s Ability to ‘Overcome’ Encryption
Attorney General (AG) to be Jeff Sessions seems to support backdoors in encryption. His view is similar to the FBI and other government departments supporting access to encryption. It will be interesting to see how this encryption backdoor issue is addressed moving forward.
Giuliani and top Trump White House officials hacked, passwords leaked
Rudy Giuliani and other top Whitehouse officials have been hacked. Many common mistakes such as using the same password for multiple sites has been discovered. With the many hacking attacks on both parties I am hoping the cyber security improves in our government, no matter which party.
Hamas Compromises Israeli Soldiers with Pretty Woman Gambit
Hamas uses social engineering techniques to hack Israeli soldier’s smartphones. The attack occurred on Facebook using fake attractive women to convince the solders to install a video chat app. The app then installs malware that gives Hamas access to the data, camera, and sensors on the phone.