Risk Radar Free Cyber Newsletter – Jul 18, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns
There is a new spam campaign that is packaging NemucodAES and Kovter together. NemucodAES is ransomware and Kovter is click-fraud malware. The spam mail contains a zip archives with malicious JavaScript files in the archive.
Major cloud service cyberattack could cost global economy $53 billion
Insurance companies are still learning how to rate loss due cyberattacks. When dealing with cloud services that effect the global economy an attack could cost 53 billion to 121 billion. Companies should be doing a similar risk assessment (like the insurance companies) to their own business. This will show them the priorities of what to protect.

FBI: IoT Toys Could Present a Privacy and Safety Risk
The FBI is warning parents of IoT toys that could compromise their children’s personal data.  These IoT “smart” toys have the capability of holding personal data, including voice recordings and location data. The loss of this information could open up kids to fraud and other exploitation.

Cisco Patches Another Critical Ormandy Bug in WebEx Extension
Tavis Ormandy likes to help other companies than just Microsoft. He as discovered remote code execution vulnerabilities in WebEX browser extensions. The extensions for Chrome and Firefox are effected. Updates are available from Cisco if you use these WebEX browser extensions.
ATM skimmers using infrared to steal data
An interesting ATM skimmer attack has been discovered. A skimmer with an infrared antenna passes information to a nearby camera the records time and entered pin numbers. To get the ATM data the attackers just need to recover the camera. Brian Krebs has a more detailed write-up on the ATM skimmer.
Free Certs Come With a Cost
Let’s Encrypt gives out free HTTPS certificates, their goal is to make the internet more secure. It is a noble goal, but critics are bringing up potential issues with the way Let’s Encrypt is working on this goal. The article goes into the potential issues Let’s Encrypt may face going forward.