Risk Radar Free Cyber Newsletter – July 12, 2016

CryptXXX, Cryptobit Ransomware Spreading Through Campaign
Ransomware is being spread through thousands of sites that are built with WordPress and Joomla. Neutrino Exploit Kit is being used to install the CryptXXX or Cyptobit ransomware, the Neutrino Exploit Kit is looking for Flash or PDF reader vulnerabilities. It is not known at this point how the contentment management systems are being compromised.

Security researchers are developing a way to stop ransomware called CryptoDrop.

Angler Exploit Kit may have been taken down due to Russian arrests.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

D-Link Bug Could Affect Over 400,000 IoT Devices
The Internet of Things (IoT) is growing and making life more connected, the downside is the security of IoT devices is a weak point. The latest D-Link exploit has affected 120 products or more, such as routers, cameras, modems and more. While these devices are low powered they do enable bad guys to spy on internet traffic and install backdoors. D-Link is still working on a fix at this point. IoT medical devices are especially bad news if they get compromised.

Privacy Shield Approved, Expected to be Adopted Tuesday
Privacy Shield has replaced the old Safe Harbor agreements in the EU. Privacy Shield is built on similar principles of Safe Harbor, more details and controls have been added to Privacy Shield. It is still likely Privacy Shield will be challenged in the EU court.

Symantec’s Woes Expose the Antivirus Industry’s Security Gaps
Security research Travis Ormandy has found critical vulnerabilities in Symantec’s anti-virus security suite. Some of the more serious bugs allow remote-code-execution, one even allows a core part of Symantec’s security suite to be used against the victim’s pc. The article goes on to discuss the issues and problems with fixing this Antivirus problem.
Lessons Learned from Industrial Control Systems
Robert M. Lee of SANS has a nice write up on how to secure Industrial Control Systems. Industrial Control Systems are hard to secure for many reasons, such as high uptime demand with little opportunity to patch. The article covers steps to take in this hard to secure environment.
Researchers Sue the Government Over Computer Hacking Law
Academic researchers are suing the government over a decades old federal anti-hacking statute. The researchers are looking into illegal discrimination to users in things like jobs and housing, their suit involves violations to sites terms of service. Currently making false profiles on sites that forbid it is a federal violation.