Risk Radar Free Cyber Newsletter – July 19, 2016

Apple devices held for ransom, rumors claim 40M iCloud accounts hacked
While the claim of 40 million is high an interesting ransom attack is being done to Apple devices. The attackers are taking over the iCloud accounts and registering the devices in the account as stolen. The ransom request is made from the Apple device lock screen. Apple has the advice to recover compromised devices, Apple also strongly recommends setting up two-factor authentication.
Trojan Delilah Recruits Malicious Insiders Via Extortion
The Delilah Trojan is trying to bully targeted victims into doing their will. The attack gathers information (including webcam video/audio) that is used to extort the victim. The Trojan is delivered when the victim downloads from specific adult and gaming websites. The goal of the attackers is to turn the victim into an inside threat.

Scan Reveals Hydropower Plants, Other Critical Infrastructure Exposed Online
This scan is not a surprise, it just verifies that critical infrastructure is vulnerable to online attacks. Unauthenticated web applications were found that could control the critical infrastructure. Security awareness about ICS and SCADA systems is low, with more research like this security should start to be taken more seriously.

Juniper Crypto Bug Lets Attackers Eavesdrop on Router, Switch Traffic
Juniper’s routers, switches, and security devices have a crypto bug in the public key that can allow attackers to eavesdrop on network data. The attack uses self-signed certificates that get around the certification validation within Junipers devices running Junos OS. A patch for this crypto bug is available from Juniper.
Microsoft Wins Landmark Email Privacy Case
The US government is asking for Microsoft email data stored in Ireland. Microsoft has been supported by Silicone Valley rivals and others in this legal fight with the US government. A US federal appeals court has reversed the 2014 lower court decision that required Microsoft to turn over the emails. By many the latest ruling is seen as a win for privacy. The US government is expected to appeal the federal appeals court ruling.
6 important Things You Should Know Before Playing Pokémon Go
If you are thinking of capturing some Pokémon check out this article before you do. You can avoid malware infection and physical harm by following the articles guidelines. Happy and safe hunting for Pokémon.