Risk Radar Free Cyber Newsletter – June 14, 2016

New Ransomware Threat: Crysis Lays Claim to TeslaCrypt’s Former Turf
Crysis ransomware is taking over where TeslaCrypt left off. Crysis is being spread in spam emails with infected attachments, it can also disguise itself as an installer for legitimate applications. The ransomware also gets in the registry to ensure it is there with each restart.

CryptXXX is moving from Angler EK to Neutrino EK. SANS gives a deep dive description on how it works.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Malware Lingers with BITS
A helpful feature of Windows is being use to keep malware persistent. Background Intelligent Transfer Service (BITS) is being use to re-download malware. The bad BITS job leaves no file or registry indications that the malware was installed. The article ends with ways to minimize exposure to this threat.

KeePass fixes update check problem
KeePass user will be happy that the update check problem has been fixed. The fix to the automatic update vulnerability is described at the bottom of the article. KeePass 2.34 is using digital signing for the version information file, the version information file is also downloaded over HTTPS now.

Password Re-user? Get Ready to Get Busy
Some of the bigger website’s may be sending you a password reset notification. Sites like Facebook and Netflix are sending these requests out if they find your email and password in one of the many recent credential breaches.

Brian Krebs also talks about the Wendy’s breach, it appears to be meatier than first thought.

Hacking the Mitsubishi Outlander PHEV hybrid
A very interesting article covers the hacking of the Mitsubishi Outlander PHEV hybrid. The attack takes a bit of time and work to break into the Wi-Fi access point, once in many bad things can be done to the car by the hacker. Options to minimize the attack are discussed at the end of the article, Mitsubishi is working on a long term solution.
Intel looks at stopping hackers and malware at the processor level
Future Intel CPU’s may block return-oriented programming used in memory attacks at the hardware level. Intel is implementing at the hardware level what some have proposed doing in software. Doing this in software is problematic due to the performance overhead introduced. This hardware assist would be similar to the secure virtualization capabilities built into to current CPUs.