UA-72240440-1

Risk Radar Free Cyber Newsletter – June 21, 2016

Date: June 29, 2016
Author: MRPE
Comments: 0 Comments
Categories: eCrime, Incident Response, Malware Threats, Mobile Security, Risk Radar FREE Newsletter, Security/Vulnerability Assessments

GitHub Security Update: Reused password attack
GitHub has been hit with the reused password attack. GitHub is sending out password reset emails to affected users. Recommendations at the end of the article include good password practices and enabling two-factor authentication. GoToMyPC and LogMeIn have experienced reused password attacks.
Thousands of Hacked Government and Corporate Servers Selling for $6 on Black Market
Access to hacked government and corporate servers is going for cheap on the xDedic trading forum. The servers are being accessed with Remote Desktop Protocol (RDP), many of the servers have administrator rights. Server administrators should think about changing passwords on their RDP access.

ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks
The Flash zero-day exploits are the exploit of choice for Advanced Persistent Threat (APT) groups. ScarCruft is a new APT group that has been using the latest zero day. If you are using Flash make sure to get the latest updates from Adobe. Here is a more detailed write-up on ScarCruft APT group’s use of the Flash zero-day.
Flocker Mobile Ransomware Crosses to Smart TV
Ransomware was not the biggest news this week, but never fear there is some ransomware news out there. Flocker mobile ransomware has crossed over to Smart TVs that use Android based apps. The malware will lock the Smart TV and make a demand for iTunes gift cards to unlock the infected device.

Request the FREE Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.
Patched BadTunnel Windows Bug Has ‘Extensive’ Impact
There is one of the Windows Tuesday patches that Windows user will need to install. The BadTunnel bug is said to have the widest impact in the history of Windows. The flaw exposes local area networks to NetBIOS Name Service spoofing. On corporate networks it may be a good idea to block 137/UDP communication on the perimeter firewall.
Like Macros Before It, Attackers Shifting to OLE to Spread Malware
Macros have been a go to for malware attacks for many years now. Another Microsoft feature is now being used for malware attacks. Object Linking and Embedding (OLE) code is now being used to deliver malicious code. For these OLE attacks to work the user still has to allow the OLE interaction, user education can help prevent these attacks.