Risk Radar Free Cyber Newsletter – June 7, 2016

Updated CryptXXX Ransomware Big Money Potential
Move over Locky, CryptXXX is trying to take the top money making spot for ransomware. The model of delivery is different between both ransomwares. Locky is using phishing with infected email attachments, CryptXXX is using exploit kits. The new version of CryptXXX has many improvements and the files can’t be decrypted at this time.

There is new ransomware on the block also, Black Shades makes its debut.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

New Angler Exploits Bypass EMET Mitigations
Windows 7 (still 49 percent of Windows users) users using Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) need to be aware of this new exploit. Exploit Kits (EK) using flash and Silverlight exploits are being used to infect the Windows 7 systems.

TeamViewer denies hack after PCs hijacked, PayPal accounts drained
TeamViewer may have been hacked according to some users. TeamViewer has denied the attack saying it is related to bad passwords. There was network DNS issues with TeamViewer that some attribute to TeamViewer being hacked. At this point we don’t know if TeamViewer has been hacked. At a minimum it does make sense to implement the new security features TeamViewer has put out.

CVE-2016-5119: MitM Attack against KeePass 2’s Update Check
Users of KeePass password vault need to be aware of this update issue in KeePass. The auto update process uses HTTP instead of HTTPS. This opens the download of the update to a Man in the Middle (MitM) attack. Updates and work arounds are talked about at the end of the article.
Zero Day Auction for the Masses
Some Windows zero day exploits can go for a lot of money. This article shows one exploit being sold for 95,000.00 (starting price). With this much money being made the battle for information security shows no signs of stopping.
Stuxnet-like Irongate Malware Emerges to Threaten Critical Infrastructure
Security researchers have found a new ICS/SCADA malware that borrows properties from Stuxnet. Irongate has been shown to attack simulated Siemens control systems. Researchers are speculating that Irongate is currently a proof-of-concept right now, it does point to future ICS/SCADA malware.