Risk Radar Free Cyber Newsletter – Mar. 22, 2016

Trustwave identifies whopping big new Angler campaign
Some “very popular websites” are delivering ads that redirect to the Angler exploit kit. Malvertising is nothing new, but Trustwave says the use of the Angler EK makes this campaign different than previous malvertising campaigns. The use of an expired domain of an advertising agency led to the attack. If you don’t know the exploit vectors of Angler or what it looks like on a network level make it a priority this week before the next attack on your network results in an incident. Angler is tapping on every network every day. If you need help lowering risk against EK’s ask 4D5A Security.
Stagefright Variant ‘Metaphor’ Puts Millions Of Samsung, LG and HTC Phones At Risk
Android phones with 5.1 or below are vulnerable to a new attack on the Stagefright vulnerability. The attack works by a sent message containing a link to a website hosting a video. The exploit effects an estimated 23% of Android smart phones. Let’s hope that Google, Android OEM’s, and carriers can improve their patch management going forward, in the meantime don’t be tapping any message links.

TeslaCrypt ransomware now impossible to crack, researchers say
One of the worst ransomware exploits is getting better, they have been fixing bugs that allowed people to decrypt files without paying. Ransomware is improving with each version, new versions are searching the network and becoming persistent in the network. Some ransomware is even attacking online backups. For home networks consider a USB drive that can be temporarily connected for full computer backup and then removed from the network.

Decoding Ransomware- Part 1
Dr. Peter Stephenson goes into a deep dive on some of the latest ransomware exploits. This is a good article that gets into more detail on some of the latest ransomware. This is the first part of the article, we will make sure to post any further articles.
Go Ahead, Hackers. Break My Heart
Marie Moe is a security researcher that wants her and other pacemakers hacked, the ultimate goal is to make these devices safer for her and others. She goes into some of the problems of securing these black box pacemakers with proprietary code. As the internet of things (IoT) keeps growing the need for securing these devices will become a bigger part of information security.
The Feds Are Prepping Strict Rules to Protect Your Online Privacy
Apple is not the only ones concerned about your privacy, the FCC is proposing new privacy regulations on US industry. These new regulations are said to be the strictest privacy rules to date. The new rules are just a proposal at this point, it will be interesting to see what happens when the final regulations are enacted.