Risk Radar Free Cyber Newsletter – May 10, 2016

Diary of a Ransomware Victim
As usual ransomware is in the news; ThreatPost has come up with an interesting look at a victim dealing with ransomware. An online casino breaks down how it happened and what they did to handle the ransomware attack. You know ransomware is getting popular when you can buy it in prepackaged kits like AlphaLocker for $65.00. Sans has a deep dive on the Neutrino exploit kit and Cerber ransomware.
Exclusive: Big data breaches found at major email services – expert
It may be a good time to change your email password and setup two factor authentication for your web email. There are millions of hacked user names and passwords being traded in the Russian criminal underworld. If you reuse passwords on multiple accounts you need to change passwords for, Gmail, Microsoft, and Yahoo.
Malware and non-malware ways for ATM jackpotting. Extended cut
Hacking ATMs has been around for a while now. This article does a deep dive on the various ways ATMs are being hacked. The “what we can do to fix it” part of the article cover the many fixes that need to be done to improve ATM security. Should you cover the keypad when you enter your pin at an ATM. This article gives a great reason to do so.
Old Exploits Die Hard, Says Microsoft Report
The Microsoft Security Intelligence Report shows a non-surprising fact to security professionals, old exploits take a long time to die. Older OS versions of Windows and unpatched systems keep these old exploits viable. If you are running Windows upgrading to Windows 10 and keeping OS and applications patches up to date will minimize the danger of old exploits.
An update to our SHA-1 deprecation roadmap
Microsoft will no longer consider SHA-1 certificates secure after the Windows 10 Anniversary update. Internet Explorer 11 will do the same for SHA-1 certificates on Windows 7 and Windows 8.1.
Linux Foundation Badge Program to Boost Open Source Security
The Linux Foundation is putting together a Best Practices Badge program to help companies evaluate the security of open source technologies. The security evaluation is based on the new Core Infrastructure Initiative (CII). The CII gives guidelines and best practices for open source projects.