Risk Radar Free Cyber Newsletter – May 24, 2016

TeslaCrypt shuts down and Releases Master Decryption Key
There is some good news in the ransomware world, TeslaCrypt has shut down and released the master decryption key. The article shows how to use the master decryption key to decrypt effected files.

The battle with ransomware continues; Kaspersky has solved CryptXXX again. Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Three Exploit Kits Spreading Attacks for Recent Flash Player Zero Day
The most recent Adobe exploit is being used by three exploit kits, Angler, Neutrino and Magnitude. The exploit kits are bringing ransomware, banking malware, and a credential-stealing Trojan to exploited devices. If you are using flash make sure you have the latest update installed.

As Scope of 2012 Breach Expands, LinkedIn to Again Reset Passwords for Some Users
You may need to change your LinkedIn password now due to a 2012 LinkedIn breach. 6.5 million accounts were compromised in 2012. Reports of 117 million records stolen in 2012 coming up for sale have prompted the password reset for some LinkedIn users.

Android Pay may, er, pay… providing it gets over security hurdle
Googles Android seems to be in a similar place that Microsoft was years ago. Microsoft had to address major security issues in Windows. Microsoft has made some major improvement in security, the battle still wages but Microsoft is in the game now. Android has made some good improvements, how Google continues these improvements will affect the adoption of Android Pay and Android in general. There is an Android malware in Google Play to be aware of, beware of the Viking Horde.
Microsoft detects new lure within Word macro
Microsoft researchers have found a new attack using malicious macro. A fair amount of malware and ransomware is still spread with corrupted office documents. Microsoft is recommending that office users only use known macros or macros from trusted sources to avoid macro based malware.
The Oracle-Google Case Will Decide the Future of Software
The Oracle vs Google case has already affected software development, a win by Oracle and the impact on software development could be even bigger. The use of a program Application Programing Interface (API) is at the heart of the battle. This case deals with the Java API but an Oracle win could affect many other program API’s.