Risk Radar Free Cyber Newsletter – May 3, 2016

Major Campaigns Spreading CryptXXX Ransomware Via Exploit Kits
Angler Exploit Kit (EK) is now pushing the latest ransomware CryptXXX. CryptXXX continues along the lines of Locky by encrypting attached storage also. Dr. Peter Stephenson has a detailed article on Locky ransomware you can check out here. Here is a SC Magazine article that covers the need for better endpoint security to minimize the effectiveness of ransomware.
Fake Chrome update for Android
A fake chrome update is installing a Zeus like malware on Android devices, it is going after personal and banking data on Android phones. You can go to Zscaler for more details of the malware attack. You can avoid this attack with a few key steps. Get your updates from the Play Store and do not give app updates administrator access. You should be very careful with app installs outside of the Play Store.
Slack Plugs Token Security Hole
Slack is used by companies for secure collaboration and communication. Slack tokens of individuals and business were used to access sensitive data on GitHub. Slack is working with users to ensure that tokens are not accessible in data shared using Slack.
Dental Assn Mails Malware to Members
We know more people than not will plug in a thumb drive they find on the ground. How many more will plug in a thumb drive if it is sent from a valid group? The American Dental Association is dealing with this problem right now. A Chinese subcontractor that provided the thumb drives had infected duplication machines. Not all thumb drives from the ADA are infected with malware, to be safe you can access your ADA account online.
Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle
The U.S house has passed the email privacy act, it goes to the senate next for a tougher battle than the house passage was. The bill would require the government to obtain a warrant to access communications stored in the cloud. The senate is expected to look at how this bill will work with the needs of law enforcement.
PCI Standard Adds Multi-Factor Authentication Requirements
The Payment Card Industry Data Security Standard is making a change that effects admins with access to credit card data, multi-factor authentication is now required. This change is aimed at making it harder to phish people with access to credit card data.