Risk Radar Free Cyber Newsletter – Nov 1, 2016

Google Reveals Windows Kernel Zero Day Under Attack
Google and Microsoft are at odds on the timing of Google releasing a Windows zero day exploit. The disclosure by Google follows its internal policy on vulnerability disclosure, Microsoft has says this goes against coordinated vulnerability disclosure and puts Windows users at risk. The details of the vulnerability are described in the article. This disclosure by Google highlights the continuing tension between Microsoft and Google.
‘Root’ & The New Age Of IoT-Based DDoS Attacks
Security researchers have been raising the threat of insecure IoT devices for a while now, unfortunately their warnings are coming true. Manufactures for many of the affected IoT devices have acknowledged the insecurity of their IoT devices and the need to fix them. While this is a good start, it will not be easy to fix the existing insecure IoT devices.

Hackforums Shutters Booter Service Bazaar
The Hackforum section that allowed people to buy DDoS attacks (known as booter or stresser attacks) is being permanently shut down by the administrator of These booter and stresser services are questionable services, many of them present the service as something a website can use to test their site. It is fairly obvious that most of these services are aimed at illegal purposes.

7 Scary Ransomware Families
Halloween has just passed, but there is ransomware to keep the scares coming all year. 7 of the scariest ransomware families are covered in this article.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Microsoft’s New Patch Tuesday Model Comes With Benefits And Risks
Microsoft is changing the way Window 7 and 8.1 are being patched. They are moving to a cumulative patching process for 7 and 8.1. This will lessen the possibility a crucial patch gets missed. On the downside, If a part of the cumulative patch can’t be applied the whole cumulative patch will need to be delayed.
DMCA changes allow researchers to access to copyrighted works
The DMCA has been changed to allow security researchers to reverse engineer products and access copyrighted work when searching for vulnerabilities.  These changes address concerns of the Electronic Frontier Foundation (EFF). The changes in the DMCA are assuming “good faith” research and do extend to the limitations on security research in the Computer Fraud and Abuse Act (CFAA).