Risk Radar Free Cyber Newsletter – Nov 29, 2016

Muni Ransomware Attacker is Hacked
The Muni rail network has been hit with ransomware. This is not that surprising considering how ransomware has increased recently. What is surprising is a white hat hacker got into the email of the black hat hacker that did the Muni attack. Apparently the hacker has made 140,000.00 in bitcoin since August of this year. Muni has said they will not be paying the ransom.
Locky Ransomware Spreading Via Facebook, LinkedIn
Ransomware is being spread on Facebook and LinkedIn through image and graphic files. Users are prompted to install a codec extension to view the image or graphic file. It is good practice to avoid downloading any codecs to view questionable files.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

PayPal Fixes OAuth Token Leaking Vulnerability
PayPal has fixed an issue that would allow OAuth tokens to be hijacked. The OAuth tokens are associated with PayPal OAuth applications.  This OAuth issue can allow unauthorized access to PayPal accounts. PayPal has fixed this OAuth issue three weeks ago.

DoD Opens .Mil to Legal Hacking, Within Limits
The US military has opened up legal hacking to military web sites and systems. There are guidelines around the legal hacking on the military systems.  The guidelines are outlined in the article. The goal of this program is to increase the security of military systems with access to the web.
ATM Insert Skimmers: A Closer Look
If you have gotten a bad vibe from an ATM you may want to look at this info on insert skimmers. All skimmers can’t be visually discovered, but it pays to be aware of various skimmer types. There are also some tips for avoiding ATM skimmers in general.
Spammers Bombard iCloud Users With New Deluge
Spammers are skipping email and sending spam directly to Apple users calendar using iCloud. Users are urged to not respond to any of this calendar spam, a response will most likely bring more spam. Ways to mitigate this issue are outlined in the article.