Risk Radar Free Cyber Newsletter – Sept 21, 2016

Locky ransomware goes on Autopilot
Locky ransomware just keeps getting better. The latest version has an autopilot feature that eliminates communication from command and control centers. This new change makes Locky more stealthy, and minimizes server costs.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Security-as-a-Service Uptake Increases with Cloud Adoption
Security as a service is growing due to the increase in cloud applications used by companies. The need for cloud services and for a managed virtual infrastructure is expected to grow. A survey from Gartner has shown companies are willing to look at security as a service for their cloud services.
Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack
IOS, IOS XE and IOS XR router software are vulnerable to one or more of the ShadowBroker exploits.  At this time Cisco has not released a patch, they have released IPS signatures and snort rules at this point. Currently, there are no workarounds for IOS, IOS XE and IOS XR router software, Cisco is aware of the problem and they are working on it.
Mozilla Patching Firefox Certificate Pinning Vulnerability
Mozilla will be patching a bug in their automated update process for extensions. This is the same bug that affected the Tor browser, this bug has been patched in the Tor browser. The attack hinges around certificates that expire before the release of the next version of Firefox.
Experts Want Transparency From Government’s Vulnerabilities Equities Process
Questions of how the government should be governed on it use of zero-day exploits is being raised by privacy and security groups. The government has released the Vulnerabilities Equities Process (VEP) policy after a freedom of information request from the EFF. There is tension over the government’s use of zero-day exploits for a period of time before they are released to be patched.
Using ‘Signal’ for Encrypted Chats? You shouldn’t skip its next update
If you are using Signal for encrypted chats you need to get the next update. There are two exploits that should be fixed in the next update. The exploits can allow the reading of messages to remote code execution.