Risk Radar Free Cyber Newsletter – Sept 5, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

‘HoeflerText’ Popups Target Browsers With RAT and Locky Ransomware
A fake pop up telling users that their browser is missing a font is infecting users with remote access tool (RAT) or Locky Ransomware. If the user clicks install on the pop up the malware is installed on the user’s PC.
Labor Day ransomware attacks wipe 26,000 MongoDB databases
Three sets of hackers used ransomware over the Labor Day weekend to steal and wipe 26,000 MongoDB databases. The users are left with a message on how to get their data back. If the users don’t have backups this may be their only option.
Major malspam campaign pushing Locky ransomware via spoofed internal email addresses
Barracuda Networks has detected a major spam campaign using spoofed internal email addresses. Since the email is from an internal email address users are more likely to click on the zip attachment. The zip file purports to be documentation related to a business payment.  The malicious JavaScript file downloads the malware to the user’s PC.
Thousands of Military Vets’ Details Exposed in S3 Privacy Snafu
Another case of a misconfigured cloud storage has exposed thousands of military veteran’s data online. A third party partner involved with job applications documents did not configure the cloud storage correctly. With cloud storage becoming more popular it pays to make sure the cloud storage configurations are correct.
320 million compromised passwords hashes cracked by research ‘cracktivists’
A large collection of old passwords have been cracked by CynoSure Prime. This cracking of older passwords shows the issues with passwords. The article covers why current passwords are not in bad shape if they are used correctly.
Who Is Marcus Hutchins?
Brian Krebs tries to answer the question, who is Marcus Hutchins. We know he was pivotal in stopping the spread of WannaCry. We also know he has been accused of creating malware by the US government. Brian takes a deep dive into the complicated history of Marcus Hutchins.