Risk Radar Free Cyber Security Newsletter – Feb. 9, 2016

EU, US Agree On New Data Transfer Pact, But Will It Hold?
Safe Harbor has a new name, the EU-US Privacy Shield. The officials who wrote the proposal think it will succeed. The real test is does the new agreement live up to the European Court of Justice (ECJ) requirements. The full agreement has not been released to the public yet, we should have a better idea if EU-US Privacy Shield survives the ECJ when it is released publicly. 
Assessing the U.S. power grid after Ukraine
After the Ukraine power grid attack one wonders how secure is the U.S. power grid. Kenneth Van Wyk (Carnegie Mellon University’s CERT/CC) gives his opinion on the U.S. power grid security. The good news is the U.S. systems are some of the tightest and best configured Kenneth has encountered. Keeping general-purpose operating systems updated and patched and a proper incident response plan are some of the areas the U.S power grids operators need to work on. 
Here’s How To Protect Against A Ransomware Attack
While many of these protections against Ransomware have been heard before they are worth repeating. It won’t come as a surprise that a robust data backup process is the number one priority. The article has some additional steps to add to the robust data backup. Please check with us if you need help implementing proper protections against Ransomware attacks. 
Scareware Campaign Targets Mac OS X Machines
A unique scareware campaign going after OS X computers has been discovered. The scareware is using a legitimate Apple developer certificate, this certificate has been used for two years in similar attacks.   Apple has not revoked the certificate at this time. The viability of this attack depends on tricking the user to install the scareware. 


Safeway Self-Checkout Skimmer Close Up
Brian Krebs has close up picture of a skimming device used in a Safeway store. Take a look for yourself, would you be suspicious of the skimmer that looks like a Verifone terminal? The fact that the “swipe the stripe” readers are still being used make these skimmer attacks easier. New chip-based debit/credit cards are resistant to these skimmer attacks. Using the “dipping the chip” terminals (no swipe option) will make the consumer safer. 
How to secure Amazon Web Services like a boss
Amazon Web Services (AWS) for cloud applications is used my many people.  Amazon does provide a certain level of security for its physical data centers. This article does a nice job of reminding the AWS user to take some proactive steps to secure their cloud applications.  AWS even provides some tools to help users secure their cloud applications.