Thursday, July 30, 2015




Complete DHS Report for July 30, 2015

Daily Report                                            

Top Stories

 · About 15 million gallons of water spilled out after a 54-inch pipe broke at the Crystal Springs reservoir July 27 in San Bruno that went unfixed for over 13 hours. – KRON 4 San Francisco

18. July 28, KRON 4 San Francisco – (California) 15 million gallons of water wasted. About 15 million gallons of water spilled out after a 54-inch pipe broke at the Crystal Springs reservoir July 27 in San Bruno. Officials reported that the water leak went unfixed for over 13 hours in order to ensure that water pressure in surrounding neighborhoods would not be affected.Source: http://kron4.com/2015/07/28/15-million-gallons-of-water-wasted-in-san-bruno-water-main-break/

 · The governor of Oregon ordered State agencies July 28 to reduce water consumption by at least 15 percent or more on average across all State-owned. – Reuters

20. July 28, Reuters – (Oregon) Oregon Governor orders State agencies to reduce water consumption. The governor of Oregon ordered State agencies to reduce water consumption by at least 15 percent or more on average July 28 across all State-owned facilities on or before December 31, 2020. The executive order comes as the governor has declared drought emergencies for 23 of the State’s 36 counties. Source: http://www.reuters.com/article/2015/07/28/usa-oregon-drought-idUSL1N10835R20150728\

 · An alleged self-professed Islamic State adherent was charged with attempting to use a weapon of mass destruction against a person or property within the U.S. July 28 after planning to remotely detonate a timer bomb on a public beach in Key West. – U.S. Department of Justice

25. July 28, U.S. Department of Justice – (Florida) Florida resident charged with attempting to use weapon of mass destruction. A self-professed Islamic State adherent was charged with attempting to use a weapon of mass destruction against a person or property within the U.S. July 28 after planning to remotely detonate a timer bomb on a public beach in Key West. The suspect was arrested July 27 after taking possession of an inert device.Source: http://www.justice.gov/opa/pr/florida-resident-charged-attempting-use-weapon-mass-destruction

 · Investigators involved in a previously unreported May or June breach of United Airlines’ computer systems reported links between the hackers and the Chinese threat group that breached the records from the U.S. Office of Personnel Management, Anthem Inc., among other organizations. – Bloomberg See item 35 below in the Information Technology Sector

Financial Services Sector

9. July 29, Associated Press – (International) Floridian last of 12 convicted in Texas for timeshare fraud. A Florida man was convicted July 28 for leading a $10 million timeshare scam in the U.S. and Canada in which he scammed over 5,000 timeshare owners by hiring telemarketers to solicit fees in false buying promises. Eleven other suspects have pleaded guilty in connection to the scheme.

10. July 28, Montgomery News – (Pennsylvania) Two sought for allegedly stealing more than $100K through fraudulent credit card accounts. Authorities reported July 28 that they are seeking the owners of the Fort Washington-based Centra-Spike heating, ventilation, and air conditioning company on charges that the pair allegedly stole $124,981 by using stolen identities of at least 8 victims to obtain fraudulent loans. Source: http://www.montgomerynews.com/articles/2015/07/28/ambler_gazette/news/doc55b7b4e598593326989643.txt

11. July 28, Reuters – (National) Western Union’s Paymap to pay $38.4 mln over mortgage ads. The U.S. Consumer Financial Protection Bureau reported July 28 that Paymap Inc., a unit of Western Union Co., agreed to pay $38.4 to resolve U.S. regulatory allegations that the company deceived consumers into signing up for a LoanCare LLC program that promised false savings. LoanCare LLC will pay a $100,000 civil fine, and both companies agreed not to advertise the mortgage program’s benefits without providing supporting evidence. Source: http://www.reuters.com/article/2015/07/28/sec-paymap-settlement-idUSL1N10827Q20150728

For additional stories, see item 21 below from the Healthcare and Public Health Sector and item 32 below in the Information Technology Sector

21. July 28, U.S. Securities and Exchange Commission – (International) SEC charges Mead Johnson Nutrition with FCPA violations. The U.S. Securities and Exchange Commission announced July 28 a $12 million settlement with Mead Johnson Nutrition Company over allegations that its Chinese subsidiary violated the Foreign Corrupt Practices Act by offering cash and other incentives to healthcare professionals to recommend Mead Johnson Nutrition products at government-owned hospitals. The company also failed to accurately record over $2 million in improper payments made during a 5-year period. Source: http://www.sec.gov/news/pressrelease/2015-154.html

Information Technology Sector

29. July 29, Securityweek – (International) Russian hacker tool uses legitimate Web services to hide attacks: FireEye. Security researchers from FireEye discovered that the APT29 threat group is employing a malicious backdoor dubbed “HAMMERTOSS” that utilizes a multi-stage process involving social media, steganography, and PowerShell to hide malicious activity within legitimate network traffic. Researchers believe that the backdoor is only being deployed against critical targets, possibly as a backup in case other tools fail or are disrupted. Source: http://www.securityweek.com/russian-hacker-tool-uses-legitimate-web-services-hide-attacks-fireeye

30. July 29, Securityweek – (International) BIND update patches critical DoS vulnerability. The Internet Systems Consortium released updates for the popular BIND Domain Name System (DNS) software addressing a critical remotely exploitable vulnerability in the handling of TKEY recorded queries in which an attacker could use a specially crafted DNS packet to trigger a denial-of-service (DoS) condition. Source: http://www.securityweek.com/bind-update-patches-critical-dos-vulnerability

31. July 29, Softpedia – (International) Row Hammer DRAM bug now exploitable via JavaScript, most DDR3 memory chips vulnerable. Security researchers from universities in Austria and France released findings revealing that the Row Hammer exploit can be initiated and actively exploited remotely via JavaScript, making it the first documented “remote software-induced hardware-fault attack.” Source: http://news.softpedia.com/news/row-hammer-dram-bug-now-exploitable-via-javascript-488050.shtml

32. July 29, Securityweek – (International) Black Vine espionage group attacked aerospace, energy, healthcare industries. Security researchers from Symantec reported that the Black Vine espionage group responsible for the 2014 Anthem system breach has been active since 2012, used custom-built malware, zero-day exploits, and watering hole attacks to target organizations across the aerospace, healthcare, energy, military, defense, finance, agriculture, and technology industries, primarily in the U.S. Source: http://www.securityweek.com/anthem-hackers-targeted-multiple-industries-2012-symantec

33. July 29, The Register – (International) Microsoft admits critical .NET Framework 4.6 bug, issues workaround. Microsoft released a workaround addressing a critical codegen bug for those running 64-bit processes on .NET Framework 4.6, in which incorrect parameters could be passed, leading to unpredictable results. Source: http://www.theregister.co.uk/2015/07/29/microsoft_acknowledges_net_framework_46_critical_bug_issues_workaround/

34. July 29, Homeland Security News Wire – (International) Cellphones can steal data from isolated “air-gapped” computers. Researchers at the Ben-Gurion University of the Negev Cyber Security Research Center discovered a way to use central processing unit (CPU) firmware-modification software to turn an air-gapped system into a cellular transmitting antenna, making it possible for any mobile phone infected with malicious code to use GSM phone frequencies to steal data from infected air-gapped systems. Researchers recommended mitigation measures including defined “zones” where mobile phones and other devices are not allowed near at-risk air-gapped computers. Source: http://www.homelandsecuritynewswire.com/dr20150729-cellphones-can-steal-data-from-isolated-airgapped-computers

35. July 29, Bloomberg – (International) China-tied hackers that hit U.S. said to breach United Airlines. Investigators involved in a probe of a previously unreported May or June breach of United Airlines’ computer systems reported links between the hackers and the Chinese threat group that perpetrated the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from Anthem Inc., as well as at least seven other travel and health insurance organizations. Officials believe that the breach may have compromised movement data of millions of Americans and opened the airline’s systems to future disruptions and attacks. Source: http://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines

36. July 28, IDG News Service – (International) Xen patches new virtual-machine escape vulnerability. The Xen Projected released updates for its virtualization software addressing a vulnerability in the CD-ROM drive emulation feature of the QEMU open-source hardware emulator that could allow an attacker to bypass the security barrier between virtual machines and their host operating systems (OS). Source: http://www.computerworld.com/article/2952638/security/xen-patches-new-virtual-machine-escape-vulnerability.html#tk.rss_security

Communications Sector

 37. July 28, Jersey Journal – (New Jersey) 800 Verizon customers in Bayonne without service after fiber optic cable is damaged, company says. A Verizon Wireless spokesman reported that an estimated 800 customers in Bayonne are without phone, Internet, and TV service after a fiber optic cable was accidentally damaged July 28. Crews are working to repair the damaged cable and hope to have service restored later in the day. Source: http://www.nj.com/hudson/index.ssf/2015/07/verizon_customers_without_service_after_fiber_cabl.html

For additional stories, see item 34 above in the Information Technology Sector and item 41 below from the Commercial Facilities Sector

41. July 28, Associated Press – (California) Bomb threat forces evacuation of CHP building in LA. Approximately 60 people from the California Highway Patrol communications center in Los Angeles were evacuated for over 2 hours July 28 due to a bomb threat. Bomb-sniffing dogs and several police crews responded to the incident and found no explosive device.

Wednesday, July 29, 2015




Complete DHS Report for July 29, 2015

Daily Report                                            

Top Stories
 
 · Fiat Chrysler Automobiles issued a recall for about 1 million Ram pickup trucks due to an issue with the steering wheel wiring harness and another separate recall for 843,536 Ram vehicles due to an issue with the truck’s Occupant Restraint Control module. – Car Connection

4. July 27, Car Connection – (National) 2012-2015 Ram pickups recalled to fix seatbelts, airbags; 1.9 million vehicles affected. Fiat Chrysler Automobiles issued a recall for about 1 million model year 2012 – 2014 Ram pickup trucks due to an issue with the steering wheel wiring harness that could cause potential inadvertent driver side air bag deployment, and a separate recall for 843,536 model year 2013 – 2015 Ram vehicles due to an issue with the truck’s Occupant Restraint Control module that could cause side curtain and seat airbags to deploy and seatbelt pretensioners to activate unexpectedly.

 · The owner of Stanfill Wealth Management in Knoxville was charged July 27 after allegedly defrauding over 21 investors out of almost $7 million. – WBIR 10 Knoxville See item 5 below in the Financial Services Sector

 · Oregon State Police reported July 27 a statewide investigation had begun after 10 government offices received mail containing a suspicious substance that hospitalized a sheriff and prompted the evacuation of several locations. – KATU 2 Portland

17. July 27, KATU 2 Portland – (Oregon) Statewide investigation underway after government offices receive suspicious mail. Oregon State Police announced July 27 a statewide investigation after at least ten government offices received mail containing a suspicious substance, sparking the evacuation of several locations, and hospitalizing a sheriff who opened one of the letters at the Grant County Correctional Facility. A U.S. Postal official believe the letters are related but do not believe the general public is at risk.

 · A July 26 wildfire destroyed a mobile home and prompted the evacuation of 400 Clearlake residents from the Cache Creek Apartment complex. – Santa Rosa Press Democrat

31. July 27, Santa Rosa Press Democrat – (California) Clearlake fire forces evacuation of 400. A wildfire destroyed a mobile home and prompted the evacuation of surrounding homes in Clearlake and 400 residents at the Cache Creek Apartment complex July 26. Over 123 firefighters, 14 engine companies, 2 tankers, and 6 helicopters helped contain the incident.

Financial Services Sector

5. July 28, WBIR 10 Knoxville – (Tennessee) Fraud victims speak out after financial adviser indicted, arrested. Authorities unsealed indictments against the owner of Stanfill Wealth Management July 27 in Knoxville, alleging that she defrauded over 21 investors out of almost $7 million by promising to invest funds in Charles Schawb and Co., and instead diverted the money for her personal use.

For another story, see item 16 below from the Government Facilities Sector

16. July 27, HousingWire.com – (New York) NY State senator convicted in foreclosure embezzlement scheme. A New York State senator vacated his senate seat July 24 after being convicted of obstruction of justice and making false statements to Federal agents, stemming from charges that he embezzled funds held in escrow from the sale of real estate properties.

Information Technology Sector

19. July 28, Softpedia – (International) One in 600 Web sites lists its .git folder, exposing sensitive data. A Web developer discovered that out of 1.5 million Web sites scanned, 2,402 had an inadvertently exposed .git folder, possibly exposing sensitive information.

20. July 28, Securityweek – (International) Cybercriminals use Angler exploit kit to target PoS systems. Trend Micro researchers reported that cybercriminals have been utilizing the Angler exploit kit (EK) to deliver a reconnaissance trojan that detects mitigation tools before downloading one of three point-of-sale (PoS) malware payloads. Source: http://www.securityweek.com/cybercriminals-use-angler-exploit-kit-target-pos-systems

21. July 28, IDG News Service – (International) Over 10 million Web surfers possibly exposed to malvertising. Cyphort released tracking data from malicious advertisement campaigns revealing that since July 18, over 10 million people may have visited Web sites containing malicious ads which redirect visitors to directories hosting the Angler exploit kit (EK). Source: http://www.computerworld.com/article/2953256/security/over-10-million-web-surfers-possibly-exposed-to-malvertising.html#tk.rss_security

22. July 28, Softpedia – (International) Darkode forum returns with enhanced security measures. MalwareTech researchers reported that the Darkode hacker forum was back online with enhanced security and authentication processes to prevent future infiltrations, after July raids by the FBI and international partners led to the shutdown of the Web site and the detainment of multiple individuals associated with it. Source: http://news.softpedia.com/news/darkode-forum-returns-with-enhanced-security-measures-487966.shtml

23. July 28, SC Magazine – (International) Apple App Store and iTunes buyers hit by zero-day. Security researchers from Vulnerability Lab published a zero-day filter bypass flaw in Apple’s online invoicing system used in its App Store and iTunes that could allow an attacker to hijack a user’s purchasing session to buy and download any app or content they want, before charging it to the original user. Source: http://www.scmagazineuk.com/apple-app-store-and-itunes-buyers-hit-by-zero-day/article/428864/

24. July 28, Network World– (International) Software vulnerabilities hit a record high in 2014, report says. Secunia released analysis from its Vulnerability Review 2015 revealing that the number of recorded software vulnerabilities hit a record high of 15,435 in 2014, an increase of 18 percent from the previous year, and that many organizations are too slow to release security fixes, among other findings. Source: http://www.networkworld.com/article/2953304/security/software-vulnerabilities-on-the-rise-record-high-report.html#tk.rss_all
25. July 27, Dark Reading – (International) Phishing attacks drive spike in DNS threat. Infoblox and Internet Identity published data revealing that the Domain Name System (DNS) Threat Index jumped nearly 60 percent in the second quarter of 2015, reportedly due to a corresponding 74 percent increase in phishing and phishing domains over the same period. Source: http://www.darkreading.com/attacks-breaches/phishing-attacks-drive-spike-in-dns-threat/d/d-id/1321480

Communications Sector

For another story, see item 23 above in the Information Technology Sector