Thursday, May 5, 2016



Complete DHS Report for May 5, 2016

Daily Report                                            

Top Stories

• The U.S. Attorney’s Office for the Eastern District of New York announced charges May 3 against 9 people for defrauding investors into purchasing $131 million worth of ForceField Energy Inc., stocks from December 2009 – April 2015. – Reuters See item 7 below in the Financial Services Sector

• The National Transportation Safety Board issued a report May 3 faulting the Washington Metropolitan Area Transit Authority (Metro) for failing to properly install and maintain third-rail power cables, among other charges, regarding a January 2015 Metro fire. – Associated Press

9. May 4, Associated Press – (Washington, D.C.) Feds: Poor maintenance led to fatal DC subway fire. The National Transportation Safety Board (NTSB) issued its final report May 3 faulting the Washington Metropolitan Area transit Authority (Metro) for failing to properly install and maintain third-rail power cables, failing to install smoke detectors in tunnels, and failing to train its employees on how to use fans, among other violations, regarding a January 2015 Metro fire incident where a subway train filled with smoke inside an underground tunnel and killed one passenger while sickening a dozen others. In addition, the NTSB faulted Metro for failing to make meaningful safety improvements following a 2009 deadly collision, as well as failing to address various safety issues in relation to the first fatal accident in 1982. Source: http://www.msn.com/en-us/news/us/feds-poor-maintenance-led-to-fatal-dc-subway-fire/ar-BBsAtdF

• The World Organization for Animal Health announced May 3 that U.S. officials destroyed 39,000 turkeys in Jasper County, Missouri, due to an outbreak of a mild form of H5N1 avian bird flu that was first detected in April. – Reuters

12. May 3, Reuters – (Missouri) U.S. kills 39,000 turkeys in outbreak of mild bird flu - OIE. The World Organization for Animal Health announced May 3 that U.S. officials destroyed 39,000 turkeys in Jasper County, Missouri, due to an outbreak of a mild form of H5N1 avian bird flu that was first detected in April. State authorities instituted a quarantine of the farm and have taken surveillance measures to watch for other cases of the virus.

• The California Water Resources Control Board approved a $3.2 million grant May 3 to bring clean water to a mobile home park near Fresno, where 36 households received uranium contaminated tap water for several years. – Associated Press

16. May 3, Associated Press – (California) $3.2 million grant to help cut uranium in trailer park drinking water. The California Water Resources Control Board approved a $3.2 million grant May 3 to bring clean water to the Double L Mobile Rand Park located outside Fresno, where 36 households had received contaminated tap water for several years after officials found dangerous levels of uranium in the water. The grant will pay to install lines from a new well in a nearby town to the trailer park. Source: http://sacramento.cbslocal.com/2016/05/03/3-2-million-grant-to-help-cut-uranium-in-trailer-park-drinking-water/

Financial Services Sector

6. May 4, Associated Press – (Rhode Island) New York man pleads guilty to role in ATM skimming scam. A New York man pleaded guilty May 3 to Federal charges for his alleged role in a $709,000 ATM skimming scheme where the man installed skimming devices on ATMs at banks across Rhode Island in order to steal account information from 1,329 victims’ credit cards, and encoded the data onto counterfeit credit cards which were used to make fraudulent purchases. Source: http://www.wacotrib.com/new-york-man-pleads-guilty-to-role-in-atm-skimming/article_1fc1f499-a961-5593-ac6b-7f6b59ed1a94.html

7. May 3, Reuters – (National) 9 accused of losing investors $131M in ForceField Energy scheme. The U.S. Attorney’s Office for the Eastern District of New York announced May 3 charges against 9 stock promoters, brokers, and investor relations officials for defrauding investors into purchasing worthless ForceField Energy Inc., stock from December 2009 – April 2015 by secretly trading the stock in undisclosed accounts, inflating trading volume to create a false sense of demand, and concealing kickbacks to stock promoters and brokers, causing investors $131 million in losses. The U.S. Securities and Exchange Commission also filed related civil charges against the defendants.

Information Technology Sector

20. May 4, SecurityWeek – (International) Attackers exploit critical ImageMagick vulnerability. Two security researchers discovered a remote code execution (RCE) vulnerability dubbed, “ImageTragick,” was leveraged in the wild and found in the open-source software, ImageMagick. Attackers could exploit the flaw to gain access to the victim’s server by creating an exploit file and assigning the file an image extension to bypass the security check, which tricks ImageMagick into converting the malicious file and activating the malicious code.

21. May 3, Softpedia – (International) Stored XSS bug affects all bbPress WordPress Forum versions. Automattic released its newest version of its WordPress forum plugin, bbPress 2.5.9 that patched a stored cross-site scripting (XSS) vulnerability after a security researcher from Sucuri found attackers could use the bbPress user mention (@username) system to store malicious code inside forum posts, allowing skilled attackers to craft malicious code to steal cookies from forum admins and impersonate them with elevated privileged on the WordPress backend. Source: http://news.softpedia.com/news/stored-xss-bug-affects-all-bbpress-wordpress-forum-versions-503646.shtml

22. May 3, Softpedia – (International) MosQUito exploit stealing legitimate traffic from WordPress and Joomla Websites. eZanga.com, Inc., published a list that revealed 9,285 Web sites were affected by a malicious campaign dubbed, MosQUito after discovering that hackers were searching for Web sites where the jQuery JavaScript library was loaded and replaced with a malicious PHP file, jQuery.min.php, to steal paid traffic from legitimate businesses and to redirect victims to another Web site controlled by the attacker. Source: http://news.softpedia.com/news/mosquito-exploit-stealing-legitimate-traffic-from-wordpress-and-joomla-websites-503647.shtml

For another story, see item 4 below from the Critical Manufacturing Sector

4. May 3, Softpedia – (International) Samsung smart home platform exposes door lock codes. Researchers from the University of Michigan and Microsoft discovered two security flaws within Samsung’s SmartThings smart home management platform including a flaw which allowed SmartApps to access more operations on devices than the apps’ functionality requires, and a flaw in SmartThings event subsystem which did not sufficiently protect events that carry sensitive information such as lock pincodes, allowing attackers to open locks on command. Officials from SmartThings reported the flaws have been patched. Source: http://news.softpedia.com/news/samsung-smart-home-platform-exposes-door-lock-codes-503643.shtml

Communications Sector

Nothing to report

Wednesday, May 4, 2016



Complete DHS Report for May 4, 2016

Daily Report                                            

Top Stories

• CRF Frozen Foods expanded a previous recall May 2 to include all 358 of its frozen organic and traditional fruits and vegetables products due to potential Listeria monocytogenes contamination following 7 cases of Listeria-related hospitalizations that were linked to the products. – U.S. Food and Drug Administration

7. May 3, U.S. Food and Drug Administration – (International) CRF Frozen Foods expands voluntary recall to include all frozen vegetable and fruit products due to possible health risk. CRF Frozen Foods expanded a previous recall May 2 to include all 358 of its frozen organic and traditional fruits and vegetables products due to potential Listeria monocytogenes contamination after U.S. officials identified 7 cases of hospitalizations in 3 states due to Listeria and determined some of these illnesses were linked to consuming CRF-manufactured products. The company suspended operations at its Pasco, Washington facility following the initial recall and stated that the products may have been purchased nationwide and in Canada. Source: http://www.fda.gov/Safety/Recalls/ucm498841.htm

• The owner of Express Food Mart in Camden, New Jersey, pleaded guilty May 2 to stealing over $1.2 million in Supplemental Nutrition Assistance Program (SNAP) redemptions from November 2011 – October 2014. – Newark Star-Ledger

8. May 2, Newark Star-Ledger – (New Jersey) Camden shop owner admits stealing $1.2M in SNAP benefits. The owner of Express Food Mart in Camden, New Jersey, pleaded guilty May 2 to stealing over $1.2 million in Supplemental Nutrition Assistance Program (SNAP) redemptions from November 2011 – October 2014. Authorities stated that the store owner paid SNAP benefit holders 50 cents on the dollar. Source: http://www.nj.com/camden/index.ssf/2016/05/camden_shop_owner_admits_stealing_12m_in_snap_bene.html

• Teacher sick-outs prompted 94 schools in the Detroit Public Schools district to close for a second consecutive day May 2 due to concerns over teachers’ pay. – Associated Press

15. May 3, Associated Press – (Michigan) Teacher sick-outs close most Detroit schools for a 2nd day. Teacher sick-outs prompted 94 schools in the Detroit Public Schools district to close for a second consecutive day May 2 due to concerns over teachers’ pay.

• A security researcher discovered a parameter tampering vulnerability in a new PwnedList service could allow an attacker to add any desired domain through a flaw in the service’s two-step authentication process. – SecurityWeek See item 22 below in the Information Technology Sector

Financial Services Sector

Nothing to report

Information Technology Sector

20. May 3, SecurityWeek – (International) Google patches 40 vulnerabilities in Android. Google released security updates for its Android operating system (OS) patching 40 vulnerabilities including a remote code execution flaw (RCE) in Mediaserver that could allow an attacker to execute code within the software, and a privilege escalation flaw in the Android debugger that could allow a malicious application to execute arbitrary code in Android debugger or kernel, among other patched flaws. Source: http://www.securityweek.com/google-patches-40-vulnerabilities-android

21. May 2, SecurityWeek – (International) Accellion patches flaws found during Facebook hack. The Computer Emergency Response Team (CERT) Coordination Center (CC) released an advisory addressing seven vulnerabilities in the Accellion File Transfer Appliance after a security consultant discovered one of the flaws could be leveraged to upload a web shell, which is an SQL injection, due to improper handling of data in the “client_id” parameter in “/home/seos/courier/security_key2.api.” Other vulnerabilities include three cross-site scripting (XSS) flaws and a number of local privilege escalation issues related to incorrect default permissions.

22. May 2, SecurityWeek – (International) Millions of credentials exposed by PwnedList flaw. A security researcher discovered a parameter tampering vulnerability in a new PwnedList service called Vendor Security Monitoring which could allow an attacker to add any desired domain through a flaw in the service’s two-step authentication process and submit arbitrary data by tampering with the request. An attacker with an active PwnedList account can exploit the flaw to add the domain of any major company to generate a list of all compromised email accounts.

23. May 2, SecurityWeek – (International) Compromised RDP Servers used in corporate ransomware attacks. Researchers from Fox-IT discovered that attackers could disseminate ransomware through a compromised remote desktop server by using brute force attacks to infiltrate a remote desktop server connected to the Internet and use privilege escalation methods to find domain administration status. Once an attacker infiltrates a system and gains administrative privileges, they can extract data, recruit into a botnet, deliver spam, and demand monetary funds from a compromised company.

Communications Sector

Nothing to report