Monday, June 29, 2015




Complete DHS Report for June 29, 2015

Daily Report

Top Stories

The Boise Police Department’s Organized Retail Crime Unit in Idaho arrested 2 suspects June 24 and seized 424 counterfeit credit and gift cards along with merchandise that they had bought with the fraudulent cards. – Boise Weekly See item 8 below in the Financial Services Sector

 • Interstate 75 in Chattanooga, Tennessee, reopened June 26 after being closed for about 12 hours due to a 9-vehicle accident that killed 6 people June 25. – Associated Press

9. June 26, Associated Press – (Tennessee) I-75 reopens after 6 killed in wreck outside Chattanooga. Interstate 75 in Chattanooga reopened June 26 after being closed for about 12 hours while crews cleared the scene of a 9-vehicle accident that killed 6 people June 25. The cause of the crash remains under investigation. Source: http://www.msn.com/en-us/news/us/i-75-reopens-after-6-killed-in-wreck-outside-chattanooga/ar-AAc9l1w

 • The California Assembly passed a bill June 25 restricting exemptions for mandatory vaccination schedules, negating the State’s personal belief exemption allowing only children with serious health problems to opt out. – Washington Post

13. June 26, Washington Post – (California) The California Assembly just approved one of nation’s strictest mandatory vaccine laws. The California Assembly passed a bill June 25 restricting exemptions for mandatory vaccination schedules, negating the State’s personal belief exemption allowing only children with serious health problems to opt out. Source: http://www.washingtonpost.com/news/morning-mix/wp/2015/06/26/the-california-assembly-just-approved-one-of-nations-strictest-mandatory-vaccine-laws/

 • Security researchers from Trend Micro discovered a security flaw in the Android operating system’s debugging component in which an attacker could create a special Executable and Linkable Format file to crash the debugger and view dumps and log files stored in memory, or to create a denial-of-service condition. – Softpedia See item 21 below in the Information Technology Sector

Financial Services Sector

6. June 25, Cleveland Plain Dealer – (Ohio) Three accused of Akron-based Ponzi scheme that cost investors $17 million. Three Northeast Ohio men were indicted June 25 on charges alleging that they defrauded 70 investors out of $17 million from 2010 – 2014 by convincing them to give money to KGTA Petroleum Ltd., a company partially owned by one of the suspects, and spent the proceeds on luxury items and mortgage payments. Source: http://www.cleveland.com/court-justice/index.ssf/2015/06/three_accused_of_akron-based_p.html

7. June 25, Associated Press – (Maryland) Md. man charged with stealing from ATMs with skimming device. A Riverdale, Maryland man was arrested June 24 on charges that he allegedly stole $300,000 from ATMs using skimming devices at a Sandy Spring Bank in Maryland. Source: http://baltimore.cbslocal.com/2015/06/25/md-man-charged-with-stealing-from-atms-with-skimming-device/

8. June 25, Boise Weekly – (Idaho) Hundreds of fraudulent credit cards seized, two suspects behind bars. The Boise Police Department’s Organized Retail Crime Unit arrested 2 suspects June 24 and seized 424 counterfeit credit and gift cards along with merchandise that they had bought with the fraudulent cards. Source: http://www.boiseweekly.com/boise/hundreds-of-fraudulent-credit-cards-seized-two-suspects-behind-bars/Content?oid=3515991

Information Technology Sector

19. June 26, Softpedia – (International) Click-fraud attack morphs into ransomware risk in a couple of hours. Security researchers at Damballa discovered that a threat actor dubbed RuthlessTreeMafia is distributing exploit kits along with the Rerdom malware in a click-fraud campaign in which they sell other threat actors access to infected users’ systems. Researchers observed an infection result in the delivery of the CryptoWall ransomware. Source: http://news.softpedia.com/news/click-fraud-attack-morphs-into-ransomware-risk-in-a-couple-of-hours-485395.shtml

20. June 26, Securityweek – (International) Default SSH keys expose Cisco’s virtual security appliances. Cisco reported that customers using its Web Security, Email Security, and Security Management Virtual Appliances were vulnerable due to the products’ use of default secure shell (SSH) keys, which could allow an unauthenticated, remote attacker to connect to a system with root user privileges. The company released a patch addressing the issue. Source: http://www.securityweek.com/default-ssh-keys-expose-ciscos-virtual-security-appliances

21. June 26, Softpedia – (International) 94% of Android devices vulnerable to bug exposing memory content. Security researchers from Trend Micro discovered security flaw in the Android operating system’s (OS) debugging component in which an attacker could create a special Executable and Linkable Format (ELF) file to crash the debugger and view dumps and log files stored in memory, or to create a denial-of-service (DoS) condition. The issue affects all Android versions after 4.0, Ice Cream Sandwich. Source: http://news.softpedia.com/news/94-of-android-devices-vulnerable-to-bug-exposing-memory-content-485382.shtml

22. June 25, Threatpost – (International) Stored XSS flaw patched in Thycotic secret server. Thycotic patched a stored cross-site scripting (XSS) vulnerability in its Secret Server product in which an attacker could use JavaScript code in the browser of a valid user to toggle the password mask and steal a victim’s stored passwords. Source: https://threatpost.com/stored-xss-flaw-patched-in-thycotic-secret-server/113473

For another story, see item 15 below from the Healthcare and Public Health Sector

15. June 25, Securityweek – (National) U.S. healthcare companies hardest hit by ‘Stegoloader’ malware. Security researchers from Trend Micro reported that North American healthcare organizations are the primary victims of the Stegoloader Trojan, a malware identified as TROJ_GATAK which embeds malicious code in image files to avoid detection and has anti-virtual machine and anti-emulation capabilities to prevent analysis. Source: http://www.securityweek.com/us-healthcare-companies-hardest-hit-stegoloader-malware

Communications Sector

23. June 25, Victorville Daily Press – (California) Verizon offering reward for copper theft information. Verizon officials announced June 25 that the company is offering a reward of up to $10,000 for information leading to the arrest and prosecution of the suspect, or suspects, responsible for the theft of roughly 16,000 feet of copper communication cables throughout Southern California. The company has implemented “additional security measures” to prevent future thefts and is working with State and local law enforcement authorities. Source: http://www.vvdailypress.com/article/20150625/NEWS/150629826

24. June 25, Columbia Daily Herald – (Tennessee) Internet outages reported in area. About 1,000 customers of Columbia Power and Water Systems (CPWS) and other Internet providers in Columbia, Tennessee experienced outages June 24 – June 25 after a laser in CPWS’ data center was damaged and due to a fiber optic cable cut. Source: http://columbiadailyherald.com/news/local-news/internet-outages-reported-area

25. June 25, WBTA 1490 AM Batavia – (New York) WBTA to be temporarily off-air Friday morning. WBTA Radio temporarily suspended AM and FM transmission June 26 in order to repair antenna damage caused by severe thunderstorms. While the stations are off-air, programming will continue on-line and via mobile devices. Source: http://www.wbta1490.com/LocalNews/tabid/115/articleType/ArticleView/articleId/6322/WBTA-to-be-Temporarily-Off-Air-Friday-Morning.aspx

Friday, June 26, 2015




Complete DHS Report for June 26, 2015

Daily Report

Top Stories

 · Fiat Chrysler is recalling 164,000 model year 2014 – 2015 Jeep Cherokee vehicles worldwide to address an issue in which water could get into the vehicle’s power rear lift gate controls, posing a risk of fire. – Associated Press

5. June 24, Associated Press – (National) Fiat Chrysler issues recall for 164,000 Jeep Cherokees. Fiat Chrysler is recalling 164,000 model year 2014 – 2015 Jeep Cherokee vehicles worldwide to address a seal issue in which water could get into the vehicle’s power rear lift gate controls, posing a risk of fire. The company will install shields and replace control modules exposed to water. Source: http://www.nytimes.com/2015/06/25/business/fiat-chrysler-issues-recall-for-164000-jeep-cherokees.html?_r=0

 · Authorities arrested a second Clinton Correctional Facility prison guard June 24 for allegedly trading tools to the escaped convicts in exchange for artwork. – NBC News

17. June 25, NBC News – (New York) New York prison guard allegedly swapped artworks for tools. Authorities arrested a second Clinton Correctional Facility prison guard June 24 for his role in the escape of two fugitive convicts. The guard allegedly accepted paintings from the convicts in exchange for tools, in which the paintings were allegedly burned and destroyed around the time of the escape. Source: http://www.nbcnews.com/storyline/new-york-prison-escape/new-york-prison-guard-gene-palmer-allegedly-took-escapees-paintings-n381531

 · European authorities from six countries, Europol, and Eurojust arrested five suspects in Ukraine believe to be part of a major cybercriminal ring that infected tens of thousands of users’ computers worldwide with banking Trojans. – Help Net Security (See item 22) below in the Information Technology Sector

 · Ionia County, Michigan declared a state of emergency after a June 22 tornado heavily damaged 70 homes, more than 12 businesses, and at least 4 churches. – Lansing State Journal

35. June 24, Lansing State Journal – (Michigan) 70 homes, many businesses damaged in tornado. Ionia County, Michigan declared a state of emergency after a June 22 tornado heavily damaged 70 homes, more than 12 businesses, and at least 4 churches. Clean-up crews were deployed and repairs to the city are ongoing. Source: http://www.lansingstatejournal.com/story/news/local/2015/06/23/update-homes-many-businesses-damaged-portland-tornado/29163575/

Financial Services Sector

7. June 23, New Hampshire Union Leader – (New Hampshire) St. Mary’s Bank issues new debit cards following breach. St. Mary’s Bank officials in Manchester, New Hampshire reported June 23 that the bank was reissuing 5,029 debit cards and replacing about $25,000 in funds after about 160 cards were found to have been compromised in a breach. Source: http://www.unionleader.com/article/20150623/NEWS02/150629609

For additional stories, see items 22 and 23 below in the Information Technology Sector

Information Technology Sector

21. June 25, Help Net Security – (International) Samsung disables Windows Update, undermines the security of your devices. A security researcher discovered that the Samsung SW Update software for Microsoft Windows personal computers (PCs) runs an executable file upon start-up that disables Windows Update to prevent driver and update software conflicts, posing a security risk to users. Microsoft has reportedly contacted Samsung to address the issue. Source: http://www.net-security.org/secworld.php?id=18553

22. June 25, Help Net Security – (International) The downfall of a major cybercrime ring exploiting banking trojans. European authorities from six countries along with Europol and Eurojust arrested five suspects in Ukraine believed to be part of a major cybercriminal ring that developed, exploited, and distributed Zeus and SpyEye malware, actively traded stolen credentials, laundered profits, and infected tens of thousands of users’ computers worldwide with banking Trojans. Source: http://www.net-security.org/malware_news.php?id=3064

23. June 25, Help Net Security – (International) Why a Dyre infection leads to more than just stolen banking credentials. Symantec reported that in addition to targeting banks, financial institutions, customers of electronic payment services, and users of digital currencies, cybercriminals are employing the Dyre Trojan to collect credentials for career and human resource Web sites, as well as Web hosting companies. The group using Dyre has reportedly targeted customers of over 1,000 organizations worldwide. Source: http://www.net-security.org/malware_news.php?id=3063

24. June 25, SC Magazine – (International) Study: 61 percent of critical infrastructure execs confident systems could detect attack in less than a day. Tripwire released survey results from 400 executives in the energy, oil, gas, and utility industries in its “Critical Infrastructure Study” revealing that executives had high levels of confidence regarding their organizations’ ability to quickly detect cyber-attacks on their systems, while noting that attacks could seriously damage their infrastructure, among other findings. Source: http://www.scmagazine.com/critical-infrastructure-execs-recognize-companies-are-targets-believe-their-systems-can-quickly-detect-attacks/article/422676/

25. June 25, V3.co.uk – (International) Android malware dominates mobile threat landscape. Pulse secure released findings from its Mobile Threat Report revealing that 97 percent of mobile malware is targeted at Android devices, and that in 2014 almost 1 million individual malicious apps were released. The report also highlighted the dangers in jailbroken and non-jailbroken iOS devices, among other findings. Source: http://www.v3.co.uk/v3-uk/news/2414871/android-malware-dominates-mobile-threat-landscape

26. June 24, SC Magazine – (International) Cyber-crime economy triggers rise in malicious macros. Proofpoint released The Cybercrime Economics of Malicious Macros report, revealing that malicious macro campaigns have grown in size, frequency, sophistication, and effectiveness while increasingly relying on inexpensive vectors and techniques to exploit the human factor, among other findings. Source: http://www.scmagazineuk.com/cyber-crime-economy-triggers-rise-in-malicious-macros/article/422479/

27. June 24, SC Magazine – (International) MacKeeper flaw enables attacker to run code with admin rights. Security researchers discovered a serious vulnerability in ZeoBit’s MacKeeper utility program in which an attacker could use a phishing email containing a malicious link that prompts a user for a password, effectively executing the malware with administrator rights. ZeoBit reportedly acknowledged and patched the vulnerability. Source: http://www.scmagazineuk.com/mackeeper-flaw-enables-attacker-to-run-code-with-admin-rights/article/422516/

28. June 24, SC Magazine – (International) COA Network breached, all customer data treated as potentially compromised. New Jersey-based COA Network Inc., reported that it had detected a pattern of irregular activity in its systems June 5, and is considering all customer contact and payment information as possibly having been compromised. The company took actions to increase security and protect customer information, and has notified all customers. Source: http://www.scmagazine.com/coa-network-breached-all-customer-data-treated-as-potentially-compromised/article/422637/

29. June 24, Softpedia – (International) ESET patches scan engine against remote root exploit. ESET pushed an update for its scan engine addressing a vulnerability in antivirus products’ code emulator component in which an attacker used a remote root exploit to take complete control of a system. NOD32 Antivirus, Microsoft Windows, Apple OS X, Linux, and numerous other consumer and business antivirus solutions, utilize the product. Source: http://news.softpedia.com/news/eset-products-vulnerable-to-remote-root-exploit-485191.shtml

30. June 24, Help Net Security – (International) Deadly Windows, Reader font bugs can lead to full system compromise. A security engineer with Google Project Zero shared the discovery of 15 flaws in font engines used by Microsoft Windows, Adobe Reader, and other popular software that could allow an attacker to compromise systems in a variety of ways including creating an exploit chain leading to a full-system compromise. All of the reported vulnerabilities have been patched in recent updates. Source: http://www.net-security.org/secworld.php?id=18549

31. June 24, Securityweek – (International) Visibility challenges industrial control system security: survey. Findings from a SANS Institute survey of over 314 respondents across several industries that interact with industrial control systems (ICS) revealed the perceived threats posed by internal and external attackers and the challenges of ICS protection. Challenges cited include poor optimization of ICS protection for information technology (IT) environments, the difficulty in detecting threats that spread without affecting operations, and the integration of IT into previously isolated ICS platforms, among other findings. Source: http://www.securityweek.com/visibility-challenges-industrial-control-system-security-survey

For another story, see item 15 below from the Government Facilities Sector

15. June 25, Securityweek – (International) Leaked government credentials abundant on public Web. Recorded Future released a report June 24 revealing that login credentials belonging to 47 U.S. Government agencies have been discovered on the public Web since November 2014, with the most affected agencies being the U.S. Department of Energy and Department of Commerce. The company shared its finding with affected agencies and is unsure if attackers attempted to leverage any stolen information. Source: http://www.securityweek.com/leaked-government-credentials-abundant-public-web

Communications Sector

32. June 24, WPVI 6 Philadelphia – (Pennsylvania) Verizon wireless service restored in Pennsylvania, New Jersey and Delaware. Severe storms June 23 across Pennsylvania, New Jersey, and Delaware caused a 9-hour cellular phone service outage for Verizon Wireless customers, which included calls from cell phones to 9-1-1 voice services. Services have since been fully restored. Source: http://6abc.com/weather/verizon-wireless-service-restored-in-pa-nj-del/802810/

For additional stories, see items, 24, 25, 28 and 31 above in the Information Technology Sector