Complete DHS Report for
June 26, 2015
Daily Report
Top Stories
· Fiat
Chrysler is recalling 164,000 model year 2014 – 2015 Jeep Cherokee vehicles
worldwide to address an issue in which water could get into the vehicle’s power
rear lift gate controls, posing a risk of fire. – Associated Press
5. June
24, Associated Press – (National) Fiat Chrysler issues recall for
164,000 Jeep Cherokees. Fiat Chrysler is recalling 164,000 model year 2014
– 2015 Jeep Cherokee vehicles worldwide to address a seal issue in which water
could get into the vehicle’s power rear lift gate controls, posing a risk of
fire. The company will install shields and replace control modules exposed to
water. Source: http://www.nytimes.com/2015/06/25/business/fiat-chrysler-issues-recall-for-164000-jeep-cherokees.html?_r=0
· Authorities
arrested a second Clinton Correctional Facility prison guard June 24 for
allegedly trading tools to the escaped convicts in exchange for artwork. – NBC
News
17. June
25, NBC News – (New York) New York prison guard allegedly swapped
artworks for tools. Authorities arrested a second Clinton Correctional
Facility prison guard June 24 for his role in the escape of two fugitive
convicts. The guard allegedly accepted paintings from the convicts in exchange
for tools, in which the paintings were allegedly burned and destroyed around
the time of the escape. Source: http://www.nbcnews.com/storyline/new-york-prison-escape/new-york-prison-guard-gene-palmer-allegedly-took-escapees-paintings-n381531
·
European authorities from six countries, Europol, and Eurojust arrested five
suspects in Ukraine believe to be part of a major cybercriminal ring that
infected tens of thousands of users’ computers worldwide with banking Trojans.
– Help Net Security (See item 22)
below in the Information Technology
Sector
· Ionia
County, Michigan declared a state of emergency after a June 22 tornado heavily
damaged 70 homes, more than 12 businesses, and at least 4 churches. – Lansing
State Journal
35. June 24, Lansing State Journal – (Michigan) 70
homes, many businesses damaged in tornado. Ionia County, Michigan declared
a state of emergency after a June 22 tornado heavily damaged 70 homes, more
than 12 businesses, and at least 4 churches. Clean-up crews were deployed and
repairs to the city are ongoing. Source: http://www.lansingstatejournal.com/story/news/local/2015/06/23/update-homes-many-businesses-damaged-portland-tornado/29163575/
Financial Services Sector
7. June
23, New Hampshire Union Leader – (New Hampshire) St. Mary’s Bank
issues new debit cards following breach. St. Mary’s Bank officials in
Manchester, New Hampshire reported June 23 that the bank was reissuing 5,029
debit cards and replacing about $25,000 in funds after about 160 cards were
found to have been compromised in a breach. Source: http://www.unionleader.com/article/20150623/NEWS02/150629609
For additional stories, see items 22 and 23 below in the Information Technology
Sector
Information Technology Sector
21. June 25,
Help Net Security – (International) Samsung disables Windows Update, undermines
the security of your devices. A security researcher discovered that the
Samsung SW Update software for Microsoft Windows personal computers (PCs) runs
an executable file upon start-up that disables Windows Update to prevent driver
and update software conflicts, posing a security risk to users. Microsoft has
reportedly contacted Samsung to address the issue. Source: http://www.net-security.org/secworld.php?id=18553
22. June 25,
Help Net Security – (International) The downfall of a major cybercrime ring
exploiting banking trojans. European authorities from six countries along
with Europol and Eurojust arrested five suspects in Ukraine believed to be part
of a major cybercriminal ring that developed, exploited, and distributed Zeus
and SpyEye malware, actively traded stolen credentials, laundered profits, and
infected tens of thousands of users’ computers worldwide with banking Trojans.
Source: http://www.net-security.org/malware_news.php?id=3064
23. June 25,
Help Net Security – (International) Why a Dyre infection leads to more than just
stolen banking credentials. Symantec reported that in addition to targeting
banks, financial institutions, customers of electronic payment services, and
users of digital currencies, cybercriminals are employing the Dyre Trojan to
collect credentials for career and human resource Web sites, as well as Web
hosting companies. The group using Dyre has reportedly targeted customers of
over 1,000 organizations worldwide. Source: http://www.net-security.org/malware_news.php?id=3063
24. June 25,
SC Magazine – (International) Study: 61 percent of critical infrastructure
execs confident systems could detect attack in less than a day. Tripwire
released survey results from 400 executives in the energy, oil, gas, and
utility industries in its “Critical Infrastructure Study” revealing that
executives had high levels of confidence regarding their organizations’ ability
to quickly detect cyber-attacks on their systems, while noting that attacks
could seriously damage their infrastructure, among other findings. Source: http://www.scmagazine.com/critical-infrastructure-execs-recognize-companies-are-targets-believe-their-systems-can-quickly-detect-attacks/article/422676/
25. June 25,
V3.co.uk – (International) Android malware dominates mobile threat
landscape. Pulse secure released findings from its Mobile Threat Report
revealing that 97 percent of mobile malware is targeted at Android devices, and
that in 2014 almost 1 million individual malicious apps were released. The
report also highlighted the dangers in jailbroken and non-jailbroken iOS
devices, among other findings. Source: http://www.v3.co.uk/v3-uk/news/2414871/android-malware-dominates-mobile-threat-landscape
26. June 24,
SC Magazine – (International) Cyber-crime economy triggers rise in
malicious macros. Proofpoint released The Cybercrime Economics of Malicious
Macros report, revealing that malicious macro campaigns have grown in size,
frequency, sophistication, and effectiveness while increasingly relying on
inexpensive vectors and techniques to exploit the human factor, among other
findings. Source: http://www.scmagazineuk.com/cyber-crime-economy-triggers-rise-in-malicious-macros/article/422479/
27. June 24,
SC Magazine – (International) MacKeeper flaw enables attacker to run code
with admin rights. Security researchers discovered a serious vulnerability
in ZeoBit’s MacKeeper utility program in which an attacker could use a phishing
email containing a malicious link that prompts a user for a password,
effectively executing the malware with administrator rights. ZeoBit reportedly
acknowledged and patched the vulnerability. Source: http://www.scmagazineuk.com/mackeeper-flaw-enables-attacker-to-run-code-with-admin-rights/article/422516/
28. June 24,
SC Magazine – (International) COA Network breached, all customer data
treated as potentially compromised. New Jersey-based COA Network Inc.,
reported that it had detected a pattern of irregular activity in its systems
June 5, and is considering all customer contact and payment information as
possibly having been compromised. The company took actions to increase security
and protect customer information, and has notified all customers. Source: http://www.scmagazine.com/coa-network-breached-all-customer-data-treated-as-potentially-compromised/article/422637/
29. June 24,
Softpedia – (International) ESET patches scan engine against remote root
exploit. ESET pushed an update for its scan engine addressing a
vulnerability in antivirus products’ code emulator component in which an
attacker used a remote root exploit to take complete control of a system. NOD32
Antivirus, Microsoft Windows, Apple OS X, Linux, and numerous other consumer
and business antivirus solutions, utilize the product. Source: http://news.softpedia.com/news/eset-products-vulnerable-to-remote-root-exploit-485191.shtml
30. June 24,
Help Net Security – (International) Deadly Windows, Reader font bugs can lead to
full system compromise. A security engineer with Google Project Zero shared
the discovery of 15 flaws in font engines used by Microsoft Windows, Adobe Reader,
and other popular software that could allow an attacker to compromise systems
in a variety of ways including creating an exploit chain leading to a
full-system compromise. All of the reported vulnerabilities have been patched
in recent updates. Source: http://www.net-security.org/secworld.php?id=18549
31. June 24,
Securityweek – (International) Visibility challenges industrial control
system security: survey. Findings from a SANS Institute survey of over 314
respondents across several industries that interact with industrial control
systems (ICS) revealed the perceived threats posed by internal and external
attackers and the challenges of ICS protection. Challenges cited include poor
optimization of ICS protection for information technology (IT) environments,
the difficulty in detecting threats that spread without affecting operations,
and the integration of IT into previously isolated ICS platforms, among other
findings. Source: http://www.securityweek.com/visibility-challenges-industrial-control-system-security-survey
For another
story, see item 15 below from the Government Facilities Sector
15. June 25, Securityweek – (International) Leaked
government credentials abundant on public Web. Recorded Future released a
report June 24 revealing that login credentials belonging to 47 U.S. Government
agencies have been discovered on the public Web since November 2014, with the
most affected agencies being the U.S. Department of Energy and Department of
Commerce. The company shared its finding with affected agencies and is unsure
if attackers attempted to leverage any stolen information. Source: http://www.securityweek.com/leaked-government-credentials-abundant-public-web
Communications Sector
32. June 24, WPVI 6
Philadelphia – (Pennsylvania) Verizon wireless service restored
in Pennsylvania, New Jersey and Delaware. Severe storms June 23 across
Pennsylvania, New Jersey, and Delaware caused a 9-hour cellular phone service
outage for Verizon Wireless customers, which included calls from cell phones to
9-1-1 voice services. Services have since been fully restored. Source: http://6abc.com/weather/verizon-wireless-service-restored-in-pa-nj-del/802810/
For additional stories, see items, 24, 25, 28 and 31 above in the Information Technology
Sector
No comments:
Post a Comment