Complete DHS Report for March
24, 2015
Daily Report
Top Stories
· The U.S.
Department of the Interior along with the U.S. President’s administration
releasMarch 20 new federal regulations on hydraulic fracturing which are set to
go into effect iJune. – New York Times
1. March
20, New York Times – (National) New federal rules are set for
fracking. The U.S. Department of the Interior along with the U.S.
President’s administration released March 20 new federal regulations on
hydraulic fracturing which include allowing government workers to inspect and
validate concrete barriers that line fracking wells, and a requirement for
companies to disclose the chemicals used during the fracturing process within
30 days of completing fracking operations, among other rules set to go into
effect in June. Source: http://www.nytimes.com/2015/03/21/us/politics/obama-administration-unveils-federal-fracking-regulations.html
· A
stretch of railroad tracks near Hudson, Colorado, suffered extensive damage and
was closed indefinitely March 22 after 27 freight cars of a Burlington National
Santa Fe Railway train derailed. – Associated Press; KUSA 9 Denver
7. March
22, Associated Press; KUSA 9 Denver – (Colorado) Train derails in
Weld County. A stretch of railroad tracks near Hudson, Colorado, suffered
extensive damageand was closed indefinitely March 22 after at least 27 freight
cars of a Burlington National Santa Fe Railway Co. (BNSF) train derailed and
spilled an unspecified amount of coal. Crews used front-end loaders to clear
the scene, and no environmental impact was reported. Source: http://www.9news.com/story/news/2015/03/22/train-derails-in-weld-county/25181437/
· An armed
man attacked several Transportation Security Administration agents at the
LouiArmstrong New Orleans International Airport in Louisiana March 20 before he
was fatallshot by a law enforcement officer. – Reuters
9. March
21, Reuters – (Louisiana) Officer shoots man who attacked TSA
agents at New Orleans airport. A man armed with a machete and wasp spray
attacked several Transportation Security Administration (TSA) agents in
Concourse B at the Louis Armstrong New Orleans International Airport March 20
before he was fatally shot by a law enforcement officer, while a TSA agent
suffered non-life-threatening injuries when she was accidentally struck by the
officer’s gunfire. The concourse was secured while authorities investigated the
incident and was scheduled to reopen March 21. Source: http://www.reuters.com/article/2015/03/21/us-usa-shooting-airport-idUSKBN0MH01S20150321
· Snowy
conditions March 20 prompted the cancelation of several hundred flights at New
Jersey and New York airports and prompted the Federal Aviation Administration to
issue ground control program that caused delays for arriving flights. – Newark
Star-Ledger
10. March 20, Newark Star-Ledger – (New Jersey; New
York) Nearly 800 flights canceled at the 3 area airports. Snowy
conditions March 20 prompted the cancelation of about 380 flights at Newark
Liberty International Airport, 231 flights at LaGuardia Airport, and 154
flights at John F. Kennedy International Airport. The Federal Aviation
Administration issued a ground control program, which delayed arriving flights
at the airports for an average of more than 3 hours. Source: http://www.nj.com/news/index.ssf/2015/03/weather_causes_massive_flight_cancellations_and_de.html
Financial Services Sector
6. March
23, Securityweek – (International) Dridex banking malware dodges
detection with run-on-close macros. Security researchers at Proofpoint discovered
that the Dridex banking malware is using run-on-close macros in infected
Microsoft Office documents to avoid detection by malware sandboxes and
antivirus software. The Dridex malware was previously linked to attacks
targeting banking customers in the U.S., Canada, and the U.K. Source: http://www.securityweek.com/dridex-banking-malware-dodges-detection-run-close-macros
For another story, see item 5 below
from the Defense Industrial Sector
5. March
22, Reuters – (National) U.S., Lockheed fixing software glitch
with GPS satellites. Lockheed Martin Corp announced that the company is
working to resolve a technical error disclosed by the U.S. Air Force March 22
that involves the ground-based control system used to index some messages
transmitted by global positioning system (GPS) IIF satellites built by Boeing
Co. A “workaround” was put in place to avoid further errors while the company
and the Air Force develop a full software correction for the flaw that had gone
unnoticed since 2013. Source: http://www.reuters.com/article/2015/03/23/usa-airforce-satellite-idUSL2N0WO0EW20150323?feedType=RSS&feedName=everything&virtualBrandChannel=11563
Information Technology Sector
29. March 23,
Softpedia – (International) New point-of-sale malware PoSeidon
exfiltrates card data to Russian domains. Security researchers from Cisco
Systems’ Talos Security Intelligence and Research Group discovered that
cybercriminals are using a new point-of-sale (PoS) malware family dubbed
PoSeidon that infects systems via a binary file and uses a memory scraping
technique to retrieve and clone Discover, American Express, MasterCard, and
Visa card information before delivering it to command and control (C&C)
servers in Russia. The malware contains routines to ensure persistence
regardless of restart or user log-off. Source: http://news.softpedia.com/news/New-Point-of-Sale-Malware-PoSeidon-Exfiltrates-Card-Data-to-Russian-Domains-476498.shtml
30. March 23,
Softpedia – (International) CryptoWall ransomware also adds infostealer
to compromised systems. Security researchers at Trend Micro discovered that
the latest version of the CryptoWall ransomware contains the Fareit infostealer
which collects credentials from programs including email clients, Web browsers,
file transfer protocol (FTP) clients, and digital currency wallets. The malware
is delivered via an archived JavaScript attachment in an email claiming to
deliver a resume that connects to command and control (C&C) servers to download
JPG images as a ploy to bypass intrusion detection systems (IDS). Source: http://news.softpedia.com/news/CryptoWall-Ransomware-Also-Adds-Infostealer-to-Compromised-Systems-476481.shtml
31. March 23,
Help Net Security – (International) Cisco Small Business IP phones vulnerable to
eavesdropping. Cisco Systems confirmed that its Small Business SPA 300 and
500 series IP phones with firmware version 7.5.5 or older, contain flaws in
authentication settings that could allow attackers to listen in on phone audio
streams or make calls remotely by sending crafted extensible markup language
(XML) requests to the affected device. The company is reportedly working on a
patch to address the vulnerability. Source: http://www.net-security.org/secworld.php?id=18119
32. March 23,
IDG News Service – (International) Fake patient data could have been uploaded
through SAP medical app. SAP fixed two issues in the Electronic Medical
Records (EMR) Unwired app that could have allowed attackers to potentially
leverage an SQL injection flaw and configuration file vulnerability to access
the embedded database and change medical records stored on the server. Source: http://www.computerworld.com/article/2900338/fake-patient-data-could-have-been-uploaded-through-sap-medical-app.html
For another story, see item 6 above in the Financial Systems Sector
Communications Sector
See item 31 above in the Information Technology
Sector