Tuesday, March 24, 2015



Complete DHS Report for  March 24, 2015

Daily Report

Top Stories

 · The U.S. Department of the Interior along with the U.S. President’s administration releasMarch 20 new federal regulations on hydraulic fracturing which are set to go into effect iJune. – New York Times

1. March 20, New York Times – (National) New federal rules are set for fracking. The U.S. Department of the Interior along with the U.S. President’s administration released March 20 new federal regulations on hydraulic fracturing which include allowing government workers to inspect and validate concrete barriers that line fracking wells, and a requirement for companies to disclose the chemicals used during the fracturing process within 30 days of completing fracking operations, among other rules set to go into effect in June. Source: http://www.nytimes.com/2015/03/21/us/politics/obama-administration-unveils-federal-fracking-regulations.html

 · A stretch of railroad tracks near Hudson, Colorado, suffered extensive damage and was closed indefinitely March 22 after 27 freight cars of a Burlington National Santa Fe Railway train derailed. – Associated Press; KUSA 9 Denver

7. March 22, Associated Press; KUSA 9 Denver – (Colorado) Train derails in Weld County. A stretch of railroad tracks near Hudson, Colorado, suffered extensive damageand was closed indefinitely March 22 after at least 27 freight cars of a Burlington National Santa Fe Railway Co. (BNSF) train derailed and spilled an unspecified amount of coal. Crews used front-end loaders to clear the scene, and no environmental impact was reported. Source: http://www.9news.com/story/news/2015/03/22/train-derails-in-weld-county/25181437/

 · An armed man attacked several Transportation Security Administration agents at the LouiArmstrong New Orleans International Airport in Louisiana March 20 before he was fatallshot by a law enforcement officer. – Reuters

9. March 21, Reuters – (Louisiana) Officer shoots man who attacked TSA agents at New Orleans airport. A man armed with a machete and wasp spray attacked several Transportation Security Administration (TSA) agents in Concourse B at the Louis Armstrong New Orleans International Airport March 20 before he was fatally shot by a law enforcement officer, while a TSA agent suffered non-life-threatening injuries when she was accidentally struck by the officer’s gunfire. The concourse was secured while authorities investigated the incident and was scheduled to reopen March 21. Source: http://www.reuters.com/article/2015/03/21/us-usa-shooting-airport-idUSKBN0MH01S20150321

 · Snowy conditions March 20 prompted the cancelation of several hundred flights at New Jersey and New York airports and prompted the Federal Aviation Administration to issue ground control program that caused delays for arriving flights. – Newark Star-Ledger

10. March 20, Newark Star-Ledger – (New Jersey; New York) Nearly 800 flights canceled at the 3 area airports. Snowy conditions March 20 prompted the cancelation of about 380 flights at Newark Liberty International Airport, 231 flights at LaGuardia Airport, and 154 flights at John F. Kennedy International Airport. The Federal Aviation Administration issued a ground control program, which delayed arriving flights at the airports for an average of more than 3 hours. Source: http://www.nj.com/news/index.ssf/2015/03/weather_causes_massive_flight_cancellations_and_de.html

Financial Services Sector

6. March 23, Securityweek – (International) Dridex banking malware dodges detection with run-on-close macros. Security researchers at Proofpoint discovered that the Dridex banking malware is using run-on-close macros in infected Microsoft Office documents to avoid detection by malware sandboxes and antivirus software. The Dridex malware was previously linked to attacks targeting banking customers in the U.S., Canada, and the U.K. Source: http://www.securityweek.com/dridex-banking-malware-dodges-detection-run-close-macros

For another story, see item 5 below from the Defense Industrial Sector

5. March 22, Reuters – (National) U.S., Lockheed fixing software glitch with GPS satellites. Lockheed Martin Corp announced that the company is working to resolve a technical error disclosed by the U.S. Air Force March 22 that involves the ground-based control system used to index some messages transmitted by global positioning system (GPS) IIF satellites built by Boeing Co. A “workaround” was put in place to avoid further errors while the company and the Air Force develop a full software correction for the flaw that had gone unnoticed since 2013. Source: http://www.reuters.com/article/2015/03/23/usa-airforce-satellite-idUSL2N0WO0EW20150323?feedType=RSS&feedName=everything&virtualBrandChannel=11563

Information Technology Sector

29. March 23, Softpedia – (International) New point-of-sale malware PoSeidon exfiltrates card data to Russian domains. Security researchers from Cisco Systems’ Talos Security Intelligence and Research Group discovered that cybercriminals are using a new point-of-sale (PoS) malware family dubbed PoSeidon that infects systems via a binary file and uses a memory scraping technique to retrieve and clone Discover, American Express, MasterCard, and Visa card information before delivering it to command and control (C&C) servers in Russia. The malware contains routines to ensure persistence regardless of restart or user log-off. Source: http://news.softpedia.com/news/New-Point-of-Sale-Malware-PoSeidon-Exfiltrates-Card-Data-to-Russian-Domains-476498.shtml

30. March 23, Softpedia – (International) CryptoWall ransomware also adds infostealer to compromised systems. Security researchers at Trend Micro discovered that the latest version of the CryptoWall ransomware contains the Fareit infostealer which collects credentials from programs including email clients, Web browsers, file transfer protocol (FTP) clients, and digital currency wallets. The malware is delivered via an archived JavaScript attachment in an email claiming to deliver a resume that connects to command and control (C&C) servers to download JPG images as a ploy to bypass intrusion detection systems (IDS). Source: http://news.softpedia.com/news/CryptoWall-Ransomware-Also-Adds-Infostealer-to-Compromised-Systems-476481.shtml

31. March 23, Help Net Security – (International) Cisco Small Business IP phones vulnerable to eavesdropping. Cisco Systems confirmed that its Small Business SPA 300 and 500 series IP phones with firmware version 7.5.5 or older, contain flaws in authentication settings that could allow attackers to listen in on phone audio streams or make calls remotely by sending crafted extensible markup language (XML) requests to the affected device. The company is reportedly working on a patch to address the vulnerability. Source: http://www.net-security.org/secworld.php?id=18119

32. March 23, IDG News Service – (International) Fake patient data could have been uploaded through SAP medical app. SAP fixed two issues in the Electronic Medical Records (EMR) Unwired app that could have allowed attackers to potentially leverage an SQL injection flaw and configuration file vulnerability to access the embedded database and change medical records stored on the server. Source: http://www.computerworld.com/article/2900338/fake-patient-data-could-have-been-uploaded-through-sap-medical-app.html

For another story, see item 6 above in the Financial Systems Sector

Communications Sector

See item 31 above in the Information Technology Sector