Wednesday, April 22, 2015



Complete DHS Report for April 22, 2015

Daily Report

Top Stories

 · Check Point Software researchers identified a security hole in unpatched versions of eBay’s Magento e-commerce platform that can be exploited to gain access to databases containing customers’ financial and personal information. – Securityweek See item 2 below in the Financial Services Sector

 · The U.S. Department of Agriculture announced April 20 that about 5.3 million hens at a commercial egg-laying facility in Osceola County, Iowa, must be culled as a precaution after a strain of bird flu was detected in the flock. – Des Moines Register

6. April 21, Des Moines Register – (Iowa) 5.3 million Iowa laying hens to be destroyed in bird flu outbreak. The U.S. Department of Agriculture announced April 20 that about 5.3 million laying hens at an Osceola County commercial egg-laying facility must be culled as a precaution after a strain of bird flu was detected in the flock. More than 2.6 million additional birds have been killed as a result of the bird flu, which has been confirmed at more than 50 sites across at least 8 States, including Wisconsin where a state of emergency was declared over the outbreak. Source: http://www.desmoinesregister.com/story/money/agriculture/2015/04/20/avian-flu-chicken-eggs/26094811/

 · Blue Bell Creameries recalled April 20 all of its products currently on the market in 23 U.S. States and abroad due to an ongoing Listeria outbreak that has sickened at least 10 individuals, including 3 people who died from infection. – Food Safety News

7. April 21, Food Safety News – (International) CDC Reports Two More Cases in Listeria Outbreak. Texas-based Blue Bell Creameries issued a voluntary recall April 20 for all of its products currently on the market in 23 U.S. States and abroad due to an ongoing Listeria outbreak that has been connected to several of the company’s plants. The U.S. Centers for Disease Control and Prevention reported 2 new cases that are linked to Blue Bell products April 21, increasing the case count to 10, including 3 cases that resulted in death. Source: http://www.foodsafetynews.com/2015/04/blue-bell-recalls-all-products-made-in-all-company-facilities

 · An underground cable issue sparked a transformer explosion that damaged the Suburban Building and nearby businesses in Radnor Township, Pennsylvania, April 20, and prompted Philadelphia Electric Company crews to cut power to about 80 customers including 14 businesses. – Norristown Times Herald

25. April 21, Norristown Times Herald – (Pennsylvania) Transformer explosion in Radnor Township shatters, closes storefronts. An underground cable issue sparked a transformer explosion that shattered windows at the Suburban Building and nearby businesses in Radnor Township April 20, and prompted Philadelphia Electric Company crews to cut power to about 80 customers including 14 businesses. Some businesses remained closed April 21, while crews expected to restore service to all customers later that day. Source: http://www.timesherald.com/general-news/20150421/transformer-explosion-in-radnor-township-shatters-closes-storefronts

Financial Services Sector

2. April 20, Securityweek – (International) Malicious hackers can exploit a vulnerability in Magento to access credit card data. Security researchers at Check Point Software identified a security hole in unpatched versions of eBay’s Magento e-commerce platform that contain remote code execution (RCE) vulnerabilities that could allow attackers to execute hypertext preprocessor (PHP) code on Web servers containing online stores in order to gain access to databases containing customers’ credit card, financial, and personal information. Source: http://www.securityweek.com/critical-flaw-magento-ecommerce-platform-exposes-online-shops

For another story, see item 24 below in the Information Technology Sector

Information Technology Sector

19. April 21, Softpedia – (International) Highly popular WordPress plugins vulnerable to XSS attacks. A security researcher from Scrutinizer discovered an issue with two coding functions used in many content management system (CMS) plugins created by WordPress developers that could allow attackers to run cross-site scripting (XSS) attacks and access sensitive areas of affected Web sites. The vulnerability was a result of improper documentation regarding external users’ ability to run commands via the functions. Source: http://news.softpedia.com/news/At-Least-17-Popular-WordPress-Plugins-Vulnerable-to-XSS-Attacks-478968.shtml

20. April 21, Softpedia – (International) iOS apps from developers vulnerable to HTTPS data decryption. Research from SourceDNA revealed that almost 1,000 iOS apps are vulnerable to a security flaw in build 2.5.1 of open source AFNetworking that disables secure sockets layer (SSL) certificate validation, which could allow attackers to carry out man-in-the-middle (MitM) attacks and read encrypted information in plain text. The flaw was patched in late March, but many developers have not yet integrated the updated code. Source: http://news.softpedia.com/news/iOS-Apps-from-Developers-Vulnerable-to-HTTPS-Data-Decryption-478951.shtml

21. April 21, Softpedia – (International) Fake antivirus delivered to users in the US via Fiesta exploit kit. Security researchers at Trend Micro discovered that cybercriminals have switched the payload delivered via the Fiesta exploit kit (EK) from crypto-malware such as TeslaCrypt to a fake antivirus program called “Antivirus Pro 2015” that disables Windows tools and software that could deactivate it, before requiring users to pay to remove the infection. Researchers reported that Fiesta EK distributors targeted the U.S. more than any other country in March. Source: http://news.softpedia.com/news/Fake-Antivirus-Delivered-to-Users-in-the-US-via-Fiesta-Exploit-Kit-478933.shtml

22. April 21, Help Net Security – (International) New fileless malware found in the wild. Security researchers at Trend Micro discovered that a new fileless malware, dubbed Phasebot, uses Microsoft Windows PowerShell to evade detection and run components hidden in the Windows registry, contains an external module loader to add and remove functionalities on infected systems, and can execute numerous routines per the instruction of the bot administrator. Source: http://www.net-security.org/malware_news.php?id=3021

23. April 20, Softpedia – (International) New ransomware “Threat Finder” delivered by Angler exploit kit. Security researchers at Rackspace discovered that a new piece of crypto-malware called Threat Finder has been distributed in drive-by attacks via Bedep malware downloaded by the Angler exploit kit (EK). The crypto-malware encrypts important file types including documents, media files, and database formats before asking affected users for bitcoin in exchange for the decryption key. Source: http://news.softpedia.com/news/New-Ransomware-Threat-Finder-Delivered-by-Angler-Exploit-Kit-478881.shtml

24. April 20, IDG News Service – (International) Pushdo spamming botnet gains strength again. Security researchers at Fidelis Cybersecurity reported that an updated version of the Pushdo botnet has infected systems in over 50 countries with the Fareit and Cutwail malware as well as the Dyre and Zeus banking trojans. The spamming botnet has been in operation since 2007 due to its frequently changing command and control (C&C) system that generates 30 domain names a day that infected computers can contact. Source: http://www.networkworld.com/article/2912533/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_all

For another story, see item 2 above in the Financial Services Sector

Communications Sector

See item 18 below from the Emergency Services Sector

18. April 20, Iroquois County’s Times-Republic – (Illinois) Cut cable wreaks havoc on 911, routine calls. A cut AT&T fiber optic cable line near Papineau knocked out emergency service calls in Iroquois County April 20. Emergency calls were temporarily rerouted to Kankakee County’s Kan-Com while crews spent several houworking to restore services. Source: http://www.newsbug.info/iroquois_countys_times-republic/cut-cable-wreakshavoc-on-routine-calls/article_5ce763da-e7a5-11e4-86c7-cf94e200e821.html