Monday, August 3, 2015




Complete DHS Report for August 3, 2015

Daily Report                                            

Top Stories
 
 · The General Motors Company confirmed July 30 that OnStar-equipped vehicles are vulnerable to a flaw that could allow an attacker to remotely locate the vehicle and issue commands through OnStar’s RemoteLink app. – CNET

3. July 30, CNET – (National) GM quickly issues fix for OnStar hack, but service still vulnerable. The General Motors Company confirmed July 30 that OnStar-equipped vehicles are vulnerable to a flaw that could allow an attacker to remotely locate the vehicle and issue commands through OnStar’s RemoteLink app, such as locking doors or starting the engine. A hacker demonstrated the vulnerability using a device called “OwnStar,” which he claimed allowed him to intercept communications between the app and the vehicle. Source: http://www.cnet.com/news/ownstar-onstar-hack/

 · Matson Navigation Company agreed to reimburse the State of Hawaii more than $15 million in cleanup costs and restoration fees following a 2013 incident in which a faulty loading pipeline leaked 1,400 tons of molasses into the Honolulu Harbor. – Reuters

5. July 30, Reuters – (International) Shipping company Matson to pay Hawaii $15 million over molasses spill. The Matson Navigation Company agreed to pay the State of Hawaii more than $15 million in cleanup costs and restoration fees July 30 following a 2013 incident in which a faulty loading pipeline leaked 1,400 tons of molasses into the Honolulu Harbor, damaging the ecosystem and closing parts of the harbor for days. Source: http://www.reuters.com/article/2015/07/30/usa-molasses-hawaii-idUSL1N10A10920150730

 · The July 29 Rocky fire in Lake County, California reached 15,000 acres by July 30, burning parts of the Cache Creek Wilderness Area and the Snow Mountain National Monument Area, and forcing the evacuation of 650 people. – Sacramento Bee

9. July 30, Sacramento Bee – (California) Rocky fire grows to 15,000 acres burned, 5 percent contained. The July 29 Rocky fire in Lake County, California reached 15,000 acres by July 30, burning parts of the Cache Creek Wilderness Area and the federal Snow Mountain National Monument Area and forcing the evacuation of 650 people. About 1,000 first responders, 150 fire engines, 8 airplanes, and 8 helicopters are schedule to arrive onsite July 31.

 · Two California residents were indicted July 30 on charges alleging they were conspirators to a 2011 cyberattack in which 94,000 credit and debit card numbers were stolen from Michaels Stores Inc., customers. – Reuters

16. July 31, Reuters – (California) Two charged in 2011 cyber breach at Michaels retailer. Two California residents were indicted July 30 on charges alleging that they were conspirators to a 2011 cyberattack in which 94,000 credit and debit card numbers were stolen from Michaels Stores Inc., customers. Source: http://www.businessinsurance.com/article/20150731/NEWS06/150739970/two-charged-in-2011-cyber-breach-at-michaels-retailer?tags=

Financial Services Sector

4. July 31, MarketWatch – (National) How vulnerable are the U.S. stock markets to hackers? An analysis of information security and cyber risk trends in the financial sector cited findings from a 2015 U.S. Securities and Exchange Commission Risk Alert revealing that about 88 percent of brokerages and 74 percent of financial advisers in the U.S. have suffered cyber-attacks, and that according to Congressional testimony, a major U.S. bank is attacked every 34 seconds, among other disclosures. Source: http://www.marketwatch.com/story/how-vulnerable-are-the-us-stock-markets-to-hackers-2015-07-31

For another story, see item 16 above in Top Stories

Information Technology Sector

13. July 31, Help Net Security – (International) Cybercriminals are preying on existing vulnerabilities to plan future attacks. An analysis of cyber threats by Solutionary identified several campaigns consisting of over 600,000 events worldwide that targeted the bash vulnerability in the second quarter of 2015, and found that the U.S. was a leading source of command and control traffic and malware threats, among other findings. Source: http://www.net-security.org/secworld.php?id=18691

14. July 30, Securityweek – (International) Stack ranking the SSL vulnerabilities for the enterprise. Security researchers discovered an OpenSSL vulnerability dubbed “OprahSSL” in which an attacker with a legitimate end-leaf certificate could circumvent OpenSSL code validating the certificate’s purpose, and sign other certificates in order to perpetrate man-in-the-middle (MitM) attacks on Secure Sockets Layer (SSL) sessions, and ranked the severity of the flaw in relation to other SSL vulnerabilities, including Heatbleed, Early CCS, and LOGJAM. Source: http://www.securityweek.com/stack-ranking-ssl-vulnerabilities-enterprise

15. July 30, Softpedia – (International) Google fixes Chrome issue that leaked the user’s real IP from behind a VPN. Google released a Chrome Web browser extension called “WebRTC Network Limiter” to address an issue with the WebRTC protocol in which certain circumstances could reveal the real public and local Internet Protocol (IP) address of a user connected via a virtual private network (VPN). Source: http://news.softpedia.com/news/google-fixes-chrome-issue-that-leaked-the-user-s-real-ip-from-behind-a-vpn-488143.shtml

For additional stories, see item 3 above in Top Stories and item 4 above in the Financial Services Sector

Communications Sector

Nothing to report