Wednesday, August 5, 2015




Complete DHS Report for August 5, 2015

Daily Report                                            

Top Stories

 · New York officials reported August 3 that the death toll from a Legionnaires’ disease outbreak had risen to 7, and that there were a total of 81 reported cases of the disease in the South Bronx area. – FoxNews.com; Associated Press

14. August 4, FoxNews.com; Associated Press – (New York) Death toll in South Bronx Legionnaires’ disease outbreak rises to 7, officials say. Health officials in New York reported August 3 that the death toll from a Legionnaires’ disease outbreak had risen to 7, and that there were a total of 81 reported cases of the disease in the South Bronx area. Five cooling towers that returned positive results for the legionella bacteria were decontaminated and authorities continue to investigate the source of the bacteria. Source: http://www.foxnews.com/health/2015/08/04/death-toll-in-south-bronx-legionnaires-disease-outbreak-rises-to-7-officials/

 · California crews reached 12 percent containment August 4 of the 60,000-acre Rocky Fire burning in 3 counties that led to the evacuation of more than 13,000 people. – CNN

16. August 4, CNN – (California) California wildfires torch 134,000 acres – and counting. Crews in California reached 12 percent containment August 4 of the 60,000-acre Rocky Fire burning in Lake, Yolo, and Colusa counties that led to evacuation orders for more than 13,000 people. Firefighters worked to contain a total of 21 wildfires in the State that have burned over 134,000 acres collectively. Source: http://www.cnn.com/2015/08/03/us/california-wildfires/

 · Researchers discovered that the Yahoo! advertising network was hit by a large malvertising attack starting July 28 that leveraged Microsoft Azure Web sites to redirect users to pages hosting the Angler exploit kit to infect systems with ransomware and possibly malware.– Securityweek See item 21 below in the Information Technology Sector

 · An August 3 fire prompted the evacuation of 125 residents from the Courtyard Apartment Complex in California, and injured two residents. – KGO 7 San Francisco

31. August 3, KGO 7 San Francisco – (California) Apartment fire in Hayward prompts evacuation of 125 residents. An August 3 fire prompted the evacuation of 125 residents from the Courtyard Apartment Complex after 3 fires, in separate locations, began on the third floor of the building. Two residents were treated for minor injuries and an investigation is ongoing to determine the cause of the fires. Source: http://abc7news.com/news/apartment-fire-in-hayward-prompts-evacuation-of-125-residents/900054/

Financial Services Sector

5. August 3, Las Vegas Sun – (Nevada) Man convicted in Las Vegas mortgage fraud case. An Arizona man was convicted August 3 for his role in a mortgage fraud scheme in which he and 10 others conspired to cause Federally insured banks about $25 million in losses between 2005 – 2007 by using several investment businesses to recruit straw buyers who obtained mortgage loans for 110 Las Vegas and Henderson homes that they would purchase before going into foreclosure.

6. August 3, U.S. Securities and Exchange Commission – (National) SEC charges Houston-area businessman in Ponzi scheme. The U.S. Securities and Exchange Commission charged a co-owner of F.A. Voight & Associates LP and DayStar Funding LP August 3 with allegedly defrauding over 300 investors in a $114 million Ponzi scheme in which he solicited investments towards the development of a “Driver Alertness Detection System” while promising high returns, but instead used funds for Ponzi payments and personal gain funneled to a startup company through 2 other partnership companies. Source: http://www.sec.gov/news/pressrelease/2015-158.html

7. August 3, USA Today – (International) Former bank trader convicted in Libor scandal. A former Citigroup and UBS trader was convicted August 3 of conspiring with two dozen traders and employees to rig the London Interbank Offered Rate (Libor) to benefit their trading positions and boost profits while working for UBS and Citigroup. Source: http://www.usatoday.com/story/money/2015/08/03/former-bank-trader-convicted-libor-scandal/31052779/

Information Technology Sector

18. August 4, Securityweek – (International) Chinese VPN used by APT actors relies on hacked servers. Security researchers at RSA analyzed a Chinese virtual private network (VPN) service dubbed “Terracotta” and found that the service has at least 31 hacked Windows server nodes worldwide in hospitality, government organizations, universities, technology services providers, and private firms. Researchers have observed compromised servers running the Gh0st Remote Administration Tool (RAT), the Mitozhan trojan, and the Liudoor Backdoor, among others.

19. August 4, Help Net Security – (International) Macs can be permanently compromised via firmware worm. Security researchers discovered vulnerabilities in the firmware of Apple computers, dubbed “Thunderstrike 2,” in which a worm delivered via a phishing email or malicious Web site could spread across connected devices and systems before rewriting itself in the firmware to ensure persistence. Researchers stated that users need to re-flash the chip that contains the malware in order to get rid of the worm. Source: http://www.net-security.org/malware_news.php?id=3086

20. August 4, Softpedia – (International) RIG Exploit Kit 3.0 succeeded in infecting 1.25 million machines. Trustwave researchers reported that version 3.0 of the RIG Exploit Kit (EK) infected an average of 27,000 machines a day, totaling 1.25 million infections, through various campaigns in which it predominantly leveraged Adobe Flash zero-day exploits exposed by a Hacking Team leak in July. Source: http://news.softpedia.com/news/rig-exploit-kit-3-0-succeeded-in-infecting-1-25-million-machines-488461.shtml

21. August 4, Securityweek – (International) Malvertising hits Yahoo! ad network. Security researchers at Malwarebytes discovered that the Yahoo! advertising network was hit by a large malvertising attack starting July 28 that leveraged Microsoft Azure Web sites to redirect users to pages hosting the Angler exploit kit (EK) to infect systems with ransomware and possibly banking or ad-fraud malware. The attack was shut down August 3. Source: http://www.securityweek.com/malvertising-attack-hits-yahoo-ad-network

22. August 4, Securityweek – (International) Zero-day vulnerability in OS X exploited in the wild. Security researchers from Malwarebytes observed attacks leveraging an unpatched local privilege escalation vulnerability in Apple’s OS X operating system (OS) in which an attacker could modify a hidden UNIX file to execute adware and other suspicious software with root permissions. Source: http://www.securityweek.com/zero-day-vulnerability-os-x-exploited-wild

23. August 4, Help Net Security – (International) 79% of companies release apps with known vulnerabilities. Prevoty released findings from a survey and report on security and application development revealing that many enterprises face challenges in releasing secure software on development schedules, and that 43 percent of respondents admitted to releasing applications with vulnerabilities at least 80 percent of the time, due to business pressures and other concerns. Source: http://www.net-security.org/secworld.php?id=18702

24. August 4, Softpedia – (International) WordPress 4.2.4 fixes three XSS vulnerabilities and one potential SQL injection. WordPress released an update for its content management system (CMS) addressing three cross-site scripting (XSS) vulnerabilities, a structured query language (SQL) injection, an issue that allowed attackers to lock posts indefinitely, and a timing side-channel attack vector point in which an attacker could analyze cryptographic algorithm routine execution times.Source: http://news.softpedia.com/news/wordpress-4-2-4-fixes-three-xss-vulnerabilities-and-one-potential-sql-injection-488470.shtml

Communications Sector

Nothing to report