Tuesday, August 25, 2015



Complete DHS Report for August 25, 2015

Daily Report                                            

Top Stories

 · U.S. 26 in Oregon remained closed August 24 after initially closing August 22 for approximately 12 hours due to a brush fire. – KGW 8 Portland

4. August 24, KGW 8 Portland – (Oregon) U.S. 26 remains closed Monday due to brush fire near Manning. U.S. 26 in Manning, Oregon, remained closed August 24 after initially closing August 22 for approximately 12 hours due to a brush fire. The roadway was reopened and closed again August 23 while crews worked to contain the fire. Source: http://www.kgw.com/story/news/local/washington-county/2015/08/22/hwy-26-closed-near-manning-because-brush-fire/32215783/

 · Lookout released a report revealing that 14,622 Lookout-enabled devices across 20 Federal agencies encountered 1,781 app-based threats and that 18 percent of Federal employees with personal and government-issued smartphones reported encountering malicious software, among other findings. – Help Net Security

15. August 24, Help Net Security – (International) Risky mobile behaviors are prevalent in the government. Lookout released findings from a report revealing that 14,622 Lookout-enabled devices across 20 Federal agencies encountered 1,781 app-based threats, that employees use personal mobile devices in various ways that can compromise agency network security, and that 18 percent of Federal employees with personal and government-issued smartphones reported encountering malicious software, among other findings. Source: http://www.net-security.org/secworld.php?id=18790

 · Crews reached 10 percent containment August 24 of the Okanogan Complex Fire that has burned over 400 square miles in Washington and is now the largest fire in State history. – Associated Press

16. August 24, Associated Press – (Washington) Washington wildfire is now largest in state history. Crews reached 10 percent containment August 24 of the Okanogan Complex Fire that has burned over 400 square miles in Washington and is now the largest fire in State history. Firefighters battled 16 other wildfires in central and eastern Washington covering over 940 square miles that have damaged or destroyed more than 200 homes. Source: http://www.msn.com/en-us/news/us/im-alive-%E2%80%94-people-survey-damage-from-washington-fire/ar-BBm2hHc

 · A man died of a self-inflicted gunshot wound after entering a Federal building in New York August 21, and shooting and fatally injuring a security officer. – WCBS 2 New York City

24. August 21, WCBS 2 New York City – (New York) Police: Gunman shoots security officer dead, kills self at Varick Street Federal building. A man died of a self-inflicted gunshot wound after entering a Federal building in New York August 21, and shooting and fatally injuring a security officer. The building was placed on lockdown and evacuated while officials investigated the incident.

Financial Services Sector

3. August 21, South Florida Sun-Sentinel – (Florida) ‘Lucky Bandit’ pleads guilty to bank robbery charges. A man believed to be the suspect dubbed the “Lucky Bandit” pleaded guilty August 21 to attempting to rob a Citibank branch and to robbing a Wells Fargo bank in Pembroke Pines last April.Source: http://www.sun-sentinel.com/local/broward/fl-lucky-bandit-pleads-brf-20150821-story.html

Information Technology Sector

25. August 24, Securityweek – (International) Zero-day flaws found in Dolphin, Mercury browsers for Android.A security researcher discovered a vulnerability in the Dolphin Web browser for Android in which a man-in-the-middle (MitM) attacker could inject a specially crafted file to arbitrarily write files or execute remotely, as well as unpatched insecure Intent URI scheme implementation and path transversal vulnerabilities in the Mercury Web browser that could allow a remote attacker to read and write arbitrary files within the application’s data directory.Source: http://www.securityweek.com/zero-day-flaws-found-dolphin-mercury-browsers-android

26. August 24, Softpedia – (International) Google patches Android vulnerability that allowed arbitrary code execution. Google issued an update addressing a heap overflow vulnerability in the Android mediserver’s Audio Policy Service that an attacker could trigger to cause a continuous crash loop in the affected device. Source: http://news.softpedia.com/news/google-patches-android-vulnerability-that-allowed-arbitrary-code-execution-489905.shtml

27. August 24, Securityweek – (International) Apple patches nine vulnerabilities in QuickTime for Windows. Apple patched nine vulnerabilities in QuickTime 7.7.8 for Microsoft Windows, including denial-of-service (DoS) flaws that can be exploited via specially crafted .MOV files, leading to a memory corruption condition that can cause QuickTime to terminate unexpectedly. Source: http://www.securityweek.com/apple-patches-nine-vulnerabilities-quicktime-windows

For additional stories, see item 2 below from the Critical Manufacturing Sector and 15 above in Top Stories

2. August 24, The Register – (International) Samsung smart fridge leaves Gmail logins open to attack. Security researchers from Pen Test Partners discovered a Secure Sockets Layer (SSL) vulnerability in Samsung’s RF28HMELBSR smart fridge in which a man-in-the-middle (MitM) attacker could use a fake Wi-Fi access point and deauthentication to steal Google login credentials via the refrigerator’s calendar client. Source: http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar/

Communications Sector

Nothing to report