Thursday, August 27, 2015



Complete DHS Report for August 27, 2015

Daily Report                                            

Top Stories

 · Officials announced August 25 that Kraft Heinz Foods Company issued a recall for more than 2 million pounds of its turkey bacon products due to adulteration.– U.S. Department of Agriculture

9. August 26, U.S. Department of Agriculture – (International) Kraft Heinz Foods Company recalls turkey bacon products due to possible adulteration. The Food Safety and Inspection Service announced August 25 that Kraft Heinz Foods Company issued a recall for more than 2 million pounds of its turkey bacon products due to adulteration that could cause the products to spoil prior to the “Best When Used By” date. The products were sold nationwide and exported to the Bahamas and St. Martin. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2015/recall-113-2015-release

 · Police took a teenager into custody following negotiations after the juvenile held 29 students and a teacher hostage at Philip Barbour High School in West Virginia August 25. – Fox News; Associated Press

16. August 26, Fox News; Associated Press – (West Virginia) Police say 14-year-old boy held class, teacher hostage at West Virginia school. Police took a teenager into custody following negotiations after the juvenile held 29 students and a teacher hostage at Philip Barbour High School in Philippi, West Virginia, August 25. The school was placed on a lockdown and other students were moved out of the building while authorities responded to the scene after reports of an individual with a gun.

 · Crews reached 15 percent containment August 25 of the 258,339-acre Okanogan Complex Fire burning in Washington and officials reported that the fire remains the top priority in the U.S.– NBC News

23. August 25, NBC News – (Washington) Resources falling short as Washington wildfire grows into historic monster. Crews reached 15 percent containment August 25 of the 258,339-acre Okanogan Complex Fire burning in Washington. Officials reported that the fire remains the top priority in the U.S. and additional resources were being diverted from California. Source: http://www.nbcnews.com/storyline/western-wildfires/resources-falling-short-washington-wildfire-grows-historic-monster-n415911

 · A reporter and photographer from a local news station in Virginia were killed by a shooter that appeared during a live news interview at Bridgewater Plaza in Moneta, Virginia August 26. – WTKR 3 Norfolk

34. August 26, WTKR 3 Norfolk – (Virginia) Roanoke reporter, photographer killed by shooter during live news interview. A reporter and photographer from local news station WDBJ in Roanoke were killed by a shooter that appeared during a live news interview at Bridgewater Plaza in Moneta, Virginia, August 26. The shooter led police on a pursuit before being discovered in his vehicle with a self-inflicted gunshot wound.

Financial Services Sector

7. August 25, Reuters – (New York) Man linked to rejected AmEx accord admits cheating NY law firms. A man whose wife was tied to a recently rejected antitrust settlement between retailers and American Express Co pleaded guilty August 25 to charges that he and his wife defrauded 2 New York law firms out of $7.8 million through the use of bogus limited liability corporations for litigation support services that he never performed.

For another story, see item 15 below from the Healthcare and Public Health Sector

15. August 25, U.S. Securities and Exchange Commission – (Indiana) SEC obtains summary judgement against Indianapolis resident in securities fraud involving biomedical company. The U.S. Securities and Exchange Commission announced August 24 a summary judgement against an Indianapolis resident after an investigation determined that he violated the antifraud provisions of the Federal securities laws by misleading the public and making false statements about Xytos, Inc., a company he controlled. Officials alleged that the individual intentionally misled the public and published that the company treated cancer patients while selling shares of the company in unregistered open market transactions. Source: http://www.sec.gov/litigation/litreleases/2015/lr23328.htm

Information Technology Sector

26. August 26, SC Magazine – (International) Zero-day, Angler kit exploits help drive up malvertising by 325%. Security researchers from Cyphort reported study findings revealing that malvertising attacks have increased by 325 percent in 2015, likely due to a combination of frequent zero-day exploits and new technology making the tactic more effective.

27. August 26, Securityweek – (International) New Zeus variant “Sphinx” offered for sales. Malware developers released a new Zeus banking trojan variant called Sphinx that operates fully through The Onion Router (Tor) anonymity network and is designed to work on Microsoft Windows Vista and Windows 7 with User Account Control (UAC) enabled, as well as on low-privilege and “Guest” accounts. The malware has a full feature suite including Backconnect Virtual Network Computing (VNC) capability allowing users to transfer funds directly from the infected system.Source: http://www.securityweek.com/new-zeus-variant-sphinx-offered-sale

28. August 26, Threatpost – (International) CERT warns of hard-coded credentials in DSL SOHO routers. The Computer Emergency Readiness Team (CERT) published an advisory warning that certain Digital Subscriber Line (DSL) routers manufactured by ASUS Tek, DIGICOM, Observa Telecom, Philippine Long Distance Telephone, and ZTE contain hard-coded credentials that could allow a hacker to remotely control or access the devices via telnet services. Source: https://threatpost.com/cert-warns-of-hard-coded-credentials-in-dsl-soho-routers/114421

29. August 26, Securityweek – (International) Sundown EK first to integrate exploit for recently patched IE flaw. Security researchers from Symantec discovered that the Sundown exploit kit (EK) integrated a recently patched Microsoft Internet Explorer memory corruption vulnerability, and reported observing watering hole attacks leveraging the EK to deliver the Trojan.Nancrat backdoor. Source: http://www.securityweek.com/sundown-ek-first-integrate-exploit-recently-patched-ie-flaw

30. August 26, Threatpost – (International) Researchers uncover new Italian RAT uWarrior. Security researchers from Palo Alto Networks discovered a new fully-featured remote access trojan (RAT) called uWarrior embedded in a rigged Rich Text Format (.RTF) file. After the file infects the system, it downloads a payload and is copied to another directory, where it communicates with a command and control server through an encrypted protocol. Source: https://threatpost.com/researchers-uncover-new-italian-rat-uwarrior/114414

31. August 26, V3.co.uk – (International) Apple iOS Ins0mnia flaw that hides malicious apps revealed by FireEye. Security researchers from FireEye discovered that devices running versions of iOS prior to 8.4.1 are vulnerable to a flaw dubbed Ins0mnia, in which any application could bypass Apple background restrictions, and could allow an attacker to run in the background and steal sensitive user information indefinitely without the user’s consent or knowledge. Source: http://www.v3.co.uk/v3-uk/news/2423493/apple-ios-ins0mnia-flaw-that-hides-malicious-apps-revealed-by-fireeye

32. August 25, IDG News Service – (International) Flaw in Android remote-support tool exploited by screen recording app. Security researchers from Check Point discovered that the Recordable Activator Android app on Google Play was utilizing a recently discovered flaw in the TeamViewer remote support tool dubbed Certifi-gate, in which an attacker could use a rogue app to masquerade as an official tool and take control of an affected device. The app was pulled after having over 500,000 installations Source: http://www.computerworld.com/article/2975776/security/flaw-in-android-remote-support-tool-exploited-by-screen-recording-app.html#tk.rss_security

33. August 25, Threatpost – (International) AutoIt used in targeted attacks to move RATs. Security researchers at Cisco discovered that hackers are using the AutoIt task automation freeware to stealthily drop remote access trojans (RATs) that install via malicious macros in Microsoft Word documents. AutoIt is considered a legitimate information technology (IT) administration tool, and is often whitelisted in enterprises. Source: https://threatpost.com/autoit-used-in-targeted-attacks-to-move-rats/114406

For another story, see item 20 below from the Government Facilities Sector

20. August 25, Associated Press – (California) Audit: California agencies vulnerable to IT security breach. A report released August 25 by the State auditor found that several California agencies were not in compliance with the State’s information technology standards, leaving them vulnerable to potential attacks and security breaches, among other findings. The California Department of Technology responded that it is committed to improving the State’s overall security posture and oversight. Source: http://www.dailyherald.com/article/20150825/business/308259843/

Communications Sector

See items 31 and 32 above in the Information Technology Sector