Complete DHS Report for
September 9, 2015
Daily Report
Top Stories
• A section of U.S.
Highway 287 near Memphis, Texas, reopened September 3 after it was closed
September 1 while crews cleaned up 2,640 gallons of a toxic chemical mixture
that spilled from an overturned semi-truck. – Amarillo Globe-News
10. September
4, Amarillo Globe-News – (Texas) U.S. Highway 287 now open, spill
cleanup continues. A section of U.S. Highway 287 near Memphis was reopened
September 3 after it was closed September 1 while crews cleaned up 2,640
gallons of a chemical mixture of lead, calcium-zinc, and Rea Tin 4435 that
spilled from an overturned semi-truck. Source: http://amarillo.com/news/latest-news/2015-09-04/us-highway-287-reopened-spill-cleanup-continues
• Crews reached 31
percent containment September 8 of the 95,884-acre Rough Fire burning in
California. – KFSN 30 Fresno
15. September
8, KFSN 30 Fresno – (California) Rough Fire forces new mandatory evacuations. Crews
reached 31 percent containment September 8 of the 95,884-acre Rough Fire
burning in California. The sheriff’s office ordered additional mandatory
evacuations while several campgrounds remained closed until further notice. Source: http://abc30.com/news/rough-fire-forces-new-mandatory-evacuations/973554/
• Kaspersky Lab
released an update addressing a flaw affecting certain versions of its
antivirus products, while another security researcher identified several vulnerabilities
in FireEye products, including a command injection and login bypass bug. – Securityweek See item 24 below in the Information Technology Sector
• Security
researchers found that hackers were using the Neutrino Exploit Kit (EK) to
inject malicious scripts into outdated Webserver software that could
potentially impact 400 million users. – SC Magazine See item 25 below
in the Information Technology Sector
Financial Services Sector
3. September
4, Reuters – (International) Credit Suisse to pay $288 million in damages
in Lake Las Vegas refinancing. Credit Suisse Group AG was ordered to pay
$287.5 million in damages by a Texas district court to an affiliate of Highland
Capital Management following an event in which the Zurich-based bank was found
to have used inflated appraisals to convince the affiliate to refinance Lake
Las Vegas resort in 2007. The Nevada resort community filed for Chapter 11
bankruptcy in 2008. Source: http://www.reuters.com/article/2015/09/05/us-credit-suisse-gp-highland-verdict-idUSKCN0R502120150905
Information Technology Sector
22. September
8, Help Net Security – (International) Vulnerabilities in WhatsApp web affect 200
million users globally. WhatsApp patched a vulnerability discovered by
Check Point researchers that could potentially allow hackers to execute malware
on the devices via sending the user a malicious vCard contact card containing
an executable file ordering it to distribute ransomware, bots, remote access
tools (RAT), and other types of malicious codes. Source: http://www.net-security.org/secworld.php?id=18828
23. September
8, Securityweek – (International) Webroot, Avira patch flaws in mobile security
apps. Webroot and Avira Mobile Security released separate patches
addressing vulnerabilities including, a secure sockets layer (SSL) certificate
vulnerability for Webroot Mobile Protection for iOS versions 1.10.316 and prior
that could have allowed a man-in-the-middle (MitM) attacker to obtain
usernames, passwords, and other sensitive information. Avira Mobile Security
patched a vulnerability on versions 1.5.7 and prior that allowed a MitM
attacker to capture login information via an HTTP POST request. Source: http://www.securityweek.com/webroot-avira-patch-flaws-mobile-security-apps
24. September
7, Securityweek – (International) Kaspersky patches critical vulnerability in
antivirus products. Kaspersky Lab released an update addressing a flaw
affecting 2015 – 2016 versions of its antivirus products related to a buffer
overflow vulnerability affecting the application’s default configuration that
could allow a successful exploit. A security researcher identified several
vulnerabilities in FireEye products, including a command injection and login
bypass bug that is being addressed by FireEye officials. Source: http://www.securityweek.com/kaspersky-patches-critical-vulnerability-antivirus-products
25. September
7, SC Magazine – (International) Ransomware risk from over 140 million
websites, researchers warn. Security researchers found that hackers were
using the Neutrino Exploit Kit (EK) to inject malicious scripts into outdated
Webserver software that could potentially impact 400 million users that use 142
million legitimate Web sites running out of date versions of the WordPress
content management system or outdated plugins. Source: http://www.scmagazineuk.com/ransomware-risk-from-over-140-million-websites-researcher-warns/article/437202/
26. September
7, Softpedia – (International) Android pornography app takes pictures of
users and blackmails them for cash. Zscaler researchers discovered an
Android app dubbed Adult Player that is used as a platform to deliver
ransomware to mobile device users by secretly taking the user’s picture while it loads
an Android application package (APK) file where the malware code is hosted. The
photograph is used inside the ransom message. Source: http://news.softpedia.com/news/android-pornography-app-takes-pictures-of-users-and-blackmails-them-for-cash-491128.shtml
27. September
5, Softpedia – (International) Mozilla bug tracker hacked, data about
Firefox vulnerabilities stolen. Mozilla’s bug tracker, Bugzilla, forced
users with access to the bug tracker’s private section to change their
passwords while cutting down access to the section after engineers found that
the bug tracking application was compromised, and that an attacker used a
privileged account to gain access to information about unpatched Firefox
vulnerabilities. Source: http://news.softpedia.com/news/mozilla-bug-tracker-hacked-data-about-firefox-vulnerabilities-stolen-490980.shtml
Communications Sector
28. September
4, Ukiah Daily Journal – (California) Cell phone, internet service
down throughout Mendocino County after cable cut. Mendocino County
officials reported that cell, landline, and Internet services for customers
were expected to be restored September 4 after a 15-hour outage that began
September 3 when a fiber optic cable was cut near Retech. Source: http://www.dailydemocrat.com/general-news/20150904/cell-phone-internet-service-down-throughout-mendocino-county-after-cable-cut/1