Wednesday, December 23, 2015



Complete DHS Report for December 23, 2015

Daily Report                                            

Top Stories

• An intense windstorm traveling across the Portland area December 21 caused power outages to approximately 30,000 people in several counties and closed railways and highways due to fallen trees and overturned vehicles. – Portland Tribune

3. December 21, Portland Tribune – (Oregon) Monday windstorm knocks out power, shuts down highway. An intense windstorm traveling across the Portland area December 21 caused power outages to approximately 30,000 people in several counties and closed railways and highways due to fallen trees and overturned vehicles. Source: http://www.pamplinmedia.com/pt/9-news/286192-163074-monday-windstorm-knocks-out-power-shuts-down-highway

• Carrier Corporation issued a recall December 22 for 285,000 of its Packaged Terminal Air Conditioners and Heat Pumps sold at HVAC dealers and factory-direct sales due to a potential fire hazard. – U.S. Consumer Product Safety Commission

6. December 22, U.S. Consumer Product Safety Commission – (National) Carrier recalls to repair packaged terminal air conditioners, heat pumps including previously recalled units due to fire hazard. Carrier Corporation issued a nationwide recall December 22 for 285,000 of its Carrier, Bryant and Fast branded Packaged Terminal Air Conditioners and Heat Pumps sold at HVAC dealers and factory-direct sales due to a potential fire hazard following 47 reported incidents of the units overheating and 1 incident of consumer injury. Source: http://www.cpsc.gov/en/Recalls/2016/Carrier-Recalls-to-Repair-Packaged-Terminal-Air-Conditioners-Heat-Pumps-Previously-Recalled-Units/

• Ford Motor Company issued 3 safety recalls and 1 safety compliance recall December 22 for 317,677 of its various vehicles due to lighting control module issues, air brake chamber issues, and rear axle shaft issues, among other issues. – Detroit News

8. December 22, Detroit News – (International) Ford issues four recalls for about 317K vehicles. Ford Motor Company issued 3 safety recalls and 1 safety compliance recall December 22 for 313,000 of its 2003 – 2005 model year Crown Victoria and Mercury Grand Marquis vehicles for lighting control issues; 177 of its 2016 model year F-650 and F-750 trucks for air brake chamber issues; 1,300 of its 2015 model year Transit dual-rear-wheel vehicles for rear axle shaft issues; and 3,200 of its 2015 model year F-150 SuperCrew vehicles for front seat belt retractor and pretension assembly issues. Officials stated that 11 reports of accidents and 1 report of minor injury were linked to the Crown Victoria and Mercury Grand Marquis vehicles and no accidents have been reported in relation to the other vehicles. Source: http://www.detroitnews.com/story/business/autos/ford/2015/12/22/ford-issues-four-recalls/77741848/

• Trend Micro researchers reported December 21 that cybercriminals behind Operation Black Atlas are using a variety of pen testing tools to exploit vulnerable systems within the healthcare and commercial sector to spread a variety of malware such as BlackPoS. – SecurityWeek See item 13 below in the Financial Services Sector

Financial Services Sector

11. December 21, Easton Express-Times – (Pennsylvania) Ex-Allentown finance director charged with role in pay-to-play scheme. The U.S. Attorney’s Office announced December 21 that Allentown’s former finance director was charged with conspiracy to commit mail and wire fraud following a pay-to-play scheme in which the director falsified public records in order to help award a contract to a campaign donor who supported the city Mayor. Source: http://www.lehighvalleylive.com/allentown/index.ssf/2015/12/ex-allentown_finance_director.html

12. December 21, New York Post-Star – (New York) Queensbury man pleads guilty in $1.2 million financial scheme. A former financial adviser pleaded guilty December 21 in Albany County Court to counts of grand larceny, scheme to defraud, money laundering, and violating state business law for his involvement in a Ponzi scheme in which he stole more than $1.26 million from 10 clients and paid some clients by taking the funds from others. Source: http://poststar.com/news/blotter/queensbury-man-pleads-guilty-in-million-financial-scheme/article_50809834-29e4-53f3-ab7b-dc1f92d5f56f.html

13. December 21, SecurityWeek – (National) Operation Black Atlas continues to compromise PoS systems. Trend Micro researchers announced December 21 that cybercriminals behind Operation Black Atlas are using a variety of pen testing tools to exploit vulnerable systems within the healthcare and commercial sector to spread a variety of malware such as BlackPoS; steal user credentials to Web sites that contain sensitive information; abuse the Windows Background Intelligent Transfer Service (BITS) or bitsadmin.exe; and build a replica of the Gorynych / Diamond Fox botnet malware and repurposed it to specifically look for the output file of the BlackPoS malware, which includes harvested credit card data, among other malicious actions. Source: http://www.securityweek.com/operation-black-atlas-continues-compromise-pos-systems

Information Technology Sector

23. December 22, SecurityWeek – (International) Oracle settles FTC charges over Java security updates. The U.S. Federal Trade Commission reported that the computer technology company, Oracle Corporation agreed to settle charges that the company deceived its customers by failing to notify its users that the Java Standard Edition (SE) updates only removed the most recent version of SE and not previously vulnerable versions, which exposed users to potential attacks. Oracle will be required to warn users during a SE update if older software version are present, to inform users about risks, and to present options to remove the vulnerable applications, among other requirements.

24. December 21, SecurityWeek – (International) TeslaCrypt delivered via recently patched flash exploit. Researchers from Malwarebytes reported that the previously patched Flash Player heap buffer overflow vulnerability (CVE-2015-8446), which was added to the Angler exploit kit, was exploited by attackers to deliver a new variant of the TeslaCrypt ransomware that encrypts files and renames them with a .vvv extension. Once the files are encrypted, victims are instructed to pay the attackers monetary funds to receive the private key needed to decrypt the files. Source: http://www.securityweek.com/teslacrypt-delivered-recently-patched-flash-exploit

25. December 21, Softpedia – (International) Gomasom ransomware decrypted, get your files back for free. A security researcher at Emsisoft created a tool for decrypting files, previously encrypted by the Gomasom ransomware that allows affected users to take the encrypted files and obtain the decryption key without paying the ransomware. The tool allows victims to use files in both its ransomware-encrypted and original version, or a ransomware-encrypted PNG file to retrieve the lost data. Source: http://news.softpedia.com/news/gomasom-ransomware-decrypted-get-your-files-back-for-free-497945.shtml

For another story, see item 13 above in the Financial Services Sector

Communications Sector

Nothing to report