Complete DHS Report for January 29, 2016
Daily Report
Top Stories
• A Chinese businessman pleaded guilty January 27 after he
and six others allegedly stole patented corn seeds from two Iowa farms and sent
the genetically modified seeds to Beijing Dabeinong Technology Group Co., a
foreign agricultural conglomerate. – Des Moines Register
13. January
27, Des Moines Register – (International) Chinese businessman gets
deal in seed theft case. A Chinese businessman pleaded guilty January 27 to
one count of conspiracy to steal trade secrets after he and six others
reportedly stole valuable patented corn seeds from DuPont Pioneer and Monsanto
Iowa farms and sent the genetically modified seeds to Beijing Dabeinong
Technology Group Co., Chinese agricultural conglomerate, which allowed the
foreign company to counterfeit the seeds and avoid paying for their own
research and development. The scheme cost U.S. companies billions of dollars. Source: http://www.desmoinesregister.com/story/news/crime-and-courts/2016/01/27/chinese-businessman-pleads-seed-theft-case/79428650/
• A 12-inch feeder line ruptured January 27 spilling 2
million gallons of water within 30 minutes in Rapid City, South Dakota,
impacting hundreds of home and businesses in the area. – KOTA 3 Rapid City
14. January
27, KOTA 3 Rapid City – (South Dakota) Water main breaks at
intersection causing problems. A 12-inch feeder line ruptured January 27
spilling 2 million gallons of water within 30 minutes in Rapid City, South
Dakota, impacting hundreds of home and businesses in the area. Crews restored
about 90 percent of water service after several hours. Source: http://www.kotatv.com/news/south-dakota-news/water-main-breaks-at-intersection-causing-problems/37667840
• The Orange County Sheriff’s Department reported that 5
alleged gang members were arrested January 27 for reportedly helping 3 inmates
escape from the Orange County Men’s Central Jail January 22. – Los Angeles
Times
19. January
27, Los Angeles Times – (California) Alleged gang members arrested
in O.C. jailbreak probe, but 3 escapees still at large. The Orange County
Sheriff’s Department reported that 5 alleged gang members were arrested January
27 for reportedly helping 3 inmates escape from the Orange County Men’s Central
Jail January 22. Officials reported that additional arrests are pending and
that the three escaped inmates remain at large. Source: http://www.latimes.com/local/lanow/la-me-ln-orange-county-sheriff-jail-break-20160127-story.html
• The FBI reported January 26 that they arrested and
charged a Milwaukee man for illegally possessing machine guns and planning a
massacre at a Masonic temple after he disclosed his plans to attack a Milwaukee
temple to two undercover FBI agents. – CNN
28. January
27, CNN – (Illinois) FBI: Milwaukee man planned mass shooting at
Masonic temple. An FBI official announced January 26 that they arrested and
charged a Milwaukee man for illegally possessing machine guns and planning a
massacre at a Masonic temple after the man disclosed his plans to attack a
Milwaukee temple to two undercover FBI agents following an in-depth Federal
investigation. Source: http://www.cnn.com/2016/01/26/us/milwaukee-masonic-temple-mass-shooting-planned-charges/
Financial Services Sector
Nothing
to report
Information Technology Sector
20. January 28,
SecurityWeek – (International) Samsung patches critical vulnerabilities in
Android devices. Samsung released a maintenance update for its major
Android flagship Galaxy models that patched 16 vulnerabilities including a flaw
in Skia which allowed attackers to conduct denial-of-service attacks via a
crafted media file, and a remote code execution (RCE) flaw in Android
Mediaserver, which allowed attackers to cause memory corruption, among other
vulnerabilities. Source: http://www.securityweek.com/samsung-patches-critical-vulnerabilities-android-devices
21. January
28, Softpedia – (International) WhatsApp will get security indicators to
highlight encrypted chats. WhatsApp mobile messaging application will
release two new features in its WhatsApp 3.0 interface including the “Show
security indicators” feature that will add a lock icon to a user’s WhatsApp
encrypted conversations and the “Share my account info” feature that will send
a user’s WhatsApp data to Facebook servers in an effort to improve users’ Facebook
experience. Source: http://news.softpedia.com/news/whatsapp-will-get-security-indicators-to-highlight-encrypted-chats-499552.shtml
22. January
28, Help Net Security – (International) Cisco plugs hole in
firewall devices that could lead to device hijacking. Cisco released
firmware updates for its RV220W Wireless Network Security Firewall devices,
specifically versions prior to 1.0.7.2, after an anonymous researcher working
with Beyond Security discovered a critical vulnerability that allowed attackers
to send crafted Hypertext Transfer Protocol (HTTP) request embedded with
malicious Structured Query Language (SQL) statements to the management
interface of a targeted device, which may allow attackers to bypass
authentication protocols on the management interface and gain administrative
privileges on the infected device. Source: http://www.net-security.org/secworld.php?id=19383
23. January
28, SecurityWeek – (International) LG patches severe smartphone hijack
vulnerability. LG Electronics released patches fixing a critical
vulnerability in the Smart Notice application (SNAP), which comes pre-loaded on
all LG smartphones, after researchers from BugSec and Cynet discovered the flaw
can allow attackers to extract private user information from the device’s
secure digital (SD) card, WhatsApp application data, and private user images,
as well as render users vulnerable to phishing attacks, ultimately resulting in
the installation of mobile malware on the affected devices. Attackers can
exploit the vulnerability through different methods due to functionality issues
and validation issues. Source: http://www.securityweek.com/lg-patches-severe-smartphone-hijack-vulnerability
24. January
28, SecurityWeek – (International) Oracle to kill Java browser plugin. Oracle
reported January 27 that it plans to discontinue the Java browser plugin in its
Java Development Kit (JDK) 9 and remove the plugin completely from JDK and
Runtime Environment (JRE) in a future Java release due to the large number of
vulnerabilities found in the plugin. Security experts advised users to disable
the application unless specifically needed and to ensure users are running the
latest Java version. Source: http://www.securityweek.com/oracle-kill-java-browser-plugin
25. January
28, Threatpost – (International) BlackEnergy APT group spreading malware via
tainted word docs. Researchers from Kaspersky Lab discovered attackers were
delivering the BlackEnergy malware via spear phishing emails with malicious
Microsoft Word document attachments, which are embedded with malicious macros
to target Industrial Control Systems (ICS) and Supervisory control and data
acquisition (SCADA) companies around the world. Source: https://threatpost.com/blackenergy-apt-group-spreading-malware-via-tainted-word-docs/116043/
26. January
27, SecurityWeek – (International) This is what Microsoft’s vulnerability
patching efforts looked like in 2015. Researchers from ESET released a
report that analyzed the most affected components in Microsoft Windows during
2015 and addressed the importance of patching vulnerabilities, which revealed
that more than 570 vulnerabilities were patched in Microsoft products and that
many of the patches affected the Internet Explorer (IE) browser. Source: http://www.securityweek.com/what-microsofts-vulnerability-patching-efforts-looked-2015
Communications Sector
Nothing to report