Friday, April 29, 2016



Complete DHS Report for April 29, 2016

Daily Report                                            

Top Stories

• A mechanical failure due to heavy rainfall at the South Kansas River pump station in Topeka released approximately 2.4 million gallons of untreated wastewater into the Kansas River April 26. – Topeka Capital-Journal

13. April 27, Topeka Capital-Journal – (Kansas) 2.4 million gallons of untreated wastewater released into Kansas River in Topeka after storm, mechanical failure. A mechanical failure due to heavy rainfall at the South Kansas River pump station in Topeka released approximately 2.4 million gallons of untreated wastewater into the Kansas River April 26. Source: http://cjonline.com/news/2016-04-27/24-million-gallons-untreated-wastewater-released-kansas-river-after-storm-mechanical#

• Cisco reported that Tuto4PC’s OneSoftPerDay application was discovered to install potentially unwanted programs, harvest users’ personal information, and considered to be a backdoor for 12 million personal computers. – SecurityWeek See item 23 below in the Information Technology Sector

• Lifeboat Networks reported April 27 that its network was compromised, exposing its users’ information from the Minecraft Pocket Edition mobile game after a security researcher found over 7 million user credentials were available online. – SC Magazine See item 24 below in the Information Technology Sector

• Six researchers discovered they could create fake traffic jams and track the movements of any Waze user by reverse engineering the Waze app communications protocol and creating Sybil attacks to insert thousands of malicious users inside the Waze networks. – Softpedia See item 25 below in the Information Technology Sector

Financial Services Sector

2. April 27, New York Daily News – (New York) Bloods-linked gang members charged with running $414G identity-theft ring. Officials from the New York County District Attorney’s Office announced April 26 that 39 gang members were charged for their roles in a $414,000 identity theft scheme where the group used stolen bank information from the Dark Web to create phony credit cards used to make fraudulent purchases at Barneys and Sacks Fifth Avenue stores and sold the goods to fund personal expenses. Officials stated a subsequent search of the suspects’ apartments in Queens and Brooklyn, New York revealed computers and credit card making equipment, among other illicit materials. Source: http://www.nydailynews.com/new-york/nyc-crime/bloods-linked-gang-members-charged-414g-id-theft-ring-article-1.2615754

Information Technology Sector

21. April 28, SecurityWeek – (International) Critical, high severity flaws patched in Firefox. Mozilla released its web browser, Firefox 46 that patched a total of 14 vulnerabilities including 4 critical vulnerabilities affecting the browser engine, which could cause crashes and potential arbitrary code execution, as well as a high severity vulnerability that could be exploited via specially crafted Web content and cause an exploitable crash, among other flaws.

22. April 28, The Register – (International) Time for a patch: Six vulns fixed in NTP daemon. Security researchers from Cisco’s Talos Security Intelligence and Researcher Group discovered five vulnerabilities in Network Time Protocol daemon (ntpd) after its ongoing ntpd evaluation revealed attackers could craft User Datagram Protocol (UDP) packets to cause a denial-of-service (DoS) condition or prevent the correct time from being set, among other actions. The vulnerabilities were patched in Network Time Protocol (NTP) version 4.2.8p7. Source: http://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/

23. April 28, SecurityWeek – (International) Cisco finds backdoor installed on 12 million PCs. Cisco’s Talos Security Intelligence and Research Group reported that a Tuto4PC’s OneSoftPerDay application was discovered to install potentially unwanted programs (PUPs), harvest users’ personal information, and was considered to be a backdoor for 12 million personal computers (PCs) after an analysis revealed that an increase in generic trojans were found when about 7,00 unique samples displayed names including “Wizz” in some of the domains.

24. April 27, SC Magazine – (International) Over 7M Minecraft mobile credentials exposed after Lifeboat data breach. Lifeboat Networks reported April 27 that its network was compromised in January, exposing its users’ login names, passwords, and email addresses in the Minecraft Pocket Edition mobile game after a security researcher found over 7 million user credentials were available online. Lifeboat forced its customers to reset their passwords discretely and stated they started using stronger algorithms to guard user data. Source: http://www.scmagazine.com/over-7m-minecraft-mobile-credentials-exposed-after-lifeboat-data-breach/article/492634/

25. April 27, Softpedia – (International) Waze drivers can be tracked, network flooded with fake traffic. Six researchers from the University of California, University of Santa Barbara, and the Tsinghua University discovered that they could create fake traffic jams and track the movements of any Waze user by reverse engineering the Waze app communications protocol and creating Sybil attacks to insert thousands of malicious users inside the Waze networks. The attacks could manipulate the app’s behavior and allow attackers to pose as Waze users when communicating with the app’s Google server. Source: http://news.softpedia.com/news/waze-drivers-can-be-tracked-network-flooded-with-fake-traffic-503473.shtml

26. April 27, SecurityWeek – (International) Attackers increasingly abuse open source security tools. Security researchers from Kaspersky Lab reported that the open source security tool, Browser Exploitation Framework (BeEF) was being leveraged by an advanced persistent threat (APT) group named NewsBeef to track and steal users’ browsing history from compromised Web sites through flaws in content management systems. In addition, researchers reported that other APT actors were using open source tools in their operations to execute malware across the globe. Source: http://www.securityweek.com/attackers-increasingly-abuse-open-source-security-tools

27. April 27, SecurityWeek – (International) Verizon 2016 DBIR: What you need to know. Verizon released its 2016 Data Breach Investigations Report (DBIR) which revealed current information technology (IT) trends and the overall cyberattack landscape after conducting an analysis on over 100,000 security incidents, which confirmed 2,260 data breaches occurred across 82 different countries in 2015, with the majority of breaches occurring due to human nature via phishing campaigns. Source: http://www.securityweek.com/verizon-2016-dbir-what-you-need-know

Communications Sector

See items 24 and 25 above in the Information Technology Sector

Thursday, April 28, 2016



Complete DHS Report for April 28, 2016

Daily Report                                            

Top Stories

• Seven California residents were charged the week of April 18 for their roles in a $14 million identity theft and international money laundering scheme where the group filed approximately 7,000 fraudulent tax returns. – Los Angeles Daily News See item 3 below in the Financial Services Sector

• A 6-alarm fire April 26 at Kofkoff Egg Farms in Connecticut killed at least 80,000 chickens, destroyed 1 of the facility’s 13 chicken coops, and prompted the response of 150 firefighters. – Hartford Courant

11. April 27, Hartford Courant – (Connecticut) Fire at Lebanon egg farm kills 80,000 chickens, investigation underway. A 6-alarm fire April 26 at Kofkoff Egg Farms in Lebanon, Connecticut, killed at least 80,000 chickens, destroyed 1 of the facility’s 13 chicken coops, and prompted 150 firefighters from 25 fire departments to remain on site for several hours containing the blaze. The cause of the fire remains under investigation. Source: http://www.courant.com/breaking-news/hc-lebanon-kofkoff-egg-farms-fire-0427-20160426-story.html

• Pilgrim’s Pride Corp., expanded a previous recall April 26 to include approximately 4,568,080 pounds of its fully cooked chicken products due to potential contamination with extraneous materials. – U.S. Department of Agriculture

12. April 27, U.S. Department of Agriculture – (National) Pilgrim’s Pride Corp. recalls poultry products due to possible foreign matter contamination. Pilgrim’s Pride Corp., expanded an April 7 recall April 26 to include approximately 4,568,080 pounds of its fully cooked chicken products sold in 23 variations due to potential contamination with plastic, wood, rubber, and metal pieces after the company received consumer complaints regarding extraneous materials found in the chicken nugget products. There have been no confirmed reports of adverse reactions in connection with the recall and the products were distributed for institutional use nationwide.

• Pfizer Inc., and Wyeth agreed to pay $784.6 million April 27 to resolve allegations that Wyeth sold its Protonix Oral and Protonix IV drugs through hidden, bundled sales arrangements without notifying the Federal Government, which allowed hospitals to earn deep discounts. – U.S. Department of Justice

14. April 27, U.S. Department of Justice – (National) Wyeth and Pfizer agree to pay $784.6 million to resolve lawsuit alleging that Wyeth underpaid drug rebates to Medicaid. The U.S. Department of Justice announced April 27 that Pfizer Inc., and Wyeth agreed to pay $784.6 million to resolve allegations that Wyeth sold two of its proton pump inhibitor (PPI) drugs, Protonix Oral and Protonix IV, through hidden, bundled sales arrangements allowing a hospital to earn deep discounts on both drugs if it placed them on formulary and made them available within the hospital. The company did not disclose the bundled sales arrangements to the government, enabling them to avoid paying hundreds of millions in rebates to Medicaid from 2000 – 2006.

Financial Services Sector

3. April 27, Los Angeles Daily News – (International) Feds break up money-laundering scheme linked to fraudulent Armenian passports. The U.S. District Court in Santa Ana unsealed charges the week of April 18 against 7 California residents for their roles in a $14 million identity theft and international money laundering scheme where the group filed approximately 7,000 fraudulent tax returns by using stolen identities to create fraudulent foreign passports from the Republic of Armenia, Georgia, and the Czech Republic in order to open numerous bank accounts and mailboxes, which were used to deposit and launder the refunds. Officials stated that a total of 10 people were involved in the fraud scheme that sought a total of $38 million in fraudulent tax returns.

Information Technology Sector

21. April 27, Help Net Security – (International) DDoS aggression and the evolution of IoT risks. Neustar released its findings after conducting a survey on over 1,000 information technology (IT) professionals across 6 continents which revealed that 76 percent of companies are investing in distributed denial-of-service (DDoS) protection as DDoS attacks are continuing to evolve from single large attacks to multi-vector attacks. Forty-seven percent of attacked organizations were participating in information sharing on threats and counter measures to mitigate future assaults.

22. April 26, SecurityWeek – (International) Information stealer “Fareit” abuses PowerShell. Security researchers from Trend Micro discovered a new variant of the Fareit malware was stealing login details, Bitcoin-related data, and other personal information from victims after the malware was delivered via spam emails and executed through two different tactics including Word documents and malicious macros, and PDF documents and Windows PowerShell. Attackers could use PDF files to execute PowerShell via the OpenAction event that allows Fareit to download onto a victim’s machine and collect information.

23. April 26, Softpedia – (International) The Pirate Bay malvertising campaign pushes Cerber ransomware. Security researchers from Malwarebytes and RiskIQ reported that malicious ads on The Pirate Bay torrent portal were redirecting victims, using older windows and Internet Explorer software to another Uniform Resource Identifier (URL) where the Magnitude exploit kit (EK) would leverage a Flash zero-day flaw to compromise vulnerable personal computers (PCs), install the Cerber ransomware, and install potentially unwanted software (PUP). Source: http://news.softpedia.com/news/the-pirate-bay-malvertising-campaign-pushes-cerber-ransomware-503455.shtml

For another story, see item 24 below in the Communications Sector

Communications Sector

24. April 27, SecurityWeek – (International) Android ransomware dropped via Towelroot, hacking team exploits. Security researchers from Blue Coat Labs discovered that a ransomware named “Cyber.Police” was able to install malicious programs onto a mobile device without user interaction after finding that at least 224 devices running Android versions 4.0.3 to 4.4.4 were communicating the malware’s command and control (C&C) server since February and that the malicious programs were on devices running Cyanogenmod 10 version of Android 4.2.2. The malware was delivered via two known exploits including the Towelroot exploit and a JavaScript exploit. Source: http://www.securityweek.com/android-ransomware-dropped-towelroot-hacking-team-exploits