Complete DHS Report for May 31, 2016
• Eight automakers announced a recall May 27 for over 12 million model years 2002 – 2011 vehicles sold in the U.S. due to defective Takata Corp., passenger-side air bag inflators. – Reuters
2. May 27, Reuters – (International) Automakers recall 12 million U.S. vehicles over Takata air bags. Eight automakers announced a recall May 27 for over 12 million model years 2002 – 2011 vehicles sold in the U.S. due to defective Takata Corp., passenger-side air bag inflators that can explode with too much force and spray metal shrapnel into vehicle passenger compartments. The defective inflators have been linked to over 100 injuries and at least 13 deaths globally.
• Washington, D.C. officials announced that track work May 28 – May 30 will take all Orange Line trains out of service, close three stations, and force single-tracking between certain stations on four lines. – WTOP 103.5 FM Washington, D.C.
8. May 26, WTOP 103.5 FM Washington, D.C. – (Maryland; Virginia; Washington, D.C.) Metro: 3 stations closed, work on all lines Memorial Day weekend. The Washington Metropolitan Area Transit Authority announced May 26 that track work May 28 – May 30 on the Metro will take all Orange Line trains out of service, close the Vienna, Dunn Loring, and West Falls Church stations, and force single-tracking between certain stations on the Red, Silver, Blue, and Green lines. Source: http://wtop.com/sprawl-crawl/2016/05/metro-close-orange-line-work-lines-memorial-day-weekend/
• The use of Probuphine, an implant that slowly releases a low dose of buprenorphine over 6 months, was approved May 26 to help individuals struggling with addiction to heroin and painkillers. – Associated Press
15. May 26, Associated Press – (National) FDA approves first drug-oozing implant to control addiction. The U.S. Food and Drug Administration approved May 26 the use of Probuphine, an implant that slowly releases a low dose of buprenorphine over 6 months, in order to help individuals struggling with addiction to heroin and painkillers. The implant is expected to be used as part of a multipronged addiction treatment program, and doctors who implant the device are required to receive special training on the implantation and removal of the device. Source: http://www.cbsnews.com/news/fda-approves-first-drug-oozing-implant-to-control-addiction/
• A U.S. Government Accountability Office report found that some business systems run by U.S. government agencies are written in mainframe assembler code or COBOL, are outdated, and consume larger portions of agencies’ budgets just for operation and maintenance. – Ars Technica
17. May 26, Ars Technica – (National) Government agencies keep sacrificing cash to zombie IT systems, GAO finds. A U.S. Government Accountability Office (GAO) report on business systems run by U.S government agencies found that some of the systems used are written in mainframe assembler code or COBOL, are outdated, and are consuming larger portions of agencies’ IT budgets just for operation and maintenance. Some of the agencies included in the top ten oldest systems cited by GAO include the U.S. Department of the Treasury, the U.S. Department of Defense, the U.S. Department of Veterans Affairs, and the U.S. Department of Commerce, among others. Source: http://arstechnica.com/information-technology/2016/05/government-agencies-keep-sacrificing-cash-to-zombie-it-systems-gao-finds/
Financial Services Sector
4. May 26, SecurityWeek – (Texas) PayPal settles with Texas over Venmo app security claims. The State of Texas and PayPal entered into an Assurance of Voluntary Complance agreement May 26 after Venmo, a company acquired by PayPal, violated the Texas Deceptive Trade Practices – Consumer Protection Act by allegedly providing confusing and deficient privacy and security disclosures, and failing to provide clarification over access to the user’s contact list. PayPal agreed make “behavioral” changes regarding interactions between Venmo and its users.
5. May 26, East Oregonian – (Oregon) Nearly 100 reports of missing money in Hermiston bank fraud. Authorities are searching May 26 for a man suspected of installing a skimming device on a Portland area ATM beginning the week of May 8 and using the stolen data to manufacture fraudulent debit cards in order to withdraw cash from other area ATMs after officials received approximately 100 reports of fraudulent bank account activity. Authorities stated that the scheme has caused thousands of dollars in losses, and believe the man is part of an organized group. Source: http://www.eastoregonian.com/eo/local-news/20160526/nearly-100-reports-of-missing-money-in-hermiston-bank-fraud
Information Technology Sector
21. May 26, SecurityWeek – (International) Angler EK malvertising campaign abuses recent Flash zero-day. Security researchers from Malwarebytes reported that a previously patched zero-day flaw in Adobe Flash Player was being exploited in a new malvertising campaign targeting ad networks through a conditional malicious code which redirects users to the Angler exploit kit (EK) after executing fingerprinting checks. Attackers exploit the vulnerability via specially crafted Microsoft Office documents. Source: http://www.securityweek.com/angler-ek-malvertising-campaign-abuses-recent-flash-zero-day
22. May 26, Softpedia – (International) Windows trojan uses TeamViewer to turn your PC into a web proxy. Security researchers from Dr. Web and Yandex reported that the backdoor trojan dubbed, BackDoor.TeamViewer.49 was using a malware dropper called Trojan.MulDrop6.39120 and a malicious Adobe Flash Player update package to secretly distribute the TeamViewer trojan. Once the TeamViewer trojan is installed, the trojan connects via an encrypted channel to the attackers’ command and control (C&C) server, where it relays Web traffic to other servers on the Internet and uses the affected device as a proxy server. Source: http://news.softpedia.com/news/windows-trojan-uses-teamviewer-to-turn-your-pc-into-a-web-proxy-504540.shtml
23. May 26, SecurityWeek – (International) “SandJacking” attack allows hackers to install evil iOS apps. A security researcher from Mi3 Security discovered that attackers could exploit a new Apple feature, which allows developers to create mobile operating system (iOS) apps using certificates easily obtained by providing an Apple ID, to quickly replace a legitimate app on an iOS device with a rogue version that contains malicious capabilities to give attackers complete control and access to the application. The security researcher released a proof-of-concept (PoC) titled, “Su-A-Cyder” that can replace legitimate apps for malicious apps when the targeted phone is connected to a computer.
For another story, see item 4 above in the Financial Services Sector
See item 23 above in the Information Technology Sector
Complete DHS Report for May 27, 2016
• Seattle City Light is investigating the cause of a power outage that knocked out power to downtown Seattle for about 1 hour May 25, causing 60 percent of the area to lose service. – Seattle Times
1. May 26, Seattle Times – (Washington) Power restored after major, hour-long outage in downtown Seattle. Seattle City Light is investigating the cause of a power outage that knocked out power to downtown Seattle for about 1 hour May 25, causing 60 percent of the area to lose service and 12,000 electric meters to be affected. Traffic was gridlocked during the outage and several people were trapped in the elevators of various buildings.
• The U.S. Food and Drug Administration finalized May 26 a new food safety rule that requires food facilities to establish food defense monitoring procedures and corrective actions as part of an effort to prevent wide-scale public health harm. – U.S. Food and Drug Administration
8. May 26, U.S. Food and Drug Administration – (National) FDA issues final food defense regulation. The U.S. Food and Drug Administration finalized May 26 a new food safety rule under its Food Safety Modernization Act that requires foreign and domestic food facilities to complete and maintain a written food defense plan that assesses the companies’ potential vulnerabilities to deliberate contamination intended to cause wide-scale public health risks, to identify and implement mitigation strategies to address the vulnerabilities, and to establish food defense monitoring procedures and corrective actions, among other requirements as part of an effort to prevent wide-scale public health harm and to protect the food supply.
• The CEO of NS1 reported that the company experienced dozens of large distributed denial-of-service (DDoS) attacks and attacks against the company’s upstream network providers. – Help Net Security See item 18 below in the Information Technology Sector
• Officials reported that at least three people were injured and one person was killed May 25 after a suspect opened fire at the Irving Plaza music venue in New York City during a music performance. – CNN
22. May 26, CNN – (New York) One killed in shooting at rapper’s concert. The New York Police Department reported that at least three people were injured and one person was killed May 25 after a suspect opened fire at the Irving Plaza music venue in New York City during a music performance, prompting about 950 attendees to evacuate the building.
Financial Services Sector
5. May 25, U.S. Department of Justice – (West Virginia) West Virginia business owners indicted for failing to pay employment taxes. The owners of Taylor Contracting/Taylor Ready-Mix LLC and Bluegrass Aggregates LLC in West Virginia were indicted May 25 after the pair failed to collect, account for, and pay more than $1 million in Federal income taxes, Social Security taxes, and Medicare taxes withheld from the wages of its employees to the U.S. Internal Revenue Service from 2007 – 2010. Source: https://www.justice.gov/opa/pr/west-virginia-business-owners-indicted-failing-pay-employment-taxes
Information Technology Sector
17. May 26, SecurityWeek – (International) “Wekby” group uses DNS requests for C&C communications. Security researchers from Palo Alto Networks discovered that an advanced persistent threat (APT) group named Wekby, APT 18, Dynamite Panda, and TG-0416, was using the “pisloader” malware to infiltrate a system via Domain Name System (DNS) requests for command & control (C&C) communications, which allows the malware to bypass security products. The “pisloader” malware was believed to be a variant of the HTTPBrowser, a remote access trojan (RAT). Source: http://www.securityweek.com/wekby-group-uses-dns-requests-cc-communications
18. May 26, Help Net Security – (International) DNS provider NS1 hit with multi-faceted DDoS attacks. The CEO of NS1 reported that during the week of May 16 the company experienced dozens of large distributed denial-of-service (DDoS) attacks including simple volumetric attacks, complex direct Domain Name System (DNS) lookup attacks, and attacks against the company’s upstream network providers. The motive behind the attacks is unknown, but the attacks were seen targeting the DNS, content delivery network (CDN), and Internet infrastructure industries in Europe, U.S., and Asia. Source: https://www.helpnetsecurity.com/2016/05/26/dns-ddos-ns1/
19. May 26, Softpedia – (International) Hackers prefer file upload, XSS, and SQLi bugs when attacking WordPress sites. Check Point released a report that analyzed telemetry data from its security products and attacks against WordPress plugins which revealed that attackers were using automated scripts to scan WordPress Web sites for vulnerabilities to exploit payloads and use the collected information to create a security status report and compromise the Web sites. Attackers compromised the Web sites with malicious redirects, sending visitors to exploit kit (EK) sites, and leveraged File Upload vulnerabilities. Source: http://news.softpedia.com/news/hackers-prefer-file-upload-xss-and-sqli-bugs-when-attacking-wordpress-sites-504496.shtml
20. May 25, Softpedia – (International) FBI: Ransomware complaints doubled in 2015. The FBI’s Internet Crime Complaint Center (IC3) released its 2015 Internet Crime Report which revealed that during 2015, the FBI recorded 2,453 ransomware complaints and estimated that the recorded infections caused over $1.6 million in damages to the victims. Reports by Enigma Software and Kaspersky found that ransomware campaigns grew with a 14 percent increase from year-to-year. Source: http://news.softpedia.com/news/fbi-ransomware-complaints-doubled-in-2015-504492.shtml
21. May 25, Tampa Bay Times – (Florida) Seffner man fined $48,000 by FCC for using cell phone jammer on daily commute. The U.S. Federal Communications Commission issued a $48,000 fine May 25 to a Seffner man for illegally interfering with cellular service along Interstate 4 and disrupting police communications for up to 2 years via a cell phone jamming device. Source: http://www.tampabay.com/news/publicsafety/crime/seffner-man-fined-48000-by-fcc-for-using-cell-phone-jammer-on-daily-commute/2278972