Wednesday, August 31, 2016



Complete DHS Report for August 31, 2016

Daily Report                                            

Top Stories

• Mazda Motor Corporation issued a recall August 29 for 190,102 of its model years 2007 – 2012 Mazda CX-7 crossover vehicles sold in the U.S. due to a potential corrosion issue with the front suspension ball joint fittings and the front lower control arm that can make the vehicle difficult to steer. – TheCarConnection.com

1. August 29, TheCarConnection.com – (National) 2007-2012 Mazda CX-7 recalled for corrosion problem. Mazda Motor Corporation issued a recall August 29 for 190,102 of its model years 2007 – 2012 Mazda CX-7 crossover vehicles sold in the U.S. due to a potential corrosion issue where water entering the front suspension ball joint fittings can cause the ball joint fittings to corrode and the front lower control arm to separate from the vehicle, thereby making the vehicle more difficult to steer and increasing the risk of an accident. Source:

• Officials reported that the Soberanes Fire burning in Monterey County, California, grew to 93,245 acres August 30 while containment remained at 60 percent. – KSBW 8 Monterey

14. August 30, KSBW 8 Monterey – (California) Soberanes fire grows to more than 93,000 acres. Officials reported that the Soberanes Fire burning in Monterey County, California, grew to 93,245 acres August 30 while containment remained at 60 percent. Officials issued August 28 an evacuation warning for a small section of Monterey County along the Pacific Coast Highway and stated that the fire has destroyed 57 homes, threatens 400 more, and killed 1 person. Source: http://www.ksbw.com/article/soberanes-fire-grows-to-more-than-92000-acres/2102060

• Over 100 employees were evacuated from the Gap Inc. regional distribution facility in Fishkill, New York, August 29 following a 6-alarm fire that caused an estimated $1 million in damage. – WABC 7 New York

20. August 30, WABC 7 New York – (New York) Huge fire burns through Gap facility in Fishkill. Over 100 employees were evacuated from the Gap Inc. regional distribution facility in Fishkill, New York, August 29 following a 6-alarm fire that caused an estimated $1 million in damage. The cause of the fire remains under investigation and no injuries were reported.

• The Louisiana National Guard and Plaquemine Parish officials plugged a 70-foot breach in a levee in Plaquemine Parish August 28 after dropping nearly 247 sandbags on the marsh side of the levee August 26 – August 28. – New Orleans Times-Picayune

23. August 30, New Orleans Times-Picayune– (Louisiana) National Guard plugs levee breach in Plaquemines Parish. The Louisiana National Guard and Plaquemine Parish officials plugged a 70-foot breach in a levee in Plaquemine Parish August 28 after dropping nearly 247 sandbags on the marsh side of the levee August 26 – August 28. Officials stated the breach posed no threat to nearby residents or businesses. Source: http://www.nola.com/environment/index.ssf/2016/08/levee_breach_plaquemines_paris.html
  
Financial Services Sector

See item 19 below in the Information Technology Sector

Information Technology Sector

18. August 30, Softpedia – (International) New and mysterious FairWare ransomware targets Linux server. A Bleeping Computer analyst reported that at least 3 Linux server administrators discovered that a ransomware variant, dubbed FairWare hacked their servers, removed their Website root folders, and left a ransom note in the /root folder demanding a 2 Bitcoin, or roughly $1,150, payment in order to retrieve the files. The researcher stated there is no evidence that the ransomware encrypts the user’s files and warned FairWare may be deleting the files and scamming victims after the ransom is paid. Source: http://news.softpedia.com/news/new-and-mysterious-fairware-ransomware-targets-linux-servers-507740.shtml

19. August 29, SecurityWeek – (International) Kelihos botnet triples in size overnight. MalwareTech researchers warned that the Kelihos botnet’s activity significantly increased to 34,533 infections in August and discovered that the botnet was spamming other malware after finding that Kelihos was distributing Wildfire ransomware as well as banking trojans based on the Zeus source code. Researchers believe Kelihos started distributing ransomware and banking trojans after the botnet’s operator realized the malware was more profitable than its original pump and dump spamming campaigns. Source: http://www.securityweek.com/kelihos-botnet-triples-size-overnight

Communications Sector

Nothing to report

Tuesday, August 30, 2016



Complete DHS Report for August 30, 2016

Daily Report                                            

Top Stories

• Toyota Motor Corporation issued a recall August 29 for 337,449 of its model years 2006 – 2011 Toyota RAV4 crossover vehicles and model year 2010 Lexus HS 250h vehicles due to improperly secured lock nuts on the rear suspension arms, which can make it difficult for the driver to control the vehicle. – TheCarConnection.com

4. August 29, TheCarConnection.com – (National) 2006-2011 Toyota RAV4, 2010 Lexus HS 250h recalled for suspension issue (again): 337,000 affected. Toyota Motor Corporation issued a recall August 29 for 337,449 of its model years 2006 – 2011 Toyota RAV4 crossover vehicles and its model year 2010 Lexus HS 250h vehicles sold in the U.S. due to lock nuts on the rear suspension arms that may not have been properly secured, which can allow the threading to rust and the suspension arms to fail, thereby making it difficult for the driver to control the vehicle and increasing the risk of a crash. Source: http://www.thecarconnection.com/news/1105830_2006-2011-toyota-rav4-2010-lexus-hs-250h-recalled-for-suspension-issue-again-337000-affected

• Authorities offered a reward August 26 in exchange for information leading to the arrest and conviction of a man dubbed the “Filter Bandit” who is suspected of robbing 9 Broward County, Florida banks since 2014. – WPLG 10 Miami See item 5 below in the Financial Services Sector

• A former employee at HB Nitkin Group in Greenwich, Connecticut, pleaded guilty August 26 to embezzling more than $700,000 from the company between February 2014 and December 2015. – U.S. Attorney’s Office, District of Connecticut See item 6  below in the Financial Services Sector

• Authorities are investigating the cause of a 4-alarm fire at the Incca-Carroll Street apartments in Paterson, New Jersey, August 28 that displaced over 100 residents, damaged up to 20 units, and sent 2 people to an area hospital. – Newark Star-Ledger

34. August 28, Newark Star-Ledger – (New Jersey) 4-alarm blaze tears through apartment building in Paterson. Authorities are investigating the cause of a 4-alarm fire at the Incca-Carroll Street apartments in Paterson, New Jersey, August 28 that displaced over 100 residents, damaged up to 20 units, and sent 2 people to an area hospital. The American Red Cross was assisting those displaced by the fire. Source: http://www.nj.com/passaic-county/index.ssf/2016/08/4-alarm_blaze_tears_through_apartment_building_in.html

Financial Services Sector

5. August 26, WPLG 10 Miami – (Florida) FBI offers $5K reward for ‘Filter Bandit.’ Authorities offered a reward August 26 in exchange for information leading to the arrest and conviction of a man dubbed the “Filter Bandit” who is suspected of robbing 9 Broward County, Florida banks since 2014, including a SunTrust Bank branch in Coral Springs August 26. Source: http://www.local10.com/news/florida/broward-county/fbi-offers-5k-reward-for-filter-bandit-

6. August 26, U.S. Attorney’s Office, District of Connecticut – (Connecticut) Former Greenwich resident pleads guilty to stealing more than $700K in fraud scheme. A former employee at HB Nitkin Group in Greenwich, Connecticut, pleaded guilty August 26 to embezzling more than $700,000 from the company and related companies and individuals after the employee created fraudulent invoices for carpentry, plumbing, and electrical services, and used the company’s checkbook to pay the phony invoices, which she deposited into her personal bank accounts from February 2014 – December 2015. Officials stated the former employee also cashed checks that she stole from other employees of the company, among other fraudulent actions. Source: https://www.justice.gov/usao-ct/pr/former-greenwich-resident-pleads-guilty-stealing-more-700k-fraud-scheme

For another story, see item 36 below from the Commercial Facilities Sector

36. August 26, Softpedia – (National) US Secret Service notifies two major hotel chains about possible data breaches. Millennium Hotels & Resorts North America (MHR) notified customers August 25 that it is investigating a potential data breach of its point-of-sale (PoS) systems that may have compromised customer payment card data used at all of its 14 locations nationwide between March and June 2016 after the U.S. Secret Service and a third-party service provider notified the company about the breach. Noble House Hotels and Resorts also announced August 25 it is investigating a potential data breach after U.S. Secret Service officials notified the company that the PoS systems at its Ocean Key Resort & Spa in Key West, Florida, were compromised between April 2016 and June 2018. Source: http://news.softpedia.com/news/us-secret-service-notifies-two-major-hotel-chains-about-possible-data-breaches-507658.shtml

Information Technology Sector

27. August 29, Help Net Security – (International) XSS flaw in D-Link NAS devices allows attackers to mess with your data. A security researcher discovered seven D-Link network-attached storage (NAS) devices were plagued with a cross-site scripting (XSS) flaw in the device’s administrative Web interface that can be exploited through an authenticated Server Message Block (SMB) login attempt and could allow attackers to access a targeted device and change the stored contents after detecting the flaw in the firmware of D-Link DNS-320 rev A. The researcher stated this XSS flaw does not require the victim to visit a malicious Website or open an attacker-supplied link, and that the malicious code can be injected without direct nor indirect access to the vulnerable application. Source: https://www.helpnetsecurity.com/2016/08/29/xss-flaw-d-link-nas-devices-allows-attackers-mess-data/

28. August 29, SecurityWeek – (International) Kaspersky patches vulnerabilities in consumer products. Kaspersky Lab released updated for its KLIF, KLDISK, and KL1 Internet security products resolving several denial-of-service (DoS) and memory disclosure vulnerabilities after Cisco researchers discovered a flaw in KLIF drivers that can allow a malicious app to execute an application programming interface (API) call using invalid parameters and crash the system, a flaw related to how the KL1 driver handles input/output control (IOCTL) calls, which could be exploited to cause a memory access violation and crash the system, and a flaw caused by weak implementation of the KlDiskCtl service in the KLDISK that can allow attackers to use specially crafted IOCTL calls to leak kernel memory content and obtain information. Source: http://www.securityweek.com/kaspersky-patches-vulnerabilities-consumer-products

29. August 29, Softpedia – (International) Tech support scammers find new tricks to hijack Chrome browser. Malwarebytes researchers discovered a new method to hijack Google Chrome Web browsers where hidden JavaScript code puts the user’s browser into full screen mode, hiding the address bar and user interface (UI) toolbar in order to load a JPEG image at the top of the page that is crafted to look like Chrome’s original UI bar. The researchers also discovered a second trick targeting Chrome users where scammers created popups that mimicked original Chrome alerts, and would continue to display more alerts if a user clicked the appropriate checkmark. Source: http://news.softpedia.com/news/tech-support-scammers-find-new-trick-to-hijack-chrome-browsers-507715.shtml

30. August 29, SecurityWeek – (International) User data possibly stolen in Opera Sync breach. Opera notified 1.7 million Sync customers August 26 of a potential data breach discovered the week of August 22 after an attacker hacked the system and potentially accessed user information, including usernames and passwords. Opera officials advised its customers to change their Sync passwords, as well as any passwords to third-party Websites synchronized with the service. Source: http://www.securityweek.com/user-data-possibly-stolen-opera-sync-breach

31. August 26, Softpedia – (International) Fantom ransomware mimics Windows update screen. An AVG security researcher discovered a new ransomware variant, dubbed Fantom was being distributed as a fake Microsoft Windows critical update screen to trick users into running the malicious file, criticalupdate01.exe, which encrypts victims’ files and displays a ransom note in Hypertext Markup Language (HTML) or TXT files after the encryption process ends. Researchers stated that users must contact the malicious actor via email to get the private key and unlock their encrypted files, and then the ransomware runs two batch scripts to delete its installation files. Source: http://news.softpedia.com/news/fantom-ransomware-mimics-windows-update-screen-507668.shtml

Communications Sector

32. August 28, WUSA 9 Washington, D.C. – (Washington, D.C.) D.C. 911 system restored after outage. Officials from the Office of Unified Communications in Washington, D.C. reported August 28 that 9-1-1 services have been restored after an internal power failure caused a service outage for 2 hours August 27. Officials set up an alternative emergency phone number during the outage and the investigation is ongoing. Source: http://www.wusa9.com/news/local/dc/dc-911-system-restored-after-outage/309753694