Wednesday, January 20, 2016



Complete DHS Report for January 20, 2016

Daily Report                                            

Top Stories

• Southern California Gas Company announced January 18 that a natural gas leak at the Aliso Canyon facility in Los Angeles, which has released methane since October 2015, will be capped by the end of February. – KNBC 4 Los Angeles

1. January 18, KNBC 4 Los Angeles – (California) Porter Ranch gas leak will be stopped by end of February, utility says. Southern California Gas Company announced January 18 that a natural gas leak at the Aliso Canyon facility that has been releasing methane since October 2015 forcing officials to place the Porter Ranch section of Los Angeles, under a state of emergency will be capped by the end of February with help from a relief well project. Source: http://www.nbclosangeles.com/news/local/Porter-Ranch-Gas-Leak-Cap-Well-365714041.html

• Authorities are investigating after vandals opened 20 water lines and drained approximately 400,000 gallons of drinking water in Flagler County, Florida, January 18. – Associated Press

19. January 18, Associated Press – (Florida) Vandals drain 400K gallons from drinking water supply. Authorities are investigating after vandals opened 20 water lines and drained approximately 400,000 gallons of drinking water in Flagler County, Florida, forcing officials to issue a precautionary boil water notice for approximately 1,700 people January 18.

• The U.S. President declared a state of emergency in Michigan in response to lead-contaminated drinking water in the city of Flint. – San Antonio Post

20. January 17, San Antonio Post – (Michigan) White House declares emergency in Michigan over bad water. The U.S. President declared a state of emergency in Michigan in response to lead-contaminated drinking water in the city of Flint, and authorized Federal aid for State and local response efforts in the county. Source: http://www.sanantoniopost.com/index.php/sid/240343785

• A researcher from Perception Point discovered a new wild zero-day vulnerability affecting Android phones running 4.4 KitKat operating system (OS) and Linux machines running Kernel 3.8 or higher OS that allows attackers to delete files among other issues. – CSO Online See item 30 below in the Information Technology Sector

Financial Services Sector

4. January 16, Fairfield-Suisun City Daily Republic – (California) 2 from Solano County plead guilty in multimillion-dollar mortgage fraud scheme. Prosecutors announced January 16 that two Solano County, California residents pleaded guilty January 15 to conspiracy to make false statements on loan applications after the two reportedly took part in a $10 million loan fraud scheme by convincing homeowners facing foreclosure to sign the titles of their homes over to the pair’s business, Capital Access LLC where they would sell the titles to straw buyers, who obtained loans under the false pretense that they would reside in the houses. The company stripped home equity from at least 69 properties in California to pay the operating expenses of Capital Access LLC. Source: http://www.dailyrepublic.com/news/fairfield/2-from-solano-county-plead-guilty-in-multimillion-dollar-mortgage-fraud-scheme/

Information Technology Sector

28. January 19, Softpedia – (International) Yahoo fixes bug that could compromise email accounts when opening an email. Yahoo! patched a cross-site scripting (XSS) vulnerability that affected its Mail’s Web interface after a researcher from Finish found that the flaw allowed attackers to fully compromise email accounts by crafting an email with a malicious code in the message’s body and sending the malicious email to a target. The vulnerability can be executed each time a user opens an email. Source: http://news.softpedia.com/news/yahoo-fixes-bug-that-could-compromise-email-accounts-when-opening-an-email-499107.shtml

29. January 19, SecurityWeek – (International) Siemens patches flaw in building automation products. Siemens released firmware updates patching a reflected cross-site scripting (XSS) vulnerability for its automation products running on the OZW Web server after a researcher found the flaw affected login pages of the QZW672 and OZW772 embedded Web servers, which enabled attackers to redirect users to phishing Web sites, steal users’ data, or convince users to download malware onto their devices. Source: http://www.securityweek.com/siemens-patches-flaw-building-automation-products

30. January 19, CSO Online – (International) Linux zero-day affects most Androids, millions of Linux PCs. A security researcher from Perception Point discovered a new zero-day vulnerability affecting Android phones running 4.4 KitKat operating system (OS) and Linux machines running Kernel 3.8 or higher OS that can allow attackers to delete files, view private information, and install malicious programs on Android or Linux applications. Researchers reported that no exploits were observed in the wild. Source: http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html#tk.rss_all

31. January 19, SecurityWeek – (International) Linux trojan takes screenshots every 30 seconds. Security researchers from Doctor Web detected a new Linux trojan dubbed Linux.Ekoms.1 can help cybercriminals spy on users by searching through temporary folders for audio recordings and screenshots with the .aat, .sst, .ddt, and .kkt extensions in users’ devices, which are uploaded to a remote server hardcoded within the malware. Once the stolen data is sent to the remote server, the data is encrypted and attackers can use the command and control (C&C) server to send various commands to the infected machine. Source: http://www.securityweek.com/linux-trojan-takes-screenshots-every-30-seconds

32. January 18, SecurityWeek – (International) Authentication flaw found in Advantech ICS Gateways. Security researchers from Rapid7 discovered a serious authentication bypass vulnerability and a potential backdoor account in Advantech’s EKI products that allowed attackers to bypass the authentication process by using any public key and password via the Dropbear SSH daemon, which was lacking a verification protocol. In addition, researchers discovered an alleged backdoor account after a hardcoded username and password could be used by an unauthenticated attacker to access a production device. Source: http://www.securityweek.com/authentication-flaw-found-advantech-ics-gateways

33. January 18, Softpedia – (International) Kaspersky warns of potential cyberattacks against World Economic Forum participants. Kaspersky security experts reported that it is expecting advanced persistent threat (APT) groups to increase their efforts and attempts at hacking high-ranking officials’ computers and mobile devices from various countries and companies at the World Economic Forum (WEF) in Davos, Switzerland. The security firm advised attendees to use Virtual Private Network (VPN) connections to browse the Internet, charge mobile devices from an outlet, and use passwords instead of PINs to protect devices. Source: http://news.softpedia.com/news/kaspersky-warns-of-potential-cyberattacks-against-world-economic-forum-participants-499080.shtml

34. January 18, The Register – (International) Updated Android malware steals voice two factor authentication. A Symantec security researcher reported that the Android.Bankosy trojan malware can open a backdoor to activate unconditional call forwarding and silent mode on Android handsets, collect a list of system-specific information and send it to the command and control (C&C) server to register the infected device, and obtain a unique identifier to further communicate with the C&C server to receive commands. Source: http://www.theregister.co.uk/2016/01/18/updated_android_malware_steals_voice_two_factor_authentication/

35. January 17, Softpedia – (International) DDoS attack hits Kickass Torrents, DNS servers crippled. The largest Internet portal, Kickass Torrents reported that its Web site was offline for almost 24 hours after an unknown attacker conducted denial-of-service (DDoS) attacks to its Web site’s domain name servers (DNS), and that during the week of January 10, the Web site was hit with smaller DDoS attacks. Officials reported the Web site is running, but are anticipating further attacks.

36. January 15, SecurityWeek – (International) Apple’s Gatekeeper bypassed again. A security researcher from Synack discovered a Gatekeeper bypass technique that managed to bypass Apple’s operating system (OS) X’s Gatekeeper security feature by finding a signed application that loads and executes an external binary at runtime, create a .dmg file in which the external binary is replaced with a malicious file, and deliver the malicious file to users via injecting the file into insecure download connections or by uploading the file to third-party application stores. Apple released a temporary patch addressing the vulnerability. Source: http://www.securityweek.com/apples-gatekeeper-bypassed-again

Communications Sector

Nothing to report