Complete DHS Report for January 20, 2016
Daily Report
Top Stories
• Southern California Gas Company announced January 18 that
a natural gas leak at the Aliso Canyon facility in Los Angeles, which has
released methane since October 2015, will be capped by the end of February. – KNBC
4 Los Angeles
1. January 18, KNBC 4 Los
Angeles – (California) Porter Ranch gas leak will be stopped by end of
February, utility says. Southern California Gas Company announced January
18 that a natural gas leak at the Aliso Canyon facility that has been releasing
methane since October 2015 forcing officials to place the Porter Ranch section
of Los Angeles, under a state of emergency will be capped by the end of
February with help from a relief well project. Source: http://www.nbclosangeles.com/news/local/Porter-Ranch-Gas-Leak-Cap-Well-365714041.html
• Authorities are investigating after vandals opened 20
water lines and drained approximately 400,000 gallons of drinking water in
Flagler County, Florida, January 18. – Associated Press
19. January 18,
Associated Press – (Florida) Vandals drain 400K gallons from drinking
water supply. Authorities are investigating after vandals opened 20 water
lines and drained approximately 400,000 gallons of drinking water in Flagler
County, Florida, forcing officials to issue a precautionary boil water notice
for approximately 1,700 people January 18.
• The U.S. President declared a state of emergency in
Michigan in response to lead-contaminated drinking water in the city of Flint.
– San Antonio Post
20. January 17, San
Antonio Post – (Michigan) White House declares emergency in Michigan
over bad water. The U.S. President declared a state of emergency in
Michigan in response to lead-contaminated drinking water in the city of Flint,
and authorized Federal aid for State and local response efforts in the county. Source: http://www.sanantoniopost.com/index.php/sid/240343785
• A researcher from Perception Point discovered a new wild
zero-day vulnerability affecting Android phones running 4.4 KitKat operating
system (OS) and Linux machines running Kernel 3.8 or higher OS that allows
attackers to delete files among other issues. – CSO Online See item 30 below in the Information Technology Sector
Financial Services Sector
4. January 16,
Fairfield-Suisun City Daily Republic – (California) 2 from Solano County
plead guilty in multimillion-dollar mortgage fraud scheme. Prosecutors
announced January 16 that two Solano County, California residents pleaded
guilty January 15 to conspiracy to make false statements on loan applications
after the two reportedly took part in a $10 million loan fraud scheme by
convincing homeowners facing foreclosure to sign the titles of their homes over
to the pair’s business, Capital Access LLC where they would sell the titles to
straw buyers, who obtained loans under the false pretense that they would
reside in the houses. The company stripped home equity from at least 69
properties in California to pay the operating expenses of Capital Access LLC. Source:
http://www.dailyrepublic.com/news/fairfield/2-from-solano-county-plead-guilty-in-multimillion-dollar-mortgage-fraud-scheme/
Information Technology Sector
28. January 19, Softpedia
– (International) Yahoo fixes bug that could compromise email accounts
when opening an email. Yahoo! patched a cross-site scripting (XSS)
vulnerability that affected its Mail’s Web interface after a researcher from
Finish found that the flaw allowed attackers to fully compromise email accounts
by crafting an email with a malicious code in the message’s body and sending
the malicious email to a target. The vulnerability can be executed each time a
user opens an email. Source: http://news.softpedia.com/news/yahoo-fixes-bug-that-could-compromise-email-accounts-when-opening-an-email-499107.shtml
29. January 19,
SecurityWeek – (International) Siemens patches flaw in building
automation products. Siemens released firmware updates patching a reflected
cross-site scripting (XSS) vulnerability for its automation products running on
the OZW Web server after a researcher found the flaw affected login pages of
the QZW672 and OZW772 embedded Web servers, which enabled attackers to redirect
users to phishing Web sites, steal users’ data, or convince users to download
malware onto their devices. Source: http://www.securityweek.com/siemens-patches-flaw-building-automation-products
30. January 19, CSO
Online – (International) Linux zero-day affects most Androids, millions
of Linux PCs. A security researcher from Perception Point discovered a new
zero-day vulnerability affecting Android phones running 4.4 KitKat operating
system (OS) and Linux machines running Kernel 3.8 or higher OS that can allow
attackers to delete files, view private information, and install malicious
programs on Android or Linux applications. Researchers reported that no
exploits were observed in the wild. Source: http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html#tk.rss_all
31. January
19, SecurityWeek – (International) Linux trojan takes screenshots every
30 seconds. Security researchers from Doctor Web detected a new Linux
trojan dubbed Linux.Ekoms.1 can help cybercriminals spy on users by searching
through temporary folders for audio recordings and screenshots with the .aat,
.sst, .ddt, and .kkt extensions in users’ devices, which are uploaded to a
remote server hardcoded within the malware. Once the stolen data is sent to the
remote server, the data is encrypted and attackers can use the command and
control (C&C) server to send various commands to the infected machine. Source:
http://www.securityweek.com/linux-trojan-takes-screenshots-every-30-seconds
32. January 18,
SecurityWeek – (International) Authentication flaw found in Advantech
ICS Gateways. Security researchers from Rapid7 discovered a serious
authentication bypass vulnerability and a potential backdoor account in
Advantech’s EKI products that allowed attackers to bypass the authentication
process by using any public key and password via the Dropbear SSH daemon, which
was lacking a verification protocol. In addition, researchers discovered an
alleged backdoor account after a hardcoded username and password could be used
by an unauthenticated attacker to access a production device. Source: http://www.securityweek.com/authentication-flaw-found-advantech-ics-gateways
33. January 18, Softpedia
– (International) Kaspersky warns of potential cyberattacks against
World Economic Forum participants. Kaspersky security experts reported that
it is expecting advanced persistent threat (APT) groups to increase their
efforts and attempts at hacking high-ranking officials’ computers and mobile
devices from various countries and companies at the World Economic Forum (WEF)
in Davos, Switzerland. The security firm advised attendees to use Virtual
Private Network (VPN) connections to browse the Internet, charge mobile devices
from an outlet, and use passwords instead of PINs to protect devices. Source: http://news.softpedia.com/news/kaspersky-warns-of-potential-cyberattacks-against-world-economic-forum-participants-499080.shtml
34. January 18, The
Register – (International) Updated Android malware steals voice two factor
authentication. A Symantec security researcher reported that the
Android.Bankosy trojan malware can open a backdoor to activate unconditional
call forwarding and silent mode on Android handsets, collect a list of
system-specific information and send it to the command and control (C&C)
server to register the infected device, and obtain a unique identifier to
further communicate with the C&C server to receive commands. Source: http://www.theregister.co.uk/2016/01/18/updated_android_malware_steals_voice_two_factor_authentication/
35. January 17, Softpedia
– (International) DDoS attack hits Kickass Torrents, DNS servers
crippled. The largest Internet portal, Kickass Torrents reported that its
Web site was offline for almost 24 hours after an unknown attacker conducted
denial-of-service (DDoS) attacks to its Web site’s domain name servers (DNS),
and that during the week of January 10, the Web site was hit with smaller DDoS
attacks. Officials reported the Web site is running, but are anticipating
further attacks.
Source: http://news.softpedia.com/news/ddos-attack-hits-kickass-torrents-dns-servers-crippled-499019.shtml
36. January 15,
SecurityWeek – (International) Apple’s Gatekeeper bypassed again. A
security researcher from Synack discovered a Gatekeeper bypass technique that
managed to bypass Apple’s operating system (OS) X’s Gatekeeper security feature
by finding a signed application that loads and executes an external binary at
runtime, create a .dmg file in which the external binary is replaced with a
malicious file, and deliver the malicious file to users via injecting the file
into insecure download connections or by uploading the file to third-party
application stores. Apple released a temporary patch addressing the
vulnerability. Source: http://www.securityweek.com/apples-gatekeeper-bypassed-again
Communications Sector
Nothing to report