Friday, January 22, 2016



Complete DHS Report for January 22, 2016

Daily Report                                            

Top Stories

• Researchers from Symantec discovered attackers were targeting finance departments of small and medium-sized businesses in India, the United Kingdom, and the U.S. to download financial software as well as other sensitive files. – SecurityWeek See item 3 below in the Financial Services Sector

• Freezing rain and sleet caused at least 70 crashes over a 10-hour period in Chattanooga January 20, forcing the temporary shutdown of Roberts Mill Road, the W Road, Highway 111, and Shoal Creek Road. – Chattanooga Times Free Press

9. January 20, Chattanooga Times Free Press – (Tennessee) Icy roads lead to 70 crashes in Chattanooga region, temps expected to warm today. Freezing rain and sleet caused at least 70 crashes over a 10-hour period in Chattanooga January 20, forcing the temporary shutdown of Roberts Mill Road, the W Road, Highway 111, and Shoal Creek Road. North and southbound lanes of Interstate 75 were also shut down for approximately 2 hours after steel from a semi-truck fell onto the roadway. Source: http://www.timesfreepress.com/news/local/story/2016/jan/20/i75-shut-down-near-ooltewah-traffic-woes-across-area/345650/

• The Arkansas State agency’s board of commissioners approved a $61 million loan for Little Rock Wastewater January 20 to conduct sewer system improvements at 2 wastewater treatment plants. – Arkansas Democrat Gazette

13. January 21, Arkansas Democrat-Gazette – (Arkansas) Little Rock utility cleared for $61M for work at 2 sewer plants. The Arkansas State agency’s board of commissioners approved a $61 million loan for Little Rock Wastewater January 20 to conduct sewer system improvements at Adams Field and Fourche Creek wastewater treatment plants to help prevent overflows during heavy rains. The loan is part of an estimated $220 million request from the utility for improvement projects around the State. Source: http://www.arkansasonline.com/news/2016/jan/21/lr-utility-cleared-for-61m-for-work-at-/?f=news-arkansas

• The U.S. Department of Defense (DoD) announced January 20 that driver’s licenses from Minnesota, New Mexico, and several other states will no longer be accepted as proof of identity at DoD installations nationwide. – U.S. Department of Defense

18. January 20, U.S. Department of Defense – (National) Licenses from 5 states banned at DoD bases. The U.S. Department of Defense (DoD) announced January 20 that driver’s licenses from Minnesota, New Mexico, Illinois, Missouri, and Washington will no longer be accepted as proof of identity at DoD installations nationwide as a result of the REAL ID Act of 2005. Source: http://www.defense.gov/News-Article-View/Article/643615/licenses-from-5-states-banned-at-dod-bases

Financial Services Sector

3. January 20, SecurityWeek – (International) Cybercriminals target bank accounts of firms in UK, US, India. Researchers from Symantec discovered attackers were targeting finance departments of small and medium-sized businesses in India, the United Kingdom, and the U.S. to download financial software and steal files, passwords, and money by using stolen accounts to distribute malicious emails embedded with one of two remote access Trojans (RATs), that if deployed gives attackers complete control over the infected device and enables attackers to log keystrokes, among other actions. Researchers believe the attackers are based in Europe or the U.S.

4. January 20, Phoenix Business Journal – (Arizona) Former Kingman finance director arrested for $1.1M fraud. The former Kingman Budget Analyst and Interim Finance Director was arrested and charged January 20 for 23 felony counts including theft, forgery, and misuse of public monies after she allegedly stole more than $1 million from the city by using a city credit card for personal expenses, falsifying invoices to account for the charges, misappropriating funds from a bank account used to fund the city’s Employees Benefits Trust, and altering account settings that granted her sole authority to initiate and approve transactions. Source: http://www.bizjournals.com/phoenix/news/2016/01/20/former-kingman-finance-director-arrested-for-1-1m.html

Information Technology Sector

21. January 21, Softpedia – (International) Threat group uses dating sites to build a botnet of vulnerable home routers. Damballa security researchers reported that a Linux ELF binary, a variant of TheMoon worm, was targeting Home Network Administration Protocol (HNAP) by using adult dating Web sites to infect home routers and prevents consumers from using their routers’ inbound ports via a malicious iframe embedded on the malicious web pages. Researchers reported the worm is spread by opening outbound ports on the router to infect other routers. Source: http://news.softpedia.com/news/threat-group-uses-dating-sites-to-build-a-botnet-of-vulnerable-home-routers-499209.shtml

22. January 21, SecurityWeek – (International) Google Chrome 48 patches 37 security flaws. Google released its newest web browser version, Chrome 48 for Microsoft Windows, Apple Mac, and Linux users that patches 37 security vulnerabilities including a bad cast flaw in V8, a use-after-free bug in PDFium, and six other vulnerabilities found by external researchers, among other patched flaws. In addition, company officials reported the updated version included a series of improvements to the browser. Source: http://www.securityweek.com/google-chrome-48-patches-37-security-flaws

23. January 21, Help Net Security – (International) Fake Facebook emails deliver malware masquerading as audio message. Researchers from Comodo reported that a similar malware, previously targeting WhatsApp users, has been targeting Facebook users to steal information about a victim’s computer and send the stolen information to a command-and-control (C&C) server where attackers can send additional malware via malicious emails embedded with a variant of the Nivdort information-stealing Trojan. Once the malicious email is open, the malware will replicate itself into “C:/” directory and add a Windows Registry entry, allowing the malware to run automatically after each restart or shutdown of the device. Source: http://www.net-security.org/malware_news.php?id=3191

24. January 20, Softpedia – (International) Malvertising returns on Microsoft’s MSN portal. Security researchers from Malwarebytes reported that Microsoft’s MSN portal was susceptible to malvertising campaigns via the Nuetrino and RIG exploit kits (EK) by creating new domains used a few days prior to each attack or hiding behind the CloudFlare service. Researchers advised users to use a security product to block incoming malware. Source: http://news.softpedia.com/news/malvertising-returns-on-microsoft-s-msn-portal-499179.shtml

Communications Sector

Nothing to report