Thursday, February 11, 2016



Complete DHS Report for February 11, 2016

Daily Report                                            

Top Stories

• Daimler AG and Volkswagen issued precautionary recalls February 10 for a total of 1.5 million vehicles sold in the U.S. due to potentially faulty Takata Corporation airbags. – CNN Money

3. February 10, CNN Money – (National) German carmakers recall U.S. vehicles over airbags. Daimler AG and Volkswagen issued precautionary recalls February 10 for a total of 1.5 million vehicles sold in the U.S. due to potentially faulty Takata Corporation airbags that can explode when activated and release shrapnel inside the vehicle, which has resulted in 9 deaths in the U.S. The recall includes 840,000 model years 2005 – 2014 Daimler vehicles and 680,000 model years 2006 – 2014 Volkswagen vehicles. Source: http://money.cnn.com/2016/02/10/news/companies/daimler-takata-airbag-recall/

• Officials issued a precautionary boil-water advisory for Flint, Michigan residents February 10 after a February 9 water main break. – CNN

10. February 10, CNN – (Michigan) Adding insult to injury: Flint issues boil-water advisory after water main break. Officials announced a precautionary boil-water advisory for Flint residents February 10 after a February 9 water main break decreased water pressure and may have allowed bacteria in the water. In addition, the governor of Michigan asked for an additional $195 million in funding for the current lead water crisis. Source: http://www.cnn.com/2016/02/10/politics/flint-water-crisis/

• Security researchers from Kaspersky Lab researchers reported that the Poseidon Group has been targeting international financial sectors, telecommunications sectors, critical manufacturing sectors, and energy sectors to collect information from company networks via spear-phishing packages. – The Register See item 22 below in the Information Technology Sector

• Five men in Jacksonville, Florida, were arrested February 9 and charged for their involvement in a grand theft cargo scheme that netted $1.5 million. – WJXT 4 Jacksonville

27. February 9, WJXT 4 Jacksonville – (Florida) Five arrested in Florida cargo theft ring. The Jacksonville Sheriff’s Office arrested and charged five men for their involvement in a grand theft cargo scheme February 9 after the men allegedly stole $1.2 million worth of merchandise by stealing eight parked semi-trucks from five Florida counties and selling the stolen properties for monetary goods on the black market. Source: http://www.news4jax.com/news/crime/five-arrested-in-florida-cargo-theft-ring

Financial Services Sector

4. February 9, U.S. Securities and Exchange Commission – (International) Monsanto paying $80 million penalty for accounting violations. The U.S. Securities and Exchange Commission (SEC) announced February 9 that St. Louis-based Monsanto Company agreed to pay an $80 million penalty and retain an independent compliance consultant to settle charges that the company violated accounting rules and misstated company earnings related to a rebate program tied its flagship product, Roundup, after an SEC investigation found that the company improperly accounted for millions of dollars in rebates to retailers and distributors and misstated its consolidated earnings during a 3-year period. Three accounting and sales executives also agreed to pay penalties for their roles in the scheme. Source: https://www.sec.gov/news/pressrelease/2016-25.html

5. February 9, U.S. Attorney’s Office, Northern District of Alabama – (National) IRS employee pleads guilty to $1 million ID theft tax fraud scheme. A former U.S. Internal Revenue Service (IRS) employee who worked in the Taxpayer Advocate Services office in Alabama pleaded guilty February 8 in Federal court for her role in a tax-fraud scheme where she used her IRS computer access to steal taxpayers’ identities and file up to $1.5 million in fraudulent tax returns from 2008 – 2011. The former employee worked with three other co-conspirators who were charged for their roles in the scheme. Source: http://www.justice.gov/usao-ndal/pr/irs-employee-pleads-guilty-1-million-id-theft-tax-fraud-scheme

For another story, see item 22 below in the Information Technology Sector


Information Technology Sector

15. February 10, Softpedia – (International) Linode VPS host accidentally deploys servers with the same SSH key. Linode reported that its virtual private servers (VPS) hosted on Ubuntu machines could have been susceptible to man-in-the-middle (MitM) attacks after the company disseminated Ubuntu 15.0 images to some of its clients’ server, which used the same hard-coded secure shell (SSH) key. The company stated its customers need to reconfigure the SSH daemon and run a specific shell command to fix the vulnerability. Source: http://news.softpedia.com/news/linode-vps-host-accidentally-deploys-servers-with-the-same-ssh-key-500192.shtml

16. February 10, SecurityWeek – (International) Microsoft patches critical flaws in Windows, Browsers. Microsoft released several patches for its products including patches for 22 Flash Player flaws used in Internet Explorer 10, 11, and Edge, and patched a critical memory corruption flaw in Windows Journal, a remote code execution (RCE) flaw, and a denial-of-service (DoS) flaw, among other patched vulnerabilities. Source: http://www.securityweek.com/microsoft-patches-critical-flaws-windows-browsers

17. February 10, IDG News Service – (International) Google will stop accepting new Flash ads on June 30. Google reported that it will stop accepting new Adobe Flash-based display ads for AdWords and DoubleClick Digital Marketing, and will not permit Flash ads on its Display Network or DoubleClick after January 2017 due to the frequent security vulnerabilities within Flash Players. Source: http://www.computerworld.com/article/3031908/security/google-will-stop-accepting-new-flash-ads-on-june-30.html#tk.rss_security

18. February 9, Softpedia – (International) Tool for hacking facebook accounts contains Remtasu spyware. The Win32/Remtasu.Y malware, also known as Remtasu, was reported infecting computer systems through different variants and through an app named Hack Facebook to log keystrokes, steal data from clipboard, save the information to local files, and upload the information to a remote file transfer protocol (FTP) server by duplicating itself to the Windows System32 folder saved as InstallerDir and creating a registry key that executes the malware process each time a user starts their computer. Researchers reported an antivirus program should help detect the malware. Source: http://news.softpedia.com/news/tool-for-hacking-facebook-accounts-contains-remtasu-spyware-500132.shtml

19. February 9, SecurityWeek – (International) Nuclear EK gate uses decoy CloudFlare DDoS check page. Security researchers from Malwarebytes reported that hackers were using malvertising attacks to deceive users into visiting a rogue domain similar to CloudFlare’s distributed denial of service (DDoS) check page, that contained the Nuclear exploit kit (EK) to compromise a user’s system. CloudFlare reported the fraudulent domain was not associated with its security firm. Source: http://www.securityweek.com/nuclear-ek-gate-uses-decoy-cloudflare-ddos-check-page

20. February 9, SecurityWeek – (International) Adobe patches flaws in Flash, Photoshop, Connect. Adobe release security updates and patches for its Flash Player, Photoshop, Bridge, Connect, and Experience Manager that addressed several vulnerabilities including 22 memory corruption flaws that can be exploited for arbitrary code execution, a content spoofing flaw, a cross-site request forgery flaw, and an insufficient input validation flaw affecting a Uniform Resource Locator (URL), among other vulnerabilities. Source: http://www.securityweek.com/adobe-patches-flaws-flash-photoshop-connect

21. February 9, IDG News Service – (International) Google adds warning to unencrypted emails. Google released a new security feature in its email services that warned users when a recipient’s email does not support transport layer security (TLS) encryption and reminded users to be mindful of transmitting or revealing sensitive information via email. The new feature will use a small red unlocked padlock icon to warn users of the various security levels. Source: http://www.computerworld.com/article/3031223/security/google-adds-warning-to-unencrypted-emails.html#tk.rss_security

22. February 9, The Register – (International) Sophisticated malware-as-a-racket fraudsters have been scamming businesses for 10 years. Security researchers from Kaspersky Lab reported that the Poseidon Group, a global cyber-espionage group, has been targeting international financial sectors, telecommunications sectors, critical manufacturing sectors, and energy sectors to collect information from company networks via spear-phishing packages that are embedded with executable elements inside Word documents, and using the information to blackmail victim companies into contracting the Poseidon Group as a security firm. Researchers found that several of the infections were found to have a very short life span which contributed to the malware being undetectable.

Communications Sector

See item 22 above in the Information Technology Sector