Wednesday, February 17, 2016



Complete DHS Report for February 17, 2016

Daily Report                                            

Top Stories

• Winter storms February 15 killed 3 people, cancelled or delayed more than 6,000 flights, and left approximately 14,000 people across the Midwest and East Coast without power. – NBC News

7. February 15, NBC News – (National)  Winter storm snarls travel, leaves 3 dead and thousands without power. Winter storms February 15 killed 3 people, cancelled or delayed more than 6,000 flights, and left approximately 14,000 people across the Midwest and East Coast without power. Source: http://www.nbcnews.com/news/weather/winter-storm-brings-snow-ice-cancels-over-400-flights-n518851

• McCain Foods USA Inc., issued a nationwide recall February 12 for approximately 25,215 pounds of its Early Risers Potato, Egg, Cheese & Bacon Fritters products after extraneous plastic materials were found in the product. – U.S. Department of Agriculture

11. February 16, U.S. Department of Agriculture – (National) McCain Foods USA, Inc. recalls pork products due to possible foreign matter contamination. McCain Foods USA Inc., issued a recall February 12 for approximately 25,215 pounds of its Early Risers Potato, Egg, Cheese & Bacon Fritters products sold in 3.75-pound packages after the company received a consumer complaint that the product was contaminated with extraneous plastic materials. The products were shipped to food service distributors in 12 States. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-016-2016-release

• Researchers from Sucuri reported that attackers were exploiting a previously patched remote code execution (RCE) vulnerability dubbed the “shoplift bug” in Magento’s eCommerce platform that allowed hackers to steal payment data and user credentials. – SecurityWeek

27. February 16, SecurityWeek – (International) Attackers use fake patch to hack Magento sites. Researchers from Sucuri reported that attackers were exploiting a previously patched remote code execution (RCE) vulnerability dubbed the “shoplift bug” in Magento’s eCommerce platform after researchers found attackers created a fake patch that tricked users to download the malicious file, enabling hackers to take complete control over a vulnerable Magento Web site and steal payment data and user credentials. The flaw was exploited via code injection into the targeted Web site.

• Approximately 250 guests from the Crowne Plaza Hotel in Newton, Massachusetts were evacuated February 15 due to a water main break that caused electrical hazards. – WHDH 7 Boston

28. February 16, WHDH 7 Boston – (Massachusetts) Guests evacuated after water main break at Newton hotel. Approximately 250 guests from the Crowne Plaza Hotel in Newton, Massachusetts were evacuated February 15 due to a water main break that caused an electrical hazard to guests and prompted crews to cut power to the hotel overnight. The leak was contained, but crews were working to pump the excess water from the building. Source: http://www.whdh.com/story/31227477/guests-evacuated-after-water-leak-at-newton-hotel

Financial Services Sector

5. February 14, Santa Clarita Valley Signal – (California) FBI: Valencia bank robbery suspect may have hit two banks in Orange County. FBI officials are investigating and searching for a suspect dubbed the Whitewashed Bandit after he allegedly robbed two Orange County banks February 12 and one Valencia bank February 10 by handing the bank teller a threatening note, demanding money. Source: http://www.signalscv.com/section/36/article/148629/

Information Technology Sector

20. February 15, SecurityWeek – (International) Misconfigured database exposed Microsoft site to attacks. A researcher from MacKeeper discovered that attackers could have accessed and modified content of a MongoDB database connected to the mobile version of Microsoft’s careers Web site and maintained by Punchkick Interactive due to misconfigured databases as the MongoDB database was not write-protected. Attackers could insert arbitrary Hyper Text Markup Language (HTML) code to exploit a victim to a phishing page or launch watering hole attacks against visitors. Source: http://www.securityweek.com/misconfigured-database-exposed-microsoft-site-attacks

21. February 15, SecurityWeek – (International) VMware reissues patch for vCenter RCE flaw. VMware released an additional patch fixing security flaws in its vCenter Server and ESXi software after the company found that they had not properly patched flaws related to a remotely accessible JMX RMI service that could allow an attacker to execute arbitrary code on affected vCenter Server installations and allow a local attacker to elevate privileges. Source: http://www.securityweek.com/vmware-reissues-patch-vcenter-rce-flaw

22. February 15, SecurityWeek – (International) Check Point extends zero-day protection. Check Point Software Technologies released its SandBlast perimeter security and zero-day protection technology, which can leverage a remote sandbox and incorporate forensics capabilities to automate incident analysis, and add protection directly on endpoints to detect and block advanced attacks from email, removable media, and Web-based threats including spear phishing emails and watering hole attacks. Source: http://www.securityweek.com/check-point-extends-zero-day-protection

23. February 13, SecurityWeek – (International) Teen arrested in Britain Linked to hack of US spy chiefs. British police reported February 12 that they arrested a hacker using the screen name, “Cracka” for conspiracy to commit unauthorized access to computer material and for conspiracy to commit unauthorized acts with intent to impair after the man was believed to have allegedly hacked into the personal information of top officials at the Central Intelligence Agency (CIA), FBI, and DHS, among other Federal agencies. An investigating is ongoing to determine the man’s involvement in Federal hacking incidences. Source: http://www.securityweek.com/teen-arrested-britain-linked-hack-us-spy-chiefs

24. February 12, Softpedia – (International) Torrents time plugin plagued by security issues, Pirate Bay & KAT users at risk. A security researcher discovered the Torrents Time browser plugin had various security issues that allowed attackers to execute a cross-site scripting (XSS) attack and man-in-the-middle (MitM) attacks due to improper Cross-Origin Resource Sharing (CORS) implementation, which enabled hackers to create a malicious Web page similar to other torrent portals, add their own malicious code, and serve victims the malicious torrent files they desirable, among other malicious actions. Source: http://news.softpedia.com/news/torrents-time-plugin-plagued-by-security-issues-pirate-bay-kat-users-at-risk-500334.shtml

For additional stories, see item 25 below in the Communications Sector and item 27 above in Top Stories

Communications Sector

25. February 16, SecurityWeek – (International) VoIP phone users warned about risks of default settings. A security researcher reported that many users with Voice over Internet Protocol (VoIP) phones failed to properly secure the devices after finding that most phones’ default configurations were rarely secure and in many cases, the administration interface of VoIP phones could be accessed with a default password without any authentication protocol, allowing attackers to hijack the phone and play recordings, upload their own firmware, spy on victims, and intercept and transfer calls.

26. February 15, CNN Money – (National) Comcast outages anger thousands across US. Comcast customers across the nation experienced service outages including the loss of high-definition television service, beeping telephone lines, and the loss of Xfinity service or Internet-based television accounts February 15 due to a temporary network interruption. Source: http://money.cnn.com/2016/02/15/news/companies/comcast-service-outage/