Complete DHS Report for February 17, 2016
Daily Report
Top Stories
• Winter storms February 15 killed 3 people, cancelled or
delayed more than 6,000 flights, and left approximately 14,000 people across
the Midwest and East Coast without power. – NBC News
7. February
15, NBC News – (National) Winter
storm snarls travel, leaves 3 dead and thousands without power. Winter
storms February 15 killed 3 people, cancelled or delayed more than 6,000
flights, and left approximately 14,000 people across the Midwest and East Coast
without power. Source: http://www.nbcnews.com/news/weather/winter-storm-brings-snow-ice-cancels-over-400-flights-n518851
• McCain Foods USA Inc., issued a nationwide recall
February 12 for approximately 25,215 pounds of its Early Risers Potato, Egg,
Cheese & Bacon Fritters products after extraneous plastic materials were
found in the product. – U.S. Department of Agriculture
11. February
16, U.S. Department of Agriculture – (National) McCain Foods USA,
Inc. recalls pork products due to possible foreign matter contamination. McCain
Foods USA Inc., issued a recall February 12 for approximately 25,215 pounds of
its Early Risers Potato, Egg, Cheese & Bacon Fritters products sold in
3.75-pound packages after the company received a consumer complaint that the
product was contaminated with extraneous plastic materials. The products were
shipped to food service distributors in 12 States. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-016-2016-release
• Researchers from Sucuri reported that attackers were
exploiting a previously patched remote code execution (RCE) vulnerability
dubbed the “shoplift bug” in Magento’s eCommerce platform that allowed hackers
to steal payment data and user credentials. – SecurityWeek
27. February
16, SecurityWeek – (International) Attackers use fake patch to hack Magento
sites. Researchers from Sucuri reported that attackers were exploiting a
previously patched remote code execution (RCE) vulnerability dubbed the
“shoplift bug” in Magento’s eCommerce platform after researchers found
attackers created a fake patch that tricked users to download the malicious
file, enabling hackers to take complete control over a vulnerable Magento Web
site and steal payment data and user credentials. The flaw was exploited via
code injection into the targeted Web site.
• Approximately 250 guests from the Crowne Plaza Hotel in
Newton, Massachusetts were evacuated February 15 due to a water main break that
caused electrical hazards. – WHDH 7 Boston
28. February
16, WHDH 7 Boston – (Massachusetts) Guests evacuated after water main break at
Newton hotel. Approximately 250 guests from the Crowne Plaza Hotel in
Newton, Massachusetts were evacuated February 15 due to a water main break that
caused an electrical hazard to guests and prompted crews to cut power to the
hotel overnight. The leak was contained, but crews were working to pump the
excess water from the building. Source: http://www.whdh.com/story/31227477/guests-evacuated-after-water-leak-at-newton-hotel
Financial Services Sector
5. February
14, Santa Clarita Valley Signal – (California) FBI: Valencia
bank robbery suspect may have hit two banks in Orange County. FBI officials
are investigating and searching for a suspect dubbed the Whitewashed Bandit
after he allegedly robbed two Orange County banks February 12 and one Valencia
bank February 10 by handing the bank teller a threatening note, demanding
money. Source: http://www.signalscv.com/section/36/article/148629/
Information Technology Sector
20. February
15, SecurityWeek – (International) Misconfigured database exposed Microsoft site
to attacks. A researcher from MacKeeper discovered that attackers could
have accessed and modified content of a MongoDB database connected to the
mobile version of Microsoft’s careers Web site and maintained by Punchkick
Interactive due to misconfigured databases as the MongoDB database was not
write-protected. Attackers could insert arbitrary Hyper Text Markup Language
(HTML) code to exploit a victim to a phishing page or launch watering hole
attacks against visitors. Source: http://www.securityweek.com/misconfigured-database-exposed-microsoft-site-attacks
21. February
15, SecurityWeek – (International) VMware reissues patch for vCenter RCE flaw. VMware
released an additional patch fixing security flaws in its vCenter Server and
ESXi software after the company found that they had not properly patched flaws
related to a remotely accessible JMX RMI service that could allow an attacker
to execute arbitrary code on affected vCenter Server installations and allow a
local attacker to elevate privileges. Source: http://www.securityweek.com/vmware-reissues-patch-vcenter-rce-flaw
22. February
15, SecurityWeek – (International) Check Point extends zero-day protection. Check
Point Software Technologies released its SandBlast perimeter security and
zero-day protection technology, which can leverage a remote sandbox and
incorporate forensics capabilities to automate incident analysis, and add
protection directly on endpoints to detect and block advanced attacks from
email, removable media, and Web-based threats including spear phishing emails
and watering hole attacks. Source: http://www.securityweek.com/check-point-extends-zero-day-protection
23. February 13,
SecurityWeek – (International) Teen arrested in Britain Linked to hack of US
spy chiefs. British police reported February 12 that they arrested a hacker
using the screen name, “Cracka” for conspiracy to commit unauthorized access to
computer material and for conspiracy to commit unauthorized acts with intent to
impair after the man was believed to have allegedly hacked into the personal
information of top officials at the Central Intelligence Agency (CIA), FBI, and
DHS, among other Federal agencies. An investigating is ongoing to determine the
man’s involvement in Federal hacking incidences. Source: http://www.securityweek.com/teen-arrested-britain-linked-hack-us-spy-chiefs
24. February
12, Softpedia – (International) Torrents time plugin plagued by security
issues, Pirate Bay & KAT users at risk. A security researcher
discovered the Torrents Time browser plugin had various security issues that
allowed attackers to execute a cross-site scripting (XSS) attack and
man-in-the-middle (MitM) attacks due to improper Cross-Origin Resource Sharing
(CORS) implementation, which enabled hackers to create a malicious Web page
similar to other torrent portals, add their own malicious code, and serve
victims the malicious torrent files they desirable, among other malicious
actions. Source: http://news.softpedia.com/news/torrents-time-plugin-plagued-by-security-issues-pirate-bay-kat-users-at-risk-500334.shtml
For additional stories, see
item 25 below in the Communications
Sector and item 27 above in Top
Stories
Communications Sector
25. February
16, SecurityWeek – (International) VoIP phone users warned about risks of
default settings. A security researcher reported that many users with Voice
over Internet Protocol (VoIP) phones failed to properly secure the devices
after finding that most phones’ default configurations were rarely secure and
in many cases, the administration interface of VoIP phones could be accessed
with a default password without any authentication protocol, allowing attackers
to hijack the phone and play recordings, upload their own firmware, spy on
victims, and intercept and transfer calls.
26. February
15, CNN Money – (National) Comcast outages anger thousands across US. Comcast
customers across the nation experienced service outages including the loss of
high-definition television service, beeping telephone lines, and the loss of
Xfinity service or Internet-based television accounts February 15 due to a
temporary network interruption. Source: http://money.cnn.com/2016/02/15/news/companies/comcast-service-outage/