Tuesday, March 29, 2016



Complete DHS Report for March 29, 2016

Daily Report                                            

Top Stories

• The Kyle Public Works Department worked to contain a spill of more than 117,000 gallons of wastewater that reached the Bunton Branch in Texas March 25 after storms reportedly caused pumps to fail when power was knocked out. – KXAN 36 Austin

9. March 26, KXAN 36 Austin – (Texas) More than 117,000 gallons of wastewater spills in Kyle. The Kyle Public Works Department worked to contain a spill of more than 117,000 gallons of wastewater that reached the Bunton Branch in Texas March 25 after storms reportedly caused pumps to fail when power was knocked out. Clean up is estimated to take 10 – 14 days while crews drain the creek and pump fresh water to dilute the remaining contaminants. Source: http://kxan.com/2016/03/25/more-than-100000-gallons-of-wastewater-spills-in-kyle/

• Officials reported March 25 that the personal information of more than 3,000 employees at Tidewater Community College in Virginia was leaked after an employee sent a file containing employees’ information in response to a data request from a fraudulent college account March 2. – Norfolk Virginian-Pilot

15. March 25, Norfolk Virginian-Pilot – (Virginia) Data breach exposes information on more than 3,000 TCC employees. Officials announced March 25 that personal information, including Social Security numbers, of more than 3,000 employees at Tidewater Community College (TCC) in Virginia was leaked when an employee sent a file March 2 that included personal information of employees in response to a data request from a fraudulent TCC email account. Source: http://pilotonline.com/news/local/crime/data-breach-exposes-information-on-more-than-tcc-employees/article_6ab72a2f-52a0-533e-8060-a2d245c7f151.html

• A March 25 fire inside a recording studio at Boston University’s College of Communication caused about $500,000 in damages and injured a university police officer, 3 students, and a firefighter. – WCVB 5 Boston

16. March 25, WCVB 5 Boston – (Massachusetts) 5 suffer smoke inhalation in Boston University campus fire. A March 25 fire inside a recording studio at Boston University’s College of Communication caused about $500,000 in damages and sent a university police officer, 3 students, and a firefighter to an area hospital for smoke inhalation. The building was evacuated and ventilated after investigators determined that the studio’s sound insulation in the walls produced high levels of hydrogen cyanide. Source: http://www.wcvb.com/news/fire-reported-on-boston-university-campus/38690464

• Vormetric released its 2016 Data Threat Report which detailed that 90 percent of Information Technology (IT) security executives from large international organizations expressed their organizations were vulnerable to data threats. – SecurityWeek See item 24 below in the Information Technology Sector

Financial Services Sector

2. March 25, U.S. Securities and Exchange Commission – (New Jersey; California) SEC halts fraud by manager of investments in pre-IPO companies. The U.S. Securities and Exchange Commission (SEC) announced March 25 charges and asset freezes against a New Jersey-based fund manager and 2 share-marketing companies, Saddle River Advisors and SRA Management Associates, after they allegedly stole $5.7 million from investors, diverted millions more to improper and undisclosed uses, failed to register the share offerings with the SEC, and concealed the illicit activity by avoiding outside reviews of the funds, indiscriminately transferring money to more than a dozen bank accounts, and failing to provide investors with financial statements. Officials stated that the manager raised more than $53 million from investors through the 2 funds and used the money to pay off earlier investors, prop up other funds, and pay family-related expenses, thereby leaving his firms unable to buy shares promised to investors. Source: https://www.sec.gov/news/pressrelease/2016-57.html

Information Technology Sector

19. March 28, SecurityWeek – (International) PowerWare ransomware abuses PowerShell, Office macros. Security researchers from Carbon Black reported a new fileless ransomware, PowerWare can allow attackers to disguise malicious commands as legitimate computer activities and execute malicious actions by abusing PowerShell, a core utility for Microsoft Windows systems. The malware was distributed via malicious Word documents that uses embedded macros to send “cmd.exe” to a target’s computer.

20. March 28, Softpedia – (International) Flaw in StartSSL validation allowed attackers to get SSL certs for any domain. A security researcher discovered a domain validation flaw in Web service, StartSSL certificate authority (CA) that could allow an attacker to receive Secure Sockets Layer (SSL) certificates for any desired domain by capturing the Hypertext Transfer Protocol (HTTP) request sent to the server and modifying the included parameters to send the certificate to their own personal email. StartSSL reported they patched the flaw. Source: http://news.softpedia.com/news/flaw-in-startssl-validation-allowed-attackers-to-get-ssl-certs-for-any-domain-502257.shtml

21. March 27, Softpedia – (International) WordPress attacked 3.5 times more often than non-CMS sites. Security firm, Imperva released a report stating that Web attacks in 2015 increased greatly after the company analyzed about 7 generic attacks and more than 24 million alerts for 200 Web applications, which revealed that Structured Query Language (SQL) injections tripled and cross-site scripting (XSS) attacks doubled within the year. In addition, the report found many attacks were in Web applications running on standard Content Management System (CMS) platforms, which were attacked three times more than non-CMSs applications, among other findings. Source: http://news.softpedia.com/news/wordpress-attacked-3-5-times-more-than-non-cms-sites-502232.shtml

22. March 26, Softpedia – (International) Node.js Package Manager vulnerable to malicious worm packages. A Google software engineer discovered that a design flaw in Node.js Package Manager (npm) could allow an attacker to infect other packages and propagate malicious scripts in the entire JavaScript ecosystem as well as in the structure of projects via a simple worm virus, which can be distributed through a rogue npm package embedded with malicious code. Once a malicious package is opened, unaware developers will include the package in projects via a “npm install” command, which will execute malicious actions on the infected system using the users’ full privileges. Source: http://news.softpedia.com/news/node-js-package-manager-vulnerable-to-malicious-worm-packages-502216.shtml

23. March 25, SecurityWeek – (International) Google patches serious flaws in Chrome 49. Google released patches for Chrome 49 affecting Microsoft Windows, Apple Mac, and Linux systems that fixed five vulnerabilities including a use-after free vulnerability in Navigation and Extensions, an out-of-bounds read in V8 JavaScript engine, and a buffer overflow flaw in LibAGLE, among other flaws. Source: http://www.securityweek.com/google-patches-serious-flaws-chrome-49

24. March 25, SecurityWeek – (International) U.S. Federal Agencies vulnerable to data threats: Survey. Vormetric released its 2016 Data Threat Report which detailed that 90 percent of Information Technology (IT) security executives from large international organizations, including more than 100 executives in the U.S. Federal government expressed their organizations were vulnerable to data threats and that 61 percent of executives admitted that their organization had previously suffered a data breach. The report stated that many entities were planning to increase spending on sensitive data protection, invest in data-at-rest defenses, and implement more efficient data security tools. Source: http://www.securityweek.com/us-federal-agencies-vulnerable-data-threats-survey

25. March 25, SecurityWeek – (International) Petya ransomware encrypts entire hard drives. Security researchers from G DATA SecurityLabs found a new threat, dubbed Petya ransomware that has been allegedly encrypting company’s entire hard drives and locking users out of their systems via a malicious Dropbox download link, included in an email sent to Human Resources (HR) departments, that is embedded with an executable file that causes the computer to crash and enables the ransomware to manipulate the Master Boot Record (MBR) to ultimately control the computer system. Security researchers advised HR department employees to take extra precaution when offered Dropbox links. Source: http://www.securityweek.com/petya-ransomware-encrypts-entire-hard-drives

26. March 25, SecurityWeek – (International) Brazilian trojan conceals malicious code in PNG image. Security researchers from Kaspersky Lab found a new malware delivery method was being used by attackers to avoid detection after finding that attackers were distributing a Portable Network Graphics (PNG) image embedded with malicious code via an email that contains a clean PDF file, which holds a link to a .zip file with the malicious image. Researchers found that the PNG image cannot be executed without its launcher; and therefore, it cannot be the main infector. Source: http://www.securityweek.com/brazilian-trojan-conceals-malicious-code-png-image

Communications Sector

Nothing to report