Complete DHS Report for April 8, 2016
Daily Report
Top Stories
• Two California men and a New Jersey woman were arrested and
charged April 4 in Nashua, New Hampshire, after authorities found over 250
counterfeit credit and debit cards, and more than 20 gift cards in the trio’s
vehicle. – NH1.com See item 8 below in
the Financial Services Sector
• Dell SecureWorks released a report stating that the underground
hacker market offered buying customers a plethora of services to hack the
commercial facilities sector, the transportation sector, and the financial
sector, among others. – SecurityWeek See item 25 below in
the Information Technology Sector
• Officials signed a two-part agreement with the governors of
Oregon and California April 6, agreeing to tear down four hydroelectric dams
along the Klamath River, among other actions, after discovering the dams were
preventing salmon from migrating to historic spawning grounds and degrading the
water quality. – Associated Press
29. April 6,
Associated Press – (California; Oregon) Officials sign unusual pact to tear down
hydroelectric dams. The U.S. Interior Secretary signed a two-part agreement
with the State governors of Oregon and California April 6, agreeing to tear
down four hydroelectric dams along the Klamath River, restore tribal lands,
provide additional water for farmers and ranchers, as well as continue to work
on a six-year-old settlement, among other actions, after discovering the dams
were preventing salmon from migrating to historic spawning grounds and
degrading the water quality, thereby causing fish disease and an algae surge.
Officials stated the project will be one of the largest river restoration plans
in U.S. history. Source: http://abcnews.go.com/US/wireStory/officials-sign-unusual-pact-tear-klamath-dams-38202127
• Officials announced April 6 that repairs to the Lewisville Lake
dam will begin in 2018 after a “sand boil” was found near the dam that could
cause dam failure and potential floodwaters in downtown Dallas. – Dallas
Morning News
30. April 6,
Dallas Morning News – (Texas) High-risk Lewisville Lake dam gets congressional
funding for important safety improvements. The U.S. Army Corps of Engineers
announced April 6 that they will accelerate repairs to the Lewisville Lake dam
to begin in 2018, two years earlier than scheduled after officials found a
“sand boil” near the dam, indicating a potential tunnel underneath the
infrastructure that could cause dam failure, displacement of 431,000 people,
innumerable deaths, potential floodwaters in downtown Dallas, and about $21
billion in damages. In addition, the project will include additional monitoring
equipment, a new drainage system, and spillway anchors to ensure the water does
not sweep dirt as it flows. Source: http://thescoopblog.dallasnews.com/2016/04/high-risk-lewisville-lake-dam-gets-congressional-funding-for-safety-improvements.html/
Financial Services Sector
8. April 6,
NH1.com – (New Hampshire; North Carolina; Massachusetts) Police: 3
people arrested for credit card scam, over 250 counterfeit credit/debit cards
found. Two California men and a New Jersey woman were arrested and charged
April 4 in Nashua, New Hampshire, after authorities found over 250 counterfeit
credit and debit cards, more than 20 gift cards, and receipts originating from
North Carolina in the trio’s vehicle. A subsequent search of the group’s two
hotel rooms in Tewksbury, Massachusetts, revealed a laptop computer, a card
reader and coder, a box of blank cards, and a large quantity of gift cards. Source:
http://www.nh1.com/news/police-3-people-arrested-for-credit-card-scam-over-250-counterfeit-credit-debit-cards-found/
For another story, see item 25 below in the Information Technology Sector
Information Technology Sector
20. April 7,
Softpedia – (International) Google reCAPTCHA cracked in new automated
attack. Three security researchers developed a new automated attack that
can bypass Google’s reCAPTCHA system and Facebook’s CAPTCHAS systems’ security
measures and machine learning after solving the systems’ image answers security
protocol with a 70.78 percent success rate when conducting studies on 2,235
CAPTCHAs. The new attack proved a higher degree of accuracy than previously
reported and could potentially allow malicious hackers to conduct the same
attack.Source: http://news.softpedia.com/news/google-recaptcha-cracked-in-new-automated-attack-502677.shtml
21. April 7,
SecurityWeek – (International) OSVDB shut down permanently. Leaders of
the Open Sourced Vulnerability Database (OSVDB) reported that its database will
be shut down permanently due to the lack of support and contribution from the
Information Technology (IT) industry. The project’s blog will remain active to
help provide commentary on items related to the vulnerability world. Source: http://www.securityweek.com/osvdb-shut-down-permanently
22. April 7,
The Register – (International) Remote code execution found and fixed in
Apache OpenMeetings. A hacker from Recurity Labs discovered four
vulnerabilities including a remote code execution (RCE) flaw, a predictable
password reset token, and an arbitrary file read flaw in Apache OpenMeetings, a
popular virtual meetings and shared whiteboard application, that could allow an
unauthenticated attacker to gain remote code execution on the system to hijack
installations of the product. To exploit the flaw, attackers only need to
identify the administrator’s username. Source: http://www.theregister.co.uk/2016/04/07/apache_openmeetings_remote_code_exec/
23. April 6,
Agence France-Presse – (International) Police raids target cyber-criminals in four
countries: Germany. Approximately 700 international police officers
participated in coordinated multi-national raids in the Netherlands, France,
Canada, and Germany to arrest globally active hackers and a variety of Internet
criminals that offered illicit services such as disguising malware from
anti-virus programs to steal online passwords and banking information, among
other actions. Officials reported that they arrested a chief suspect and
confiscated about 300 computers and disks. Source: http://www.securityweek.com/police-raids-target-cyber-criminals-four-countries-germany
24. April 6,
SecurityWeek – (International) Vulnerabilities continue to plague industrial
control systems. The DHS Industrial Control Systems-Computer Emergency
Readiness Team (ICS-CERT) released three security advisories on industrial
control systems (ICS) that detailed vulnerabilities originally found and
reported by independent researchers. The advisories indicated that critical
infrastructure and industrial networks were still inundated with serious flaws. Source: http://www.securityweek.com/vulnerabilities-continue-plague-industrial-control-systems
25. April 6,
SecurityWeek – (International) Hackers will break into email, social media
accounts for just $129. Dell SecureWorks released a report which revealed
that the underground hacker market, a virtual space for those interested in
hiring a hacker to compromise a Gmail, Hotmail, or Yahoo account, only required
customers to pay $129 for hacking personal email services and required
customers to pay $500 to compromise corporate email accounts. In addition, the
report stated the underground market offered a plethora of hacking services to
buying customers including services to hack the commercial facilities sector,
the transportation sector, and the financial sector, among others. Source: http://www.securityweek.com/hackers-will-break-email-social-media-accounts-just-129
Communications Sector
26. April 7,
Softpedia – (International) CSRF bug in over 135 million ARRIS modems
lets anyone factory reset the devices. A security researcher discovered a
cross-site request forgery (CSRF) bug in ARRIS SURFboard SB6141 model that
could allow an attacker to reset and/or factory reset the devices by using the
administrative panel’s Internet Protocol (IP) inside scripts to automate
attacks due to the devices unprotected Web-based administration panel, which is
open to users on the local network. The researcher noted that over 135 million
affected models were used internationally.