Tuesday, May 3, 2016



Complete DHS Report for May 3, 2016

Daily Report                                            

Top Stories

• Nissan Motor Company Ltd., issued a recall April 29 for nearly 3.2 million of its model years 2013 – 2017 vehicles in 11 makes, and model years 2015 – 2016 Chevrolet City Express vehicles sold in the U.S. due to potentially faulty passenger-side air bag sensors. – Reuters

7. April 29, Reuters – (International) Nissan to recall 3.53 million vehicles: air bags may not deploy. Nissan Motor Company Ltd., issued a recall April 29 for nearly 3.2 million of its model years 2013 – 2017 vehicles in 11 makes, and model years 2015 – 2016 Chevrolet City Express vehicles sold in the U.S. due to potentially faulty passenger-side air bag sensors that may register an adult front seat passenger as a child or an empty seat, thereby preventing the air bag from deploying in the event of a crash after the company received 1,271 consumer complaints and warranty claims linked to the issue. The recall also includes 622,110 of Nissan’s Sentra vehicles due to a front passenger seat belt bracket issue where the bracket may become deformed if it used to secure a child restraint system. Source: http://www.reuters.com/article/us-autos-nissan-recall-idUSKCN0XQ2A8

• A CSX freight train carrying 15,500 gallons of chemicals derailed, sent14 cars off the tracks, spilled three different chemicals, and closed Rhode Island Avenue-Brentwood Metro Station for several hours May 1. – WRC 4 Washington, D.C.

16. May 1, WRC 4 Washington, D.C. – (Washington, D.C.) CSX: Train derails in DC, leaks 3 different chemicals. Rhode Island Avenue-Brentwood Metro Station was closed for several hours May 1 and Washington Metropolitan Area Transit Authority (Metro) service on the Red Line was suspended after a CSX freight train carrying 15,500 gallons of chemicals derailed, sending 14 cars off the tracks and spilling its load of ethanol, sodium hydroxide, and calcium chloride. The train derailment also ruptured an underground gas line, forcing officials to turn off gas for the surrounding area. Source: http://www.nbcwashington.com/news/local/CSX-Train-Derails-Hazardous-Material-Leaking-377725691.html

• Heavy storms April 30 caused more than 100 power outages, impacted more than 6,000 customers, and knocked out power at 2 water pumping stations, and forced officials to issue a boil water advisory May 1 in Atlanta. – Associated Press

23. May 1, Associated Press – (Georgia) Boil water advisory issued for large part of Atlanta. Heavy storms April 30 caused more than 100 power outages, impacted more than 6,000 customers, and knocked out power at 2 water pumping stations, forcing officials to issue a boil water advisory May 1 for several parts of Atlanta. The Department of Watershed Management was flushing the system as a precaution to ensure no contamination in the water system. Source: http://www.ledger-enquirer.com/news/state/georgia/article74997177.html

• A multi-alarm fire caused approximately $1.5 million dollars in damages to a Mount Vernon commercial block May 1 due to a fire that reportedly began at the Craft Stove. – KING 5 Seattle

39. May 1, KING 5 Seattle – (Washington) Massive fire destroys Mount Vernon businesses. A Mount Vernon commercial block May 1 sustained approximately $1.5 million in damages after a multi-alarm fire was first discovered at the Craft Stove and spread to surrounding businesses. Fire crews remained on site for several hours containing the incident and no injuries were reported. Source: http://www.king5.com/news/local/fire-causes-15-million-in-damages-in-mt-vernon/163666825

Financial Services Sector

8. April 29, Newark Star-Ledger – (National) Man in $5M ATM ‘skimming’ ring pleads guilty. A Romanian man pleaded guilty April 29 to Federal charges for his role in a $5 million ATM skimming ring where he and co-conspirators allegedly installed skimming devices on ATMs at banks in New Jersey, New York, Connecticut, and Florida, and transferred the stolen data onto blank ATM cards which were used to withdraw funds from customers’ accounts. Officials stated that a total of 16 people were charged for their involvement and one suspect remains at large. Source: http://www.nj.com/news/index.ssf/2016/04/man_in_5m_atm_skimming_ring_pleads_guilty.html

9. April 29, WJW 8 Cleveland – (Ohio) Cleveland FBI asks for help identifying ‘breakdown lane bandit.’ FBI officials and local police departments in Cleveland are searching April 29 for a man dubbed the “BDL Bandit” who is suspected of committing three bank robberies in the Cleveland area since March, including a PNC Bank branch, a First Merit Bank branch, and a US Bank branch. Authorities stated that the suspect is armed and believed to have an accomplice. Source: http://fox8.com/2016/04/29/cleveland-fbi-asks-for-help-identifying-breakdown-lane-bandit/

10. April 29, Bergen County Record – (New Jersey) Police seeking Garfield bank robber who may be ‘Count Down Bandit.’ Authorities are searching for a man suspected of robbing an M&T Bank branch in Bergen County, New Jersey, April 28. Officials stated that the suspect is believed to be the “Count Down Bandit,” a man allegedly responsible for seven other bank robberies in Bergen and Passaic counties since July 2015. Source: http://www.northjersey.com/news/police-seeking-garfield-bank-robber-who-may-be-count-down-bandit-1.1555809

11. April 29, KCPQ 13 Tacoma – (Washington) ‘Baseball Hat Bandit:’ Guaranteed $1,000 reward to identify serial bank robber wearing different caps for slew of capers. Authorities offered a reward April 29 in exchange for information about a man dubbed the “Baseball Hat Bandit,” who is suspected of robbing five banks in King and Pierce counties in Washington. Source: http://q13fox.com/2016/04/29/baseball-hat-bandit-guaranteed-1000-reward-to-identify-serial-bank-robber-wearing-different-caps-for-slew-of-capers/

Information Technology Sector

31. May 2, SecurityWeek – (International) Serious flaw found in “PL/SQL Developer” update system. Allround Automations released a new version of its PL/SQL Developer product after an application security consultant discovered that version 11.0.4, and earlier versions, used Hyper Text Transfer Protocol (HTTP) updates and did not validate the downloaded file’s authenticity, allowing a man-in-the-middle (MitM) attacker to replace the authentic Uniform Resource Locator (URL) with another URL that leads to a malicious file, as well as replace the download link with an arbitrary command that will execute in a user’s context during the PL/.SQL Developer update process.

32. May 2, SecurityWeek – (International) Microsoft adds Nano server to bug bounty program. Microsoft reported April 29 that it is offering large monetary rewards for vulnerabilities found in the Nano Server installation option of its Windows Server 2016 Technical Preview 5 and all subsequent releases after stating that the product was ideal for a compute host for Hyper-V virtual machines, a storage host for Scale-Out File Server, a Domain Name System (DNS) server, and a host for cloud apps, and if infected, could pose severe damages to each component.

33. May 1, Softpedia – (International) Valve fixes steam crypto bug that exposed passwords in plaintext. Valve updated its Steam gaming client after a security researcher found that the lack of Message Authentication Code (MAC) in its application’s crypto package allowed an attacker to carry out man-in-the-middle (MitM) attacks, enabled victims to become Valve Anti-Cheat (VAC) banned, or potentially exposed users’ passwords in plaintext. Source: http://news.softpedia.com/news/valve-fixes-steam-crypto-bug-that-exposed-passwords-in-plaintext-503583.shtml

34. May 1, Softpedia – (International) Decrypter for Alpha ransomware lets victims recover files for free. A team of security researchers discovered and decrypted a new ransomware version called Alpha ransomware, which demands targets pay $400 worth of iTunes gift cards to decrypt encrypted files by using AES-256 encryption to lock files, change each file’s name with the .encrypted extension, add a ransom note in text format in each folder, change the target’s wallpaper, and delete itself to avoid detection. Researchers found a weakness in the ransomware’s encryption routine and released a decrypter to help victims retrieve locked files. Source: http://news.softpedia.com/news/decrypter-for-alpha-ransomware-lets-victims-recover-files-for-free-503581.shtml

35. April 29, Softpedia – (International) Crooks deliver android malware via Fake Google Chrome updates. Security researchers from Zscaler discovered that cyber criminals were distributing fake Google Chrome update packages disguised as Android application package (APK) files affecting Android users to steal a target’s credit card information, terminate the device’s antivirus software, monitor incoming and outgoing calls and Short Message Service (SMS) messages, as well as start or end calls, among other actions. Attackers were seen using large collections of domain names to host the malware, which were changed a regular intervals. Source: http://news.softpedia.com/news/crooks-deliver-android-malware-via-fake-google-chrome-updates-503559.shtml

36. April 29, Softpedia – (International) BPlug trojan hides in Chrome Extensions and Spams your Facebook friends. Security researchers from Dr. Web discovered that over 12,000 users were infected with the trojan titled, Trojan.BPlug.1074 or BPlug after the bug was seen hiding in Google Chrome’s extensions and collecting a target’s Facebook user identifier (UID) and their cross-site request forgery (CSRF) token to execute actions on a Facebook users’ behalf. Attackers can send out malicious links disguised as YouTube videos to Facebook friends in an aim to increase the trojan’s infection. Source: http://news.softpedia.com/news/bplug-trojan-hides-in-chrome-extensions-and-spams-your-facebook-friends-503554.shtml

37. April 29, SecurityWeek – (International) Malware leverages Windows “God Mode” for persistency. Researchers from Intel Security reported that the malware dubbed, “Dynamer” was abusing the Microsoft Windows Easter Egg called “God Mode” function to gain persistency on an infected machine by installing itself into a folder inside the %AppData% directory, creating a registry run key, and executing its capability normally. Researchers advised affected users to terminate the malware’s process via Task Manager and run a specially crafted command from the command prompt. Source: http://www.securityweek.com/malware-leverages-windows-god-mode-persistency

Communications Sector

Nothing to report