Complete DHS Report for May 20, 2016
Daily Report
Top Stories
• Federal regulators released a final ruling May 18 prohibiting
passengers and crewmembers from carrying battery-powered portable electronic
smoking devices in checked baggage, and from charging the devices on board an
aircraft. – U.S. Department of Transportation, Pipeline and Hazardous Materials
Safety Administration
11. May 18,
U.S. Department of Transportation, Pipeline and Hazardous Materials Safety
Administration – (National) DOT bans e-cigarettes from checked baggage. The
Pipeline and Hazardous Materials Safety Administration announced a final ruling
May 18 prohibiting passengers and crewmembers from carrying battery-powered
portable electronic smoking devices such as e-cigarettes, e-cigs, personal
vaporizers, and other electronic nicotine delivery systems in checked baggage,
and prohibiting passenger or crewmembers from charging the devices on board an
aircraft. Passengers are allowed to carry the electronic smoking devices in
carry-on baggage or on their person, but may not use them on flights. Source: http://www.phmsa.dot.gov/hazmat/dot-bans-ecigarettes-from-checked-baggage
• An 80-foot stretch of bank along the Bloomfield Irrigation
District Ditch in Farmington collapsed May 16, shutting off access to the ditch
and prompting officials to declare a state of emergency, among other actions. –
Farmington Daily Times
14. May 16,
Farmington Daily Times – (New Mexico) Ditch breach cuts off
Bloomfield’s water supply. An 80-foot stretch of bank along the Bloomfield
Irrigation District Ditch in Farmington collapsed May 16 shutting off access to
the ditch, prompting San Juan County officials to declare a state of emergency,
discontinue watering parks and sports fields, urge residents to conserve water,
and initiate repairs which are expected to take at least 2 weeks.
• Officials reported May 18 that an additional 117 million
LinkedIn users’ emails and passwords were compromised as attackers were
discovered selling the information on the Dark Web May 16 in relation to a 2012
breach. – PC Magazine See item 23 below in
the Information Technology Sector
• Noodles & Company officials reported May 16 that they were
investigating a potential breach in its point-of-sales (PoS) systems after
receiving reports of unusual transactions on customers’ credit cards starting
in January 2016. – Krebs on Security
24. May 19,
Krebs on Security – (National) Noodles & Company probes breach claims. Noodles
& Company officials reported May 16 that they were investigating a
potential breach in its point-of-sales (PoS) systems after receiving reports
from financial institutions who detected unusual transactions on customers’
credit cards at various restaurant locations starting in January 2016. Source: http://krebsonsecurity.com/2016/05/noodles-company-probes-breach-claims/
Financial Services Sector
5. May 18,
San Diego Union-Tribune – (California) ‘Hipster Bandit’ robs bank
minutes after failed attempt. Authorities are searching for a man dubbed
the “Hipster Bandit” who is suspected of robbing a Union Bank branch and
attempting to rob a Wells Fargo Bank branch in Oceanside, California, May 18.
The man is suspected of robbing at least four other banks in San Diego County
since July 2015. Source: http://www.sandiegouniontribune.com/news/2016/may/18/hipster-bandit-robs-bank-oceanside/
6. May 18,
Fort Myers News-Press – (Florida) Naples men pleads guilty to
defrauding insurance companies. A Naples man pleaded guilty May 18 to
Federal charges after the man and co-conspirators ran five unlicensed
chiropractic clinics that received over $2 million in fraudulent insurance
payments from car insurance companies by soliciting people to participate in
staged vehicle accidents in exchange for compensation, and coaching the
patients involved in the scheme to receive unneeded treatment. Officials stated
the group used a shell corporation to conceal the proceeds from the fraudulent
insurance claims and four other people were charged for their roles in the
scheme. Source: http://www.news-press.com/story/news/crime/2016/05/18/naples-men-pleads-guilty-defrauding-insurance-companies/84566156/
7. May 17,
SecurityWeek – (International) ATMs targeted with improved “Skimer” malware.
Researchers at Kaspersky Lab discovered a new version of an ATM malware
dubbed, “Skimer” that allows attackers direct interaction with ATMs by
inserting two types of cards with specially crafted Track 2 data into the
infected machine; one designed to execute commands hardcoded in Track 2, while
the other allows attackers to launch 1 of 21 predefined commands using the
personal identification number (PIN) and malware interface to dispense money
from the machine, collect the details of cards inserted, and print the
information collected from cards. Researchers stated attackers can use the
malware interface to delete the malware, debug it, and update it with code
stored on the special card. Source: http://www.securityweek.com/atms-targeted-improved-skimer-malware
Information Technology Sector
19. May 19,
Softpedia – (International) A quarter of all hacked WordPress sites can
be attributed to three plugins. Sucuri conducted an investigation on over
11,485 compromised Web sites and released its “Website Hacked Report” which
revealed that during the first 3 months of 2016, 78 percent of hacked Web sites
were using the WordPress Content Management System (CMS) platform and found
that attackers were primarily using outdated plugins to hack WordPress sites.
Outdated plugins included RevSlider, GravityForms, and TimThumb, but officials
concluded that only 56 percent of all WordPress sites were running outdated
WordPress core versions.
20. May 19,
Softpedia – (International) TeslaCrypt ransomware project appears to shut
down, offers free decryption key. Security researchers from ESET found that
the TeslaCrypt ransomware operation will be shut down and the operators of the
ransomware agreed to offer a master decryption key for all victims infected
with the TeslaCrupt v3 and v4 after a researcher contacted the ransomware
operator using the ransom Web site hosted on the Dark Web via their support
channel. Source: http://news.softpedia.com/news/teslacrypt-ransomware-project-appears-to-shut-down-offers-free-decryption-key-504234.shtml
21. May 18,
Agence France-Presse – (International) Cyber attackers target US presidential
campaigns: Official. The DHS and the FBI are investigating cyberattacks
against the campaigns of the U.S. presidential candidates after the director of
the U.S. National Intelligence Council reported there were indications that
revealed cyber attackers were targeting both the Democratic and Republican
representatives. Officials stated the attacks could range from defacement to
intrusion. Source: http://www.securityweek.com/cyber-attackers-target-us-presidential-campaigns-official
22. May 18,
SecurityWeek – (International) Macro malware makes improvements on hiding
malicious code. Security researchers from Microsoft’s Malware Protection
Center discovered a new variation of the Donoff macro malware had evolved to avoid
detection after finding that the malware was disseminated via spam email
campaigns with attachments made to look non-malicious. The attachments contain
seven Visual Basic for Applications (VBA) modules with an encrypted string in
the Caption field for CommandButton3 and an unusual code in Module2. Source: http://www.securityweek.com/macro-malware-makes-improvements-hiding-malicious-code
23. May 18, PC
Magazine – (International) 117M LinkedIn passwords leaked. LinkedIn
officials reported May 18 that an additional 117 million LinkedIn users’ emails
and passwords were compromised as attackers were discovered selling the
information on the Dark Web May 16 following a 2012 breach where a hacker named
“Peace” gained unauthorized access and compromised more than 6 million users’
accounts. The social network reported that the additional compromised accounts
were not a result of a new security breach and were working to apply a password
reset to potentially compromised accounts. Source: http://www.pcmag.com/news/344568/117m-linkedin-passwords-leaked
Communications Sector
Nothing to report