Friday, May 20, 2016



Complete DHS Report for May 20, 2016

Daily Report                                            

Top Stories

• Federal regulators released a final ruling May 18 prohibiting passengers and crewmembers from carrying battery-powered portable electronic smoking devices in checked baggage, and from charging the devices on board an aircraft. – U.S. Department of Transportation, Pipeline and Hazardous Materials Safety Administration

11. May 18, U.S. Department of Transportation, Pipeline and Hazardous Materials Safety Administration – (National) DOT bans e-cigarettes from checked baggage. The Pipeline and Hazardous Materials Safety Administration announced a final ruling May 18 prohibiting passengers and crewmembers from carrying battery-powered portable electronic smoking devices such as e-cigarettes, e-cigs, personal vaporizers, and other electronic nicotine delivery systems in checked baggage, and prohibiting passenger or crewmembers from charging the devices on board an aircraft. Passengers are allowed to carry the electronic smoking devices in carry-on baggage or on their person, but may not use them on flights. Source: http://www.phmsa.dot.gov/hazmat/dot-bans-ecigarettes-from-checked-baggage

• An 80-foot stretch of bank along the Bloomfield Irrigation District Ditch in Farmington collapsed May 16, shutting off access to the ditch and prompting officials to declare a state of emergency, among other actions. – Farmington Daily Times

14. May 16, Farmington Daily Times – (New Mexico) Ditch breach cuts off Bloomfield’s water supply. An 80-foot stretch of bank along the Bloomfield Irrigation District Ditch in Farmington collapsed May 16 shutting off access to the ditch, prompting San Juan County officials to declare a state of emergency, discontinue watering parks and sports fields, urge residents to conserve water, and initiate repairs which are expected to take at least 2 weeks.

• Officials reported May 18 that an additional 117 million LinkedIn users’ emails and passwords were compromised as attackers were discovered selling the information on the Dark Web May 16 in relation to a 2012 breach. – PC Magazine See item 23 below in the Information Technology Sector

• Noodles & Company officials reported May 16 that they were investigating a potential breach in its point-of-sales (PoS) systems after receiving reports of unusual transactions on customers’ credit cards starting in January 2016. – Krebs on Security

24. May 19, Krebs on Security – (National) Noodles & Company probes breach claims. Noodles & Company officials reported May 16 that they were investigating a potential breach in its point-of-sales (PoS) systems after receiving reports from financial institutions who detected unusual transactions on customers’ credit cards at various restaurant locations starting in January 2016. Source: http://krebsonsecurity.com/2016/05/noodles-company-probes-breach-claims/

Financial Services Sector

5. May 18, San Diego Union-Tribune – (California) ‘Hipster Bandit’ robs bank minutes after failed attempt. Authorities are searching for a man dubbed the “Hipster Bandit” who is suspected of robbing a Union Bank branch and attempting to rob a Wells Fargo Bank branch in Oceanside, California, May 18. The man is suspected of robbing at least four other banks in San Diego County since July 2015. Source: http://www.sandiegouniontribune.com/news/2016/may/18/hipster-bandit-robs-bank-oceanside/

6. May 18, Fort Myers News-Press – (Florida) Naples men pleads guilty to defrauding insurance companies. A Naples man pleaded guilty May 18 to Federal charges after the man and co-conspirators ran five unlicensed chiropractic clinics that received over $2 million in fraudulent insurance payments from car insurance companies by soliciting people to participate in staged vehicle accidents in exchange for compensation, and coaching the patients involved in the scheme to receive unneeded treatment. Officials stated the group used a shell corporation to conceal the proceeds from the fraudulent insurance claims and four other people were charged for their roles in the scheme. Source: http://www.news-press.com/story/news/crime/2016/05/18/naples-men-pleads-guilty-defrauding-insurance-companies/84566156/

7. May 17, SecurityWeek – (International) ATMs targeted with improved “Skimer” malware. Researchers at Kaspersky Lab discovered a new version of an ATM malware dubbed, “Skimer” that allows attackers direct interaction with ATMs by inserting two types of cards with specially crafted Track 2 data into the infected machine; one designed to execute commands hardcoded in Track 2, while the other allows attackers to launch 1 of 21 predefined commands using the personal identification number (PIN) and malware interface to dispense money from the machine, collect the details of cards inserted, and print the information collected from cards. Researchers stated attackers can use the malware interface to delete the malware, debug it, and update it with code stored on the special card. Source: http://www.securityweek.com/atms-targeted-improved-skimer-malware

Information Technology Sector

19. May 19, Softpedia – (International) A quarter of all hacked WordPress sites can be attributed to three plugins. Sucuri conducted an investigation on over 11,485 compromised Web sites and released its “Website Hacked Report” which revealed that during the first 3 months of 2016, 78 percent of hacked Web sites were using the WordPress Content Management System (CMS) platform and found that attackers were primarily using outdated plugins to hack WordPress sites. Outdated plugins included RevSlider, GravityForms, and TimThumb, but officials concluded that only 56 percent of all WordPress sites were running outdated WordPress core versions.

20. May 19, Softpedia – (International) TeslaCrypt ransomware project appears to shut down, offers free decryption key. Security researchers from ESET found that the TeslaCrypt ransomware operation will be shut down and the operators of the ransomware agreed to offer a master decryption key for all victims infected with the TeslaCrupt v3 and v4 after a researcher contacted the ransomware operator using the ransom Web site hosted on the Dark Web via their support channel. Source: http://news.softpedia.com/news/teslacrypt-ransomware-project-appears-to-shut-down-offers-free-decryption-key-504234.shtml

21. May 18, Agence France-Presse – (International) Cyber attackers target US presidential campaigns: Official. The DHS and the FBI are investigating cyberattacks against the campaigns of the U.S. presidential candidates after the director of the U.S. National Intelligence Council reported there were indications that revealed cyber attackers were targeting both the Democratic and Republican representatives. Officials stated the attacks could range from defacement to intrusion. Source: http://www.securityweek.com/cyber-attackers-target-us-presidential-campaigns-official

22. May 18, SecurityWeek – (International) Macro malware makes improvements on hiding malicious code. Security researchers from Microsoft’s Malware Protection Center discovered a new variation of the Donoff macro malware had evolved to avoid detection after finding that the malware was disseminated via spam email campaigns with attachments made to look non-malicious. The attachments contain seven Visual Basic for Applications (VBA) modules with an encrypted string in the Caption field for CommandButton3 and an unusual code in Module2. Source: http://www.securityweek.com/macro-malware-makes-improvements-hiding-malicious-code

23. May 18, PC Magazine – (International) 117M LinkedIn passwords leaked. LinkedIn officials reported May 18 that an additional 117 million LinkedIn users’ emails and passwords were compromised as attackers were discovered selling the information on the Dark Web May 16 following a 2012 breach where a hacker named “Peace” gained unauthorized access and compromised more than 6 million users’ accounts. The social network reported that the additional compromised accounts were not a result of a new security breach and were working to apply a password reset to potentially compromised accounts. Source: http://www.pcmag.com/news/344568/117m-linkedin-passwords-leaked

Communications Sector

Nothing to report