Thursday, May 26, 2016



Complete DHS Report for May 26, 2016

Daily Report                                            

Top Stories

• The governor of Michigan declared a state of energy emergency in Michigan May 24, suspending regulations related to hours-of-service for motor carriers and drivers transporting all transportation fuels within the State. – WDIV 4 Detroit  

1. May 25, WDIV 4 Detroit – (Michigan) Governor declares energy emergency for holiday weekend. The governor of Michigan issued Executive Order 2016-10 May 24, declaring a state of energy emergency in Michigan, suspending State and Federal regulations related to hours-of-service for motor carriers and drivers transporting all transportation fuels within the State, and enabling workers to exceed the number of hours and consecutive days for operating a commercial motor vehicle. The executive order follows an unplanned outage of the Marathon refinery in Detroit and the shutdown of a fuel pipeline in Wisconsin. Source: http://www.clickondetroit.com/news/gov-snyder-declares-energy-emergency-to-ensure-adequate-supplies-of-gasoline-for-holiday-weekend

• Five Cuban nationals were arrested May 24 in Miami for their roles in an estimated $2 million fraud scheme where the group posed as U.S. Internal Revenue Service agents and threatened victims to make immediate payments. – Associated Press See item 4 below in the Financial Services Sector

• Crews reached 30 percent containment May 23 of a 3,000-acre brush fire near Hermiston, Oregon that burned 2 buildings and forced the closure of Interstate 82 due to a multi-vehicle accident. – East Oregonian  

12. May 24, East Oregonian – (Oregon) Fire sweeps across Umatilla Depot, causes wrecks on I-82. Crews reached 30 percent containment May 23 of a 3,000-acre brush fire that moved across the Umatilla Chemical Depot west of Hermiston, burning 2 buildings and causing a multi-vehicle accident on Interstate 82 that left 4 people injured and forced the closure of the interstate for several hours. Source: http://www.eastoregonian.com/eo/local-news/20160523/fire-sweeps-across-umatilla-depot-causes-wrecks-on-i-82

• Researchers discovered that Moxa’s MiiNePort E1, E2, and E3 device models were plagued with at least three serious vulnerabilities including a weak credentials management issue, a clear text password issue, and a cross-site request forgery (CSRF) flaw. – SecurityWeek See item 18 below in the Information Technology Sector

Financial Services Sector

3. May 24, Houston Chronicle – (Texas) Elderly ex-con arrested for alleged $5M fraud scheme. Texas officials announced May 24 that a former executive at AG Cooper & Associates was arrested and indicted the week of May 16 on charges alleging that the executive orchestrated a wire and mail fraud scheme that bilked over 50 investors out of $5 million by issuing false quarterly statements to investors that indicated their funds were earning over 11 percent in legitimate investments. Officials stated that the executive used the funds for personal use. Source: http://www.chron.com/news/houston-texas/article/Senior-citizen-arrested-for-alleged-5-million-7942108.php

4. May 24, Associated Press – (National) The Treasury Department says it has arrested five people in Miami accused of defrauding victims of nearly $2 million by posing as IRS agents and demanding payment of overdue taxes. Officials from the U.S. Treasury Inspector General for Tax Administration office announced May 24 that 5 Cuban nationals were arrested in Miami for their roles in an estimated $2 million fraud scheme where the group posed as U.S. Internal Revenue Service (IRS) agents in telephone calls and threatened to arrest victims if they did not make an immediate payment of overdue taxes or other fees. Authorities stated that the victims were required to wire transfer the money, which is a method not used by the IRS. Source: http://www.greenfieldreporter.com/view/story/c9addb360ebc4bf991616a51d1e7ee22/US--IRS-Tax-Scam

Information Technology Sector

16. May 25, Softpedia – (International) Fiverr removes DDoS-for-Hire services from its marketplace. Fiverr banned and removed a series of ads reportedly providing distributed denial-of-service (DDoS)-related offerings on its marketplace Web site after security researchers from Incapsula found several DDoS services. Source: http://news.softpedia.com/news/fiverr-removes-ddos-for-hire-services-from-its-marketplace-504475.shtml

17. May 25, Softpedia – (International) Hackers take over thousands of Twitter accounts and tweet out adult content. Symantec discovered that over 2,500 Twitter accounts were compromised after hackers took over Twitter profiles, changed a user’s avatar picture, and sent out links to adult Web sites or Web cam sites by using Uniform Resource Identifier (URL) shorteners, primarily Bit.ly, to hide a link to adult Web sites using referral tags. Source: http://news.softpedia.com/news/hackers-take-over-thousands-of-twitter-accounts-and-tweet-out-adult-content-504468.shtml

18. May 25, SecurityWeek – (International) Unpatched flaws plague Moxa connectivity products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and an independent security researcher discovered that Moxa’s MiiNePort E1, E2, and E3 device models were plagued with at least three serious vulnerabilities including a weak credentials management issue, a clear text password issue, and a cross-site request forgery (CSRF) flaw. The devices are used in the commercial facilities sector, critical manufacturing sector, the energy sector, and the transportation sector. Source: http://www.securityweek.com/unpatched-flaws-plague-moxa-connectivity-products

19. May 24, Softpedia – (International) After record high numbers, a lot of people still don’t know what ransomware is. Kaspersky released a report after studying over 5,000 users in the U.S. and Canada which revealed that 43 percent of users studied were unfamiliar with ransomware and were unaware that they could lose critical data after such infections. The lack of knowledge reveals why users are unaware of how to deal with ransomware infections. Source: http://news.softpedia.com/news/after-record-high-numbers-a-lot-of-people-still-don-t-know-what-ransomware-is-504437.shtml

Communications Sector

Nothing to report

Wednesday, May 25, 2016



Complete DHS Report for May 25, 2016

Daily Report                                            

Top Stories

• Shell Pipeline Co., announced May 23 that it shut down its San Pablo Bay Pipeline after it ruptured May 20 near Tracy, California, spilling as much as 21,000 gallons of crude oil into the soil. – San Francisco Chronicle

1. May 23, San Francisco Chronicle – (California) Oil pipeline near Tracy spills thousands of gallons of crude. Shell Pipeline Co., announced May 23 that it shut down its San Pablo Bay Pipeline after it ruptured May 20 along the Alameda County-San Joaquin County border near Tracy, spilling as much as 21,000 gallons of crude oil into the soil. Crews reported to the site to clean up the contaminated soil and monitor air, water, and ground conditions. Source: http://www.sfgate.com/bayarea/article/Oil-pipeline-near-Tracy-spills-thousands-of-7940489.php

• Toyota Motor Corp., expanded a previous recall May 23 to include approximately 1.6 million of its model years 2006 – 2011 Lexus, Scion, and Toyota vehicles in select models sold in the U.S. due to faulty Takata Corp. front passenger side air bag inflators. – Reuters

3. May 23, Reuters – (National) Toyota recalls 1.6 million U.S. vehicles for Takata air bags. Toyota Motor Corp., expanded a previous recall May 23 to include approximately 1.6 million of its model years 2006 – 2011 Lexus, Scion, and Toyota vehicles in select models sold in the U.S. due to faulty Takata Corp. front passenger side air bag inflators that can rupture with excessive force, releasing shrapnel into vehicle occupants. The defective inflators have been linked to over 100 injuries and 13 deaths globally. Source: http://www.reuters.com/article/us-autos-takata-toyota-idUSKCN0YE2MX

• Two unrelated plane crashes in Hawaii May 23 left two people injured and a group of two instructors, two tandem jumpers, and a pilot dead. – CNN

6. May 24, CNN – (Hawaii) Two plane crashes in Hawaii leave five dead and two injured. Two unrelated plane crashes in Hawaii May 23 left a group of two instructors, two tandem jumpers, and a pilot dead after the group took off for a skydiving tour from Port Allen Airport in Kauai, while the second crash left two people injured after the plane experienced engine trouble while inbound to Honolulu International Airport. Source: http://www.cnn.com/2016/05/23/us/hawaii---plane-crashes/index.html

• Schools in Colorado, Wisconsin, Utah, New Hampshire, Delaware, and Minnesota were placed on lockdown or evacuated May 23 following a series of automated hoax bomb threat calls. – Associated Press

14. May 24, Associated Press – (National) School threats could be latest in school “swatting.” Schools in Colorado, Wisconsin, Utah, New Hampshire, Delaware, and Minnesota were placed on lockdown or evacuated May 23 following a series of automated bomb threat calls. Nothing suspicious was found after authorities searched the campuses.
  
Financial Services Sector

Nothing to report

Information Technology Sector

17. May 24, Softpedia – (International) Pastejacking attack overrides your clipboard to trick you into running evil code. A security researcher discovered a clipboard hijacking attack titled Pastejacking was capable of using Cascading Style Sheets (CSS) to add malicious content to the clipboard without a user’s awareness, tricking users into executing unwanted terminal commands via JavaScript. Source: http://news.softpedia.com/news/pastejacking-attack-overrides-your-clipboard-to-trick-you-into-running-evil-code-504420.shtml

18. May 24, SecurityWeek – (International) Adobe patches flaw in Connect web conferencing software. Adobe released Connect 9.5.3 addressing several functionality vulnerabilities and one security flaw after a security researcher discovered that attackers could exploit an untrusted search path issue affecting the Connect add-in installer to launch Dynamic Link Library (DLL) loading attacks. The flaws affect Connect versions 9.5.2 and earlier for Microsoft Windows. Source: http://www.securityweek.com/adobe-patches-flaw-connect-web-conferencing-software

19. May 24, Softpedia – (International) DMA Locker 4.0 may be the next big thing in terms of ransomware. A security researcher from Malwarebytes reported that the DMA Locker 4.0 ransomware had new improvements to its features including the new utilization of a command and control (C&C) server instead of using a single encryption key hardcoded in the ransomware. In addition, the ransomware can now generate unique Advanced Encryption Standard (AES) encryption keys for each file with a public RSA key obtained from the C&C server. Source: http://news.softpedia.com/news/dma-locker-4-0-may-be-the-next-big-thing-in-terms-of-ransomware-504413.shtml

20. May 23, SecurityWeek – (International) Critical vulnerability plagues 60% of Android devices. An elevation of privilege (EoP) flaw in the Widevine Qualcommm Secure Execution Environment (QSEE) TrustZone application reportedly affects about 60 percent of all Android devices globally despite being patched in January after security researchers discovered that QSEE was extremely privileged, allowing direct interaction with the TrustZone kernel and direct access to the system’s memory, enabling an attacker to hijack the Linux Kernel without having to find and exploit a Kernel flaw. Source: http://www.securityweek.com/critical-vulnerability-plagues-60-android-devices

Communications Sector

Nothing to report