Wednesday, July 13, 2016



Complete DHS Report for July 13, 2016

Daily Report                                            

Top Stories

• WPX Energy, Inc., reported July 12 that around 30 oil storage tanks caught fire at an oil and gas rig in San Juan County, New Mexico, July 11, prompting drilling to stop in the area. – KOAT 7 Albuquerque

1. July 12, KOAT 7 Albuquerque – (New Mexico) Massive fire at San Juan County oil and gas rig. WPX Energy, Inc., reported July 12 that around 30 oil storage tanks caught fire at an oil and gas rig in San Juan County, New Mexico, July 11, prompting drilling to stop in the area. Fire crews are allowing the fire to burn out before extinguishing the flames.

• General Mills, Inc., issued a recall July 11 for several of its Betty Crocker cake mixes due to a 21-State outbreak of E.coli O121 linked to the consumption of raw dough or batter that sickened 42 people since December 2015. – Food Safety News

11. July 11, Food Safety News – (International) General Mills pulls Betty Crocker mixes because of E.coli. General Mills, Inc., issued a recall July 11 for its Betty Crocker Delights Super Moist Party Rainbow Chip Cake Mix, Betty Crocker Delights Super Moist Carrot Cake Mix, and Betty Crocker Super Moist Rainbow Bit Cake Mix products due to a 21-State outbreak of E.coli O121 linked to the consumption of raw dough or batter that has sickened 42 people since December 2015. The products were distributed to retailers, restaurants, and bulk buyers nationwide, and in Canada and China. Source: http://www.foodsafetynews.com/2016/07/general-mills-pulls-betty-crocker-mixes-because-of-e-coli

• Two court bailiffs were killed and a suspect was shot and killed by police officers inside the Berrien County Courthouse in downtown St. Joseph July 11 following a disturbance at the courthouse. – Detroit Free Press

19. July 11, Detroit Free Press – (Michigan) 2 bailiffs, shooter dead in Berrien County Courthouse shooting. Two court bailiffs were killed and a suspect was shot and killed by police officers inside the Berrien County Courthouse in downtown St. Joseph July 11 following a disturbance at the courthouse. A deputy sheriff and several civilians were injured in the incident which remains under investigation. Source: http://www.freep.com/story/news/local/michigan/2016/07/11/reports-shots-fired-berrien-county-courthouse-st-joseph/86953034/

• Security researchers from SimilarWeb data and Proofpoint revealed that attackers were using a malicious version of the popular mobile gaming app, Pokemon GO to disseminate a remote access tool (RAT), dubbed DroidJack, to allow attackers to gain full control over the Android users’ mobile devices. – SecurityWeek See item 23 below in the Communications Sector

Financial Services Sector

3. July 11, U.S. Department of Justice – (California) Southern California man pleads guilty for his role as sales manager in fraudulent mortgage modification scheme. An Orange County, California resident pleaded guilty July 11 for his role as the sales manager of an estimated $9 million fraudulent mortgage modification scheme where he supervised dozens of telemarketers who made misleading statements and false promises to convince over 1,500 homeowners facing foreclosure to pay up to $5,500 for the services of Rodis Law Group (RLG) and a successor entity, America’s Law Group between October 2008 and June 2009 by falsely claiming RLG consisted of a team of attorneys experienced in negotiating lower interest rates and lowering principal balances, among other misrepresentations. Two co-defendants were also charged for their roles in the scheme.

Information Technology Sector

20. July 12, SecurityWeek – (International) Code execution flaw plagues Intel Graphics Driver. Security researchers from Cisco Talos discovered a local code execution vulnerability in Intel HD Graphics Windows Kernel Mode Driver version 10.18.14.4264 that could allow an attacker to run arbitrary code on a victims’ system or cause denial-of-service (DoS) by sending a specially crafted D3DKMTEscape request to the Intel DH Graphics drivers. Microsoft removed the NTVDM subsystem from its Windows 8 to mitigate the attack, but researchers stated the mitigations were not foolproof. Source: http://www.securityweek.com/code-execution-flaw-plagues-intel-graphics-driver

21. July 11, Softpedia – (International) Website takeover issue fixed in WordPress’ most popular plugin. A security researcher reported that the All in One SEO Pack WordPress plugin was plagued with a vulnerability that could allow attackers to store malicious code in the Web site’s admin panel which could potentially enable attackers to control the Web site. Source: http://news.softpedia.com/news/website-takeover-issue-fixed-in-wordpress-most-popular-plugin-506209.shtml

22. July 11, SecurityWeek – (International) DoS flaw affects Symantec endpoint products. Symantec released a patch that addressed a denial-of-service (DoS) vulnerability that affected its Norton Security’s Portable Executable file scanning functionality as well as its Endpoint Protection products after a security researcher from Cisco Talos found an attacker could exploit the vulnerability by sending a victim a crafted file with a large SizeOfRawData field in a section header due to a flaw in the Client Intrusion Detection System (CIDS) driver, which can cause a system to crash when interacted with a specially-crafted portable executable (PE) file. Source: http://www.securityweek.com/dos-flaw-affects-symantec-endpoint-products

For another story, see item 23 below in the Communications Sector

Communications Sector

23. July 11, SecurityWeek – (International) Backdoored Pokemon Go app infects Android devices. SimilarWeb data and Proofpoint revealed that attackers were using a malicious version of the popular mobile gaming app, Pokemon GO via third-party portals to disseminate a remote access tool (RAT), dubbed DroidJack, to add Android application package (APK) files and allow attackers to gain full control over the Android users’ mobile devices. DroidJack could allow an attacker to read and exit text messages, make phone calls, record audio, modify contacts, and connect to Wi Fi, among other actions. Source: http://www.securityweek.com/backdoored-pokemon-go-app-infects-android-devices