Monday, August 15, 2016



Complete DHS Report for August 15, 2016

Daily Report                                            

Top Stories

• Security researchers discovered two remote system attacks capable of unlocking millions of cars including one attack that targets Volkswagen Group cars and involves recovering the keys from electronic control units. – Help Net Security

4. August 11, Help Net Security – (International) Hundreds of millions of cars can be easily unlocked by attackers. Security researchers discovered two remote system attacks capable of unlocking millions of cars including one attack that targets Volkswagen Group cars and involves recovering the cryptographic algorithms and keys from electronic control units, which allows an attacker to clone the signal to open the vehicle, and another attack that exploits the cryptographically weak cipher in Hitag2 rolling code scheme used by manufacturers like Chevrolet and Ford, among others, to unlock the vehicle. Source: https://www.helpnetsecurity.com/2016/08/11/cars-easily-unlocked-attackers/

• Two Houston residents were arrested August 11 for their roles in a $650,000 credit card fraud scheme where the duo and another co-conspirator allegedly used 2 Houston-area businesses to steal the identities of at least 12 customers in order to obtain 116 credit cards. – KTRK 13 Houston See item 7 below in the Financial Services Sector

• Bon Secours Health System announced August 12 that approximately 665,000 patients were notified of a data breach after a third-party company inadvertently left confidential files accessible on the Internet from April 18 – 21. – WTKR 3 Norfolk

20. August 12, WTKR 3 Norfolk – (National) 665,000 Bon Secours patients exposed to data breach. Bon Secours Health System announced August 12 that approximately 665,000 patients were notified of a data breach after a third-party company inadvertently left files containing patients’ names, health insurance identification numbers, and Social Security numbers, among other information, accessible on the Internet while attempting to adjust their network settings from April 18 – 21. Officials do not believe the information was misused. Source:

• Authorities are investigating August 11 after the U.S. Forest Service discovered a 5-acre illegal marijuana operation in Pike National Forest in Jefferson, Colorado, consisting of about 18,300 plants. – Colorado Springs Gazette

22. August 11, Colorado Springs Gazette – (Colorado) 5 acres of marijuana found in Pike National Forest. Authorities are investigating August 11 after the U.S. Forest Service discovered a 5-acre illegal marijuana grow operation in Pike National Forest in Jefferson, Colorado, consisting of about 18,300 plants and 2,000 pounds of infrastructure including irrigation pipes, chemicals, and fertilizer, among other materials. Source: http://gazette.com/5-acres-of-marijuana-found-in-pike-national-forest/article/1582517

Financial Services Sector

7. August 11, KTRK 13 Houston – (Texas) Police bust identity theft scheme that netted $650K. Two Houston residents were arrested August 11 for their roles in a more than $650,000 credit card fraud scheme where the duo and another co-conspirator allegedly used 2 southwest Houston businesses, Lagos Island CafĂ© and Lace Warehouse and African Fashions, to steal the identities of at least 12 customers in order to apply for and obtain 116 credit cards from 8 different Houston-area financial institutions. The charges allege that one of the co-conspirators ran the credit cards under a fraudulent business name, Sleek Auto Sales and deposited the funds into a personal bank account. Source: http://abc13.com/news/police-bust-identity-theft-scheme-that-netted-$650k/1466692/

Information Technology Sector

25. August 12, Softpedia – (International) Locky ransomware uses vulnerable PHP forms for spam distribution. Researchers from Cisco’s OpenDNS team discovered that the group behind the Locky ransomware is leveraging security flaws in a PHP: Hypertext Preprocessor (PHP)-based Web-to-email service that allows the cybercriminals to brute-force the Web from and make it send a message with the Locky payload attached to any email address due to a vulnerability in a PHP contact form script. Researchers advised users to update their PHP Web-to-email form to the latest version to fix the problem. Source: http://news.softpedia.com/news/locky-ransomware-uses-vulnerable-php-forms-for-spam-distribution-507246.shtml

26. August 12, SecurityWeek – (International) Microsoft patches flaw related to “malicious butler” attack. Microsoft released a patch addressing a serious Windows authentication bypass vulnerability, dubbed a “remote malicious butler” attack after researchers discovered the flaw can be leveraged remotely to bypass authentication on the Windows login screen, and found that in a patched version of Windows, a device’s password could be changed if the rogue domain controller was disconnected in the middle of the password reset process. Researchers stated the patch addresses both the local evil maid attack and the remote butler version of the attack. Source: http://www.securityweek.com/microsoft-patches-flaw-related-malicious-butler-attack

For another story, see item 4 above in Top Stories

Communications Sector

27. August 12, SecurityWeek – (International) D-Link patches critical flaw in DIR routers. D-Link released firmware updates for several of its DIR model routers to resolve a critical stack-based buffer overflow after a researcher discovered the flaw was affecting a function responsible for validating session cookies that could be exploited for arbitrary code execution. D-Link researchers were working to patch the flaw in its DIR-817 Rev. Ax and DIR-818L Rev. Bx router models. Source: http://www.securityweek.com/d-link-patches-critical-flaw-dir-routers