Complete DHS Report for August 15, 2016
Daily Report
Top Stories
• Security researchers discovered two remote system attacks
capable of unlocking millions of cars including one attack that targets
Volkswagen Group cars and involves recovering the keys from electronic control
units. – Help Net Security
4. August 11,
Help Net Security – (International) Hundreds of millions of cars can be easily
unlocked by attackers. Security researchers discovered two remote system
attacks capable of unlocking millions of cars including one attack that targets
Volkswagen Group cars and involves recovering the cryptographic algorithms and
keys from electronic control units, which allows an attacker to clone the
signal to open the vehicle, and another attack that exploits the
cryptographically weak cipher in Hitag2 rolling code scheme used by
manufacturers like Chevrolet and Ford, among others, to unlock the vehicle. Source:
https://www.helpnetsecurity.com/2016/08/11/cars-easily-unlocked-attackers/
• Two Houston residents were arrested August 11 for their roles in
a $650,000 credit card fraud scheme where the duo and another co-conspirator
allegedly used 2 Houston-area businesses to steal the identities of at least 12
customers in order to obtain 116 credit cards. – KTRK 13 Houston See item 7 below in
the Financial Services Sector
• Bon Secours Health System announced August 12 that approximately
665,000 patients were notified of a data breach after a third-party company
inadvertently left confidential files accessible on the Internet from April 18
– 21. – WTKR 3 Norfolk
20. August 12,
WTKR 3 Norfolk – (National) 665,000 Bon Secours patients exposed to data
breach. Bon Secours Health System announced August 12 that approximately
665,000 patients were notified of a data breach after a third-party company
inadvertently left files containing patients’ names, health insurance
identification numbers, and Social Security numbers, among other information,
accessible on the Internet while attempting to adjust their network settings
from April 18 – 21. Officials do not believe the information was misused. Source:
• Authorities are investigating August 11 after the U.S. Forest
Service discovered a 5-acre illegal marijuana operation in Pike National Forest
in Jefferson, Colorado, consisting of about 18,300 plants. – Colorado
Springs Gazette
22. August 11,
Colorado Springs Gazette – (Colorado) 5 acres of marijuana found in
Pike National Forest. Authorities are investigating August 11 after the
U.S. Forest Service discovered a 5-acre illegal marijuana grow operation in
Pike National Forest in Jefferson, Colorado, consisting of about 18,300 plants
and 2,000 pounds of infrastructure including irrigation pipes, chemicals, and
fertilizer, among other materials. Source: http://gazette.com/5-acres-of-marijuana-found-in-pike-national-forest/article/1582517
Financial Services Sector
7. August 11,
KTRK 13 Houston – (Texas) Police bust identity theft scheme that netted $650K. Two
Houston residents were arrested August 11 for their roles in a more than
$650,000 credit card fraud scheme where the duo and another co-conspirator allegedly
used 2 southwest Houston businesses, Lagos Island Café and Lace Warehouse and
African Fashions, to steal the identities of at least 12 customers in order to
apply for and obtain 116 credit cards from 8 different Houston-area financial
institutions. The charges allege that one of the co-conspirators ran the credit
cards under a fraudulent business name, Sleek Auto Sales and deposited the
funds into a personal bank account. Source: http://abc13.com/news/police-bust-identity-theft-scheme-that-netted-$650k/1466692/
Information Technology Sector
25. August 12,
Softpedia – (International) Locky ransomware uses vulnerable PHP forms
for spam distribution. Researchers from Cisco’s OpenDNS team discovered
that the group behind the Locky ransomware is leveraging security flaws in a
PHP: Hypertext Preprocessor (PHP)-based Web-to-email service that allows the
cybercriminals to brute-force the Web from and make it send a message with the
Locky payload attached to any email address due to a vulnerability in a PHP
contact form script. Researchers advised users to update their PHP Web-to-email
form to the latest version to fix the problem. Source: http://news.softpedia.com/news/locky-ransomware-uses-vulnerable-php-forms-for-spam-distribution-507246.shtml
26. August 12,
SecurityWeek – (International) Microsoft patches flaw related to “malicious
butler” attack. Microsoft released a patch addressing a serious Windows
authentication bypass vulnerability, dubbed a “remote malicious butler” attack
after researchers discovered the flaw can be leveraged remotely to bypass
authentication on the Windows login screen, and found that in a patched version
of Windows, a device’s password could be changed if the rogue domain controller
was disconnected in the middle of the password reset process. Researchers
stated the patch addresses both the local evil maid attack and the remote
butler version of the attack. Source: http://www.securityweek.com/microsoft-patches-flaw-related-malicious-butler-attack
For another story, see item 4 above in Top Stories
Communications Sector
27. August 12,
SecurityWeek – (International) D-Link patches critical flaw in DIR routers. D-Link
released firmware updates for several of its DIR model routers to resolve a
critical stack-based buffer overflow after a researcher discovered the flaw was
affecting a function responsible for validating session cookies that could be
exploited for arbitrary code execution. D-Link researchers were working to
patch the flaw in its DIR-817 Rev. Ax and DIR-818L Rev. Bx router models. Source: http://www.securityweek.com/d-link-patches-critical-flaw-dir-routers