Complete DHS Report for August 16, 2016
Daily Report
Top Stories
• Mitsubishi Motors Corporation issued a recall August 15 for
45,731 of its model year 2015 Mitsubishi Outlander Sport vehicles equipped with
2.0-liter engines sold in the U.S. due to improperly secured hose clamps in the
vehicles’ continuously variable transmissions, which could cause transmission
fluid to leak. – TheCarConnection.com
1. August 15,
TheCarConnection.com – (National) 2015 Mitsubishi Outlander Sport recalled for
transmission problem: over 45,000 vehicles affected. Mitsubishi Motors
Corporation issued a recall August 15 for 45,731 of its model year 2015
Mitsubishi Outlander Sport vehicles equipped with 2.0-liter engines and
continuously variable transmissions (CVT) sold in the U.S. due to improperly
secured hose clamps in the vehicles’ CVT, which could cause transmission fluid
to leak and leave the vehicle inoperable, thereby increasing the risk of a
crash, or start a vehicle fire if the fluid comes into contact with a hot
surface. Source: http://www.thecarconnection.com/news/1105557_2015-mitsubishi-outlander-sport-recalled-for-transmission-problem-over-45000-vehicles-affected
• Rhode Island police are searching August 12 for a group
suspected of installing skimming devices on at least 4 ATMs across the State
since June and using the stolen information to make large cash withdrawals. – Bristol
Patch See item 2 below in
the Financial Services Sector
• Oriental Packing Co., Inc. issued a recall August 12 for
approximately 377,000 pounds of its blended seasoning curry products after
routine sampling revealed the presence of elevated levels of lead in the products.
– U.S. Food and Drug Administration
16. August 12,
U.S. Food and Drug Administration – (National) Oriental Packing
Co., Inc., issues alert on lead in curry powder. Oriental Packing Co., Inc.
issued a recall August 12 for approximately 377,000 pounds of its blended
seasoning curry products sold under 5 brands after routine sampling revealed
the presence of elevated levels of lead in the products. No illnesses have been
reported and the products were sold via Internet sales and to retail stores
nationwide. Source: http://www.fda.gov/Safety/Recalls/ucm516541.htm
• City officials from Grayling, Michigan reported that
approximately 17,000 gallons of raw sewage leaked into the Au Sable River from
the city’s main lift station August 13. – WWTV 9 Cadillac/WWUP 10 Sault Ste.
Marie
18. August 15,
WWTV 9 Cadillac/WWUP 10 Sault Ste. Marie – (Michigan) Grayling to
test Au Sable River following sewage leak. City officials in Grayling,
Michigan reported that approximately 17,000 gallons of raw sewage leaked into
the Au Sable River from the city’s main lift station August 13 after an
electrical surge caused a failure with the alarm system, leading to the sewage
leak. Officials advised residents to avoid contact with the river until test
results are returned. Source: http://www.9and10news.com/story/32761029/grayling-to-test-au-sable-river-following-sewage-leak
Financial Services Sector
2. August 12,
Bristol Patch – (Rhode Island) RI State police following trail left by ATM
skimming crime ring. Rhode Island police are searching August 12 for a
group suspected of installing skimming devices on at least 4 ATMs across Rhode
Island since June and using the stolen information to make large cash
withdrawals from ATMs at other area banks.
Information Technology Sector
24. August 14,
Softpedia – (International) Sharp increase in malware utilizing SSL. Blue
Coat released a report revealing that the number of malware samples employing
secure sockets layer (SSL) increased from 500 samples per month to 29,000 over
a 2 month period and the number of active command and control (C&C) servers
that used SSL-protected connections to communicate with their bots increased
from 1,000 servers in quarter 1 of 2015 to 200,000 servers in quarter 2 after
the security firm analyzed the detections and infrastructure of common malware
families known to implement SSL for protection, and cyber-criminal activity
from January 2014 – December 2015. Source: http://news.softpedia.com/news/sharp-increase-in-malware-utilizing-ssl-507291.shtml
25. August 14,
Softpedia – (International) New FSS Rowhammer attack hijacks Linux VMs. Researchers
from the Vrije University in the Netherlands discovered a new version of the
Rowhammer attack, dubbed Flip Feng Shui (FSS) that works in conjunction with
memory deduplication is capable of compromising the memory of shared Linux-based
virtual machines (VMs) used for cloud hosting services and could allow an
attacker to gain control of a victim’s accounts despite the absence of software
vulnerabilities if the malicious attacker buys access to cloud services
co-hosted with the victim. Researchers discovered the flaw is in the
cryptographic software and stated the attack can be used in multiple other
forms and applications in the software stack. Source: http://news.softpedia.com/news/new-ffs-rowhammer-attack-targets-linux-vm-setups-507290.shtml
26. August 13,
Softpedia – (International) New Windows trojan steals enterprise data and
Microsoft Office files. Security researchers from Bleeping Computer
discovered malicious actors were distributing a new type of infostealer trojan
as a file, dubbed Aug_1st_java.exe that disguises itself as the process of the
Google Chrome browser and targets 11 file types specific to enterprise
environments, including extensions associated with Microsoft Office
applications in order to gather information about the computer, including the
username, version of Windows, and a list of currently installed applications,
among other data, and then directs and uploads the files to its command and
control (C&C) server via the Microsoft Message Queuing (MSMQ) protocol.
Researchers also found that the infostealer trojan modifies the Windows
Registry after installation in order to gain the ability to run automatically
when the victim reboots their computer. Source: http://news.softpedia.com/news/new-windows-trojan-steals-enterprise-data-and-microsoft-office-files-507281.shtml
For additional stories, see
item 27 below in the Communications Sector and 28 below from the Commercial Facilities Sector
28. August 15,
Softpedia – (National) PoS malware found at 20 HEI Hotels properties. HEI
Hotels & Resorts announced August 15 that it notified customers the weekend
of August 13 about a security breach of its payment card processor that
targeted 20 of its properties nationwide since December 2015 after unauthorized
individuals installed malware on its point-of-sale (PoS) systems to capture
sensitive data including payment card account number, card verification code,
and card expiration date, among other details. The company disabled the malware
and is working to reconfigure various network components and payment systems to
enhance the security of its systems. Source: http://news.softpedia.com/news/pos-malware-found-at-20-hei-hotels-properties-507311.shtml
Communications Sector
27. August 14,
Softpedia – (International) ARMageddon cache attack on Android devices
can monitor keystrokes, ARM TrustZone. Researchers from the Graz University
of Technology in Austria discovered the first-ever cache attack affecting
multi-core Advanced RISC Machines (ARM) central processing units (CPUs) used in
hundreds of millions Android devices that could allow a third-party with no
elevated privileges to extract small portions of data from a CPU cache using
techniques like Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush to
monitor keystrokes, the ARM TrustZone, as well as tap and swipe gestures events
sent to the CPU for processing in order to infer details about the data being
processed. Google patched most of the issues in its March 2016 Android Security
Bulletin. Source: http://news.softpedia.com/news/new-armageddon-cache-attack-on-android-devices-can-monitor-keystrokes-507293.shtml