Wednesday, August 17, 2016



Complete DHS Report for August 17, 2016

Daily Report                                            

Top Stories

• Officials issued a safety order August 15 directing Washington Metropolitan Area Transit Authority (WMATA) to make changes to enhance safety after WMATA committed a total of 68 red signal violations since 2012. – WTOP 103.5 FM Washington, D.C.

7. August 15, WTOP 103.5 FM Washington, D.C. – (Washington, D.C.) After series of close calls, Metro ordered to make urgent fixes. The Federal Transit Administration issued a safety order August 15 directing Washington Metropolitan Area Transit Authority (WMATA) to make 11 changes to enhance rider and worker safety following an investigation that found that WMATA committed a total of 68 confirmed red signal violations from January 2012 – July 2016, among other violations. The 11 corrective actions require WMATA to increase oversight of train operator and controllers, review its fatigue management system, and consider new options to automatically stop trains before collisions. Source: http://wtop.com/tracking-metro-24-7/2016/08/series-trains-blow-red-signals-metro-ordered-make-urgent-fixes/

• The governor of Louisiana declared a state of emergency in East Baton Rouge, Louisiana, August 15 following severe storms August 12 – August 14 that left at least 4 people dead and displaced more than 10,000 residents. – NBC News

10. August 15, NBC News – (Louisiana) Louisiana flooding: At least four dead, 20,000 rescued. The governor of Louisiana declared a state of emergency in East Baton Rouge, Louisiana, August 15 following severe storms August 12 – August 14 that left at least 4 people dead, forced the closure of more than 100 roads across the State, damaged thousands of homes, and forced more than 10,000 residents to move to shelters August 14. Officials stated that over 1,700 rescue personnel saved more than 20,000 people from the flooding. Source: http://www.nbcnews.com/news/us-news/louisiana-flooding-least-three-dead-officials-warn-more-rain-come-n630331

• Officials reported August 15 that 13,237 patients at Professional Dermatology Care, P.C. in Reston, Virginia, were notified of a data breach after hackers may have gained access to protected patient information from the provider’s network server between June 19 and June 27. – Reston Patch; U.S. Department of Health and Human Services

11. August 15, Reston Patch; U.S. Department of Health and Human Services – (Virginia) Reston doctor's office hacked, 13,000 patient records compromised. U.S. Department of Health and Human Services officials reported August 15 that 13,237 patients at Professional Dermatology Care, P.C. in Reston, Virginia, were notified of a data breach after hackers outside of the U.S. may have gained unauthorized access to protected patient information and financial data, including patient names, Social Security numbers, and Medicare numbers, among other information, from the provider’s network server between June 19 and June 27 with the intent to extract money from the company in order to de-encrypt data. The company does not believe the hackers misused any of the patient data. Source: http://patch.com/virginia/reston/reston-doctors-office-hacked-13-000-patient-records-compromised

• Lookout researchers reported that 1.4 billion Android devices are affected by a security flaw in the Linux kernel’s implementation of the Transmission Control Protocol (TCP) that could allow a hacker to hijack unencrypted Web traffic. – Softpedia See item 19 below in the Communications Sector

Financial Services Sector

3. August 15, KRON 4 San Francisco – (California) ‘Bearded Bandit’ bank robbery suspect arrested in San Francisco. FBI officials reported August 15 that a man dubbed the “Dreaded Bandit” was arrested in San Francisco August 12 after he allegedly committed 4 bank robberies in the San Francisco Bay Area since April. Source: http://kron4.com/2016/08/15/bearded-bandit-bank-robbery-suspect-arrested-in-san-francisco/

For another story, see item 20 below from the Commercial Facilities Sector

Information Technology Sector

17. August 16, Softpedia – (International) FalseCONNECT vulnerability affects software from Apple, Microsoft, Oracle, more. A security researcher discovered a flaw in how applications from several vendors respond to Hypertext Transfer Protocol (HTTP) CONNECT requests via HTTP/1.0 407 Proxy Authentication Required responses which could allow an attacker with a foothold in a compromised network and the ability to listen to proxy traffic to detect HTTP CONNECT requests sent to the local proxy and issue a 407 Proxy Authentication Required response where the user must input a password to access a specific service and then authenticate, thereby sending the response to the malicious actor. Researchers stated that WebKit-based clients including Google Chrome, Apple’s iTunes, and Google Drive, among others, are most vulnerable to the attack.

18. August 15, SecurityWeek – (International) Windows script files used to deliver Locky ransomware. Researchers from Trend Micro warned that a Locky ransomware variant was being delivered to targeted organizations using Microsoft Windows script (WSF) files in order to download any malware payload and to make detection more difficult, as WSF files are not engine-specific, contain more than one scripting language, and are not monitored by typical endpoint security solutions, thereby increasing the chances of bypassing sandboxes and blacklisting technologies. Researchers stated the cybercriminals were targeting companies and that the files delivering Locky were compressed in ZIP archives and attached to emails with business-related subject lines.

For additional stories, see item 2 below from the Critical Manufacturing Sector and 19 below in the Communications Sector

2. August 15, SecurityWeek – (International) Flaw allows attackers to modify firmware on Rockwell PLCs. Cisco Talos researchers discovered a high severity flaw in Rockwell Automation, Inc.’s Allen Bradley MicroLogix 1400 programmable logic controllers (PLCs) where an undocumented Simple Network Management Protocol (SNMP) community string, dubbed “wheel” could be exploited to make unauthorized changes to a device, including replacing the original firmware with a malicious version. Rockwell Automation advised customers to use the RUN key switch setting to prevent unauthorized firmware updates and configuration changes.

Communications Sector

19. August 15, Softpedia – (International) 1.4 billion Android devices affected by Linux TCP flaw. Lookout security researchers reported that a security flaw in the Linux kernel’s implementation of the Transmission Control Protocol (TCP), which could allow a malicious actor to hijack unencrypted Web traffic or shutdown encrypted connections between two parties without a man-in-the-middle (MitM) position also affects 1.4 billion Android devices running versions 4.4 or higher, as the Android mobile operating system (OS) is built on a modified version of the Linux kernel. Researchers advised users to encrypt their traffic by employing a virtual private network (VPN), among other methods, to protect their devices. Source: http://news.softpedia.com/news/1-4-billion-android-devices-affected-by-linux-tcp-flaw-507317.shtml