Wednesday, August 24, 2016



Complete DHS Report for August 24, 2016

Daily Report                                            

Top Stories

• Mitsubishi Motors issued a recall August 22 for 82,436 of its model years 2015 – 2016 Mitsubishi Outlander Sport vehicles and model year 2016 Outlander and Lancer vehicles sold in the U.S. due to a software problem affecting an electronic control unit, which can prevent a vehicle from accelerating. – TheCarConnection.com

3. August 22, TheCarConnection.com – (National) 2015 – 2016 Mitsubishi Outlander Sport, 2016 Outlander and Lancer recalled for transmission woes. Mitsubishi Motors issued a recall August 22 for 82,436 of its model years 2015 – 2016 Mitsubishi Outlander Sport vehicles and model year 2016 Outlander and Lancer vehicles equipped with continuously variable transmissions (CVT) sold in the U.S. due to a software problem affecting an electronic control unit, which can prevent a vehicle from accelerating if there is a loss of signal from the CVT’s range switch, thereby increasing the risk of an accident. Source:

• Officials are investigating August 22 after more than 135,000 gallons of partially treated sludge was released into Galveston Bay in Texas from a waste water treatment plant during a construction project at the facility August 21. – Associated Press

14. August 22, Associated Press – (Texas) Officials probing sludge spill from Texas treatment plant. Officials are investigating August 22 after more than 135,000 gallons of partially treated sludge was released into Galveston Bay in Texas from a waste water treatment plant during a construction project at the facility August 21. Officials advised Galveston residents to avoid contact with the waste and to avoid fishing in the affected area, and stated drinking water was safe to consume. Source: http://www.thehour.com/news/texas/article/Officials-probing-sludge-spill-from-Texas-9178203.php

• Bay County Utilities reported August 22 that about 30,000 gallons of raw sewage spilled from a force main near the intersection of Highway 231 and Highway 2301 into a drainage ditch that flows into Bayou George, Florida. – WMBB 13 Panama City

15. August 22, WMBB 13 Panama City – (Florida) About 30,000 gallons of raw sewage released in Bayou George. Bay County Utilities reported August 22 that about 30,000 gallons of raw sewage was released from a force main near the intersection of Highway 231 and Highway 2301 into a drainage ditch that flows into Bayou George, Florida. The Florida Department of Health in Bay County advised people to avoid swimming in Bayou George north of Charles Drive and south of Gardenia Street until further notice. Source: http://www.mypanhandle.com/news/about-30000-gallons-of-raw-sewage-released-in-bayou-george

• Authorities are investigating the cause of a 3-alarm fire at an apartment complex in South Chicago, Illinois, August 23 that killed 4 residents, displaced dozens of others, and heavily damaged the building. – WLS 7 Chicago

23. August 23, WLS 7 Chicago – (Illinois) 4 dead in ‘suspicious’ South Chicago fire; person of interest questioned. Authorities are investigating the cause of a 3-alarm fire at an apartment complex in South Chicago, Illinois, August 23 that killed 4 residents, displaced dozens of others, and heavily damaged the building. Source: http://abc7chicago.com/news/baby-dies-3-unaccounted-for-in-south-chicago-fire/1480957/

Financial Services Sector

Nothing to report

Information Technology Sector

20. August 23, Softpedia – (International) Intruders use virtual machines on infected PCs to hide their actions. SecureWorks discovered malicious actors were attempting to install and launch a new virtual machine (VM) on an infected host in order to connect to the compromised device’s VM and withdraw sensitive data or execute other malicious actions without being detected by security software after finding that the attacker was using the Microsoft Management Console (MMC) to launch the Hyper-V Manager to manage Microsoft’s VM infrastructure. Source: http://news.softpedia.com/news/intruders-use-virtual-machines-on-infected-pcs-to-hide-their-actions-507550.shtml

21. August 23, SecurityWeek – (International) DetoxCrypto ransomware sends screenshots to operators. Bleeping Computer researchers discovered a new ransomware, dubbed DetoxCrypto was being distributed under two different variants, one of which, named Calipso.exe takes screenshots of a victim’s device and sends them to the malicious actor’s servers, and the other, dubbed Pokemon.exe poses as a PokemonGo app. Researchers found both variants can stop MySQL and Microsoft structured query language (MSSQL) services on an infected device, and use a single distributed executable to extract a MicrosoftHost.exe file, among other files, which encrypts the user’s files, displays a lock screen, and in the case of the Calipso variant, instructs a victim to contact the malware operator to receive payment instructions. Source: http://www.securityweek.com/detoxcrypto-ransomware-sends-screenshots-operators

22. August 22, Softpedia – (International) WordPress plugin fixes SQL injection flaw that let attackers dump site passwords. Ninja Forms released version 2.9.55.2 after Sucuri researchers discovered a structured query language (SQL) injection vulnerability affecting the Ninja Forms WordPress plugin installed on over 600,000 sites where an attacker with a registered account on a targeted Website can exploit the flaw to send a custom Hypertext Transfer Protocol (HTTP) POST request to an attacked site and trigger an SQL injection attack, which could allow an attacker to dump sensitive details including the site’s usernames and hashed passwords, as well as WordPress secret keys. Source: http://news.softpedia.com/news/sql-injection-found-in-one-of-the-most-popular-wordpress-plugins-507517.shtml

Communications Sector

Nothing to report