Friday, September 2, 2016



Complete DHS Report for September 2, 2016

Daily Report                                            

Top Stories

• Two men were arrested in Torrance, California, August 30 for their roles in an $85,000 ATM skimming scheme. – Southern California City News Service

2. August 31, Southern California City News Service – (California) Duo arrested in widespread LA ATM machine skimming scam. Two men were arrested in Torrance, California, August 30 for their roles in an $85,000 ATM skimming scheme where the duo installed skimming devices on ATM machines in Burbank and elsewhere in Los Angeles County and stole the account information from over 50 bank customers to create cloned ATM cards and withdraw cash from other ATMs in the county. Officials discovered an additional $233,000 in declined transactions attempted by the duo.

• About 209 patients were evacuated from the Regional Medical Center Bayonet Point in Hudson, Florida, August 31 following an electrical fire in a generator room that knocked out power to the hospital. – WFLA 8 Tampa

10. September 1, WFLA 8 Tampa – (Florida) Electrical fire forces Florida hospital to evacuate as Tropical Storm Hermine nears. A total of 209 patients were evacuated from the Regional Medical Center Bayonet Point in Hudson, Florida, August 31 following an electrical fire in a generator room that knocked out power to the hospital. Officials stated nearly 50 patients were transferred to Oak Hill Hospital in Brooksville and the other patients were transported to regional facilities. Source: http://wsav.com/2016/09/01/electrical-fire-forces-florida-hospital-to-evacuate-as-tropical-storm-hermine-nears/

• More than 1,500 fire fighters reached 8 percent containment August 31 of the 17,302-acre Gap Fire burning in the Klamath National Forest between Yreka, California, and Happy Camp in Siskiyou County. – Redding Record Searchlight

11. September 1, Redding Record Searchlight – (California) Gap Fire in Siskiyou County grows to over 17,000 acres. More than 1,500 fire fighters reached 8 percent containment August 31 of the 17,302-acre Gap Fire burning in the Klamath National Forest between Yreka, California, and Happy Camp in Siskiyou County, which has destroyed at least 9 structures and 12 outbuildings. Source: http://www.redding.com/news/local/gap-fire-in-siskiyou-county-grows-to-over-13000-acres-3b667660-1063-3abb-e053-0100007fbdfd-391970221.html

• Kimpton Hotel & Restaurant Group, LLC officials confirmed August 31 that credit and debit cards used at more than 60 restaurants and hotel reception desks from February 2016 – July 2016 may have been compromised by malware. – Krebs on Security

17. September 1, Krebs on Security – (National) Kimpton Hotels acknowledges data breach. Officials from the Kimpton Hotel & Restaurant Group, LLC confirmed August 31 that malware detected on payment terminals may have compromised credit and debit cards used at more than 60 restaurants and hotel reception desks from February 16, 2016 – July 7, 2016. The source and extent of the breach remains under investigation.

Financial Services Sector

1. August 31, KTLA 5 Los Angeles – (California) FBI seeks help identifying ‘Helmet Head Bandit’ in connection with 2 recent bank robberies. Authorities are searching August 31 for a man dubbed the “Helmet Head Bandit” who is suspected of robbing 2 banks in La Canada Flintridge and Tujunga, California, and attempting to rob 1 other in Tujunga August 31. Source: http://ktla.com/2016/08/31/fbi-seek-help-identifying-helmet-head-bandit-in-connection-with-3-recent-bank-robberies

2. August 31, Southern California City News Service – (California) Duo arrested in widespread LA ATM machine skimming scam. Two men were arrested in Torrance, California, August 30 for their roles in an $85,000 ATM skimming scheme where the duo installed skimming devices on ATM machines in Burbank and elsewhere in Los Angeles County and stole the account information from over 50 bank customers to create cloned ATM cards and withdraw cash from other ATMs in the county. Officials discovered an additional $233,000 in declined transactions attempted by the duo.

Information Technology Sector

13. September 1, SecurityWeek – (International) Betabot starts delivering Cerber ransomware. Security researchers from Invincea discovered the Betabot ransomware began carrying out a second-stage payload where the malware delivers the Cerber ransomware on the endpoint of a compromised machine after stealing user passwords in the first-stage, in order for the malware operators to increase their profits. Researchers also found the ransomware was being delivered by the Neutrino exploit kit (EK) and stated the malware avoids detection and analysis through virtual machine awareness and by checking for sandboxes. Source: http://www.securityweek.com/betabot-starts-delivering-cerber-ransomware

14. September 1, SecurityWeek – (International) Cisco fixes severe flaw in WebEx, small business products. Cisco released software and firmware updates addressing several vulnerabilities in its WebEx Meetings Player version T29.10 for WebEx Recording Format (WRF) files after a COSIG security researcher discovered a critical flaw that could allow an unauthenticated attacker to execute arbitrary code remotely by tricking a user to open a specially crafted file, and a medium severity vulnerability that could allow an unauthenticated attacker to remotely crash the program by convincing the user to access a malicious file. Cisco also released fixes for three denial-of-service (DoS), cross-site request forgery (CSRF), and cross-site scripting (XSS) issues plaguing its Small Business 220 Series Smart Plus (Sx220) switches that could allow a remote, unauthenticated attacker to gain access to Simple Network Management Protocol (SNMP) objects on a compromised device. Source: http://www.securityweek.com/cisco-fixes-severe-flaws-webex-small-business-products

15. September 1, Softpedia – (International) Vulnerability in Yandex browser allows attackers to steal victims’ browsing data. A security researcher from Netsparker discovered the login form of the Yandex Browser was plagued with a cross-site forgery request (CSRF) vulnerability that could allow an attacker to steal a victim’s passwords, bookmarks, autocomplete info, and browser history, among other data, by convincing a user to visit a malicious Website that includes code to create a Yandex Browser data sync login form and submits the information with the attacker’s credentials, thereby starting an automatic syncing process that sends a copy of the user’s data to the attacker.

16. August 31, SecurityWeek – (International) Adobe patches critical vulnerability in ColdFusion. Adobe released security updates for ColdFusion versions 10 and 11 resolving a critical vulnerability after a researcher from legalhackers.com discovered the flaw is related to parsing specially crafted XML entities and could lead to information disclosure. Adobe officials advised users to install the patches and apply secure configuration settings to avoid the security flaw. Source: http://www.securityweek.com/adobe-patches-critical-vulnerability-coldfusion

Communications Sector

Nothing to report