Complete DHS Report for December 2, 2016
Daily Report
Top Stories
• Alabama Power crews worked to restore power to an estimated
17,800 customers who remained without power November 29 following severe storms
that knocked out power to nearly 45,000 customers. – Birmingham News
2. November 29,
Birmingham News – (Alabama) Alabama Power crews work through the night
to restore power as thunderstorms hit Alabama. Alabama Power crews worked
November 29 to restore power to an estimated 17,800 customers who remained
without power after strong storms knocked out service to nearly 45,000
customers across the State November 28 – 29. Bagley Elementary School was
closed November 29 due to the outages. Source: http://www.al.com/news/birmingham/index.ssf/2016/11/power_outages_continue_as_thun.html
• Officials are investigating after a discharge line experienced
an outflow of over 100,000 gallons of treated wastewater in west Flower Mound,
Texas, November 29. – Flower Mound Cross Timbers Gazette
12. December 1, Flower
Mound Cross Timbers Gazette – (Texas) Wastewater spill reported in
Flower Mound. Trinity River Authority officials are investigating after a
discharge line within the Denton Creek Regional Wastewater System experienced
an outflow of over 100,000 gallons of treated wastewater in west Flower Mound,
Texas, November 29. Officials reported that public drinking water supplies were
not threatened or contaminated and there was no threat to human health or the
environment. Source: http://www.crosstimbersgazette.com/2016/12/01/wastewater-spill-reported-in-flower-mound/
• Security researchers discovered a new variant of an Android
malware campaign dubbed Gooligan that has breached the security of more than 1
million Google accounts since August 2016. – Help Net Security See item 21
below in the Information Technology
Sector
• Eight people were arrested November 26 near Farmersville,
Illinois, for their alleged involvement in a theft ring believed to be
responsible for $1.9 million in stolen goods and damages. – Jacksonville
Journal-Courier
24. November 30,
Jacksonville Journal-Courier – (National) Chase uncovers multi-million
dollar theft ring, police say. Eight people were arrested November 26 near
Farmersville, Illinois, for their alleged involvement in a theft ring that
struck high-end retail establishments in 4 States and is believed to be
responsible for $1.9 million in stolen goods and damages.
Source: http://myjournalcourier.com/news/103014/chase-uncovers-multi-million-dollar-theft-ring-police-say
Financial Services Sector
Nothing to report
Information Technology Sector
19. December 1, Softpedia
– (International) PayPal fixes security flaw allowing hackers to steal
OAuth tokens. PayPal Holdings, Inc. patched a critical security flaw in its
application after an Adobe Systems security researcher found a vulnerability
that could allow attackers to steal OAuth tokens due to the way PayPal allows
developers to register their apps with PayPal through a dashboard that
generates token requests which are submitted to a central authentication
server. The researcher found a hacker can trick the authentication server into
using a localhost as a redirect_uri parameter to redirect a PayPal validation
to a third-party domain where an attacker could access the data. Source: http://news.softpedia.com/news/paypal-fixes-security-flaw-allowing-hackers-to-steal-oauth-tokens-510642.shtml
20. December 1,
SecurityWeek – (International) Kelihos botnet spreading Troldesh ransomware.
Security researchers reported the Kelihos botnet was spotted distributing
the Troldesh encryption ransomware to targeted devices via spam emails that
contain URLs that redirect a victim to a JavaScript file and a Microsoft Word
document before encrypting users’ files and adding the .no_more_ransom
extension. The Troldesh ransomware displays a spam message impersonating Bank
of America that convinces a user to open a malicious attachment claiming to
have information on an outstanding debt, but instead downloads the malware and
Pony info-stealer onto a victim’s device. Source: http://www.securityweek.com/kelihos-botnet-spreading-troldesh-ransomware
21. November 30, Help Net
Security – (International) Gooligan Android malware used to breach a
million Google accounts. Check Point security researchers discovered a new
variant of an Android malware campaign dubbed Gooligan that has breached the
security of more than 1 million Google accounts since August 2016 by rooting
Android devices and stealing email addresses and authentication tokens stored
on them, thereby enabling a malicious actor to access users’ sensitive data
from Gmail, Google Docs, Google Photos, and Google Drive, among other programs.
The researchers found the Gooligan campaign infects 13,000 devices daily and
installs at least 30,000 apps on those infected devices each day, among other
findings.
22. November 30,
SecurityWeek – (International) Flaws found in Emerson DeltaV, Liebert
products. The Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) published three advisories outlining flaws affecting Emerson’s
DeltaV and Liebert products after a security researcher from Positive
Technologies found that Emerson’s Liebert SiteScan tool versions 6.5 and
earlier are plagued with an Extensible Markup Language (XML) external entity
(XXE) flaw that can be remotely exploited to execute arbitrary code or access
files from a server or connected network. The advisory also describes a
vulnerability in the DeltaV Easy Security Management app that could be
exploited to elevate privileges on the control system, among other flaws.
Communications Sector
Nothing to report