Friday, December 9, 2016



Complete DHS Report for December 9, 2016

Daily Report                                            

Top Stories

• A December 7 fire at a Rocky Mountain Power substation in Rigby, Idaho, caused roughly 27,000 customers in eastern Idaho to lose power for several hours December 7 – 8. – KIFI 8 Idaho Falls

1. December 8, KIFI 8 Idaho Falls – (Idaho) Power restored in Rexburg, Rigby and Ririe. A December 7 fire at a Rocky Mountain Power substation in Rigby, Idaho, caused roughly 27,000 customers in eastern Idaho to lose power for several hours December 7 – 8. Officials determined the fire was caused by the failure of a voltage monitoring device.

• Hyundai Motor Company issued a recall December 8 for 41,264 of its model years 2007 – 2008 Hyundai Entourage vehicles sold in the U.S. due to a hood latch issue. – TheCarConnection.com

3. December 8, TheCarConnection.com – (National) 2007-2008 Hyundai Entourage recalled to fix hood latch glitch. Hyundai Motor Company issued a recall December 8 for 41,264 of its model years 2007 – 2008 Hyundai Entourage vehicles sold in the U.S. due to an issue with the secondary hood latches where the latches can become corroded and get stuck in the open position, which may prevent the secondary latch from holding the hood in place if the primary latch fails, thereby causing significant visibility problems for a driver and increasing the risk of an accident. Source: http://www.thecarconnection.com/news/1107683_2007-2008-hyundai-entourage-recalled-to-fix-hood-latch-glitch

• Researchers reported that two zero-day flaws affecting hundreds of thousands of Internet Protocol (IP) cameras worldwide could cause the devices to be ensnared into Internet of Things (IoT) botnets. – SecurityWeek

4. December 7, SecurityWeek – (International) Hundreds of thousands of IP cameras exposed to IoT botnets. Cybereason security researchers reported that two zero-day flaws, including a combined authentication bypass and information disclosure bug affect hundreds of thousands of Internet Protocol (IP) cameras worldwide, making them susceptible to malware compromise, which could subsequently cause the devices to be ensnared into Internet of Things (IoT) botnets. An attacker can leverage the vulnerabilities to move the camera and see the images it is sending, as well as execute malicious code, and find other cameras plagued by the same vulnerabilities.

• Officials reported that a pump failed at a lift station in Callaway, Florida, causing the release of approximately 25,000 gallons of untreated wastewater December 7. – WJHG 7 Panama City/WECP 18 Panama City

18. December 7, WJHG 7 Panama City/WECP 18 Panama City – (Florida) Untreated wastewater discharged into Callaway creek. Bay County, Florida officials reported that a pump failed during routine testing of a power generator at the Advanced Wastewater Treatment Plant lift station in Callaway, causing the release of approximately 25,000 gallons of untreated wastewater into a neighboring creek December 7. County utility crews cleaned up the site and were conducting water quality testing at the creek. Source: http://www.wjhg.com/content/news/Untreated-wastewater-discharged-into-Callaway-creek-405299585.html

Financial Services Sector

5. December 7, U.S. Department of Justice – (Louisiana) Louisiana criminal defense attorney pleads guilty to tax evasion. A criminal defense attorney from Baton Rouge, Louisiana, pleaded guilty December 7 to evading payment of roughly $1 million in Federal income tax, penalties, and interest, as well as employment tax, penalties, and interest between 2003 and 2013 while operating a criminal defense law practice in Hammond. In an effort to hide the ownership of his property and avoid the payment of his tax liabilities, the attorney used nominees and the trusts he beneficially owned to buy his primary residence for $435,000 in January 2007, and deposited $416,283 into the nominee bank account with funds from the trusts and other accounts not under his ownership between January 2007 and January 2014. Source: https://www.justice.gov/opa/pr/louisiana-criminal-defense-attorney-pleads-guilty-tax-evasion

Information Technology Sector

27. December 8, SecurityWeek – (International) August stealer uses PowerShell for fileless infection. Proofpoint security researchers warned that a new information stealing malware, dubbed August leverages Microsoft Word documents containing malicious macros, which once enabled, launch a PowerShell command to download and install the August stealer on a machine for a fileless infection. The malicious payload is downloaded from a remote site as a PowerShell byte array, and targets customer service and managerial staff at retail stores to steal credentials and sensitive documents from the affected devices.

28. December 8, Help Net Security – (International) 323,000 pieces of malware detected daily. Kaspersky Lab reported that the number of new malware files detected by its products increased to 323,000 per day in 2016, an increase of 13,000 from the amount of files detected in 2015. Source: https://www.helpnetsecurity.com/2016/12/08/malware-detected-daily/

29. December 7, Help Net Security – (International) Over 400,000 phishing sites have been observed each month during 2016. Webroot security researchers reported that phishing Websites have become more sophisticated and carefully crafted, as 84 percent of phishing sites observed in 2016 existed for less than 24 hours, making any organization or person susceptible to having sensitive information stolen. Webroot also found that during 2016, an average of more than 400,000 phishing Websites were observed each month and nearly all of the phishing URLs are hidden with benign domains, among other findings.

30. December 7, SecurityWeek – (International) Hackers can exploit Roundcube flaw by sending an email. RIPS Technologies discovered that Roundcube, an open source Webmail software was plagued with a critical vulnerability related to the Hypertext Preprocessor (PHP) function “mail()” that an attacker with access to the targeted system can exploit to execute arbitrary commands on the system by sending an email. The security firm found that the user input is not properly sanitized in the fifth parameter of the “mail()” function, which allows an attacker to pass arbitrary arguments and create a malicious PHP file in the system’s Web root directory, enabling the malicious actor to execute commands and conduct malicious activities. Source: http://www.securityweek.com/hackers-can-exploit-roundcube-flaw-sending-email

For another story, see item 4 above in Top Stories

Communications Sector

Nothing to report