Friday, August 8, 2014




Complete DHS Report for August 8, 2014

Daily Report

Top Stories

 · Researchers at the Black Hat 2014 conference presented findings that showed how attackers could remotely compromise the systems of certain vehicles that integrate Bluetooth, radio, or other communications methods into their sensors and controls. – Threatpost 

5. August 6, Threatpost – (International) Car hacking enters remote exploitation phase. Researchers at the Black Hat 2014 conference presented findings that showed how attackers could remotely compromise the systems of certain vehicles that integrate Bluetooth, radio, or other communications methods into their sensors and controls. Among the most vulnerable types of systems the researchers found were systems that can control vehicles automatically, such as active lane control, self-parking, and pre-collision systems. Source: http://threatpost.com/car-hacking-enters-remote-exploitation-phase

 · A Qualys researcher discovered two devices, the Morpho Detection Itemiser 3 and the Kronos 4500, used at U.S. airports and other security checkpoints have backdoors in which hackers can access usernames and passwords to the devices. – Dark Reading 

11. August 6, Dark Reading – (International) TSA checkpoint systems found exposed on the net. A Qualys researcher discovered two devices, the Morpho Detection Itemiser 3 and the Kronos 4500, used at U.S. airports and other security checkpoints have backdoors in which hackers can access usernames and passwords to the devices. The researchers also found about 6,000 Kronos time clock systems that are online and open to the public, two of which are located at U.S. airports. Source: http://www.darkreading.com/vulnerabilities---threats/advanced-threats/tsa-checkpoint-systems-found-exposed-on-the-net/d/d-id/1297843

 · DHS and the U.S. Office of Personnel Management (OPM) suspended work with US Investigations Services (USIS) August 6 after the contractor reported a cyber-attack likely involving the theft of personal information of DHS employees. – Reuters 

19. August 7, Reuters – (National) U.S. Homeland Security contractor reports computer breach. DHS and the U.S. Office of Personnel Management (OPM) suspended work with Virginia-based US Investigations Services (USIS) after the contractor reported a cyberattack likely involving the theft of personal information of DHS employees. DHS notified its entire workforce and is working with OPM, FBI, and USIS to determine the scope of the intrusion. Source: http://www.reuters.com/article/2014/08/07/us-usa-security-contractor-idUSKBN0G62N420140807

 · At least 600 guests and residents from three hotels in Vail, Colorado, were evacuated for approximately 8 hours August 6 after a construction crew inadvertently struck a large steel natural gas pipe and caused a leak. – KUSA 9 Denver 

30. August 7, KUSA 9 Denver – (Colorado) Vail gas leak repaired, evacuees allowed to return. At least 600 guests and residents from three hotels in Vail, Colorado, were evacuated August 6 after a construction crew inadvertently struck a large steel natural gas pipe and caused a leak. The leak was repaired and guests were allowed to return to their hotels after about 8 hours. Source: http://www.9news.com/story/news/local/2014/08/06/600-people-evacuated-after-gas-leak/13697433/


Financial Services Sector

7. August 6, Minneapolis/St. Paul Business Journal – (Minnesota; Arizona; Indiana) Charges: Eden Prairie investment adviser spent funds from $13M Ponzi scheme at casinos, strip clubs. The Minnesota U.S. Attorney’s Office filed charges against an Eden Prairie, Minnesota financial planner for allegedly using his company, Meadows Financial Group, to run a Ponzi scheme that collected at least $13 million from over 50 clients in Minnesota, Arizona, and Indiana. The charges allege that the man used most of the investment funds to pay existing investors and for personal use. Source: http://www.bizjournals.com/twincities/blog/law/2014/08/charges-eden-prairie-investment-adviser-spent-13m.html

8. August 6, Los Angeles Times – (California) ‘Hills Bandit’ of O.C. robs bank in Carlsbad, FBI says. The FBI stated that a suspect known as the “Hills Bandit” robbed a U.S. Bank branch in Carlsbad, California, August 5. The man is also suspected of previously robbing three other banks in Orange County. Source: http://www.latimes.com/local/lanow/la-me-ln-bank-robber-carlsbad-20140806-story.html

9. August 6, Salt Lake Tribune – (Utah) Jury finds fraudster guilty in commodities trading scam. The former head of Utah-based U.S. Ventures was found guilty August 6 on 5 counts of fraud and of filing a false tax return for running his company as a Ponzi scheme that lost $10.5 million in investments and paid out funds to previous investors and for the man’s personal use. Source: http://www.sltrib.com/sltrib/news/58269048-78/holloway-jury-money-murphy.html.csp

Information Technology Sector

24. August 7, Help Net Security – (International) Symantec issues update fixing Endpoint Protection zero-day. Symantec issued a patch for its Symantec Endpoint Protection (SEP) security solution to address a zero-day vulnerability identified by Offensive Security researchers that could allow an attacker with access to the target computer to escalate admin privileges or cause a denial of service (DoS) situation. The vulnerability can not be exploited remotely but the exploit code is publicly available. Source: http://www.net-security.org/secworld.php?id=17218

25. August 7, Softpedia – (International) OpenSSL receives nine security fixes. A new version of the OpenSSL library was released, closing nine security vulnerabilities identified by researchers from various organizations. The vulnerabilities could lead to information leaking, downgrading to lower versions of the security protocol, or denial of service (DoS) attacks. Source: http://news.softpedia.com/news/OpenSSL-Receives-Nine-Critical-Fixes-453932.shtml

26. August 7, Softpedia – (International) US Plextor website hacked by CoMoDo Islamic hackers. Attackers identifying themselves as the CoMoDo group defaced the Web site of computer hardware manufacturer Plextor Americas. The company stated that they are investigating the incident. Source: http://news.softpedia.com/news/US-Plextor-Website-Hacked-by-CoMoDo-Islamic-Hackers-453960.shtml

27. August 7, Softpedia – (International) WordPress and Drupal fix common PHP XML parser vulnerability. WordPress and Drupal released new versions of their respective products in a joint effort to close an XML processing vulnerability that existed in both services and could be used by attackers to perform denial of service (DoS) attacks. The vulnerability was reported by a researcher at Salesforce.com and affected over 250 million Web sites according to Incapsula researchers. Source: http://news.softpedia.com/news/WordPress-and-Drupal-Fix-Common-PHP-XML-Parser-Vulnerability-453888.shtml

28. August 6, Securityweek – (International) APT group hijacks popular domains to mask C&C communications: FireEye. Researchers with FireEye reported identifying an advanced persistent threat campaign dubbed “Poisoned Hurricane” that used a variant of the PlugX (Kaba) malware configured to resolve DNS lookups through the nameservers of Hurricane Electric, which then spoofed legitimate domains and IP addresses to disguise the malware’s communication with command and control (C&C) servers. Source: http://www.securityweek.com/apt-group-hijacks-popular-domains-mask-cc-communications-fireeye

29. August 6, Softpedia – (International) Twitter URL shortening service abused by spammers. Cloudmark researchers reported that the t.co URL shortening service used by Twitter was used in 54 percent of shortened links blacklisted by the company for use in spam campaigns, and that one entity appeared to be behind two observed campaigns abusing the service, among other findings. Source: http://news.softpedia.com/news/Twitter-URL-Shortening-Service-Abused-by-Spammers-453832.shtml

For other stories see items 11 and 19 in Top Stories

Communications Sector

Nothing to report