Monday, August 11, 2014


Complete DHS Report for August 11, 2014

Daily Report

Top Stories

 · Thirteen suspects were indicted in federal court August 7 for allegedly operating a major counterfeit currency ring that distributed over $77 million in fake bills in several States since at least 1999. – Bloomberg News See item 6 below in the Financial Services Sector

 · A hunter was charged August 7 with starting the August 2013 Rim Fire which burned over 250,000 acres in California, injured 10 people, and damaged over 100 structures. – Los Angeles Times 

20. August 7, Los Angeles Times – (California) Hunter charged with sparking massive Rim fire, state’s third-largest. A hunter was charged by a federal grand jury August 7 with starting a campfire in the Stainislaus National Forest in August 2013 that spread to become the Rim Fire burning over 250,000 acres in and around Yosemite National Park. The fire left 10 people injured and burned more than 100 structures in addition to causing significant environmental damage. Source: http://www.latimes.com/local/lanow/la-me-ln-rim-fire-charges-20140807-story.html

 · Kaspersky Lab identified the infection methods used in the Epic Turla cyber-espionage campaign that targeted military organizations, government agencies, education institutions, and pharmaceutical companies in over 45 countries. – Securityweek See item 27 below in the Information Technology Sector

 · Accuvant announced that up to 2 billion smartphone handsets are at risk for over the air hijacking which can be exploited through the Open Mobile Alliance Device Management protocol, used by approximately 100 mobile phone manufacturers. – The Register See item 30 below in the Communications Sector

Financial Services Sector

6. August 7, Bloomberg News – (International) U.S. charges 13 with spreading $77 million in fake bills. Thirteen suspects arrested by U.S. Secret Service agents in May and June were indicted in federal court August 7 for allegedly operating a major counterfeit currency ring that distributed over $77 million in fake bills in several States along the East Coast since at least 1999. The fake bills were believed to have been manufactured in Israel, and the group allegedly established a counterfeit bill printing press in New Jersey in January 2014. Source: http://www.businessweek.com/news/2014-08-07/u-dot-s-dot-charges-13-with-spreading-77-million-in-fake-bills

7. August 7, Miami Herald – (Florida) TotalBank responds to computer security breach. Miami-based TotalBank notified 72,500 customers after an investigation revealed that unauthorized individuals may have accessed the bank’s systems and obtained customer names, account numbers, addresses, account balances, and other personal information. The bank stated that it took action to secure its systems and is continuing to investigate. Source: http://www.miamiherald.com/2014/08/07/4277318/totalbank-responds-to-computer.html

8. August 7, IDG News Service – (International) Some mobile POS devices still affected by critical flaws months after patch. A researcher with MWR InfoSecurity and a colleague presenting at the Black Hat 2014 conference detailed how flaws in mobile point of sale (mPOS) devices from several manufacturers may be vulnerable to being taken over by attackers using customized smart cards in order to steal the payment card information read by the devices. The researchers reported the flaws previously and a patch for the EMV library was released in April, but some vendors have yet to push out the update to their devices, leaving the devices vulnerable. Source: http://www.networkworld.com/article/2463081/security/some-mobile-pos-devices-still-affected-by-critical-flaws-months-after-patch.html

Information Technology Sector

23. August 8, Softpedia – (International) Network access storage devices are highly exploitable. A researcher from Independent Security Evaluators presenting at the Black Hat 2014 conference reported finding a wide variety of vulnerabilities in network access storage (NAS) devices from several manufacturers, including directory traversal, command injection, memory corruption, authentication bypass, or back door vulnerabilities. Source: http://news.softpedia.com/news/Network-Access-Storage-Devices-Are-Highly-Exploitable-454103.shtml

24. August 8, Help Net Security – (International) Critical bug in WordPress plugin allows site hijacking. Sucuri researchers identified and reported a vulnerability in the Custom Contact Forms plugin for WordPress that could allow attackers to take control of sites using the plugin. The developers of Custom Contact Forms published an update for the plugin after the issue was published by the WordPress Security team. Source: http://www.net-security.org/secworld.php?id=17227

25. August 8, Help Net Security – (International) Two Gameover Zeus variants targeting Europe and beyond. Researchers at Bitdefender identified two Gameover Zeus variants in the wild, one botnet primarily targeting the U.S. while the second targets Belarus and Ukraine. The first botnet is generating around 1,000 domains per day while the second generates 10,000 per day but appears to currently be inactive. Source: http://www.net-security.org/malware_news.php?id=2833

26. August 8, Securityweek – (International) Cybercriminals steal cryptocurrency via BGP hijacking. Researchers with Dell SecureWorks reported finding cybercriminals using fake Border Gateway Protocol (BGP) broadcasts to redirect traffic from cryptocurrency mining pools to servers they control, diverting tens of thousands of dollars in cryptocurrency. The attackers compromised 51 mining pools hosted on 19 hosting companies. Source: http://www.securityweek.com/cybercriminals-steal-cryptocurrency-bgp-hijacking

27. August 7, Securityweek – (International) Attackers used multiple zero-days to hit spy agencies in cyber-espionage campaign. Kaspersky Lab researchers identified the infection methods used in the Epic Turla cyber-espionage campaign (also known as Snake or Uroburos) that targeted intelligence agencies, military organizations, government agencies, education institutions, pharmaceutical companies, and research groups in over 45 countries. The attackers behind the campaign used several malware platforms and zero-day exploits in Windows XP and Server 2003 and Adobe Reader to infect systems and then could upgrade the malware with additional capabilities once in place. Source: http://www.securityweek.com/attackers-used-multiple-zero-days-hit-spy-agencies-cyber-espionage-campaign

28. August 7, Dark Reading – (International) Attack harbors malware in images. A researcher with Dell SecureWorks reported finding the Lurk malware being distributed within a fake digital image as part of a click fraud campaign that infected around 350,000 systems. The malware in the campaign was spread through iFrames on Web sites containing an Adobe Flash exploit, and required victims to have a vulnerable version of Adobe Flash that is used to download the fake image file, which contains an encrypted URL that downloads a second malicious payload. Source: http://www.darkreading.com/endpoint/attack-harbors-malware-in-images/d/d-id/1297867

29. August 7, Securityweek – (International) Flaws in email and Web filtering solutions expose organizations to attacks: Researcher. A researcher at NCC Group presenting at the Black Hat 2014 conference published two whitepapers outlining how email and Web filtering solutions can be used by attackers in the reconnaissance phase of attacks to obtain information on a potential target network if the attackers can determine which products or services are being used on the target network. Source: http://www.securityweek.com/flaws-email-and-web-filtering-solutions-expose-organizations-attacks-researcher

For another story, see item 30 below in the Communications Sector

Communications Sector

30. August 8, The Register – (International) ‘Up to two BEEELLION’ mobes easily hacked by evil base station. Researchers from the security firm Accuvant announced at the Black Hat 2014 conference August 7 that up to 2 billion smartphone handsets are at risk for over the air hijacking and abuse which can be exploited through the Open Mobile Alliance Device Management (OMA-DM) protocol, used by approximately 100 mobile phone manufacturers. To access the handsets remotely the hacker only needs to know the handset’s unique International Mobile Station Equipment Identity (IMEI) number and a secret token. Source: http://www.theregister.co.uk/2014/08/08/two_billeeon_mobile_phones_easily_hackable_with_dummy_base_station/