Thursday, December 11, 2014



Complete DHS Report for December 11, 2014

Daily Report

Top Stories

 • CHARGE Anywhere stated December 9 that attackers had gained access to its network using a previously unknown and undetected piece of malware and were able to capture payment card data from some unencrypted communications. – Securityweek See item 6 below in the Financial Services Sector

 • A winter storm in the Northeast caused hazardous road conditions for several States and prompted at least 300 school closures or delays in New Hampshire December 9. – Associated Press
18. December 9, Associated Press – (New Hampshire) Northeast dealing with heavy rains, snow, wind. A winter storm moving through the Northeast caused hazardous road conditions for several States and caused at least 300 school closures or delays in New Hampshire December 9 due to snow, freezing rain, and sleet. Source: http://www.msn.com/en-us/news/other/northeast-dealing-with-heavy-rains-snow-wind/ar-BBgx4lH

 • Researchers identified and analyzed a cyber-espionage campaign that appears similar to the RedOctober campaign dubbed Cloud Atlas or Inception Framework that has been targeting the devices of specific users in a number of industry sectors in several countries via spearphishing. – Softpedia See item 22 below in the Information Technology Sector

 • A December 10 fire at the Gatewood Apartments complex in Dallas left 2 people dead, 3 others injured, and triggered the evacuation of about 300 individuals from the facility. – Reuters
33. December 10, Reuters – (Texas) Two die in Dallas fire at senior apartment complex: reports. A December 10 fire at the Gatewood Apartments assisted-living senior apartment complex in Dallas left 2 people dead, 3 others injured, and triggered the evacuation of about 300 individuals from the facility. Authorities are investigating the source of the blaze that trapped residents on balconies and prompted the rescue of several individuals with limited mobility. Source: http://www.reuters.com/article/2014/12/10/us-usa-texas-fire-idUSKBN0JO1EZ20141210

Financial Services Sector

6. December 9, Securityweek – (International) Hackers breached payment solutions provider CHARGE Anywhere: Undetected since 2009. Electronic payment solutions provider CHARGE Anywhere stated December 9 that attackers had gained access to its network as early as November 2009 using a previously unknown and undetected piece of malware and were able to capture payment card data from some communications that did not have encryption. The company discovered the compromise September 22 and an investigation found that network traffic capture occurred between August 17 and September 24. Source: http://www.securityweek.com/hackers-breach-payment-solutions-provider-charge-anywhere-numerous-merchants-affected

For another story, see item 22 below in the Information Technology Sector

Information Technology Sector

22. December 10, Softpedia – (International) Red October cyber spy op goes mobile via spear-phishing. Researchers with Blue Coat and Kaspersky Lab identified and analyzed a cyber-espionage campaign that appears similar to the RedOctober campaign dubbed Cloud Atlas or Inception Framework that has been targeting the Android, iOS, and BlackBerry devices of specific users in the government, finance, energy, military, and engineering sectors in several countries via spearphishing. The malware appears to primarily be designed to record phone conversations and can also track locations, monitor text messages, and read contact lists. Source: http://news.softpedia.com/news/Red-October-Cyber-Spy-Op-Goes-Mobile-Via-Spear-Phishing-467099.shtml

23. December 10, Securityweek – (International) Trihedral fixes vulnerability in SCADA monitoring and control software. Trihedral Engineering Ltd., released software updates for its VTScada (VTS) supervisory control and data acquisition (SCADA) software to close a vulnerability that could be used by an unauthenticated attacker to crash VTS servers. The software is used in industries including the energy, chemical, manufacturing, agriculture, transportation, and communications sectors. Source: http://www.securityweek.com/trihedral-fixes-vulnerability-scada-monitoring-and-control-software

24. December 10, Softpedia – (International) Flash Player 16.0.0.235 fixes remote code execution bug exploited in the wild. Adobe released patches for six vulnerabilities in its Flash Player software, including a vulnerability reported by a researcher that could allow arbitrary code to be executed on affected systems. The arbitrary code execution vulnerability has been observed being exploited in the wild and all users were advised to update their versions of Flash Player as soon as possible. Source: http://news.softpedia.com/news/Flash-Player-16-0-0-235-Fixes-Remote-Code-Execution-Bug-Exploited-in-the-Wild-467030.shtml

25. December 10, Securityweek – (International) SQL injection, other vulnerabilities found in InfiniteWP admin panel. A researcher with Slik identified and reported several vulnerabilities in the InfiniteWP administration application for WordPress Web sites, including SQL injection vulnerabilities that could be used by an unauthenticated attacker to gain control of WordPress sites. Source: http://www.securityweek.com/sql-injection-other-vulnerabilities-found-infinitewp-admin-panel

26. December 10, Securityweek – (International) Flaw in AirWatch by VMware leaks info in multi-tenant environments. VMware released an update for its AirWatch enterprise mobile management and security platform December 10 that closes vulnerabilities that could allow a user that manages a deployment in a multi-tenant environment to view the statistics and organizational information of another tenant. Source: http://www.securityweek.com/flaw-airwatch-vmware-leaks-info-multi-tenant-environments

27. December 10, Securityweek – (International) Recursive DNS resolvers affected by serious vulnerability. The Computer Emergency Response Team Coordination Center (CERT/CC) reported December 9 that recursive Domain Name System (DNS) resolvers are vulnerable to an issue where a malicious authoritative server can cause them to follow an infinite chain of referrals, leading to a denial of service (DoS) state. Source: http://www.securityweek.com/recursive-dns-resolvers-affected-serious-vulnerability

28. December 10, Securityweek – (International) Third-party bundling made IBM products most vulnerable: Study. Secunia released a report on security vulnerabilities disclosed between August and October and found that vulnerabilities increased by 40 percent compared to the previous year to a total of 1,841 vulnerabilities in the 20 most vulnerable products, among other findings. The report also found that Google Chrome had the largest number of disclosed security issues, and that IBM was the most vulnerable vendor due to products being bundled with third-party software. Source: http://www.securityweek.com/third-party-bundling-made-ibm-products-most-vulnerable-study

29. December 9, Securityweek – (International) Microsoft releases critical IE security update on Patch Tuesday. Microsoft released its monthly Patch Tuesday round of updates for its products December 9, which included 7 security bulletins addressing 24 vulnerabilities. Three vulnerabilities were considered critical and affected Internet Explorer, Microsoft Word and Office Web Apps, and the VBScript scripting engine. Source: http://www.securityweek.com/microsoft-releases-critical-ie-security-update-patch-tuesday

30. December 9, Threatpost – (International) New version of Destover malware signed by stolen Sony certificate. Researchers at Kaspersky Lab identified a new variant of the Destover malware used in an attack on Sony Pictures Entertainment that uses a stolen, legitimate certificate from Sony. The malware is basically identical to previous versions except for the use of a certificate. Source: http://threatpost.com/new-version-of-destover-malware-signed-by-stolen-sony-certificate/109777

31. December 9, SC Magazine – (International) SEO poisoning campaign ensnares several thousand websites, security expert finds. A webmaster identified and researchers from Websense and High-Tech Bridge confirmed that several thousand legitimate Web sites hosted on GoDaddy and other services had been compromised to improve the search engine optimization (SEO) ranking of other sites by inserting links into the legitimate sites. GoDaddy stated that the company was investigating the issue. Source: http://www.scmagazine.com/thousands-of-websites-compromised-by-seo-poisoning/article/387453/

For another story, see item 5 below from the Critical Manufacturing Sector

5. December 9, U.S. Consumer Product Safety Commission – (International) Lenovo recalls computer power cords due to fire and burn hazards. Lenovo announced a recall for around 544,000 Lenovo LS-15 AC power cords in the U.S. and Canada due to the potential for the power cords to overheat, posing fire and burn hazards. Source: http://www.cpsc.gov/en/Recalls/2015/Lenovo-Recalls-Computer-Power-Cords/

Communications Sector

See item 23 above in the Information Technology Sector