Thursday, December 31, 2015



Complete DHS Report for December 31, 2015

Daily Report                                            

Top Stories

• Southern California Gas Co., located a breached underground in Los Angeles well December 27 that has been releasing noxious odors since October 2, prompting the evacuation of more than 5,000 residents. – Associated Press

1. December 29, Associated Press – (California) PG&E discovers source of Southern California breach. Southern California Gas Co., announced December 27 that it located the breached underground well that has been releasing noxious odors in a Los Angeles neighborhood since October 23, and prompted the evacuation of more than 5,000 residents. The utility stated that it will drill and connect a relief well which will allow crews to plug the breached pipe with cement. Source: http://www.mercurynews.com/bay-area-news/ci_29319882/pg-e-discovers-source-southern-california-breach

• Federal authorities monitored 19 vulnerable levees in Illinois and Missouri December 30 following a winter storm that caused river overflows and several road closures, among other disasters. – Associated Press

6. December 30, Associated Press – (Illinois; Missouri) 19 levees in Illinois, Missouri monitored for flooding. Federal authorities worked to monitor 19 vulnerable levees in Illinois and Missouri December 30 due to rising water levels in the Mississippi River following a winter storm that caused river overflows, evacuations, interstate and highway closures, and water treatment plant failures in both states due to severe flooding. Source: http://onlineathens.com/breaking-news/2015-12-30/19-levees-illinois-missouri-monitored-flooding

• California State officials are investigating media reports December 29 to verify whether the personal information of 191 million U.S. voters were compromised via an online database. – Los Angeles Times See item 12 below in the Information Technology Sector

• Severe rain storms in Missouri caused the Bourbeuse River to overflow, prompting the evacuation of 520 people and several commercial businesses December 29. – ABC News

15. December 29, ABC News – (Missouri) Historic flooding kills 13, sparks evacuation and road closures. Severe rain storms traveling across Missouri prompted the evacuation of 520 people and several commercial businesses including a McDonald’s and a Dollar General store December 29 due to the overflowing of the Bourbeuse River. Source: http://abcnews.go.com/US/historic-flooding-kills-13-sparks-evacuation-road-closures/story?id=35996045

Financial Services Sector

3. December 29, New York City International Business Times – (National) Ex-JPMorgan Chase bankers charged with forging ATM cards to steal from accounts. Two former JPMorgan Chase & Company bankers were indicted December 28 in Brooklyn, New York for stealing nearly $400,000 from about 15 client accounts, including those belonging to deceased clients, by issuing ATM cards without the account holders’ consent. All 15 accounts routinely received cash infusions via direct deposits from the U.S. Social Security Administration. Source: http://www.ibtimes.com/ex-jpmorgan-chase-bankers-charged-forging-atm-cards-steal-accounts-2242193

Information Technology Sector

10. December 30, SecurityWeek – (International) Linode hit by DDoS attacks. The Cloud hosting company, Linode reported that its Web site, Manager mobile application, Doman Name System (DNS) infrastructure, and data centers in Atlanta, Newark, and London were compromised after the company discovered hackers had conducted distributed denial-of-service (DDoS) attacks for several hours. Security researchers from the company were able to patch the vulnerabilities. Source: http://www.securityweek.com/linode-hit-ddos-attacks

11. December 29, SecurityWeek – (International) Verizon’s Hum website found leaking credentials. Verizon Communications reported that it patched an information disclosure vulnerability in its Hum Web site after an independent researcher discovered the source code of the shopping page included a username and password “Weblogic12” and several domains listed. Source: http://www.securityweek.com/verizons-hum-website-found-leaking-credentials

12. December 29, Los Angeles Times – (National) State officials investigating potential data leak on millions of California voters. California State officials are conducting an investigation December 29 to verify media reports that the information of 191 million U.S. voters were compromised after a security researcher discovered an online database exposed voters’ names, addresses, and dates of birth, among other information. Source: http://www.latimes.com/politics/la-pol-sac-california-voter-records-leaked-online-20151229-story.html

Communications Sector

See item 11 above in the Information Technology Sector

Wednesday, December 30, 2015



Complete DHS Report for December 30, 2015

Daily Report                                            

Top Stories

• Fiat Chrysler Automobiles issued 2 recalls December 27 for more than 412,938 of its Jeep Grand Cherokee, Dodge Durangos, Compass, and Patriot vehicles distributed in the U.S. due to a vanity mirror wiring and clamp issue that can cause a fire. – Autoblog

3. December 27, Autoblog – (International) FCA recalls 570,000 SUVs from Jeep and Dodge over fire woes. Fiat Chrysler Automobiles (FCA) issued two recalls December 27 for 352,831 of its model year 2011 – 2012 Jeep Grand Cherokee vehicles and models built before 2012 Dodge Durango vehicles due to a vanity mirror wiring issue, as well as 60,107 of its model year 2015 Jeep Compass and Patriot vehicles distributed in the U.S. due to an out-of-position clamp that could lead to a leak in the power steering fluid line and pose a fire hazard or loss of power-steering.

• Two former employees of Jaycal Tax Service in Phenix City, Alabama, pleaded guilty December 28 for their roles in an identity theft scheme that stole over 1,000 identities between 2007 and 2012. – Montgomery Advertiser See item 5 below in the Financial Services Sector

• Adobe released out-of-band security updates that addressed several vulnerabilities in its Flash Player products which affects all platforms and can allow an attacker to take control of an infected system through a spear phishing campaign. – SecurityWeek See item 20 below in the Information Technology Sector

• Researchers from Palo Alto Networks discovered that a total of 11,149 computers were infected by new malware dubbed ProxyBack, which targets personal computers and educational institutes in Europe. – Softpedia See item 21 below in the Information Technology Sector

Financial Services Sector

4. December 29, Quincy Patriot Ledger – (Massachusetts) Quincy Credit Union works to replace debit cards, stolen money. Quincy Credit Union reported that at least 675 of its customers’ accounts were compromised the weekend of December 26 after officials found hackers had installed an ATM skimming device to the company’s machines. Officials believe hackers installed the malicious devices early December and later created duplicate cards, which were used to withdraw cash at ATMs throughout New York City. Source: http://www.patriotledger.com/news/20151228/quincy-credit-union-works-to-replace-debit-cards-stolen-money

5. December 28, Montgomery Advertiser – (Alabama) 2 plead guilty to ID theft, $4 million in tax fraud. Two former employees of Jaycal Tax Service in Phenix City pleaded guilty December 28 to aggravated identity theft and conspiring to defraud the government after the two obtained more than 1,000 stolen identities, filed over 1,200 false Federal tax returns, and claimed more than $4 million in fraudulent returns between 2007 and 2012. Source: http://www.montgomeryadvertiser.com/story/news/crime/2015/12/28/2-plead-guilty-id-theft-claiming-4-million-false-returns/77970688/

Information Technology Sector

18. December 29, Softpedia – (International) AVG forcibly installs vulnerable Chrome extension that exposes users’ browsing history. A researcher from Google Project Zero discovered a serious vulnerability in the AVG Web TuneUp Chrome extension, which was forcibly installed when users downloaded the AVG Antivirus that allowed attackers to access users’ cookies, browsing history, and other details by executing cross-site scripting (XSS) attacks and cross-domain requests. AVG Web TuneUp Version 4.2.5.169 patched the flaw and Google blocked AVG’s inline installation of the extension. Source: http://news.softpedia.com/news/avg-forcibly-installs-vulnerable-chrome-extension-that-exposes-user-s-browsing-history-498187.shtml

19. December 28, SecurityWeek – (International) Android malware uses firewall rules to block security apps. Researchers from Symantec discovered a new Microsoft Android malware, dubbed Android.Spywaller, that allows attackers to block mobile security applications, exfiltrate sensitive data from compromised mobile devices including personally identifying information (PII), and collect data belonging to specific third-party communication applications including BlackBerry Messenger, Oovoo, and Skype, among others, through a reverse payload attack that drops and runs the DroidWall firewall binary to create firewall rules and block the application’s security using its own unique identifier (UID). The malware was seen targeting users in China via the Qihoo 360 application and researchers advised users to install security solutions to block mobile threats, update software regularly, and install applications from trusted sources. Source: http://www.securityweek.com/android-malware-uses-firewall-rules-block-security-apps

20. December 28, SecurityWeek – (International) Adobe issues emergency patch for flash zero-day under attack. Adobe released out-of-band security updates that addressed several vulnerabilities in its Flash Player products including a type confusion vulnerability, an integer overflow vulnerability, a use-after-free vulnerability, and a memory corruption vulnerability that affects all platforms and can allow an attacker to take control of an affected system through a spear phishing campaign.Source: http://www.securityweek.com/adobe-issues-emergency-patch-flash-zero-day-under-attack

21. December 28, Softpedia – (International) ProxyBack malware turns infected computers into internet proxies. Researchers from Palo Alto Networks discovered that a total of 11,149 computers were infected by the new malware, ProxyBack, which targets personal computers (PC) and educational institutes in Europe by altering infected devices into Internet proxies while illegally using them to transfer Internet traffic via an established connection with a malicious proxy server, where it receives instructions to route traffic to attackers’ Web servers. Each affected device works as a bot inside a larger network to send commands and updated instructions via simple Hypertext Transfer Protocol (HTTP). Source: http://news.softpedia.com/news/proxyback-malware-turns-infected-computers-into-internet-proxies-498167.shtml

Communications Sector

Nothing to report