Complete DHS Report for
August 10, 2015
Daily Report
Top Stories
· American Airlines Group Inc., is investigating
a suspected hack into its system after Sabre Corp. confirmed a recent breach
possibly tied to hackers who targeted United Airlines, American health
insurers, and U.S. Government agencies. – Bloomberg
10. August 7,
Bloomberg – (International) American Airlines, Sabre said to be hit in
hacks backed by China. American Airlines Group Inc., is investigating a
suspected hack into its system after Sabre Corp., a clearinghouse for travel
reservations which shares some network infrastructure with the airline,
confirmed a recent breach possibly tied to the same China-linked hackers who
targeted United Airlines, major American health insurers, and U.S. Government
agencies. Sabre is unsure of the extent of the breach, but warns it may expose
millions of flight records, hotel bookings, and car rentals. Source: http://www.bloomberg.com/news/articles/2015-08-07/american-airlines-sabre-said-to-be-hit-in-hacks-backed-by-china
· One million gallons of wastewater
containing heavy metals from the Gold King Mine near Silverton, Colorado
spilled into the Animas River after machinery damaged a plug August 5. – Denver
Post
16. August 6,
Denver Post – (Colorado) Animas River fouled by 1 million gallons of
contaminated mine water. One million gallons of wastewater containing zinc,
copper, iron and other heavy metals from the abandoned Gold King Mine near
Silverton, Colorado entered the Animas River after heavy machinery from the
U.S. Environmental Protection Agency damaged a plug August 5. The river was
closed to recreational use while health and environmental officials evaluate
the damage, and agricultural users were advised to shut off water intakes along
the river.
· New York health officials issued an
order August 6 for thousands of city buildings with water-cooling towers to
assess and disinfect in response to a Legionnaire’s outbreak that has killed 10
people and sickened at least 100 others. – New York Times
18. August 6,
New York Times – (New York) New York ordering tests of water-cooling towers
amid Legionnaires’ outbreak. New York health officials issued an order August
6 for thousands of buildings in the city with water-cooling towers to assess
and disinfect units within the next 2 weeks in response to a Legionnaires’
outbreak in the South Bronx that has killed 10 people and sickened at least 100
others. The mayor stated that building owners who did not comply with the order
could face legal sanctions. Source: http://www.nytimes.com/2015/08/07/nyregion/new-york-ordering-tests-of-water-cooling-towers-amid-legionnaires-outbreak.html
· Check Point security researchers
discovered Android vulnerabilities dubbed “Certifi-gate” affecting nearly all
devices in which an attacker can gain unrestricted access, steal personal data,
and track locations, among other actions. – Help Net Security See item 29 below in the Information Technology Sector
Financial Services Sector
8. August 5,
Delaware County Daily Times – (Pennsylvania) Glen Mills man
pleads guilty to fraud, tax evasion. The previous owner of the former
Arcadia Capital Group, Inc., pleaded guilty August 5 to a scheme in which he
and others allegedly solicited almost $10 million in real estate investments,
the majority of which were diverted for personal use or payments to prior
investors.
Source: http://www.delcotimes.com/general-news/20150805/glen-mills-man-pleads-guilty-to-fraud-tax-evasion
9. August 6,
South Florida Sun-Sentinel – (Florida) Man accused of installing
credit-card skimmers in Boca Raton, Delray Beach. Authorities reported
August 4 that a Delray Beach man was arrested for allegedly working with a
partner to plant ATM skimming devices in at least 6 Publix store locations,
stealing a total of $27,774 from over 25 people. Source: http://www.sun-sentinel.com/local/palm-beach/delray-beach/fl-delray-beach-credit-card-skimmers-20150806-story.html
For another story, see item 2 below from the Energy Sector
2. August 6,
Alaska Dispatch News – (Alaska) Alaska oil and gas producer that took State tax
credits faces fraud charges. The U.S. Securities and Exchange Commission
announced August 6 charges against Knoxville-based Miller Energy Resources that
the company allegedly inflated values of oil and gas properties acquired in
Cook Inlet in 2009 by over $400 million, leading to fraudulent financial
reports regarding the company’s net income and total assets. A former and
current executive were also implicated in the civil claims filed August 6. Source:
https://www.adn.com/article/20150806/alaska-oil-and-gas-producer-took-state-tax-credits-faces-accounting-fraud-charges
Information Technology Sector
25. August 7,
Securityweek – (International) Mozilla patches Firefox zero-day exploited in
the wild. Mozilla released Firefox version 39.0.3 to address a zero-day
vulnerability in the browser’s mechanism that enforces JavaScript’s same origin
policy and Firefox’s PDF Viewer, in which an attacker can inject a JavaScript
payload to steal local files containing sensitive information. The attack was
observed being exploited in the wild, targeting certain types of files hosted
on Windows and Linux systems. Source: http://www.securityweek.com/mozilla-patches-firefox-zero-day-exploited-wild
26. August 6,
Help Net Security – (International) Zero-day disclosure-to-weaponization period
cut in half. Security researchers from Malwarebytes reported a trending
decrease in time between the disclosure and weaponization of zero-day
vulnerabilities, evident in a 50 percent drop in average weaponization times in
the last 10 months, citing the fallout from the Hacking Team breach as a
contributing factor. Source: http://www.net-security.org/secworld.php?id=18727
27. August 6,
IDG News Service – (International) Attackers could use Internet route hijacking
to get fraudulent HTTPS certificates. Security researchers at Black Hat
2015 highlighted the threats posed by Border Gateway Protocol (BGP) hijacking
attacks, also known as route leaking, in which an attacker could tailor attacks
to specific geographic regions by tricking a certificate authority (CA) into
issuing a valid certificate for a domain name that they do not own. Source: http://www.computerworld.com/article/2959542/security/attackers-could-use-internet-route-hijacking-to-get-fraudulent-https-certificates.html#tk.rss_security
28. August 6,
Softpedia – (International) 80 vulnerabilities found in iOS in 2015, 10
in Android. Secunia released findings from a report on security
vulnerability trends for the first 7 months of 2015 revealing an increase of
“extremely critical” and “highly critical” threats, a trending increase in
zero-day exploits, and a total of 80 reported vulnerabilities in Apple’s iOS
operating system (OS) versus 10 in Android devices. Researchers cited Apple’s
control of its OS and patch cycle as the cause for higher number if iOS
vulnerabilities. Source: http://news.softpedia.com/news/80-vulnerabilities-found-in-ios-in-2015-10-in-android-488676.shtml
29. August 6,
Help Net Security – (International) Easily exploitable Certifi-gate bug opens
Android devices to hijacking. Security researchers from Check Point’s
mobile security research team discovered a set of vulnerabilities in the
Android operating system (OS) dubbed “Certifi-gate” in the architecture of
mobile Remote Support Tools (mRSTs) used by almost every Android device
manufacturer in which an attacker can leverage hash collisions, inter-process
communication (IPC) abuse, and certificate forging to gain unrestricted device
access and steal personal data, track locations, and turn on microphones, among
other actions. Source: http://www.net-security.org/secworld.php?id=18730
30. August 6,
IDG News Service – (International) Design flaw in Intel processors opens door to
rootkits, researcher says. A security researcher from the Battelle Memorial
Institute disclosed a vulnerability in the x86 processor architecture in which
an attacker could install a rootkit in the processor’s System Management Mode
(SMM), enabling destructive actions such as wiping the Unified Extensible
Firmware Interface (UEFI) or re-infecting the operating system (OS) after a
fresh install. Source: http://www.networkworld.com/article/2965873/design-flaw-in-intel-processors-opens-door-to-rootkits-researcher-says.html#tk.rss_all
31. August 6,
Threatpost – (International) Updated DGA Changer malware generates fake
domain stream. Researchers from Seculert published findings from a report
revealing that the DGA Changer downloader malware now has the capability to generate
a stream of fake domains once it determines that it is being run in a virtual
environment, the first reported instance of malware generating fake domain
generation algorithms (DGA). Source: https://threatpost.com/updated-dga-changer-malware-generates-fake-domain-stream/114159
32. August 6,
SC Magazine – (International) DDoS attacks rage on, primarily impacting
U.S. and Chinese entities. Kaspersky Lab released findings from its DDoS
Intelligence Report Q2 2015, revealing that 77 percent of the distributed
denial-of-service (DDoS) attacks from April to June impacted 10 countries,
primarily the U.S. and China. The report recorded the longest attack at 205
hours, and the peak number at 1,960 May 7, attributing their popularity to the
ease in which the attacks can be arranged. Source: http://www.scmagazine.com/kaspersky-lab-releases-q2-ddos-report/article/431034/
33. August 6,
Threatpost – (International) BLEKey device breaks RFID physical access
controls. Researchers at Black Hat 2015 released details from a number of
proof of concept attacks highlighting the weaknesses in the Wiegand protocol
used in radio-frequency identification (RFID) readers and other proximity card
devices, which they were able exploit by using a device dubbed BLEKey to read
cleartext data sent from card readers to door controllers to clone cards or
send data to a mobile application that can unlock doors remotely at any time. Source:
https://threatpost.com/blekey-device-breaks-rfid-physical-access-controls/114163
For additional stories, see
item 1 below from the Energy
Sector, items 4 and 5 below from the Critical Manufacturing Sector and item 10 above in Top Stories
1. August 7,
Infosecurity Magazine – (International) Trend Micro uncovers
attacks on Internet-connected petrol stations. Trend Micro experts
investigating data attacks against automated gas tank systems using a custom
international honeypot dubbed GasPot presented research at Black Hat 2015 which
found 12 pump identifications, 4 pump modifications and 2 denial-of-service
(DoS) and distributed denial-of-service (DDoS) attacks against the systems from
February – July 2015. Researchers suspect that several hacktivist groups,
including the Iranian Dark Coders Team and the Syrian Electronic Army, were
behind the attacks, a majority of which targeted the U.S.
4. August 6,
IDG News Service – (International) Tesla patches Model S after researchers hack
car’s software. Tesla issued a security update to its Model S vehicle
August 6 after security researchers from Lookout and CloudFlare were able to
leverage six flaws that allowed them to turn off the engine while it was in
operation, change the speed and map information displayed on the vehicle’s
touch screen, open and close the trunk, and control the radio. The researchers
reported that the hack required physical access to the vehicle. Source: http://www.computerworld.com/article/2960802/security/tesla-patches-model-s-after-researchers-hack-cars-software.html#tk.rss_security
5. August 6,
Threatpost – (International) Gone in less than a second. A security
researcher unveiled a wallet-sized device, called Rolljam, that can be hidden
underneath a vehicle and can intercept codes used to unlock most cars and
garage doors employing rolling codes, by jamming the signal and replaying the
next rolling code in the sequence. The developer previously created a device
that was able to intercept communication between certain vehicles and the
OnStar RemoteLink mobile application to locate, unlock, and remotely start a
vehicle. Source: https://threatpost.com/gone-in-less-than-a-second/114154
Communications Sector
See items 28 and 29 above
in the Information Technology Sector
No comments:
Post a Comment