Monday, June 15, 2015




Complete DHS Report for June 15, 2015

Daily Report

Top Stories

 · An audit of 12 Massachusetts State agencies released June 11 uncovered a failure to comply with State requirements regarding the removal of sensitive information from electronic equipment. – Boston State House News Service

18. June 11, Boston State House News Service – (Massachusetts) Auditor: 12 agencies failed to properly handle sensitive computer records. An audit of 12 Massachusetts State agencies released June 11 uncovered a failure to comply with State requirements regarding the removal of sensitive information from electronic equipment. State agencies faulted included the Office of the Chief Medical Examiner, The Massachusetts State Police, the State Lottery Commission, the Department of Public Health, and 8 others. Source: http://www.masslive.com/news/index.ssf/2015/06/auditor_12_agencies_failed_to.html

 · New York officials reported June 12 that an employee at the New York Clinton Correctional Facility allegedly provided equipment used in the escape of two convicted murderers June 6. – CNN

19. June 12, CNN – (New York) New York prison employee gave blades, drill bits to escapees, sources say. The Clinton County District Attorney reported June 12 that an employee at the New York Clinton Correctional Facility allegedly provided equipment including hacksaw blades, drill bits, and eyeglasses with light fixtures, used in the escape of two convicted murderers June 6. An investigation is ongoing to find the escaped prisoners. Source: http://www.cnn.com/2015/06/12/us/new-york-prison-break/index.html

 · Researchers discovered that Apple Watch users running watchOS 1.0 are vulnerable to attacks in which threat actors can leverage Internet Control Message Protocol to potentially steal credentials and deliver malicious payloads. – Softpedia See item 22 below in the Information Technology Sector

 · Researchers reported an unpatched vulnerability in the firmware code of N-Tron 702W industrial-level wireless access point systems in which an attacker could use secure shell to remotely intercept encryption keys and communication from the device.– Softpedia See item 23 below in the Information Technology Sector

Financial Services Sector

See item 18 above in Top Stories

Information Technology Sector

21. June 12, Softpedia – (International) 44.5 million new malware variants recorded in 1month. Symantec released findings from a report revealing that new malware variants increased by over 50 percent in May to 44.5 million, that the most commonly seen threat on the Apple OS X operating system (OS) was a trojan virus that changes the domain name system settings of affected computers, and that medium-sized companies were the most frequently targeted by spear-phishing attacks. Source: http://news.softpedia.com/news/44-5-Million-New-Malware-Variants-Recorded-in-1-Month-484138.shtml

22. June 12, Softpedia – (International) Apple fixed a nasty MitM vulnerability in the latest watchOS. Security researchers from Zimperium Mobile Security discovered that Apple Watch users running watchOS 1.0 are vulnerable to man-in-the-middle attacks dubbed “DoubleDirect” in which threat actors can leverage Internet Control Message Protocol (ICMP) redirects from the device and gateway to potentially steal credentials and deliver malicious payloads that could spread to devices on an entire corporate network. Source: http://news.softpedia.com/news/Apple-Fixed-a-Nasty-MitM-Vulnerability-in-the-Latest-watchOS-484117.shtml

23. June 11, Softpedia – (International) Encryption keys hard-coded in industrial access point. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported an unpatched vulnerability in the firmware code of N-Tron 702W industrial-level wireless access point systems in which an attacker could use secure shell (SSH) toremotely intercept encryption keys and communication from the device. Source: http://news.softpedia.com/news/Encryption-Keys-Hard-Coded-in-Industrial-Access-Point-484073.shtml

24. June 11, Softpedia – (International) Fileless malware makes almost 200,000 victims mostly in the U.S. Security researchers at Symantec discovered that cybercriminals used a Microsoft Windows zero-day vulnerability permitting arbitrary remote file execution to spread Poweliks malware to 198,500 computers, almost all of which were in the U.S. Poweliks resides in system memory and is primarily used for ad-fraud purposes. Source: http://news.softpedia.com/news/Fileless-Malware-Makes-Almost-200-000-Victims-Mostly-In-the-US-484030.shtml

25. June 11, Softpedia – (International) CryptoWall 3.0 delivered in campaign started more than a week ago. Security researchers from Cisco’s TALOS discovered an active malicious email campaign purporting to be regarding possible employment including hypertext markup language (HTML) attachments that redirect users to Google Drive accounts hosting the CryptoWall ransomware. Source: http://news.softpedia.com/news/CryptoWall-3-0-Delivered-In-Campaign-Started-More-Than-A-Week-Ago-484046.shtml

26. June 11, Securityweek – (International) Only few organizations patched recent Honeywell SCADA flaw: researchers. Security researchers from Outpost24 reported that 90 Honeywell Falcon XLWeb supervisory control and data acquisition (SCADA) control systems, most located in Europe and the Middle East, remain unpatched and are vulnerable to directory traversal flaws in which an attacker could execute operating system (OS) commands. The experts believe that four of the systems analyzed could have been exploited. Source: http://www.securityweek.com/only-few-organizations-patched-recent-honeywell-scada-flaw-researchers

27. June 11, Securityweek – (International) OpenSSL patches Logjam bug, DoS vulnerabilities. OpenSSL released patches for its open-source toolkit addressing the “Logjam” vulnerability in which an attacker could use a man-in-the-middle (MitM) attack to force transport layer security (TLS) connections to downgrade to weaker cryptography, as well as a denial-of-service (DoS) vulnerability caused by the way ECParameters structures are handled. Source: http://www.securityweek.com/openssl-patches-logjam-bug-dos-vulnerabilities

For additional stories, see items 15 and 17 below from the Healthcare and Public Health Sector and 18 above in Top Stories

15. June 11, Associated Press – (Texas) Texas Medicaid patients have private data exposed online. The Texas Department of Aging and Disability Services reported June 11 that approximately 6,600 Medicaid recipients’ records containing personal identifiable information (PII) and treatment information were compromised in a data breach discovered in April 2015 after an internal Web application was made public. The Web site was taken down, and none of the information has been misused. Source: http://newsok.com/texas-medicaid-patients-have-private-data-exposed-online/article/feed/850949

17. June 10, Business Wire – (Indiana) Medical Informatics Engineering notifies patients of a data security compromise. Medical Informatics Engineering announced June 10 it had been targeted by a sophisticated cyber-attack which compromised the sensitive health information of patients affiliated with several of its clients, including Concentra, Fort Warne Neurological Center, Franciscan St. Francis Health Indianapolis, Gynecology Center, Inc. Fort Wayne, and Rochester Medical Group, as well as clients associated with the company’s subsidiary NoMoreClipboard. The incident is currently under investigation. Source: http://www.businesswire.com/news/home/20150610005961/en/Medical-Informatics-Engineering-notifies-Patients-Data-Security#.VXrkLkbaljU

Communications Sector

See item 22 above in the Information Technology Sector