Wednesday, July 22, 2015




Complete DHS Report for July 22, 2015

Daily Report                                            

Top Stories

 · Southbound lanes of Highway 48 in Montgomery County, Tennessee reopened July 20 after being closed for about 7 hours after a semi-truck hauling 26,000 pounds of cement overturned and spilled fuel onto the highway. – Newschannel5.com

9. July 20, Newschannel5.com – (Tennessee) Highway 48 reopens near Clarksville after semi-truck overturns. Southbound lanes of Highway 48 in Montgomery County reopened July 20 after being closed for approximately 7 hours after a semi-truck hauling 26,000 pounds of cement overturned and caused fuel to leak onto the highway. Crews responded to the scene and the driver was extracted from the vehicle with minor injuries. Source: http://www.scrippsmedia.com/newschannel5/news/Overturned-Semi-Truck-Blocks-Highway-149-Near-Clarksville-317518261.html

 · Microsoft released an update addressing a critical remote code execution vulnerability with the OpenType Font Driver in the Windows Adobe Type Manager Library that was being exploited in the wild. – Network World See item 22 below in the Information Technology Sector

 · Findings from a survey of over 600 critical infrastructure information technology professionals revealed that about half of all respondents believe an attack on critical infrastructure in the next 3 years will down systems. – SC Magazine See item 23 below in the Information Technology Sector

 · Thousands of BendBroadband customers were without Internet, TV, and phone services for almost 10 hours July 20 after an accident in Bend, Oregon damaged a fiber-optic data line. – KTVZ 21 Bend See item 24 below in the Communications Sector

Financial Services Sector

7. July 20, Bay News 13 Orlando – (Florida) Skimming devices found at 3 ATM machines in Seminole. Seminole County authorities reported that ATM skimming devices were installed at three locations in early July, and an investigation is ongoing to locate suspects.

Information Technology Sector

21. July 21, Securityweek – (International) Configuration issue exposes 30,000 MongoDB instances: researcher. The founder of the Shodan computer search engine reported that a default listening configuration in MongoDB exposed about 30,000 database instances containing 592.2 terabytes (TB) of data. Source: http://www.securityweek.com/configuration-issue-exposes-30000-mongodb-instances-researcher

22. July 20, Network World – (International) Microsoft issues critical out-of –band patch for flaw affecting all Windows versions. Microsoft released an update addressing a critical remote code execution vulnerability (RCE) with the OpenType Font Driver in the Windows Adobe Type Manager Library affecting all supported versions of Windows that was being exploited in the wild. Source: http://www.networkworld.com/article/2949910/microsoft-subnet/microsoft-issues-critical-out-of-band-patch-for-flaw-affecting-all-windows-versions.html#tk.rss_all

23. July 20, SC Magazine – (International) Study: half of critical infrastructure IT professionals believe major attack looming. Findings from a survey of over 600 critical infrastructure information technology (IT) professionals in Intel Security’s “Critical Infrastructure Readiness Report” revealed that about half of all respondents believe an attack on critical infrastructure in the next three years will down systems and lead to loss of life, and that 90 percent of respondents’ organizations faced an average of 20 attacks in the last year, among other statistics. Source: http://www.scmagazine.com/intel-security-conducts-cyberattack-survey/article/427429/

For additional stories, see item 4 below from the Critical Manufacturing Sector and item 20 below from the Government Facilities Sector

4. July 21, Network World – (National) Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep. Fiat Chrysler Automobiles released a manual service bulletin July 16 for various model year 2013 and 2014 Ram, Cherokee, Grand Cherokee, Durango, and Viper vehicles running Uconnect systems addressing vulnerabilities that could have allowed unauthorized and unlawful access to vehicle systems.

20. July 20, Nextgov – (National) OPM changes privacy rules to let investigators inside all databases. The U.S. Office of Personnel Management announced July 16 updated privacy regulations for routine use, granting access for investigators to all its databases in the case of suspected or confirmed security breaches. The public has until August 17 to comment on these changes in confidentiality. Source: http://www.nextgov.com/cybersecurity/2015/07/opm-changes-privacy-rules-let-investigators-inside-all-databases/118105/

Communications Sector

24. July 20, KTVZ 21 Bend – (Oregon) Monday woes: Bend crash cuts Internet, TV to thousands. Thousands of BendBroadband customers were without Internet, TV and phone services for up to 10 hours July 20 after an accident in northeast Bend damaged a fiber-optic data line. Crews worked to repair the outage but numerous businesses and government customers were affected, including the Oregon Department of Motor Vehicles, which closed 4 Central Oregon offices due to the Internet outage. Source: http://www.ktvz.com/news/bend-crash-cuts-internet-tv-to-thousands-repairs-underway/34255912