Thursday, July 23, 2015




Complete DHS Report for July 23, 2015

Daily Report                                            

Top Stories

 · U.S. and Israeli authorities arrested 4 suspects in Florida and Israel July 21 in connection to an illegal Bitcoin money laundering operation, a pump-and-dump securities manipulation scheme, and a 2014 cyberattack on JPMorgan Chase that compromised the information of 83 million customers. – New York Times See item 2 below in the Financial Services Sector

 · The Institute for Critical Infrastructure Technology released a report citing the lack of a comprehensive governing policy as the greatest failure leading to the June U.S. Office of Personnel Management systems breach, among other findings. – Nextgov

13. July 21, Nextgov – (National) Security experts point to OPM’s biggest cybersecurity failure. The Institute for Critical Infrastructure Technology released a report citing the lack of a comprehensive governing policy for cybersecurity as the greatest failure leading to the June breach of its systems, and recommended that the agency address security gaps identified by auditors and implement a behavioral analytics system to compensate for rapidly advancing advanced persistent, sophisticated threats. Source: http://www.nextgov.com/cybersecurity/2015/07/security-experts-point-opms-biggest-cybersecurity-failure/118274/

 · Google released an update for Chrome addressing 43 security vulnerabilities that could be leveraged to take control of an affected system. – Help Net Security See item 18 below in the Information Technology Sector

 · A 5-alarm fire shut down nearby roadways July 22 and severely damaged a North Brunswick, New Jersey warehouse holding 8 businesses, and displaced residents from 6 nearby apartment buildings. – WNBC 4 New York City

20. June 22, WNBC 4 New York City – (New Jersey) 6 apartment buildings evacuated as warehouse inferno rages in New Jersey: officials. A 5-alarm fire severely damaged a North Brunswick, New Jersey warehouse holding 8 businesses and displaced residents from 6 nearby apartment buildings, as well as shut down nearby roadways July 22. No injuries were reported.

Financial Services Sector

2. July 22, New York Times – (International) 4 arrested in schemes said to be tied to JPMorgan Chase breach. U.S. and Israeli law enforcement officials arrested 4 suspects in Florida and Israel July 21 and are searching for another in connection to an illegal Bitcoin money laundering operation and a separate pump-and-dump securities manipulation scheme that allegedly netted millions of dollars, which the suspects allegedly funneled through international shell companies. Authorities are investigating the suspects’ potential roles in a 2014 cyber-attack on JPMorgan Chase that compromised the contact information of 83 million customers. Source: http://www.nytimes.com/2015/07/22/business/dealbook/4-arrested-in-schemes-said-to-be-tied-to-jpmorgan-chase-breach.html?ref=dealbook

3. July 21, Orange County Register – (California) ‘Snowbird Bandit’ strikes again at Rancho Santa Margarita bank. FBI officials reported that the suspect dubbed the “Snowbird Bandit,” tied to at least 3 other area robberies since June, struck a First Citizens Bank in Santa Margarita July 21.Source: http://www.ocregister.com/articles/snowbird-673132-bandit-bank.html

Information Technology Sector

15. July 22, Securityweek – (International) Siemens patches vulnerabilities in SIPROTEC, SIMATIC, RuggedCom products. Siemens released updates for its SIPROTEC 4 and SIPROTEC Compact devices addressing a vulnerability in which an attacker could cause a denial-of-service (DoS) condition, a locally exploitable flaw in its SIMATIC WinCC Sm@rtClient application for Android in which an attacker could extract credentials for the Sm@rtServer, and a flaw in RuggedCom devices leaving them vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attacks in which a man-in-the-middle (MitM) attacker could extract sensitive information from encrypted communications. Source: http://www.securityweek.com/siemens-patches-vulnerabilities-siprotec-simatic-ruggedcom-products

16. July 22, Help Net Security – (International) It’s official: the average DDoS attack size is increasing. Arbor Networks reported analysis from Quarter 2, 2015 global distributed denial-of-service (DDoS) attack data revealing that the average size of attacks increased, and that the majority of large volumetric attacks leveraged Network Time Protocol (NDP), Simple Service Discovery Protocol (SSDP), and Domain Name System (DNS) servers for reflecting amplification, among other findings. Source: http://www.net-security.org/secworld.php?id=18651

17. July 22, Securityweek – (International) Researcher discloses local privilege escalation vulnerability in OS X. Security researchers from SektionEins released details on a vulnerability in Mac Operating System (OS) X in which an attacker could open or create arbitrary files owned by the root user anywhere in the file system by leveraging an environmental variable that enables error logging to arbitrary files. Source: http://www.securityweek.com/researcher-discloses-local-privilege-escalation-vulnerability-os-x

18. July 22, Help Net Security – (International) Google Chrome update includes 43 security fixes. Google released an update for Chrome addressing 43 heap-buffer-overflow, use-after-free, and memory corruption vulnerabilities, among others, that could allow an attacker to take control of an affected system. Source:



19. July 22, IDG News Service – (International) Bug exposes OpenSSH servers to brute-force password guessing attacks. Security researchers reported that OpenSSH servers with keyboard-interactive authentication enabled by default are vulnerable to unlimited authentication retries over a single connection, exposing users to brute-force password guessing attacks. Source: http://www.networkworld.com/article/2951493/bug-exposes-openssh-servers-to-bruteforce-password-guessing-attacks.html#tk.rss_all

For another story, see item 13 above in Top Stories

Communications Sector 

See item 14 below from the Emergency Services Sector

14. July 21, Associated Press – (Arizona) Ruptured cable cripples internet, 9-1-1 calls in Navajo County. The Navajo County Sheriff reported July 21 that a Frontier Communication fiber-optic cable was cut and caused 9-1-1 call centers and emergency dispatch services to go offline from July 19 – 20. An investigation is ongoing to determine if the cable was intentionally severed. Source: http://www.miamiherald.com/news/business/technology/article28068859.html