Monday, August 10, 2015

Complete DHS Report for August 10, 2015

Daily Report                                            

Top Stories

 · American Airlines Group Inc., is investigating a suspected hack into its system after Sabre Corp. confirmed a recent breach possibly tied to hackers who targeted United Airlines, American health insurers, and U.S. Government agencies. – Bloomberg

10. August 7, Bloomberg – (International) American Airlines, Sabre said to be hit in hacks backed by China. American Airlines Group Inc., is investigating a suspected hack into its system after Sabre Corp., a clearinghouse for travel reservations which shares some network infrastructure with the airline, confirmed a recent breach possibly tied to the same China-linked hackers who targeted United Airlines, major American health insurers, and U.S. Government agencies. Sabre is unsure of the extent of the breach, but warns it may expose millions of flight records, hotel bookings, and car rentals. Source:

 · One million gallons of wastewater containing heavy metals from the Gold King Mine near Silverton, Colorado spilled into the Animas River after machinery damaged a plug August 5. – Denver Post

16. August 6, Denver Post – (Colorado) Animas River fouled by 1 million gallons of contaminated mine water. One million gallons of wastewater containing zinc, copper, iron and other heavy metals from the abandoned Gold King Mine near Silverton, Colorado entered the Animas River after heavy machinery from the U.S. Environmental Protection Agency damaged a plug August 5. The river was closed to recreational use while health and environmental officials evaluate the damage, and agricultural users were advised to shut off water intakes along the river.

 · New York health officials issued an order August 6 for thousands of city buildings with water-cooling towers to assess and disinfect in response to a Legionnaire’s outbreak that has killed 10 people and sickened at least 100 others. – New York Times

18. August 6, New York Times – (New York) New York ordering tests of water-cooling towers amid Legionnaires’ outbreak. New York health officials issued an order August 6 for thousands of buildings in the city with water-cooling towers to assess and disinfect units within the next 2 weeks in response to a Legionnaires’ outbreak in the South Bronx that has killed 10 people and sickened at least 100 others. The mayor stated that building owners who did not comply with the order could face legal sanctions. Source:

 · Check Point security researchers discovered Android vulnerabilities dubbed “Certifi-gate” affecting nearly all devices in which an attacker can gain unrestricted access, steal personal data, and track locations, among other actions. – Help Net Security See item 29 below in the Information Technology Sector

Financial Services Sector

8. August 5, Delaware County Daily Times – (Pennsylvania) Glen Mills man pleads guilty to fraud, tax evasion. The previous owner of the former Arcadia Capital Group, Inc., pleaded guilty August 5 to a scheme in which he and others allegedly solicited almost $10 million in real estate investments, the majority of which were diverted for personal use or payments to prior investors.

9. August 6, South Florida Sun-Sentinel – (Florida) Man accused of installing credit-card skimmers in Boca Raton, Delray Beach. Authorities reported August 4 that a Delray Beach man was arrested for allegedly working with a partner to plant ATM skimming devices in at least 6 Publix store locations, stealing a total of $27,774 from over 25 people. Source:

For another story, see item 2 below from the Energy Sector

2. August 6, Alaska Dispatch News – (Alaska) Alaska oil and gas producer that took State tax credits faces fraud charges. The U.S. Securities and Exchange Commission announced August 6 charges against Knoxville-based Miller Energy Resources that the company allegedly inflated values of oil and gas properties acquired in Cook Inlet in 2009 by over $400 million, leading to fraudulent financial reports regarding the company’s net income and total assets. A former and current executive were also implicated in the civil claims filed August 6. Source:

Information Technology Sector

25. August 7, Securityweek – (International) Mozilla patches Firefox zero-day exploited in the wild. Mozilla released Firefox version 39.0.3 to address a zero-day vulnerability in the browser’s mechanism that enforces JavaScript’s same origin policy and Firefox’s PDF Viewer, in which an attacker can inject a JavaScript payload to steal local files containing sensitive information. The attack was observed being exploited in the wild, targeting certain types of files hosted on Windows and Linux systems. Source:

26. August 6, Help Net Security – (International) Zero-day disclosure-to-weaponization period cut in half. Security researchers from Malwarebytes reported a trending decrease in time between the disclosure and weaponization of zero-day vulnerabilities, evident in a 50 percent drop in average weaponization times in the last 10 months, citing the fallout from the Hacking Team breach as a contributing factor. Source:

27. August 6, IDG News Service – (International) Attackers could use Internet route hijacking to get fraudulent HTTPS certificates. Security researchers at Black Hat 2015 highlighted the threats posed by Border Gateway Protocol (BGP) hijacking attacks, also known as route leaking, in which an attacker could tailor attacks to specific geographic regions by tricking a certificate authority (CA) into issuing a valid certificate for a domain name that they do not own. Source:

28. August 6, Softpedia – (International) 80 vulnerabilities found in iOS in 2015, 10 in Android. Secunia released findings from a report on security vulnerability trends for the first 7 months of 2015 revealing an increase of “extremely critical” and “highly critical” threats, a trending increase in zero-day exploits, and a total of 80 reported vulnerabilities in Apple’s iOS operating system (OS) versus 10 in Android devices. Researchers cited Apple’s control of its OS and patch cycle as the cause for higher number if iOS vulnerabilities. Source:

29. August 6, Help Net Security – (International) Easily exploitable Certifi-gate bug opens Android devices to hijacking. Security researchers from Check Point’s mobile security research team discovered a set of vulnerabilities in the Android operating system (OS) dubbed “Certifi-gate” in the architecture of mobile Remote Support Tools (mRSTs) used by almost every Android device manufacturer in which an attacker can leverage hash collisions, inter-process communication (IPC) abuse, and certificate forging to gain unrestricted device access and steal personal data, track locations, and turn on microphones, among other actions. Source:

30. August 6, IDG News Service – (International) Design flaw in Intel processors opens door to rootkits, researcher says. A security researcher from the Battelle Memorial Institute disclosed a vulnerability in the x86 processor architecture in which an attacker could install a rootkit in the processor’s System Management Mode (SMM), enabling destructive actions such as wiping the Unified Extensible Firmware Interface (UEFI) or re-infecting the operating system (OS) after a fresh install. Source:

31. August 6, Threatpost – (International) Updated DGA Changer malware generates fake domain stream. Researchers from Seculert published findings from a report revealing that the DGA Changer downloader malware now has the capability to generate a stream of fake domains once it determines that it is being run in a virtual environment, the first reported instance of malware generating fake domain generation algorithms (DGA). Source:

32. August 6, SC Magazine – (International) DDoS attacks rage on, primarily impacting U.S. and Chinese entities. Kaspersky Lab released findings from its DDoS Intelligence Report Q2 2015, revealing that 77 percent of the distributed denial-of-service (DDoS) attacks from April to June impacted 10 countries, primarily the U.S. and China. The report recorded the longest attack at 205 hours, and the peak number at 1,960 May 7, attributing their popularity to the ease in which the attacks can be arranged. Source:

33. August 6, Threatpost – (International) BLEKey device breaks RFID physical access controls. Researchers at Black Hat 2015 released details from a number of proof of concept attacks highlighting the weaknesses in the Wiegand protocol used in radio-frequency identification (RFID) readers and other proximity card devices, which they were able exploit by using a device dubbed BLEKey to read cleartext data sent from card readers to door controllers to clone cards or send data to a mobile application that can unlock doors remotely at any time. Source:

For additional stories, see item 1 below from the Energy Sector, items 4 and 5 below from the Critical Manufacturing Sector and item 10 above in Top Stories

1. August 7, Infosecurity Magazine – (International) Trend Micro uncovers attacks on Internet-connected petrol stations. Trend Micro experts investigating data attacks against automated gas tank systems using a custom international honeypot dubbed GasPot presented research at Black Hat 2015 which found 12 pump identifications, 4 pump modifications and 2 denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against the systems from February – July 2015. Researchers suspect that several hacktivist groups, including the Iranian Dark Coders Team and the Syrian Electronic Army, were behind the attacks, a majority of which targeted the U.S.

4. August 6, IDG News Service – (International) Tesla patches Model S after researchers hack car’s software. Tesla issued a security update to its Model S vehicle August 6 after security researchers from Lookout and CloudFlare were able to leverage six flaws that allowed them to turn off the engine while it was in operation, change the speed and map information displayed on the vehicle’s touch screen, open and close the trunk, and control the radio. The researchers reported that the hack required physical access to the vehicle. Source:

5. August 6, Threatpost – (International) Gone in less than a second. A security researcher unveiled a wallet-sized device, called Rolljam, that can be hidden underneath a vehicle and can intercept codes used to unlock most cars and garage doors employing rolling codes, by jamming the signal and replaying the next rolling code in the sequence. The developer previously created a device that was able to intercept communication between certain vehicles and the OnStar RemoteLink mobile application to locate, unlock, and remotely start a vehicle. Source:
Communications Sector

See items 28 and 29 above in the Information Technology Sector