Complete DHS Report for
October 14, 2015
Daily Report
Top Stories
• Twenty-five coal units at Michigan power
plants are scheduled to be shut down by 2020 due to additional restrictive
environmental regulations and old age. – Detroit Free Press
1. October
10, Detroit Free Press – (Michigan) 25 Michigan coal plants are set
to retire by 2020. Additional restrictive environmental regulations and old
age prompted the closure of 25 coal units at Michigan power plants, which are
scheduled to be shut down by 2020. Michigan officials were ordered to submit a
detailed plan in September 2016 on how the State will come into compliance with
the Clean Power Plan. Source:
http://www.freep.com/story/money/business/michigan/2015/10/10/25-michigan-coal-plants-set-retire-2020/73335550/
• Southwest Airlines
issued a statement October 12 that technical systems were repaired after a
computer glitch caused 836 flight delays out of 3,355 flights scheduled October
11. – NBC News; Associated Press
13. October
12, NBC News; Associated Press – (National) Outdated technology
likely culprit in Southwest Airlines outage. Southwest Airlines issued a
statement October 12 that technical systems were repaired after a computer
glitch prevented passengers from checking in and caused 836 delays out of 3,355
flights scheduled October 11. The cause of the failure is believed to be from
outdated technology. Source:
http://www.nbcnews.com/business/travel/outdated-technology-likely-culprit-southwest-airlines-outage-n443176
• Officials reported
October 9 that the operators of Maryland Health Benefit Exchange’s Web site
improperly stored customer information while awarding over $100 million in
contracts without ensuring that the money would be spent properly. – Washington
Post
18. October 9,
Washington Post – (Maryland) Audit: Maryland health-insurance site failed to
protect patient information. The Maryland Office of Legislative Audits
released a report October 9 which found that the operators of Maryland Health
Benefit Exchange’s Web site improperly stored Social Security numbers and other
customer information, while awarding over $100 million in contracts without
ensuring that the money was being properly spent. The exchange stated that it
took steps to increase security measures and safeguards to help protect
consumer information. Source: https://www.washingtonpost.com/local/dc-politics/audit-maryland-health-insurance-site-failed-to-protect-patient-information/2015/10/09/68f70a14-6e9f-11e5-9bfe-e59f5e244f92_story.html
• Officials released
October 12 that 11 of the 17 dams that failed during recent heavy rains in
South Carolina had been cited repeatedly for deficiencies by the State over
several years. – Columbia State
35. October
13, Columbia State – (South Carolina) Failed Richland dams had flaws, inspection
records show. South Carolina officials released records October 12 that 11
of the 17 dams that failed in Richland County following historic rains
throughout the month of October, were cited repeatedly over several years in
State inspection reports according to South Carolina Department of Health and
Environmental Control. Officials also reported that they had no record for two
of the dams that breached and two others were not under the agency’s
jurisdiction. Source: http://www.thestate.com/news/local/article38896089.html
Financial Services Sector
6. October
12, Securityweek – (National) Dow Jones suffers data breach. Dow Jones &
Company alerted customers October 9 after discovering that hackers targeted
contact details of current and former subscribers between August 2012 – July
2015, and may have accessed financial information belonging to 3,500
individuals. There is reportedly no direct evidence that any information was
stolen or misused, and law enforcement officials believe that the attack was
linked to a broader hacking campaign. Source: http://www.securityweek.com/dow-jones-suffers-data-breach
7. October 9,
Washington Post – (National) E-Trade notifies 31,000 customers that their
contact info may have been breached in 2013 hack. E-Trade notified about
31,000 customers in the week of October 5 that their personal information
including email account names and physical names and addresses may have been
compromised in a 2013 cyberattack. The company reportedly warned customers out
of an abundance of caution and found no fraud or losses resulting from the
incident.
Information Technology Sector
23. October
13, Securityweek – (International) Cisco IOS rootkits can be created with
limited resources: Researchers. Security researchers from Grid32 released
research revealing that cybercriminals could easily create a basic Cisco IOS
rootkit within a month or less which could rival the effectiveness of the SYNful
Knock malware designed to replace router firmware. Cisco has implemented
several new security technologies in current devices to help mitigate threats. Source: http://www.securityweek.com/cisco-ios-rootkits-can-be-created-limited-resources-researchers
24. October
12, Securityweek – (International) Command injection flaw found in HP SiteScope.
Security researchers from Rapid7 and Knowledge Consulting Group discovered
a vulnerability in HP SiteScope in which an attacker with local system access
could execute arbitrary operating system (OS) commands by accessing a default
deployment of the product’s administration panel. Source: http://www.securityweek.com/command-injection-flaw-found-hp-sitescope
25. October
12, Help Net Security – (International) Thousands of Zhone SOHO
routers can easily be hijacked. A security researcher from Vantage Point
Security revealed a number of recently patched vulnerabilities, including a
remote code execution (RCE) flaw in Zhone Technologies Small Office/Home Office
(SOHO) routers, and reported that some users could not access the products’
administration panels to apply the corresponding firmware update. Source: http://www.net-security.org/secworld.php?id=18967
26. October
12, Securityweek – (International) Schneider Electric patches flaw in Motion USA
website. Schneider Electric patched a cross-site scripting (XSS)
vulnerability on its e-order.biz Web site which allowed customers to order
products from Schneider Electric Motion USA. The vulnerability could allow an
attacker to execute JavaScript code to steal cookies and session identifiers to
hijack accounts or redirect users to phishing sites due to the site’s failure
to sanitize the input passed by remote users in a hypertext transfer protocol
(HTTP) request. Source: http://www.securityweek.com/schneider-electric-patches-flaw-motion-usa-website
27. October
11, Softpedia – (International) Kaspersky Antivirus fixes bug that allowed
attackers to block Windows Update and other services. Kaspersky Antivirus
fixed a flaw in its Internet Security package’s Network Attack Blocker
component that could have allowed an attacker to spoof traffic and to use the
product to block services such as Microsoft Windows Update, Kaspersky’s update
servers, or other services that would enable a system to be compromised
further. The company reported that the flaw had never been exploited in the
wild. Source: http://news.softpedia.com/news/vulnerability-open-to-abuse-fixed-in-kaspersky-internet-security-antivirus-494280.shtml
28. October
11, Softpedia – (International) Android Adware hits to Google Play Store once
again. Google removed applications from the Google Play Store after
security researchers from ESET discovered a new Android adware in which the “Cheats
for Pou,” “Cheats for Subway,” and “Guide for SubWay,” applications were
compromised with malware that would show fullscreen ads intermittently. Source:
http://news.softpedia.com/news/android-adware-hits-to-google-play-store-once-again-494285.shtml
29. October
10, Softpedia – (International) DDoS attacks can bypass mitigation services
by taking aim at a website’s origin IP. Security researchers from the U.S.
and Belgium released research revealing that most Cloud-Based Security
Providers’ (CBSP) distributed denial-of-service (DDoS) mitigation can be
bypassed by attackers who discover targeted Web site’s origin Internet protocol
(IP) addresses either by analyzing outbound connections, Secure Sockets Layer
(SSL) certificates, via sensitive files hosted on the server, or during
migration or maintenance operations that expose the site. Researchers found
that 71.5 percent of 17,877 scanned Web sites revealed origin IP addresses.
For additional stories, see
items 6 above in the Financial
Services Sector and 32 below from the Commercial
Facilities Sector
32. October
12, AL.com – (International) America’s thrift store hit by cyber attack,
Birmingham-based company says credit card data exposed. Birmingham-based
America’s Thrift Store reported October 12 that cyber criminals from Eastern
Europe accessed its systems through a third-party provider and installed
malwares onto its system, allowing unauthorized access to customers’ payment
card numbers from September 1 – September 27. Officials reported the malware
has since been removed and the U.S. Secret Service is investigating the breach.
Source: http://www.al.com/news/index.ssf/2015/10/americas_thrift_store_hit_by_c.html
Communications Sector
Nothing to report