Tuesday, November 17, 2015



Complete DHS Report for November 17, 2015

Daily Report                                            

Top Stories

• A Pacific Gas and Electric Co. pipeline was shut down after it ruptured and exploded November 13 in Kerns County, California, killing 1 person and injuring 2 others. – Associated Press

2. November 14, Associated Press – (California) 1 killed, 2 injured after gas line explodes in California. A Pacific Gas and Electric Co. pipeline was shut down after it ruptured and exploded November 13 in Kerns County, California, killing 1 person and injuring 2 others. The line was cut by someone using heavy equipment and fire crews were able to put out the fire that also destroyed a nearby home. Source: http://www.foxnews.com/us/2015/11/14/1-killed-2-injured-after-gas-line-explodes-in-california/

• Kia Motors issued a recall November 6 for 256,000 of its Soul vehicles model year 2014 – 2016 due to a manufacturing error in the pinion plug that could loosen and fall out, causing a dangerous inability to control the vehicle. – New York Times

3. November 13, New York Times – (National) Kia issues a second recall of Soul models in 2 years. Kia Motors issued a recall November 6 for 256,000 of its Soul vehicles model year 2014 – 2016 due to a manufacturing error in the pinion plug, a part of the steering assembly that could loosen and fall out, causing a dangerous inability to control the vehicle. The recall follows an earlier recall of 52,000 Kia Soul vehicles for the same issue. Source: http://www.nytimes.com/2015/11/14/business/kia-issues-a-second-recall-of-soul-models-in-2-years.html

• A City Sightseeing tour bus veered out of control and ran down several people before crashing into a construction site in San Francisco’s Union Square November 13, leaving at least 20 people injured. – Fox News; Associated Press

10. November 14, Fox News; Associated Press – (California) At least 20 injured, 6 critically when out-of-control tour bus crashes in San Francisco. A City Sightseeing tour bus veered out of control and ran down several people before crashing into scaffolding lining a construction site in San Francisco’s Union Square November 13, leaving at least 20 people injured. Authorities are investigating the cause of the accident. Source: http://www.foxnews.com/us/2015/11/14/several-hurt-as-careening-tour-bus-crashes-in-san-francisco/

• A Maryland couple was convicted November 12 in connection to orchestrating a scheme to defraud Washington, D.C. Medicaid out of more than $80 million through one of the defendant’s company, Global Health Care Services of the District. – Washington Post

19. November 12, Washington Post – (Washington, D.C.) Federal jury convicts Md. couple in $80 million D.C. Medicaid fraud case. A Maryland couple was convicted November 12 in connection to orchestrating a scheme to defraud Washington, D.C. Medicaid out of more than $80 million between 2009 and 2014 through one of the defendant’s company, Global Health Care Services of the District. The pair enlisted relatives and others to sign up and coach Medicaid recipients who received kickbacks for submitting false claims for health care that was never provided.

Financial Services Sector

5. November 15, Chicago Sun-Times – (Illinois) Wheaton financial firm owner charged with wire fraud. The owner of Illinois Stock Transfer Company in Wheaton was charged November 12 for 10 counts of wire fraud after stealing more than $1.2 million from a client’s fund account and using the funds for his company’s corporate taxes, payroll, and business expenses from 2012 to 2014. Source: http://chicago.suntimes.com/news/7/71/1103407/wheaton-financial-firm-owner-charged-wire-fraud

6. November 14, Softpedia – (National) PoS malware spread via weaponized Microsoft Word documents. Researchers from Proofpoint discovered the point-of-sale (PoS) malware dubbed AbaddonPOS was a part of a malware-delivery campaign allowing attackers to download other malware from Command and Control servers (C&C) using its own custom protocol via Microsoft Word documents and malicious Web sites, in an attempt to steal credit and debit card transaction data. Source: http://news.softpedia.com/news/pos-malware-spread-via-weaponized-microsoft-word-documents-496155.shtml

Information Technology Sector

28. November 16, Securityweek – (International) Thousands of sites infected with Linux encryption ransomware. Researchers from Dr. Web reported that approximately 2,000 Web sites were compromised by the Linux file-encrypting ransomware dubbed Linux.Encoder1, that targets the root and home files, web servers, backups, and source code via a downloaded file containing the public RSA key used to store AES keys that adds .encrypt extension to each file, allowing files to be nearly impossible to recover without paying a ransom to the attackers. A patch was released, but experts warned that attackers may update the malware to make file decryption more difficult. Source: http://www.securityweek.com/thousands-sites-infected-linux-encryption-ransomware

29. November 16, IDG News Service – (International) State-sponsored cyberspies inject victim profiling and tracking scripts in strategic websites. Security researchers from FireEye discovered an attack campaign dubbed WITCHCOVEN, which has injected computers profiling and tracking scripts into over 100 Web sites involved in international business travel, diplomacy, energy production and policy, international economics, and official government work. The malware was designed to identify users of interest and target such users with exploits designed for their specific computer and software configurations. Source: http://www.computerworld.com/article/3005270/malware-vulnerabilities/state-sponsored-cyberspies-inject-victim-profiling-and-tracking-scripts-in-strategic-websites.html#tk.rss_security

30. November 16, InfoWorld – (International) Microsoft fixes Hyper-V bug in Windows. Microsoft released patches for vulnerabilities in its Hyper-V hypervisor software affecting several Windows Servers, including a flaw in the central processing unit (CPU) chip set that issues instructions and causes the host system into a nonresponsive state, resulting in a denial-of-service condition for users’ operating systems. No attacks in the wild have been reported. Source: http://www.infoworld.com/article/3005238/security/microsoft-fixes-hyper-v-bug-in-windows.html

31. November 16, Softpedia – (International) A quarter of web-accessible devices have vulnerable firmware. Researchers from EURECOM and Ruhr University in Bochum, Germany, released a study confirming the weak state of security for Internet of Things (IoT) devices included cross-site scripting (XSS) vulnerabilities, cross-site request forgery (CSRF) vulnerabilities, SQL injection (SQLi) vulnerabilities, and remote code/command execution (RCE) vulnerabilities which can grant attackers access to devices, spy on users, steal data, and rewrite the firmware to perform other malicious activities. Source: http://news.softpedia.com/news/a-quarter-of-web-accessible-devices-have-vulnerable-firmware-496229.shtml

32. November 16, Securityweek – (International) Libpng Library updated to patch vulnerabilities. The official Portable Network Graphics (PNG) reference library, Libpng released an update addressing several memory corruption vulnerabilities in all its versions from 1.6.18 – 1.0.63, affected by a potential out-of-bounds read in the png_set_tIME() and png_convert_to_rfc1123() functions, and an out-of-bounds write issue in the png_get_PLTE() and png_set_PLTE() functions that failed to check for an out-of-range palette when reading or writing PNG files. The flaws were patched with the release of updated versions. Source: http://www.securityweek.com/libpng-library-updated-patch-vulnerabilities

33. November 15, Softpedia – (International) Compromised Web site fools security vendor, continues to infect users. Researchers from Palo Alto Networks reported that the CryptoWall 3.0 ransomware, that previously affected all users via the Angler Exploit Kit when users visited the Web site, cxda.[.]gov[.]cn, was still active and compromised 4,000 additional Web sites despite initial reports that revealed the malicious campaign had stopped. Researchers revealed a “dormant” and “filtering” functionality imbedded in the campaign’s malicious code allowed attackers to go unnoticed depending on the Web sites’ source Internet Protocol (IP) and user agent. Source: http://news.softpedia.com/news/compromised-website-fools-security-vendor-continues-to-infect-users-496178.shtml

34. November 13, Softpedia – (International) Oil and gas companies indirectly put at risk by vulnerabilities in ERP systems. Researchers from ERPScan presenting at Black Hat Europe 2015 showed how a vulnerability in an enterprise resource planning (ERP) suite from SAP and Oracle used inside oil and gas companies, could allow an attacker to gain access into operation technology (OT) infrastructure through connected applications that are insecure. The researchers also determined that misconfigurations, the presence of unnecessary privileges, and custom code provided entry or access escalation points for attacks. Source: http://news.softpedia.com/news/oil-and-gas-companies-indirectly-put-at-risk-by-vulnerabilities-in-erp-systems-496124.shtml

Communications Sector

Nothing to report