Complete DHS Report for
December
8, 2015
Daily Report
Top Stories
• Microsoft
reported that the company will no longer provide security updates, non-security
updates, online content updates, or technical support for older versions of its
web browser, Internet Explorer. – Help Net Security See item 28 below in the Information Technology Sector
• Researchers
reported that Russian-linked hacker group, Pawn Storm, has updated its data
theft tools and is utilizing a new version of the AZZY trojan, which is being
delivered by another piece of malware instead of a zero-day exploit. – SecurityWeek
See
item 30
below in the Information Technology
Sector
• Global
law enforcement agencies have partnered with IT companies to disrupt the
Dorkbot botnet, dubbed Nrgbot, after the malware spread through multiple
channels affecting over a million computers in 190 countries. – SecurityWeek
See
item 31
below in the Information Technology
Sector
• South
Carolina officials reported December 7 that at least 23 additional broken dams
were found in 2 counties and that an additional $7 million was needed to repair
roads damaged by the breaks. – Savannah Morning News
37. December
5, Marysville Appeal-Democrat – (California) 8.5 million funds
more levee work in Sutter County. A mile of levee upgrades was added to the
Feather River West Levee project in Sutter County, pending $8.5 million in
funding received from California. The project will help raise flood protection
in urban and rural areas. Source: http://www.appeal-democrat.com/news/million-funds-more-levee-work-in-sutter-county/article_9d73c2b0-9ba8-11e5-9ee0-0f56ff698cd9.html
Financial Services Sector
8. December
4, SecurityWeek – (International) Botnet takes “shotgun” approach to hack PoS
systems. Researchers at Trend Micro reported a new campaign dubbed
operation Black Atlas that targets point-of-sale (PoS) systems at small and
medium sized businesses and healthcare organizations worldwide utilizing
various penetration testing tools including brute force, Simple Mail Transfer
Protocol (SMTP) scanners, and remote desktop viewers. Black Atlas received its
name from the BlackPOS malware, works in stages, and uses variants of other known
malware, allowing hackers to potentially steal sensitive information. Source: http://www.securityweek.com/botnet-takes-shotgun-approach-hack-pos-systems
9. December
4, Sacramento Bee – (California) Placer County women guilty in
multimillion-dollar mortgage fraud scheme. A Federal jury in Sacramento
found 2 Placer County women guilty December 4 for their roles in a mortgage
fraud scheme that netted over $16 million and involved more than 30 properties
in the Sacramento area that were purchased through straw buyers. The women
created fraudulent loan applications and ran an escrow company used in a
majority of the real estate transactions. Source: http://www.sacbee.com/news/local/crime/article48104005.html
10. December
4, U.S. Department of Justice – (Massachusetts) Two
Massachusetts men indicted in massive stolen identity tax refund fraud scheme. Two
Dominican men residing in Massachusetts were charged December 3 for allegedly
participating in a scheme to prepare and file fake Federal income tax returns
using the stolen identities of more than 800 U.S. citizens including Puerto
Rican residents, in order to obtain tax refund checks. The pair also reportedly
sold more than 16 tax refund checks valuing over $100,000 to one individual. Source:
http://www.justice.gov/opa/pr/two-massachusetts-men-indicted-massive-stolen-identity-tax-refund-fraud-scheme
Information Technology Sector
27. December
7, Softpedia – (International) Trifecta of security bugs affecting Dell,
Lenovo, and Toshiba products. Security researchers from LizardHQ reported
that three major security vulnerabilities were affecting current and older
versions of computer products including Dell System Detect, Lenovo’s Solution
Center, and Toshiba Service Station that allows attackers to abuse an
application program interface (API) to bypass the Windows User Account Control
limitations on Dell products, run malicious code and escalate privileges to
administrative rights on Lenovo products, and allows attackers to read parts of
the Windows registry as a SYSTEM-level users in Toshiba products. The companies
released recommendations on how to fix the vulnerabilities. Source: http://news.softpedia.com/news/trifecta-of-security-bugs-affecting-dell-lenovo-and-toshiba-products-497226.shtml
28. December
7, Help Net Security – (International) Microsoft warns of imminent end of support
for all but the latest Internet Explorer versions. Microsoft reported that
the company will no longer provide security updates, non-security updates,
online content updates, or technical support for older versions of its web
browser, Internet Explorer in an attempt to encourage users to upgrade from
Internet Explorer 11 to Microsoft Edge and Windows 10. Source: http://www.net-security.org/secworld.php?id=19197
29. December
7, SecurityWeek – (International) Serious flaws found in Honeywell gas
detectors. Honeywell released firmware updates to it Midas gas detectors
after a security researcher discovered that Midas gas detectors running
firmware versions 1.13b1 and older, and Midas Black products running firmware
versions 2.13b1 and older, were susceptible to a path traversal flaw and a
clear text flaw that can be exploited remotely by an attacker with low skill by
typing a targeted Uniform Resource Locator (URL) into the device to bypass
authentication procedures. Source: http://www.securityweek.com/serious-flaws-found-honeywell-gas-detectors
30. December
7, SecurityWeek – (International) Russian cyberspies use updated arsenal to
attack defense contractors. Researchers from Kaspersky Lab reported that
Russian-linked cyber espionage group, Pawn Storm, which targets international
military, media, defense, and government organizations has updated its data
theft tools and is utilizing a new version of the AZZY trojan which is being
delivered by another piece of malware instead of a zero-day exploit. The new
AZZY backdoor also uses an external library for command and control (C&C)
communications. Source: http://www.securityweek.com/russian-cyberspies-use-updated-arsenal-attack-defense-contractors
31. December
4, SecurityWeek – (International) International operation disrupts dorkbot
botnet. Global law enforcement agencies have partnered with Microsoft,
ESET, and CERT Polska to disrupt the Dorkbot botnet, dubbed Nrgbot, after the
malware spread through multiple channels, including Universal Serial Bus (USB)
flash drives, instant messaging programs, social network sites, exploit kits
(EK), and spam emails, affecting over a million computers in 190 countries.
Researchers advised users to keep their antivirus programs updated at all times
to ensure proper protection from the malware that steals personal information
and credentials and distributes other forms of malware. Source: http://www.securityweek.com/international-operation-disrupts-dorkbot-botnet
Communications Sector
Nothing to report