Complete DHS Report for
December 23, 2015
Daily Report
Top Stories
• An intense windstorm traveling across the Portland area
December 21 caused power outages to approximately 30,000 people in several
counties and closed railways and highways due to fallen trees and overturned
vehicles. – Portland Tribune
3. December
21, Portland Tribune – (Oregon) Monday windstorm knocks out power, shuts down
highway. An intense windstorm traveling across the Portland area December
21 caused power outages to approximately 30,000 people in several counties and
closed railways and highways due to fallen trees and overturned vehicles. Source: http://www.pamplinmedia.com/pt/9-news/286192-163074-monday-windstorm-knocks-out-power-shuts-down-highway
• Carrier Corporation issued a recall December 22 for
285,000 of its Packaged Terminal Air Conditioners and Heat Pumps sold at HVAC
dealers and factory-direct sales due to a potential fire hazard. – U.S. Consumer
Product Safety Commission
6. December
22, U.S. Consumer Product Safety Commission – (National) Carrier
recalls to repair packaged terminal air conditioners, heat pumps including
previously recalled units due to fire hazard. Carrier Corporation issued a
nationwide recall December 22 for 285,000 of its Carrier, Bryant and Fast
branded Packaged Terminal Air Conditioners and Heat Pumps sold at HVAC dealers
and factory-direct sales due to a potential fire hazard following 47 reported
incidents of the units overheating and 1 incident of consumer injury. Source: http://www.cpsc.gov/en/Recalls/2016/Carrier-Recalls-to-Repair-Packaged-Terminal-Air-Conditioners-Heat-Pumps-Previously-Recalled-Units/
• Ford Motor Company issued 3 safety recalls and 1 safety
compliance recall December 22 for 317,677 of its various vehicles due to
lighting control module issues, air brake chamber issues, and rear axle shaft
issues, among other issues. – Detroit News
8. December
22, Detroit News – (International) Ford issues four recalls for about 317K
vehicles. Ford Motor Company issued 3 safety recalls and 1 safety
compliance recall December 22 for 313,000 of its 2003 – 2005 model year Crown
Victoria and Mercury Grand Marquis vehicles for lighting control issues; 177 of
its 2016 model year F-650 and F-750 trucks for air brake chamber issues; 1,300
of its 2015 model year Transit dual-rear-wheel vehicles for rear axle shaft
issues; and 3,200 of its 2015 model year F-150 SuperCrew vehicles for front
seat belt retractor and pretension assembly issues. Officials stated that 11
reports of accidents and 1 report of minor injury were linked to the Crown
Victoria and Mercury Grand Marquis vehicles and no accidents have been reported
in relation to the other vehicles. Source: http://www.detroitnews.com/story/business/autos/ford/2015/12/22/ford-issues-four-recalls/77741848/
• Trend Micro researchers reported December 21 that
cybercriminals behind Operation Black Atlas are using a variety of pen testing
tools to exploit vulnerable systems within the healthcare and commercial sector
to spread a variety of malware such as BlackPoS. – SecurityWeek See item 13 below in the Financial Services Sector
Financial Services Sector
11. December
21, Easton Express-Times – (Pennsylvania) Ex-Allentown finance
director charged with role in pay-to-play scheme. The U.S. Attorney’s
Office announced December 21 that Allentown’s former finance director was
charged with conspiracy to commit mail and wire fraud following a pay-to-play
scheme in which the director falsified public records in order to help award a
contract to a campaign donor who supported the city Mayor. Source: http://www.lehighvalleylive.com/allentown/index.ssf/2015/12/ex-allentown_finance_director.html
12. December
21, New York Post-Star – (New York) Queensbury man pleads guilty in
$1.2 million financial scheme. A former financial adviser pleaded guilty
December 21 in Albany County Court to counts of grand larceny, scheme to
defraud, money laundering, and violating state business law for his involvement
in a Ponzi scheme in which he stole more than $1.26 million from 10 clients and
paid some clients by taking the funds from others. Source: http://poststar.com/news/blotter/queensbury-man-pleads-guilty-in-million-financial-scheme/article_50809834-29e4-53f3-ab7b-dc1f92d5f56f.html
13. December
21, SecurityWeek – (National) Operation Black Atlas continues to compromise PoS
systems. Trend Micro researchers announced December 21 that cybercriminals
behind Operation Black Atlas are using a variety of pen testing tools to
exploit vulnerable systems within the healthcare and commercial sector to
spread a variety of malware such as BlackPoS; steal user credentials to Web
sites that contain sensitive information; abuse the Windows Background
Intelligent Transfer Service (BITS) or bitsadmin.exe; and build a replica of
the Gorynych / Diamond Fox botnet malware and repurposed it to specifically
look for the output file of the BlackPoS malware, which includes harvested credit
card data, among other malicious actions. Source: http://www.securityweek.com/operation-black-atlas-continues-compromise-pos-systems
Information Technology Sector
23. December
22, SecurityWeek – (International) Oracle settles FTC charges over Java security
updates. The U.S. Federal Trade Commission reported that the computer
technology company, Oracle Corporation agreed to settle charges that the
company deceived its customers by failing to notify its users that the Java
Standard Edition (SE) updates only removed the most recent version of SE and
not previously vulnerable versions, which exposed users to potential attacks.
Oracle will be required to warn users during a SE update if older software
version are present, to inform users about risks, and to present options to
remove the vulnerable applications, among other requirements.
24. December
21, SecurityWeek – (International) TeslaCrypt delivered via recently patched
flash exploit. Researchers from Malwarebytes reported that the previously
patched Flash Player heap buffer overflow vulnerability (CVE-2015-8446), which
was added to the Angler exploit kit, was exploited by attackers to deliver a
new variant of the TeslaCrypt ransomware that encrypts files and renames them
with a .vvv extension. Once the files are encrypted, victims are instructed to
pay the attackers monetary funds to receive the private key needed to decrypt
the files. Source: http://www.securityweek.com/teslacrypt-delivered-recently-patched-flash-exploit
25. December
21, Softpedia – (International) Gomasom ransomware decrypted, get your files
back for free. A security researcher at Emsisoft created a tool for
decrypting files, previously encrypted by the Gomasom ransomware that allows
affected users to take the encrypted files and obtain the decryption key
without paying the ransomware. The tool allows victims to use files in both its
ransomware-encrypted and original version, or a ransomware-encrypted PNG file
to retrieve the lost data. Source: http://news.softpedia.com/news/gomasom-ransomware-decrypted-get-your-files-back-for-free-497945.shtml
For another story, see item 13 above in the Financial Services Sector
Communications Sector
Nothing to report