Wednesday, December 30, 2015



Complete DHS Report for December 30, 2015

Daily Report                                            

Top Stories

• Fiat Chrysler Automobiles issued 2 recalls December 27 for more than 412,938 of its Jeep Grand Cherokee, Dodge Durangos, Compass, and Patriot vehicles distributed in the U.S. due to a vanity mirror wiring and clamp issue that can cause a fire. – Autoblog

3. December 27, Autoblog – (International) FCA recalls 570,000 SUVs from Jeep and Dodge over fire woes. Fiat Chrysler Automobiles (FCA) issued two recalls December 27 for 352,831 of its model year 2011 – 2012 Jeep Grand Cherokee vehicles and models built before 2012 Dodge Durango vehicles due to a vanity mirror wiring issue, as well as 60,107 of its model year 2015 Jeep Compass and Patriot vehicles distributed in the U.S. due to an out-of-position clamp that could lead to a leak in the power steering fluid line and pose a fire hazard or loss of power-steering.

• Two former employees of Jaycal Tax Service in Phenix City, Alabama, pleaded guilty December 28 for their roles in an identity theft scheme that stole over 1,000 identities between 2007 and 2012. – Montgomery Advertiser See item 5 below in the Financial Services Sector

• Adobe released out-of-band security updates that addressed several vulnerabilities in its Flash Player products which affects all platforms and can allow an attacker to take control of an infected system through a spear phishing campaign. – SecurityWeek See item 20 below in the Information Technology Sector

• Researchers from Palo Alto Networks discovered that a total of 11,149 computers were infected by new malware dubbed ProxyBack, which targets personal computers and educational institutes in Europe. – Softpedia See item 21 below in the Information Technology Sector

Financial Services Sector

4. December 29, Quincy Patriot Ledger – (Massachusetts) Quincy Credit Union works to replace debit cards, stolen money. Quincy Credit Union reported that at least 675 of its customers’ accounts were compromised the weekend of December 26 after officials found hackers had installed an ATM skimming device to the company’s machines. Officials believe hackers installed the malicious devices early December and later created duplicate cards, which were used to withdraw cash at ATMs throughout New York City. Source: http://www.patriotledger.com/news/20151228/quincy-credit-union-works-to-replace-debit-cards-stolen-money

5. December 28, Montgomery Advertiser – (Alabama) 2 plead guilty to ID theft, $4 million in tax fraud. Two former employees of Jaycal Tax Service in Phenix City pleaded guilty December 28 to aggravated identity theft and conspiring to defraud the government after the two obtained more than 1,000 stolen identities, filed over 1,200 false Federal tax returns, and claimed more than $4 million in fraudulent returns between 2007 and 2012. Source: http://www.montgomeryadvertiser.com/story/news/crime/2015/12/28/2-plead-guilty-id-theft-claiming-4-million-false-returns/77970688/

Information Technology Sector

18. December 29, Softpedia – (International) AVG forcibly installs vulnerable Chrome extension that exposes users’ browsing history. A researcher from Google Project Zero discovered a serious vulnerability in the AVG Web TuneUp Chrome extension, which was forcibly installed when users downloaded the AVG Antivirus that allowed attackers to access users’ cookies, browsing history, and other details by executing cross-site scripting (XSS) attacks and cross-domain requests. AVG Web TuneUp Version 4.2.5.169 patched the flaw and Google blocked AVG’s inline installation of the extension. Source: http://news.softpedia.com/news/avg-forcibly-installs-vulnerable-chrome-extension-that-exposes-user-s-browsing-history-498187.shtml

19. December 28, SecurityWeek – (International) Android malware uses firewall rules to block security apps. Researchers from Symantec discovered a new Microsoft Android malware, dubbed Android.Spywaller, that allows attackers to block mobile security applications, exfiltrate sensitive data from compromised mobile devices including personally identifying information (PII), and collect data belonging to specific third-party communication applications including BlackBerry Messenger, Oovoo, and Skype, among others, through a reverse payload attack that drops and runs the DroidWall firewall binary to create firewall rules and block the application’s security using its own unique identifier (UID). The malware was seen targeting users in China via the Qihoo 360 application and researchers advised users to install security solutions to block mobile threats, update software regularly, and install applications from trusted sources. Source: http://www.securityweek.com/android-malware-uses-firewall-rules-block-security-apps

20. December 28, SecurityWeek – (International) Adobe issues emergency patch for flash zero-day under attack. Adobe released out-of-band security updates that addressed several vulnerabilities in its Flash Player products including a type confusion vulnerability, an integer overflow vulnerability, a use-after-free vulnerability, and a memory corruption vulnerability that affects all platforms and can allow an attacker to take control of an affected system through a spear phishing campaign.Source: http://www.securityweek.com/adobe-issues-emergency-patch-flash-zero-day-under-attack

21. December 28, Softpedia – (International) ProxyBack malware turns infected computers into internet proxies. Researchers from Palo Alto Networks discovered that a total of 11,149 computers were infected by the new malware, ProxyBack, which targets personal computers (PC) and educational institutes in Europe by altering infected devices into Internet proxies while illegally using them to transfer Internet traffic via an established connection with a malicious proxy server, where it receives instructions to route traffic to attackers’ Web servers. Each affected device works as a bot inside a larger network to send commands and updated instructions via simple Hypertext Transfer Protocol (HTTP). Source: http://news.softpedia.com/news/proxyback-malware-turns-infected-computers-into-internet-proxies-498167.shtml

Communications Sector

Nothing to report