Friday, January 29, 2016



Complete DHS Report for January 29, 2016

Daily Report                                            

Top Stories

• A Chinese businessman pleaded guilty January 27 after he and six others allegedly stole patented corn seeds from two Iowa farms and sent the genetically modified seeds to Beijing Dabeinong Technology Group Co., a foreign agricultural conglomerate. – Des Moines Register

13. January 27, Des Moines Register – (International) Chinese businessman gets deal in seed theft case. A Chinese businessman pleaded guilty January 27 to one count of conspiracy to steal trade secrets after he and six others reportedly stole valuable patented corn seeds from DuPont Pioneer and Monsanto Iowa farms and sent the genetically modified seeds to Beijing Dabeinong Technology Group Co., Chinese agricultural conglomerate, which allowed the foreign company to counterfeit the seeds and avoid paying for their own research and development. The scheme cost U.S. companies billions of dollars. Source: http://www.desmoinesregister.com/story/news/crime-and-courts/2016/01/27/chinese-businessman-pleads-seed-theft-case/79428650/

• A 12-inch feeder line ruptured January 27 spilling 2 million gallons of water within 30 minutes in Rapid City, South Dakota, impacting hundreds of home and businesses in the area. – KOTA 3 Rapid City

14. January 27, KOTA 3 Rapid City – (South Dakota) Water main breaks at intersection causing problems. A 12-inch feeder line ruptured January 27 spilling 2 million gallons of water within 30 minutes in Rapid City, South Dakota, impacting hundreds of home and businesses in the area. Crews restored about 90 percent of water service after several hours. Source: http://www.kotatv.com/news/south-dakota-news/water-main-breaks-at-intersection-causing-problems/37667840

• The Orange County Sheriff’s Department reported that 5 alleged gang members were arrested January 27 for reportedly helping 3 inmates escape from the Orange County Men’s Central Jail January 22. – Los Angeles Times

19. January 27, Los Angeles Times – (California) Alleged gang members arrested in O.C. jailbreak probe, but 3 escapees still at large. The Orange County Sheriff’s Department reported that 5 alleged gang members were arrested January 27 for reportedly helping 3 inmates escape from the Orange County Men’s Central Jail January 22. Officials reported that additional arrests are pending and that the three escaped inmates remain at large. Source: http://www.latimes.com/local/lanow/la-me-ln-orange-county-sheriff-jail-break-20160127-story.html

• The FBI reported January 26 that they arrested and charged a Milwaukee man for illegally possessing machine guns and planning a massacre at a Masonic temple after he disclosed his plans to attack a Milwaukee temple to two undercover FBI agents. – CNN

28. January 27, CNN – (Illinois) FBI: Milwaukee man planned mass shooting at Masonic temple. An FBI official announced January 26 that they arrested and charged a Milwaukee man for illegally possessing machine guns and planning a massacre at a Masonic temple after the man disclosed his plans to attack a Milwaukee temple to two undercover FBI agents following an in-depth Federal investigation. Source: http://www.cnn.com/2016/01/26/us/milwaukee-masonic-temple-mass-shooting-planned-charges/

Financial Services Sector

Nothing to report

Information Technology Sector

20. January 28, SecurityWeek – (International) Samsung patches critical vulnerabilities in Android devices. Samsung released a maintenance update for its major Android flagship Galaxy models that patched 16 vulnerabilities including a flaw in Skia which allowed attackers to conduct denial-of-service attacks via a crafted media file, and a remote code execution (RCE) flaw in Android Mediaserver, which allowed attackers to cause memory corruption, among other vulnerabilities. Source: http://www.securityweek.com/samsung-patches-critical-vulnerabilities-android-devices

21. January 28, Softpedia – (International) WhatsApp will get security indicators to highlight encrypted chats. WhatsApp mobile messaging application will release two new features in its WhatsApp 3.0 interface including the “Show security indicators” feature that will add a lock icon to a user’s WhatsApp encrypted conversations and the “Share my account info” feature that will send a user’s WhatsApp data to Facebook servers in an effort to improve users’ Facebook experience. Source: http://news.softpedia.com/news/whatsapp-will-get-security-indicators-to-highlight-encrypted-chats-499552.shtml

22. January 28, Help Net Security – (International) Cisco plugs hole in firewall devices that could lead to device hijacking. Cisco released firmware updates for its RV220W Wireless Network Security Firewall devices, specifically versions prior to 1.0.7.2, after an anonymous researcher working with Beyond Security discovered a critical vulnerability that allowed attackers to send crafted Hypertext Transfer Protocol (HTTP) request embedded with malicious Structured Query Language (SQL) statements to the management interface of a targeted device, which may allow attackers to bypass authentication protocols on the management interface and gain administrative privileges on the infected device. Source: http://www.net-security.org/secworld.php?id=19383

23. January 28, SecurityWeek – (International) LG patches severe smartphone hijack vulnerability. LG Electronics released patches fixing a critical vulnerability in the Smart Notice application (SNAP), which comes pre-loaded on all LG smartphones, after researchers from BugSec and Cynet discovered the flaw can allow attackers to extract private user information from the device’s secure digital (SD) card, WhatsApp application data, and private user images, as well as render users vulnerable to phishing attacks, ultimately resulting in the installation of mobile malware on the affected devices. Attackers can exploit the vulnerability through different methods due to functionality issues and validation issues. Source: http://www.securityweek.com/lg-patches-severe-smartphone-hijack-vulnerability

24. January 28, SecurityWeek – (International) Oracle to kill Java browser plugin. Oracle reported January 27 that it plans to discontinue the Java browser plugin in its Java Development Kit (JDK) 9 and remove the plugin completely from JDK and Runtime Environment (JRE) in a future Java release due to the large number of vulnerabilities found in the plugin. Security experts advised users to disable the application unless specifically needed and to ensure users are running the latest Java version. Source: http://www.securityweek.com/oracle-kill-java-browser-plugin

25. January 28, Threatpost – (International) BlackEnergy APT group spreading malware via tainted word docs. Researchers from Kaspersky Lab discovered attackers were delivering the BlackEnergy malware via spear phishing emails with malicious Microsoft Word document attachments, which are embedded with malicious macros to target Industrial Control Systems (ICS) and Supervisory control and data acquisition (SCADA) companies around the world. Source: https://threatpost.com/blackenergy-apt-group-spreading-malware-via-tainted-word-docs/116043/

26. January 27, SecurityWeek – (International) This is what Microsoft’s vulnerability patching efforts looked like in 2015. Researchers from ESET released a report that analyzed the most affected components in Microsoft Windows during 2015 and addressed the importance of patching vulnerabilities, which revealed that more than 570 vulnerabilities were patched in Microsoft products and that many of the patches affected the Internet Explorer (IE) browser. Source: http://www.securityweek.com/what-microsofts-vulnerability-patching-efforts-looked-2015

Communications Sector

Nothing to report

Thursday, January 28, 2016



Complete DHS Report for January 28, 2016

Daily Report                                            

Top Stories

• The Federal Aviation Administration announced January 26 that it will transfer controllers to address understaffing following an inspector general report which found that 13 airport control facilities have few fully trained controllers. – Associated Press

4. January 27, Associated Press – (National) Watchdog: Nation’s busiest airports lack qualified air traffic controllers. The Federal Aviation Administration announced that it is expediting the transfer of controllers from well-staffed traffic control centers to address understaffing at other centers following the January 26 release of a U.S. Department of Transportation’s inspector general report which found that 13 airport control facilities and en route centers in Anchorage, Atlanta, Chicago, Denver, Dallas, Houston, New York, Las Vegas, Miami, and Albuquerque have few fully trained controllers. The report also questions the validity of minimum staffing levels required by the administration after managers at 23 key facilities examined cited a higher number of controllers needed to fill all work shifts. Source: http://www.foxnews.com/us/2016/01/27/watchdog-nations-busiest-airports-lack-qualified-air-traffic-controllers.html

• Texas officials estimated that approximately 800,000 gallons of treated sludge wastewater spilled out of the Aransas Pass city treatment plant and into Redfish Bay January 26. – Corpus Christi Caller-Times

10. January 26, Corpus Christi Caller-Times – (Texas) 800,000 gallons of wastewater spilled in Redfish Bay. Officials estimated that approximately 800,000 gallons of treated sludge wastewater spilled out of the Aransas Pass city treatment plant and into Redfish Bay after the main pump to the clarifier failed January 26. All private water well residents within a half-mile of the affected area were placed under a boil water advisory. Source: http://www.caller.com/news/local/800000-gallons-of-wastewater-spilled-in-redfish-bay-2a485a28-b024-1385-e053-0100007f262d-366644131.html

• PayPal patched a critical remote code execution flaw in its Manager portal which could potentially allow attackers to execute arbitrary shell commands to gain access to production databases. – The Register See item 19 below in the Information Technology Sector

• A six-alarm fire in a downtown New Orleans building halted all streetcar lines and closed the historic Canal Street after the blaze began in a four-story building and spread to an adjacent building January 27. – Associated Press

23. January 27, Associated Press – (Louisiana) No injuries as fire closes New Orleans’ historic Canal St. A six-alarm fire in a downtown New Orleans building halted all streetcar lines and closed the historic Canal Street, which contains several restaurants and businesses, after the blaze began in a four-story building and spread to an adjacent building January 27. No injuries were reported and the cause of the incident is under investigation. Source: http://wkrn.com/2016/01/27/new-orleans-firefighters-battling-fire-on-canal-street/

Financial Services Sector

3. January 26, Lincoln Journal Star – (Iowa; Nebraska) 3 Cubans indicted in Nebraska for credit card scam. Nebraska officials announced January 26 that 3 Cuban-born Texas men were indicted for allegedly participating in a scheme in which they allegedly stole credit and debit account numbers and re-encoded the information onto 251 fake credit cards to buy or redeem gift cards across Iowa and Nebraska. The scheme cost cardholders nearly $30,000 in losses. Source: http://journalstar.com/news/local/911/cubans-indicted-in-nebraska-for-credit-card-scam/article_6e5773ca-2754-5fcc-ba51-79ef1a2c5609.html

Information Technology Sector

18. January 27, SecurityWeek – (International) Hackers can abuse HP enterprise printers for storage. A researcher from MacKeeper reported that misconfigured enterprise devices can be susceptible to hosting malicious code and evading detection by security products, in addition to allowing attackers to use free, open-source tools to upload files to HP printers and interact with the devices over port 9100 through access via a web browser at “http:/// hp/device /.” HP advised users to protect their printers by implementing a logging system on each device and turning off unused ports and protocols. Source: http://www.securityweek.com/hackers-can-abuse-hp-enterprise-printers-storage

19. January 27, The Register – (International) PayPal patches deadly server remote code execution flaw. PayPal patched a critical remote code execution flaw after an independent security researcher discovered the flaw in PayPal’s Manager portal, hosted at manager.paypal.com which could potentially allow attackers to execute arbitrary shell commands on PayPal’s servers through a Java object deserialization bug to gain access to production databases. Source: http://www.theregister.co.uk/2016/01/27/paypal_patches_deadly_server_remote_code_execution_flaw_pays_5k/

20. January 27, SecurityWeek – (International) Check Point unveils new threat prevention appliances. Check Point network security firm released new hardware appliances, including its 15000 and 23000 Series for enterprise networks targeted with zero-day threats that allow each new hardware to run all security protections simultaneously including full Secure Sockets Layer (SSL) traffic inspection, advanced monitoring, and threat prevention protocols without creating a performance bottleneck or compromising security effectiveness. Source: http://www.securityweek.com/check-point-unveils-new-threat-prevention-appliances

21. January 26, SecurityWeek – (International) Blended DDoS attacks grow in size, complexity, frequency: Report. Arbor Networks released its 11th Annual Worldwide Infrastructure Security Report (WISR) which revealed that distributed denial-of-service (DDoS) attacks targeted enterprise networks’ infrastructure, applications, and services simultaneously, increased through cloud-based services by 29 percent from 2015, and focused on Doman Name System (DNS) servers rather than Hypertext Transfer Protocol (HTTP) services. In addition, the report stated that 50 percent of enterprises firewalls failed due to successful DDoS attacks. Source: http://www.securityweek.com/blended-ddos-attacks-grow-size-complexity-frequency-report

22. January 26, Softpedia – (International) NanoLocker ransomware can be cracked, but only under certain conditions. A Canadian security researcher discovered a flaw in the NanoLocker ransomware’s operations that can halt the ransomware’s encryption by restarting a victim’s personal computer (PC) or entering the PC into sleep mode, which stops the encryption process and leaves the configuration file in an uncompleted encryption stage. While in the uncompleted encryption state, the Canadian security researcher created a decrypter to restore encrypted files from the ransomware, which can be downloaded from GitHub or from Google Drive. Source: http://news.softpedia.com/news/nanolocker-ransomware-can-be-cracked-but-only-under-certain-conditions-499455.shtml

Communications Sector

Nothing to report