Monday, July 11, 2016



Complete DHS Report for July 11, 2016

Daily Report                                            

Top Stories

• A security researcher from Vulnerability Lab reported July 7 that BMW’s ConnectDrive Web portal was plagued with two zero-day vulnerabilities including a cross-site scripting (XSS) flaw and a session vulnerability. – Softpedia

4. July 8, Softpedia – (International) Zero-days in BMW web portal let hackers tamper with customer cars. A security researcher from Vulnerability Lab reported July 7 that BMW’s ConnectDrive Web portal was plagued with two zero-day vulnerabilities including a cross-site scripting (XSS) flaw and a session vulnerability that can allow an attacker to bypass Vehicle Identification Number (VIN) session validation and use another car’s VIN to access and edit another user’s car settings. BMW has yet to patch the flaws. Source: http://news.softpedia.com/news/zero-days-in-bmw-web-portal-let-hackers-tamper-with-customer-cars-506103.shtml

• The chief of the Dallas Police Department announced July 8 that at least three gunman shot and killed five police officers and wounded seven others during a protest in Dallas July 7 over fatal police shootings in other States. – Associated Press

16. July 8, Associated Press – (Texas) Police: 5 officers dead, 7 hurt in Dallas protest shooting. The chief of the Dallas Police Department announced July 8 that at least three gunman shot and killed five police officers and wounded seven others during a protest in Dallas July 7 over fatal police shootings in other States. One suspect was killed in an exchange with police and authorities were continuing to investigate the incident while searching for other suspects involved in the shootings.

• Senrio security researchers found that over 120 other D-Link products were plagued with the same remote-code execution (RCE) flaw found in the D-Link Network Cloud Cameras that could allow attackers to execute arbitrary code on the devices. – Softpedia See item 19 below in the Communications Sector

• Wendy’s fast food restaurant released an updated database July 7 which revealed that addition restaurant locations may have been affected by a 2015 security breach. – United Press International; Wall Street Journal

22. July 7, United Press International; Wall Street Journal – (National) Wendy’s says credit, debit card breach affected over a thousand U.S. locations. Wendy’s restaurant released an updated database July 7 which revealed that addition restaurant locations may have been affected by a 2015 security breach after the company discovered malware on the company’s point-of-sale (PoS) systems May 2016. Company officials allegedly believe more than 1,000 nationwide locations were affected.

Financial Services Sector

7. July 8, Huntsville Times – (National) Former Regions Bank VPs indicted in bribery, wire fraud scheme. Two former vice presidents at Regions Bank, who also served as officers at Regions Equipment Financing Corp., (REFCO) in Birmingham, Alabama, were indicted July 7 for their roles in a $5 million bribery and wire fraud scheme where the duo and a co-conspirator allegedly established a fraudulent company, Residual Assurance Inc., that would enter an agreement with REFCO to provide residual value insurance, directed REFCO’s residual value insurance business to the company, and split the business’s proceeds between September 2010 and November 2015. The charges allege that the former executives collectively received over $3 million for their roles in the scheme. Source: http://www.al.com/news/index.ssf/2016/07/former_regions_bank_vps_indict.html

Information Technology Sector

18. July 7, Softpedia – (International) New “Patchwork” cyber-espionage group uses copy-pasted malware for its attacks. Security researchers from Cymmetria reported that a new cyber-espionage group dubbed, Patchwork Advanced Persistent Threat (APT) was seen infecting at least 2,500 machines since December 2015 and can infect an underlying operating system (OS) with their malware using spear-phishing emails that contain PowerPoint files as attachments, which are embedded with the Sandworm exploit. The cyber criminals use an assortment of copy-pasted code from known malware such as PowerSploit, Meterpreter, Autolt, and UACME. Source: http://news.softpedia.com/news/new-patchwork-cyber-espionage-group-uses-copy-pasted-malware-for-its-attacks-506101.shtml

For additional stories, see item 4 above in Top Stories and 19 below in the Communications Sector

Communications Sector

19. July 8, Softpedia – (International) D-Link vulnerability affects over 120 products, 400,000 devices. Security researchers from Senrio discovered that over 120 other D-Link products were plagued with the same remote-code execution (RCE) vulnerability found in the D-Link DCS-930L Network Cloud Cameras that could allow attackers to execute arbitrary code on the devices. Researchers reported that an alleged 400,000 D-Link products could be affected.

No comments: