Thursday, January 7, 2016



Complete DHS Report for January 7, 2016

Daily Report                                            

Top Stories

• Utility crews began casting demister pads January 6 to contain an oily mist that appeared from a methane leak at the company’s Aliso Canyon Storage Facility in California. – Los Angeles Daily News

1. January 6, Los Angeles Daily News – (California) Oily mist surfaces at Porter Ranch gas leak as well pressure drops. Southern California Gas Company announced January 6 that crews began casting demister pads, which contain a mesh screen, to contain an oily mist that has appeared from a methane leak at the company’s Aliso Canyon Storage Facility above Porter Ranch. The utility reported that the pads will trap droplets that mix with the gas as it rises. Source: http://www.dailynews.com/environment-and-nature/20160105/oily-mist-surfaces-at-porter-ranch-gas-leak-as-well-pressure-drops


• Rapid7 discovered a flaw in the Comcast XFINITY Home Security system that can allow burglars to enter homes without triggering the alarm by causing interference or deauthentication to the ZigBee-based protocol. – Help Net Security  

4. January 6, Help Net Security – (International) Flaw in Comcast’s home security system lets burglars in without triggering alarm. A researcher at Rapid7 discovered a critical flaw in the Comcast XFINITY Home Security system that can allow burglars to enter homes without triggering the alarm by causing interference or deauthentication to the ZigBee-based communications protocol via commodity radio jamming equipment and software-based deauthentication attacks on the protocol itself. There are currently no patches for the flaw. Source: http://www.net-security.org/secworld.php?id=19288

• A former partner at McKinsey & Company’s Chicago office and a former internal consultant for State Farm were charged January 5 for allegedly bilking both companies out of $900,000 in phony consulting fees. – Chicago Sun-Times See item 6 below in the Financial Services Sector

• A Transit Express (TRAX) train was struck by a car in Salt Lake City January 4, killing 1 man, leaving 18 others injured, and causing the train to teeter on the North Temple overpass. – KSL 5 Salt Lake City  

10. January 4, KSL 5 Salt Lake City – (Utah) Ogden man killed, 18 injured in TRAX train collision. A Transit Express (TRAX) train was struck by a fast-moving car in Salt Lake City January 4, killing 1 man, leaving 18 others injured, and causing the train to teeter on the North Temple overpass after it was knocked off its tracks. Crews worked to remove the train and inspect the track.Source: https://www.ksl.com/index.php?sid=38006765&nid=148&title=1-killed-trax-train-derailed-after-collision-on-north-temple&fm=home_page&s_cid=topstory

Financial Services Sector

6. January 5, Chicago Sun-Times – (National) Former McKinsey partner, McLean County Board chair indicted for wire fraud. A former partner at McKinsey & Company’s Chicago office and a former internal consultant for State Farm were charged January 5 for allegedly bilking both companies out of $900,000 in phony consulting fees through two companies, Gabriel Solutions and Andy’s BCB, while using the funds to pay for personal trips that were listed as business expenses. Source: http://chicago.suntimes.com/news/7/71/1228078/former-mckinsey-partner-state-farm-consultant-facing-federal-wire-fraud-charges

Information Technology Sector

22. January 6, SecurityWeek – (International) Linode resets user passwords after breach. Linode reported that it reset customers’ Linode Manager passwords after the company discovered that a massive distributed denial-of-service (DDoS) attack was launched on its Web site, data centers, and Domain Name System (DNS) infrastructure, in addition to multiple volumetric attacks that targeted its authoritative nameservers and public Web sites, which may have compromised user credentials’ from the company’s database. The exposed database included usernames, email addresses, password hashes, and encrypted two-factor authentication seeds. Source: http://www.securityweek.com/linode-resets-user-passwords-after-breach

23. January 6, SecurityWeek – (International) Researchers publish default passwords for ICS products. SCADA StrangeLove research team released a list of default credentials for industrial control system (ICS) products from various vendors including industrial routers, programmable logic controllers (PLC), and wireless gateways, among other products, to reveal that default passwords can pose a serious vulnerability for systems if remotely accessed. The team reported that vendors should implement proper security controls such as establishing password strength policies and forcing users to change passwords on the first login. Source: http://www.securityweek.com/researchers-publish-default-passwords-ics-products

24. January 6, SecurityWeek – (International) Vulnerability exposed Blackphone to complete takeover. Silent Circle released updates for its privacy-focused Blackphone 1 mobile device that patched several security flaws including a modem vulnerability that can be exploited by attackers to take control of the device’s functions through an open-access socket that interacts with an NVIDIA Icera modem binary named agps_daemon, embedded with elevated privileges, to communicate directly to the Blackphone modem and record anything it receives to the ttySHM3 port. Attackers disguised with shell user privileges could send commands to the modem to exploit the flaw. Source: http://www.securityweek.com/vulnerability-exposed-blackphone-complete-takeover

25. January 5, Softpedia – (International) Author of Linux.Encoder fails for the third time, ransomware is still decryptable. Researchers from Bitdefender reported that a Linux.Encoder decryption tool was available for free following the discovery of a third version of the Linux.Encoder malware which has infected about 600 servers. The ransomware targets Web servers and looks to encrypt files used in Web hosting and Web development environments. Source: http://news.softpedia.com/news/author-of-linux-encoder-fails-for-the-third-time-ransomware-is-still-decryptable-498483.shtml

For another story, see item 4 above in Top Stories

Communications Sector

See items 23 and 24 above in the Information Technology Sector