Tuesday, January 12, 2016



Complete DHS Report for January 12, 2016

Daily Report                                            

Top Stories

• The National Highway Traffic Safety Administration announced January 9 that only Fiat Chrysler radios possess a security flaw that could allow attackers to breach a vehicle’s speed via the Uconnect infotainment system. – Associated Press

3. January 11, Associated Press – (National) Feds: Non-Jeep car radios aren’t vulnerable to hacking. The National Highway Traffic Safety Administration announced January 9 that it ended its investigation into the vulnerabilities of automotive radios and determined that only Fiat Chrysler radios possess a security flaw that could allow attackers to breach a vehicle’s speed and control the brakes, radio, windshield wipers, and transmission through the Uconnect infotainment system. The administration determined that a 2015 recall of 1.4 million Fiat Chrysler vehicles addressed the flaw and that the fear of widespread vulnerability to hackers appears to be unfounded.  Source: http://www.mercurynews.com/business/ci_29365971/feds-non-jeep-car-radios-arent-vulnerable-hacking

• The chief financial officer at Clarkston Brandon Community Credit Union in Detroit was charged with embezzlement January 8 after stealing $20 million from the credit union over the course of 12 years. – Associated Press See item 4 below in the Financial Services Sector

• The U.S. Department of Justice and DHS formed a new unit called the Countering Violent Extremism Task Force to coordinate U.S. efforts to fight extremist groups such as the Islamic State (IS) domestically and to support international partners of the U.S. in their programs against extremist activities. – SecurityWeek See item 22 below in the Information Technology Sector

• Approximately 150 employees and customers were evacuated from the Heritage Plaza in Auburn, Massachusetts January 9 after a heating system in a business leaked high levels of carbon monoxide. – Associated Press

28. January 9, Associated Press – (Massachusetts) High levels of carbon monoxide lead to strip mall evacuation. Approximately 150 employees and customers were evacuated from the Heritage Plaza in Auburn, Massachusetts January 9 after a heating system in the office of Great Expressions Dental Centers malfunctioned and leaked high levels of carbon monoxide. No injuries were reported and the heating system was shut down. Source: http://www.bostonherald.com/news/local_coverage/2016/01/high_levels_of_carbon_monoxide_lead_to_strip_mall_evacuation

Financial Services Sector

4. January 8, Associated Press – (Michigan) Cops: Man admits to stealing $20M from suburban credit union. The chief financial officer at Clarkston Brandon Community Credit Union in Detroit was charged with embezzlement January 8 after confessing January 6 to stealing $20 million from the credit union over the course of 12 years. Source: http://gazette.com/cops-man-admits-to-stealing-20m-from-suburban-credit-union/article/feed/305895

Information Technology Sector

19. January 11, Softpedia – (International) CSRF bug in Verizon’s API left My FiOS accounts open to attacks. Verizon released patches for a cross-site request forgery flaw and a proof-of-concept (PoC) vulnerably in its My FiOS application program interface (API) after an independent security researcher discovered that attackers can access users’ accounts via malicious Web pages distributed through email campaigns. Once users open the malicious pages, a password reset command can be triggered. Source: http://news.softpedia.com/news/csrf-bug-in-verizon-s-api-left-my-fios-accounts-open-to-attacks-498723.shtml

20. January 11, SecurityWeek – (International) Drupal starts patching update process flaws. Drupal reported its researchers were working to patch a cross-site request forgery (CSRF) vulnerability and an update status vulnerability found in its Content Management System (CMS) product after an IOActive researcher discovered the flaws affected Drupal versions 7 and 8. Source: http://www.securityweek.com/drupal-starts-patching-update-process-flaws

21. January 11, SecurityWeek – (International) Juniper to enhance RNG in ScreenOS. Juniper Networks reported January 8 that it will replace the Duel Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) technology used in its ScreenOS products with the same random number generation (RNG) technology used in Junos OS products after an investigation revealed that the Junos OS products will be more difficult to plant unauthorized code and will include a more robust RNG subsystem. Source: http://www.securityweek.com/juniper-enhance-rng-screenos

22. January 9, SecurityWeek – (International) US ramps up war on IS propaganda, recruitment. White House officials reported January 8 that the U.S. Department of Justice and DHS formed a new unit called the Countering Violent Extremism Task Force to coordinate U.S. efforts to fight extremist groups such as the Islamic State (IS) domestically, and to support international partners of the U.S. in their programs to neutralize potential extremist activities by preventing radical groups from using the Internet to recruit supporters and prevent the groups from using encrypted technologies to hide their activities. Source: http://www.securityweek.com/us-ramps-war-propaganda-recruitment

For another story, see item 27 below from the Commercial Facilities Sector

27. January 9, Softpedia – (National) Star Wars BB-8 toy vulnerable to hacking, nobody cares, the toy is still awesome. Researchers from Pen Test Partners discovered that Sphero’s Internet of Things (IoT) product, Star Wars BB-8 toy used with Microsoft Android app and Apple iOS app were vulnerable to firmware update attacks that allow hackers to change the toy’s sound files and control the product due to flawed privacy-intrusive sensors and data collection features that uses Hypertext Transfer Protocol (HTTP) systems. Sphero confirmed its researchers were working to patch the flaw. Source: http://news.softpedia.com/news/star-wars-bb-8-toy-vulnerable-to-hacking-nobody-cares-the-toy-is-still-awesome-498673.shtml

Communications Sector

Nothing to report

Monday, January 11, 2016



Complete DHS Report for January 11, 2016

Daily Report                                            

Top Stories

• Officials reported January 6 that the San Luis Obispo County Regional Airport in California will be closed after dark for several nights due to lightning strikes that damaged the airport’s navigation aids. – KSBY 6 San Luis Obispo

7. January 6, KSBY 6 San Luis Obispo – (California) Lightning strikes damage navigation aids at SLO airport. Officials reported January 6 that the San Luis Obispo County Regional Airport in California will be closed after dark for several nights due to lightning strikes that damaged the airport’s navigation aids. Authorities also stated that until repairs are completed, aircrafts cannot take off or land after dark. Source: http://www.ksby.com/story/30902128/firefighters-respond-to-report-of-fire-at-slo-airport

• Campbell Soup Company announced January 7 that it will begin disclosing the presence of genetically modified organisms (GMOs) in its products within a 12 – 18 month time frame. – New York Times

9. January 7, New York Times – (National) Campbell labels will disclose G.M.O. ingredients. Campbell Soup Company announced January 7 that it will begin disclosing the presence of genetically modified organisms (GMOs) in its products within a 12 – 18 month time frame, joining the State of Vermont which will require the disclosure of GMOs beginning in July. Source: http://www.nytimes.com/2016/01/08/business/campbell-labels-will-disclose-gmo-ingredients.html

• A boiler room fire at Glenwood Middle School in Maryland prompted the cancellation of classes January 5 – January 8 and the temporary transfer of students to three other county schools during cleanup and repair efforts. – Baltimore Sun

14. January 7, Baltimore Sun – (Maryland) After fire and mold, Glenwood Middle students to be relocated. A boiler room fire ignited by an electrical transformer at Glenwood Middle School in Maryland prompted the cancellation of classes January 5 – January 8. Officials announced that students will be transferred to three other county schools beginning January 11 during cleanup and repair efforts. Source: http://www.baltimoresun.com/news/maryland/howard/lisbon-fulton/ph-ho-cf-glenwood-move-0114-20160107-story.html

• The U.S. Federal Communication Commission reached a $540,000 settlement with the former owner of Cumulus Media, Inc., January 7 to settle allegations that the company violated sponsor identification laws. – Associated Press See item 24 below in the Communications Sector

Financial Services Sector

2. January 7, Sacramento Bee – (California) Two Sacramento residents plead guilty to roles in credit card fraud scheme. Two Sacramento residents pleaded guilty January 7 to their roles in a credit card fraud scheme involving the theft of at least 500 credit and debit cards which affected at least 1,800 victims and led to a an estimated loss of $186,000. The defendants worked with five other co-conspirators to steal mail and create or receive fake credit and debit cards in order to make fraudulent purchases at various retailers in the area. Source: http://www.sacbee.com/news/local/crime/article53609775.html

3. January 7, Reuters – (International) U.S. imposes sanctions on Lebanese man, company for Hezbollah links. The U.S. Department of the Treasury imposed sanctions January 7 freezing the assets of a Lebanese financer and his telecommunications company, Spectrum Investment Group Holding SAL, after discovering that the company was receiving millions of dollars from the terrorist organization Hezbollah in order to invest in commercial projects that would support the organization. Source: http://www.reuters.com/article/us-usa-hezbollah-sanctions-idUSKBN0UL28420160107

Information Technology Sector

18. January 8, SecurityWeek – (International) Privilege escalation flaw found in VMware tools. VMware released patches for its performance enhancement tools including 201512102-SG patches for ESXi, version 11.1.2 for Workstation, and version 7.1.2 for Player and Fusion products after a researcher from Secunia Research Team discovered a memory corruption flaw in the Shared Folders (HGFS) feature running on Microsoft Window products, which allowed attackers to escalate their privileges in the guest operating system. Source: http://www.securityweek.com/privilege-escalation-flaw-found-vmware-tools

19. January 8, SecurityWeek – (International) Adobe to release patches for Acrobat, Reader. Adobe reported that it will release patches for Microsoft Windows and Apple Mac versions for its Acrobat and Reader products January 12 resolving critical vulnerabilities with a priority rate of 2 in several of its products. Source: http://www.securityweek.com/adobe-release-patches-acrobat-reader

20. January 8, Help Net Security – (International) EZCast TV streaming stick leaves home networks vulnerable to attack. Researchers from Check Point found a vulnerability in the EZCast TV streaming stick that can enable attackers to take full control of home networks ad view information stored on personal networks via brute-force attacks and through a malicious link sent by most messaging services, such as Facebook and Skype. EZCast TV runs on its own Wi Fi network and can be easily hacked as the network is secured by an 8-digit numeric password. Source: http://www.net-security.org/secworld.php?id=19301

21. January 8, SecurityWeek – (International) Rogue app store targets non-jailbroken iOS devices. Researchers from Proofpoint reported that a rogue app store called vShare is a DarkSideLoader app store, which allows users to download more than 1 million paid applications for free without having to jailbreak Apple iOS devices via sideloading applications through the use of a fraudulent or stolen enterprise application distribution certificate with application resigning. Once installed, the rogue application may use known or zero-day security vulnerabilities to jailbreak devices or to gain administrative privileges. Source: http://www.securityweek.com/rogue-app-store-targets-non-jailbroken-ios-devices

22. January 8, SecurityWeek – (International) Cisco Targets RIG exploit kit. Researchers from Cisco revealed that an analysis of 44 Internet Protocol (IP) addresses used to disseminate the RIG exploit kit (EK) were found to be linked to the same autonomous system number (ASN) associated with Webzilla and leased to a downstream provider, Russia-based Eurobyte. Webzilla identified and blocked malicious activities from customer hosts. Source: http://www.securityweek.com/cisco-targets-rig-exploit-kit

23. January 7, SecurityWeek – (International) “Spymel” trojan uses stolen certificates to evade detection. Researchers from Zscaler ThreatLabZ discovered the malware dubbed Spymel has been targeting Microsoft Windows XP and Windows 7 systems to steal information from compromised systems and spy on victims by using modules to perform various attacks including logging keystrokes and saving the data to a file and having the malware’s configuration data hardcoded inside the malware executable. Spymel is disseminated via spam emails embedded with an archived JavaScript file that downloads the malware from a remote server and installs it on infected systems.

Communications Sector

24. January 8, Associated Press – (National) FCC settles dispute over Northern Pass ads sponsorship. The U.S. Federal Communication Commission reached a $540,000 settlement with the former owner of Cumulus Media, Inc., January 7 to settle allegations that the broadcasting company violated sponsor identification laws after an investigation revealed that the company did not identify the sponsor for their support in the Northern Pass project. Cumulus Media will be required to implement a compliance plan over 195 stations.