Complete DHS Report for February 4, 2016
Daily Report
Top Stories
• Severe snow storms traveling across the Midwest closed 14
highways in several States, cancelled more than 950 nationwide flights February
2 – February 3, and prompted school closures to remain in effect February 2. – CNN
6. February
3, CNN – (National) Winter storm buries parts of Midwest; sets off
tornadoes in deep South. Severe snow storms traveling across the Midwest
closed 14 highways in several States, cancelled more than 950 national flights
February 2 – February 3, created tornadoes in Mississippi and Alabama, and
prompted schools to remain closed February 2 in response to the storm.
• A former U.S. Nuclear Regulatory Commission scientist
pleaded guilty February 2 and admitted to an attempted cyberattack on U.S.
government computers in an attempt to extract sensitive information on nuclear
weapons that could be passed to a foreign country. – Associated Press
13. February
2, Associated Press – (International) Guilty plea in attempted cyberattack on US
govt. computers. A former U.S. Nuclear Regulatory Commission (NRC)
scientist pleaded guilty February 2 and admitted to an attempted cyberattack on
U.S. government computers where he spear-phished U.S. Department of Energy
employees with emails that he thought contained a virus in order to extract
sensitive information on nuclear weapons that could be passed to a foreign country.
The former NRC scientist entered a foreign embassy in the Philippines and
offered to sell more than 5,000 addresses of government employees in exchange
for over $18,000. Source:
http://www.foxnews.com/us/2016/02/02/guilty-plea-in-attempted-cyber-attack-on-us-govt-computers.html
• Microsoft issued a recall February 2 for about 2.25
million of its AC power cords sold with its Surface Pro convertible tablet
devices due to the power cords overheating, emitting flames, and posing
electrical shock hazards. – Reuters See item 2 below in the Information Technology Sector
• A February 3 fire at a Highland Park warehouse housing
multiple businesses caused extensive damage to the facility, prompted an
evacuation of surrounding areas, and caused a boil water advisory for area
residents, among other actions. – Detroit News
25. February
3, Detroit News – (International) Highland Park issues boil water alert amid
massive fire. A February 3 fire at a Highland Park warehouse housing
multiple businesses caused extensive damage to the facility, prompted an
evacuation of surrounding areas, caused a boil water advisory for area
residents, and closed the George Washington Carver Elementary school due to
impact of the fire. Officials were working to determine the cause of the fire
and were assessing the total amount of damages. Source: http://www.detroitnews.com/story/news/local/wayne-county/2016/02/03/highland-park/79742504/
Financial Services Sector
4. February
2, Reuters – (National) Morgan Stanley to pay $63 million U.S. mortgage
bond settlement: FDIC. The U.S. Federal Deposit Insurance Corp. (FDIC)
announced February 2 that Morgan Stanley agreed to pay $62.95 million to settle
allegations that the bank misrepresented securities in offering documents and
sold toxic mortgage-backed securities to 3 banks, the Colonial Bank of
Montgomery, Alabama; Security Savings Bank of Henderson, Nevada; and United
Western Bank of Denver, which later failed. Source: http://www.reuters.com/article/us-morgan-stanley-settlement-idUSKCN0VB249
Information Technology Sector
19. February
3, Softpedia – (International) Dual-Mode DMA ransomware cracked, users can
recover files for free. Security researchers from Malwarebytes discovered a
flaw in the DMA ransomware that could allow victims to decrypt their encrypted
files without paying the ransomware after discovering that the ransomware’s
encryption key was hard-coded in its binary, allowing victims to re-download
the malicious file and input the encryption key inside the ransom note to
unlock their files. Source: http://news.softpedia.com/news/dual-mode-dma-ransomware-cracked-users-can-recover-files-for-free-499848.shtml
20. February
3, SecurityWeek – (International) WordPress 4.4.2 patches open redirect, SSRF
flaws. WordPress released version 4.4.2 for its content management system
that patched an open redirection vulnerability, a server-side request forgery
(SSRF) which affected certain local Uniform Resource Identifiers (URLs), and 17
flaws affecting WordPress versions 4.4 and 4.4.1.
21. February
3, SecurityWeek – (International) Comodo browser breaks security: Google
researcher. A researcher from Google found that the Chromodo web browser
that comes installed with Comodo’s Internet Security product disables the same
origin policy (SOP) and effectively turns off all Web security, allowing
malicious scripts opened in one browser to interact with other windows and
infect several systems. Comodo released a patch to fix the vulnerability, but
researchers found the patch was ineffective. Source: http://www.securityweek.com/comodo-browser-breaks-security-google-researcher
22. February 2,
Reuters – (National) Microsoft recalls 2.3 mln power cords sold with
Surface Pro tablets. Microsoft issued a recall February 2 for about 2.25
million of its AC power cords sold with certain models of the Microsoft Surface
Pro convertible tablet devices after the company received a total of 61
consumer reports that the power cords overheated, emitted flames, and posed
electrical shock hazards. Source: http://www.cnbc.com/2016/02/02/microsoft-recalls-23-mln-power-cords-sold-with-surface-pro-tablets.html
Communications Sector
Nothing to report