Complete DHS Report for March 29, 2016
Daily Report
Top Stories
• The Kyle Public Works Department worked to contain a spill of
more than 117,000 gallons of wastewater that reached the Bunton Branch in Texas
March 25 after storms reportedly caused pumps to fail when power was knocked
out. – KXAN 36 Austin
9. March 26,
KXAN 36 Austin – (Texas) More than 117,000 gallons of wastewater spills in
Kyle. The Kyle Public Works Department worked to contain a spill of more
than 117,000 gallons of wastewater that reached the Bunton Branch in Texas
March 25 after storms reportedly caused pumps to fail when power was knocked
out. Clean up is estimated to take 10 – 14 days while crews drain the creek and
pump fresh water to dilute the remaining contaminants. Source: http://kxan.com/2016/03/25/more-than-100000-gallons-of-wastewater-spills-in-kyle/
• Officials reported March 25 that the personal information of
more than 3,000 employees at Tidewater Community College in Virginia was leaked
after an employee sent a file containing employees’ information in response to
a data request from a fraudulent college account March 2. – Norfolk Virginian-Pilot
15. March 25,
Norfolk Virginian-Pilot – (Virginia) Data breach exposes information
on more than 3,000 TCC employees. Officials announced March 25 that
personal information, including Social Security numbers, of more than 3,000
employees at Tidewater Community College (TCC) in Virginia was leaked when an
employee sent a file March 2 that included personal information of employees in
response to a data request from a fraudulent TCC email account. Source: http://pilotonline.com/news/local/crime/data-breach-exposes-information-on-more-than-tcc-employees/article_6ab72a2f-52a0-533e-8060-a2d245c7f151.html
• A March 25 fire inside a recording studio at Boston University’s
College of Communication caused about $500,000 in damages and injured a
university police officer, 3 students, and a firefighter. – WCVB 5 Boston
16. March 25,
WCVB 5 Boston – (Massachusetts) 5 suffer smoke inhalation in Boston
University campus fire. A March 25 fire inside a recording studio at Boston
University’s College of Communication caused about $500,000 in damages and sent
a university police officer, 3 students, and a firefighter to an area hospital
for smoke inhalation. The building was evacuated and ventilated after
investigators determined that the studio’s sound insulation in the walls
produced high levels of hydrogen cyanide. Source: http://www.wcvb.com/news/fire-reported-on-boston-university-campus/38690464
• Vormetric released its 2016 Data Threat Report which detailed
that 90 percent of Information Technology (IT) security executives from large
international organizations expressed their organizations were vulnerable to
data threats. – SecurityWeek See item 24 below in
the Information Technology Sector
Financial Services Sector
2. March 25,
U.S. Securities and Exchange Commission – (New Jersey; California) SEC
halts fraud by manager of investments in pre-IPO companies. The U.S.
Securities and Exchange Commission (SEC) announced March 25 charges and asset
freezes against a New Jersey-based fund manager and 2 share-marketing
companies, Saddle River Advisors and SRA Management Associates, after they
allegedly stole $5.7 million from investors, diverted millions more to improper
and undisclosed uses, failed to register the share offerings with the SEC, and
concealed the illicit activity by avoiding outside reviews of the funds,
indiscriminately transferring money to more than a dozen bank accounts, and
failing to provide investors with financial statements. Officials stated that
the manager raised more than $53 million from investors through the 2 funds and
used the money to pay off earlier investors, prop up other funds, and pay
family-related expenses, thereby leaving his firms unable to buy shares
promised to investors. Source: https://www.sec.gov/news/pressrelease/2016-57.html
Information Technology Sector
19. March 28,
SecurityWeek – (International) PowerWare ransomware abuses PowerShell,
Office macros. Security researchers from Carbon Black reported a new fileless
ransomware, PowerWare can allow attackers to disguise malicious commands as
legitimate computer activities and execute malicious actions by abusing
PowerShell, a core utility for Microsoft Windows systems. The malware was
distributed via malicious Word documents that uses embedded macros to send
“cmd.exe” to a target’s computer.
20. March 28,
Softpedia – (International) Flaw in StartSSL validation allowed attackers
to get SSL certs for any domain. A security researcher discovered a domain
validation flaw in Web service, StartSSL certificate authority (CA) that could
allow an attacker to receive Secure Sockets Layer (SSL) certificates for any
desired domain by capturing the Hypertext Transfer Protocol (HTTP) request sent
to the server and modifying the included parameters to send the certificate to
their own personal email. StartSSL reported they patched the flaw. Source: http://news.softpedia.com/news/flaw-in-startssl-validation-allowed-attackers-to-get-ssl-certs-for-any-domain-502257.shtml
21. March 27,
Softpedia – (International) WordPress attacked 3.5 times more often than
non-CMS sites. Security firm, Imperva released a report stating that Web
attacks in 2015 increased greatly after the company analyzed about 7 generic
attacks and more than 24 million alerts for 200 Web applications, which
revealed that Structured Query Language (SQL) injections tripled and cross-site
scripting (XSS) attacks doubled within the year. In addition, the report found
many attacks were in Web applications running on standard Content Management
System (CMS) platforms, which were attacked three times more than non-CMSs
applications, among other findings. Source: http://news.softpedia.com/news/wordpress-attacked-3-5-times-more-than-non-cms-sites-502232.shtml
22. March 26,
Softpedia – (International) Node.js Package Manager vulnerable to
malicious worm packages. A Google software engineer discovered that a
design flaw in Node.js Package Manager (npm) could allow an attacker to infect
other packages and propagate malicious scripts in the entire JavaScript
ecosystem as well as in the structure of projects via a simple worm virus,
which can be distributed through a rogue npm package embedded with malicious
code. Once a malicious package is opened, unaware developers will include the
package in projects via a “npm install” command, which will execute malicious
actions on the infected system using the users’ full privileges. Source: http://news.softpedia.com/news/node-js-package-manager-vulnerable-to-malicious-worm-packages-502216.shtml
23. March 25,
SecurityWeek – (International) Google patches serious flaws in Chrome 49. Google
released patches for Chrome 49 affecting Microsoft Windows, Apple Mac, and
Linux systems that fixed five vulnerabilities including a use-after free
vulnerability in Navigation and Extensions, an out-of-bounds read in V8
JavaScript engine, and a buffer overflow flaw in LibAGLE, among other flaws. Source:
http://www.securityweek.com/google-patches-serious-flaws-chrome-49
24. March 25,
SecurityWeek – (International) U.S. Federal Agencies vulnerable to data
threats: Survey. Vormetric released its 2016 Data Threat Report which
detailed that 90 percent of Information Technology (IT) security executives
from large international organizations, including more than 100 executives in
the U.S. Federal government expressed their organizations were vulnerable to
data threats and that 61 percent of executives admitted that their organization
had previously suffered a data breach. The report stated that many entities
were planning to increase spending on sensitive data protection, invest in
data-at-rest defenses, and implement more efficient data security tools. Source:
http://www.securityweek.com/us-federal-agencies-vulnerable-data-threats-survey
25. March 25,
SecurityWeek – (International) Petya ransomware encrypts entire hard drives.
Security researchers from G DATA SecurityLabs found a new threat, dubbed
Petya ransomware that has been allegedly encrypting company’s entire hard
drives and locking users out of their systems via a malicious Dropbox download
link, included in an email sent to Human Resources (HR) departments, that is
embedded with an executable file that causes the computer to crash and enables
the ransomware to manipulate the Master Boot Record (MBR) to ultimately control
the computer system. Security researchers advised HR department employees to
take extra precaution when offered Dropbox links. Source: http://www.securityweek.com/petya-ransomware-encrypts-entire-hard-drives
26. March 25,
SecurityWeek – (International) Brazilian trojan conceals malicious code in
PNG image. Security researchers from Kaspersky Lab found a new malware
delivery method was being used by attackers to avoid detection after finding
that attackers were distributing a Portable Network Graphics (PNG) image
embedded with malicious code via an email that contains a clean PDF file, which
holds a link to a .zip file with the malicious image. Researchers found that
the PNG image cannot be executed without its launcher; and therefore, it cannot
be the main infector. Source: http://www.securityweek.com/brazilian-trojan-conceals-malicious-code-png-image
Communications Sector
Nothing to report