Tuesday, April 19, 2016

Complete DHS Report for April 19, 2016

Daily Report                                            

Top Stories

• General Motors Company issued a recall April 15 for nearly 895,232 Chevrolet Silverado and GMC Sierra 1500 pickups trucks after warranty data revealed that the steel cable which connects the seat belt to the vehicle can separate over time. – Reuters  

3. April 15, Reuters – (International) GM recalls 1 million trucks for faulty seat belts. General Motors Company issued a recall April 15 for 895,232 model years 2014 – 2015 Chevrolet Silverado and GMC Sierra 1500 pickups, and a stop-sale of approximately 3,000 new pickups on dealer lots due to a seat belt flaw after warranty data showed that the flexible steel cable that connects the seat belt to the vehicle can separate over time as a result of the driver repeatedly bending the cable when entering the seat. The recall includes about 142,000 vehicles outside of the U.S. Source: http://www.cnbc.com/2016/04/15/gm-recalls-1-million-trucks-for-faulty-seat-belts.html

• Flooding across Houston April 18 prompted the closure of Interstate 10, the closure of 9 area hospitals, the evacuation of 3 apartment buildings, and the cancellation of 140 flights at the Hobby Airport. – CNN

6. April 18, CNN – (Texas) Houston largely shut down amid rain, flooding. Flooding in low-lying areas across Houston April 18 prompted the suspension of bus and rail service and the closure of portions of Interstate 10, schools, government offices, and 9 hospitals in the region. Three apartment buildings were evacuated, over 100,000 homes and businesses lost power, and 140 flights were cancelled at the Hobby Airport.

• Severe storms moving through southern Colorado April 15 prompted the closure of several highways as well as the cancellation of 845 flights at Denver International Airport April 15 – April 16. – KRDO 13 Colorado Springs  

7. April 17, KRDO 13 Colorado Springs – (Colorado) Highways closed, flights cancelled as spring storm pummels Colorado. Severe storms that moved through southern Colorado April 15 prompted the closure of portions of Highway 24, Highway 94, and Highway 67, in addition to the cancellation of 845 flights at Denver International Airport April 15 – April 16. Source: http://www.krdo.com/news/tornado-warning-issued-for-bent-and-kiowa-counties/39049534

• Cisco Talos security researchers discovered that 3.2 million computers were vulnerable to file-encrypting ransomware due to out-of-date software in government organizations, schools entities, and other organizations. – SecurityWeek See item 15 below in the Information Technology Sector

Financial Services Sector

4. April 17, Santa Clarita Valley Signal – (California) Valencia man pleads guilty to fraud in $20 million precious metal investment scam. The U.S. Attorney’s Office charged the owner of Superior Gold Group, LLC., and Superior Equity Group, LLC., for 4 counts of wire fraud, 5 counts of wire fraud, and 2 counts of money laundering as a part of a $20 million metal investment scam April 15 after the man defrauded more than 300 investors by failing to disclose material information to investors pertaining to the delivery of precious metals and cost investors to lose nearly $11 million while the man used the investors’ money for personal expenditures from October 2007 – December 2010. Source: http://www.signalscv.com/section/36/article/151166/

5. April 15, U.S. Securities and Exchange Commission – (California) SEC charges litigation marketing company with bilking retirees. The U.S. Security and Exchange Commission charged Los Angeles-based Prometheus Law and its two co-founders with conducting a Ponzi-like scheme April 15 after the duo raised $11.7 million from about 250 investors and retirees, promising investors that the funds would be allocated for marketing and advertising purposes to locate plaintiffs for class-action lawsuits, but instead the two diverted about $5.6 million for their personal use while failing to deliver the promised 100 to 300 percent returns to investors. Source: https://www.sec.gov/news/pressrelease/2016-72.html

Information Technology Sector

15. April 18, SecurityWeek – (International) 3.2 million devices exposed to ransomware attacks: Cisco. Security researchers from Cisco Talos discovered that approximately 3.2 million computers were vulnerable to file-encrypting ransomware due to out-of-date software after an Internet scan on already compromised devices revealed that more than 2,100 backdoors across 1,600 Internet Protocol (IP) addresses were associated with governments, schools, aviation companies, and other organizations. Cisco advised administrators to disable external access to infected machine to keep attackers away.

16. April 18, SecurityWeek – (International) C99 webshell increasingly used in WordPress attacks. IBM Security reported that there was a 45 percent increase in attacks using a variant of the PHP webshell dubbed, C99 in WordPress Web sites after IBM identified nearly 1,000 attacks in February and March. Source: http://www.securityweek.com/c99-webshell-increasingly-used-wordpress-attacks

17. April 18, SecurityWeek – (International) Flaws found in Accuenergy, Ecava ICS products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released advisories detailing several flaws in its ICS products from Accuenergy Corporation, Ecava, and Sierra Wireless Company including an authentication bypass issue in Acuvim II and Acuvim IIR products, a security issue in Accuenergy devices, and an information disclosure vulnerability in Sierra’s Wireless ACEmanager product, among other vulnerabilities. Source: http://www.securityweek.com/flaws-found-accuenergy-ecava-ics-products

18. April 17, Softpedia – (International) New USB-C standard can help fight USB malware. The USB Implementers Forum (USB-IF) reported that it created a new standard titled, USB Type-C Authentication that will help protect USB-C capable devise from low-end USB chargers that may inflict damage to a user’s device and will help prevent USB malwares from infecting a device as the USB-C Authentication only sends data to a device that adheres to the strict USB-C specifications.

19. April 16, Softpedia – (International) Decrypter available for AutoLocky, Locky ransomware copycat. A security researcher from Emsisoft developed a decrytper for a new ransomware named AutoLocky, a variant of the Locky ransomware, which can encrypt a victim’s file by tricking a victim into accessing a malicious link created inside the Start Menu StartUp folder named “Start.Ink.” The decrypter was discovered after researchers found a flaw in the ransomware. Source: http://news.softpedia.com/news/decrypter-available-for-autolocky-locky-ransomware-copycat-503053.shtml

20. April 16, Softpedia – (International) Researcher identifies XSS filter bypass in Microsoft Edge. A security researcher form PortSwigger discovered a bypass flaw in Microsoft’s Edge’s built-in cross-site scripting (XSS) filter that could allow attackers to run malicious JavaScript code inside its Edge Web browser while exploring several Web sites. Microsoft released a proof-of-concept code to users and reported a similar issue was seen in its Internet Explorer Web browser. Source: http://news.softpedia.com/news/researcher-identifies-xss-filter-bypass-in-microsoft-edge-503054.shtml

21. April 15, SecurityWeek – (International) VMware patches critical vulnerability. VMware released updates for several of its products including a patch for a critical vulnerability in its Client Integration Plugin (CIP) that could have allowed an attacker to execute a man-in-the-middle (MitM) attack or session hijacking attack by tricking a vSphere Web client user to visit a specially crafted Web site. VMware advised its customers to update all programs to patch the flaw.Source: http://www.securityweek.com/vmware-patches-critical-vulnerability

22. April 15, SecurityWeek – (International) Western Digital user data exposed by DNS issue. A security researcher discovered that a Western Digital (WD) nameserver, supporting the company’s My Cloud NAS products, was not configured properly and posed a Domain Name System (DNS) flaw that could have been exploited by an attacker to conduct a zone transfer and gain access to a zone file, which can contain valuable user data for attackers to exploit a zero-day vulnerability in the products. WD corrected the faulty configuration after scanning all its servers and reviewing all the architecture and processes in place for modifying the configuration of nameservers.

Communications Sector

Nothing to report