Complete DHS Report for April 19, 2016
Daily Report
Top Stories
• General Motors Company issued a recall April 15 for nearly
895,232 Chevrolet Silverado and GMC Sierra 1500 pickups trucks after warranty
data revealed that the steel cable which connects the seat belt to the vehicle
can separate over time. – Reuters
3. April 15,
Reuters – (International) GM recalls 1 million trucks for faulty seat
belts. General Motors Company issued a recall April 15 for 895,232 model
years 2014 – 2015 Chevrolet Silverado and GMC Sierra 1500 pickups, and a
stop-sale of approximately 3,000 new pickups on dealer lots due to a seat belt
flaw after warranty data showed that the flexible steel cable that connects the
seat belt to the vehicle can separate over time as a result of the driver
repeatedly bending the cable when entering the seat. The recall includes about
142,000 vehicles outside of the U.S. Source: http://www.cnbc.com/2016/04/15/gm-recalls-1-million-trucks-for-faulty-seat-belts.html
• Flooding across Houston April 18 prompted the closure of
Interstate 10, the closure of 9 area hospitals, the evacuation of 3 apartment
buildings, and the cancellation of 140 flights at the Hobby Airport. – CNN
6. April 18,
CNN – (Texas) Houston largely shut down amid rain, flooding. Flooding
in low-lying areas across Houston April 18 prompted the suspension of bus and
rail service and the closure of portions of Interstate 10, schools, government
offices, and 9 hospitals in the region. Three apartment buildings were
evacuated, over 100,000 homes and businesses lost power, and 140 flights were
cancelled at the Hobby Airport.
• Severe storms moving through southern Colorado April 15 prompted
the closure of several highways as well as the cancellation of 845 flights at
Denver International Airport April 15 – April 16. – KRDO 13 Colorado Springs
7. April 17,
KRDO 13 Colorado Springs – (Colorado) Highways closed, flights
cancelled as spring storm pummels Colorado. Severe storms that moved
through southern Colorado April 15 prompted the closure of portions of Highway
24, Highway 94, and Highway 67, in addition to the cancellation of 845 flights
at Denver International Airport April 15 – April 16. Source: http://www.krdo.com/news/tornado-warning-issued-for-bent-and-kiowa-counties/39049534
• Cisco Talos security researchers discovered that 3.2 million
computers were vulnerable to file-encrypting ransomware due to out-of-date
software in government organizations, schools entities, and other
organizations. – SecurityWeek See item 15 below in
the Information Technology Sector
Financial Services Sector
4. April 17,
Santa Clarita Valley Signal – (California) Valencia man
pleads guilty to fraud in $20 million precious metal investment scam. The
U.S. Attorney’s Office charged the owner of Superior Gold Group, LLC., and
Superior Equity Group, LLC., for 4 counts of wire fraud, 5 counts of wire
fraud, and 2 counts of money laundering as a part of a $20 million metal
investment scam April 15 after the man defrauded more than 300 investors by
failing to disclose material information to investors pertaining to the
delivery of precious metals and cost investors to lose nearly $11 million while
the man used the investors’ money for personal expenditures from October 2007 –
December 2010. Source: http://www.signalscv.com/section/36/article/151166/
5. April 15,
U.S. Securities and Exchange Commission – (California) SEC charges
litigation marketing company with bilking retirees. The U.S. Security and
Exchange Commission charged Los Angeles-based Prometheus Law and its two
co-founders with conducting a Ponzi-like scheme April 15 after the duo raised
$11.7 million from about 250 investors and retirees, promising investors that
the funds would be allocated for marketing and advertising purposes to locate
plaintiffs for class-action lawsuits, but instead the two diverted about $5.6
million for their personal use while failing to deliver the promised 100 to 300
percent returns to investors. Source: https://www.sec.gov/news/pressrelease/2016-72.html
Information Technology Sector
15. April 18,
SecurityWeek – (International) 3.2 million devices exposed to ransomware
attacks: Cisco. Security researchers from Cisco Talos discovered that
approximately 3.2 million computers were vulnerable to file-encrypting
ransomware due to out-of-date software after an Internet scan on already
compromised devices revealed that more than 2,100 backdoors across 1,600
Internet Protocol (IP) addresses were associated with governments, schools,
aviation companies, and other organizations. Cisco advised administrators to
disable external access to infected machine to keep attackers away.
16. April 18,
SecurityWeek – (International) C99 webshell increasingly used in WordPress
attacks. IBM Security reported that there was a 45 percent increase in
attacks using a variant of the PHP webshell dubbed, C99 in WordPress Web sites
after IBM identified nearly 1,000 attacks in February and March. Source: http://www.securityweek.com/c99-webshell-increasingly-used-wordpress-attacks
17. April 18,
SecurityWeek – (International) Flaws found in Accuenergy, Ecava ICS
products. The Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) released advisories detailing several flaws in its ICS products from
Accuenergy Corporation, Ecava, and Sierra Wireless Company including an authentication
bypass issue in Acuvim II and Acuvim IIR products, a security issue in
Accuenergy devices, and an information disclosure vulnerability in Sierra’s
Wireless ACEmanager product, among other vulnerabilities. Source: http://www.securityweek.com/flaws-found-accuenergy-ecava-ics-products
18. April 17,
Softpedia – (International) New USB-C standard can help fight USB
malware. The USB Implementers Forum (USB-IF) reported that it created a new
standard titled, USB Type-C Authentication that will help protect USB-C capable
devise from low-end USB chargers that may inflict damage to a user’s device and
will help prevent USB malwares from infecting a device as the USB-C
Authentication only sends data to a device that adheres to the strict USB-C
specifications.
19. April 16,
Softpedia – (International) Decrypter available for AutoLocky, Locky
ransomware copycat. A security researcher from Emsisoft developed a
decrytper for a new ransomware named AutoLocky, a variant of the Locky
ransomware, which can encrypt a victim’s file by tricking a victim into
accessing a malicious link created inside the Start Menu StartUp folder named
“Start.Ink.” The decrypter was discovered after researchers found a flaw in the
ransomware. Source: http://news.softpedia.com/news/decrypter-available-for-autolocky-locky-ransomware-copycat-503053.shtml
20. April 16,
Softpedia – (International) Researcher identifies XSS filter bypass in
Microsoft Edge. A security researcher form PortSwigger discovered a bypass
flaw in Microsoft’s Edge’s built-in cross-site scripting (XSS) filter that
could allow attackers to run malicious JavaScript code inside its Edge Web
browser while exploring several Web sites. Microsoft released a
proof-of-concept code to users and reported a similar issue was seen in its
Internet Explorer Web browser. Source: http://news.softpedia.com/news/researcher-identifies-xss-filter-bypass-in-microsoft-edge-503054.shtml
21. April 15,
SecurityWeek – (International) VMware patches critical vulnerability. VMware
released updates for several of its products including a patch for a critical
vulnerability in its Client Integration Plugin (CIP) that could have allowed an
attacker to execute a man-in-the-middle (MitM) attack or session hijacking
attack by tricking a vSphere Web client user to visit a specially crafted Web
site. VMware advised its customers to update all programs to patch the flaw.Source: http://www.securityweek.com/vmware-patches-critical-vulnerability
22. April 15,
SecurityWeek – (International) Western Digital user data exposed by DNS
issue. A security researcher discovered that a Western Digital (WD)
nameserver, supporting the company’s My Cloud NAS products, was not configured
properly and posed a Domain Name System (DNS) flaw that could have been
exploited by an attacker to conduct a zone transfer and gain access to a zone
file, which can contain valuable user data for attackers to exploit a zero-day
vulnerability in the products. WD corrected the faulty configuration after
scanning all its servers and reviewing all the architecture and processes in
place for modifying the configuration of nameservers.
Communications Sector
Nothing to report