Complete DHS Report for July 6, 2016
Daily Report
Top Stories
• A DTE
Energy Co. building in Michigan was deemed a total loss following a natural gas
explosion July 2 that prompted the evacuation of nearly 1,500 residents after a
vehicle crashed through a fence and into a natural gas main. – Detroit Free
Press
2. July 3, Detroit
Free Press – (Michigan) DTE Energy building called ‘total loss’ after
explosion. A DTE Energy Co. training facility building in Melvindale was
deemed a total loss following a natural gas explosion July 2 that prompted the
evacuation of nearly 1,500 residents after a vehicle crashed through a fence
and into a natural gas main, causing the explosion.
• Lightning
struck the Grand River Energy Center in Chouteau, Oklahoma, July 1 disabling a
cooling pump and starting a fire that burned for several hours overnight. – KOTV
6 Tulsa
3. July 2, KOTV 6
Tulsa – (Oklahoma) Repairs to Chouteau GRDA Plant may take a year due to
extent of fire. Lightning struck the Grand River Energy Center in Chouteau,
Oklahoma, July 1 disabling a cooling pump and starting a fire that burned for
several hours overnight, forcing an evacuation. Officials stated that it may
take at least a year to complete repairs.
• Crews
reached 5 percent containment July 4 of the Hot Pot Fire which has burned
approximately 122,390 acres in northeastern Nevada. – Elko Daily Free Press
22. July 5, Elko
Daily Free Press – (Nevada) Firefighters hold line at Midas, 122,000
acres scorched. Crews reached 5 percent containment July 4 of the Hot Pot
Fire which has burned approximately 122,390 acres in northeastern Nevada.
Voluntary evacuations were ordered in Midas and operations at Midas Mine were
shut down due to a loss of power. Source: http://elkodaily.com/news/local/firefighters-hold-line-at-midas-acres-scorched/article_95d0b6c0-d14f-5dd2-8011-0c56e4f60b35.html
• A
security researcher discovered a zero-day firmware vulnerability in the Unified
Extensible Firmware Interface (UEFI), which is installed on all Lenovo ThinkPad
series laptops, after identifying that the flaw exists in the System Management
Mode (SMM) code of Lenovo’s UEFI. – SecurityWeek See item 36 below in the
Information Technology Sector
Financial Services Sector
6. July 4,
Manchester Journal Inquirer – (Connecticut) 4 men face credit card
fraud-related charges. Four men were arrested in Tolland, Connecticut, July
2 after police were notified that the group allegedly attempted to use several
fake or stolen credit cards at a Mobil gas station. A subsequent search of the
suspects’ vehicle revealed numerous fraudulent credit cards in various stages
of production, a credit card embossing machine, and two electronic credit card
writers, among other illicit materials. Source: http://www.journalinquirer.com/crime_and_courts/men-face-credit-card-fraud-related-charges/article_2a3c582a-4193-11e6-943f-8364a47a07b6.html
7. July 2, WTXF 29
Philadelphia – (Pennsylvania) ‘Straw Hat Bandit’ strikes North Wales
bank. Authorities are searching for a man dubbed the “Straw Hat Bandit” who
is suspected of robbing 10 banks in the Philadelphia area since 2012, including
a PNC Bank branch in North Wales July 2.
For
another story, see item 1 below
July 3, Miami Herald – (Florida) 2
Miami men accused of sucking credit card info from gas pumps. Authorities
arrested two Miami men July 3 after officers found the duo installing credit
card skimming devices on pumps at a Valero gas station in Marathon, Florida,
while the gas station was closed.
Information Technology Sector
28. July 4,
Softpedia – (International) Flaws in free SSL tool allowed attackers to
get SSL certificates for any domain. StartCom released a new version of its
StartEncrypt Linux tool after a security researcher from CompuTest discovered
the product had several design and implementation flaws that could allow an
attacker to extract signatures from any Web site that enables its users to
upload files including GitHub and Dropbox. In addition, an attacker could
obtain Secure Sockets Layer (SSL) certificates for other domains. Source: http://news.softpedia.com/news/flaws-in-free-ssl-tool-allowed-attackers-to-get-ssl-certificates-for-any-domain-505977.shtml
29. July 4,
Softpedia – (International) Free decrypter available for download for
MIRCOP ransomware. A security researcher created a decrypter tool that can
recover files locked by the MIRCOP ransomware without paying the ransomware fee
after an independent researcher and security researchers from Trend Micro
revealed the presence of the new ransomware family at the end of June. Source: http://news.softpedia.com/news/free-decrypter-available-for-download-for-mircop-ransomware-505976.shtml
30. July 4,
Softpedia – (International) New Adwind RAT campaign with zero AV
detection targets businesses in Denmark. Security researchers from Heimdal
Security discovered a spam email campaign was targeting Danish companies after
finding that the spam emails came with malicious file attachments named
“Doc-[Number].jar” that were not detected by antivirus engines, even if the
attachments carried Adwind Remote Access Trojan (RAT). Researchers believe the
campaign may target other international countries as the emails were written in
English. Source: http://news.softpedia.com/news/new-adwind-rat-campaign-with-zero-av-detection-targets-businesses-in-denmark-505974.shtml
31. July 4,
Softpedia – (International) Malware spread via Facebook makes 10,000
victims in 48 hours. Security researchers from Kaspersky Lab reported that
from June 24 – June 27, cyber criminals were using Facebook spam messages to
distribute malware to user accounts and allegedly selling Facebook “likes” and
“shares” via botnet of infected devices by informing users about mentions in
comments and convincing them to access a link that would secretly download a
trojan on the user’s computer, as well as secretly install an extension in the
user’s Google Chrome Web browser. Facebook blocked the technique and Google
removed the extension from its Chrome Web Store. Source: http://news.softpedia.com/news/malware-spread-via-facebook-makes-10-000-victims-in-48-hours-505969.shtml
32. July 4,
SecurityWeek – (International) Critical vulnerability breaks Android
full disk encryption. An independent Israeli security researcher discovered
that Qualcomm Secure Execution Environment (QSEE) was plagued with a critical
elevation of privilege (EoP) flaw that affects 57 percent of Android devices,
which could allow an attacker to bypass the Full Disk Encryption (FDE) security
feature previously implemented in Android 5.0 Lollipop. The flaw could allow a
compromised, privileged application, with access to QSEECOM, to execute
arbitrary code in the TrustZone content. Source: http://www.securityweek.com/critical-vulnerability-breaks-android-full-disk-encryption
33. July 4,
SecurityWeek – (International) Spam campaign distributing Locky variant
Zepto ransomware. Security researchers from Cisco Talos warned customers
that the Zepto ransomware, a variant of the Locky ransomware, was found
distributing over 4,000 spam emails June 27, and distributing as many as
137,731 emails in 4 days via an attached .zip archive that contains a malicious
JavaScript. Researchers reported that the campaign contained a total of 3,305
unique samples that convinced targets to open the spam emails by using various
subject lines and sender profiles including “CEO” and VP of Sales.” Source: http://www.securityweek.com/spam-campaign-distributing-locky-variant-zepto-ransomware
34. July 4,
Softpedia – (International) HawkEye keylogger users employ hacked emails
accounts to receive stolen data. Security researchers from Trustwave
discovered a spam email campaign was using the HawkEye keylogger to allow
attackers to collect emails, browsers, and File Transfer Protocol (FTP)
settings and passwords by delivering malicious Rich Text Format (RTF) documents
disguised as Microsoft Word files to victims, and allowing the hijacked
accounts to reroute all messages received from a victim’s email address to the
attacker’s personal inbox. Source: http://news.softpedia.com/news/hawkeye-keylogger-users-employ-hacked-emails-accounts-to-receive-stolen-data-505958.shtml
35. July 4, IDG News
Service – (National) Second man pleads guilty to hacking entertainment
celebs. The U.S. District Court for the Central District of California
reported that an Illinois resident pleaded guilty for his involvement in a
phishing scheme where he gained access to several female celebrities and
non-celebrities’ usernames, passwords, and personal information including
private photographs and videos after he sent them emails disguised as security
accounts of Internet service providers. The culprit accessed at least 300 Apple
iCloud and Google Gmail accounts. Source: http://www.computerworld.com/article/3090952/security/second-man-pleads-guilty-to-hacking-entertainment-celebs.html
36. July 4,
SecurityWeek – (International) Firmware zero-day allows hackers to
disable security features. A security researcher discovered a zero-day
firmware vulnerability in the Unified Extensible Firmware Interface (UEFI),
which is installed on all Lenovo ThinkPad series laptops, after identifying
that the flaw exists in the System Management Mode (SMM) code of Lenovo’s UEFI
and can be exploited for several malicious actions including disabling the
Secure Boot feature, disabling UEFI write protections, and bypassing Windows 10
Enterprise security features. Lenovo is investigating the incident. Source: http://www.securityweek.com/uefi-zero-day-allows-hackers-disable-security-features
37. July 3,
Softpedia – (International) Satana ransomware encrypts your boot record
and prevents your PC from starting. Security researchers from Malwarebytes
reported that the new ransomware dubbed Satana encrypts files using the same
method as other ransomware families, but attaches its email address to each
file, encrypting the Master Boot Record (MBR) and replaces it with its own.
Once a user restarts their computer, the MBR boot code will load and lock the
user out of the computer while Santa’s ransom note displays on the screen. Source:
http://news.softpedia.com/news/satana-ransomware-encrypts-your-boot-record-and-prevents-your-pc-from-starting-505933.shtml
For another story, see
item 39 below in the Communications
Sector
Communications Sector
38. July 4, WSYX 6
Columbus/WTTE 28 Columbus – (Ohio) Verizon: Outage issue resolved in
central Ohio. Verizon reported July 4 that it resolved a hardware issue in
its switching network which knocked out phone service for an unknown amount of
its 1x voice service customers in central Ohio for at least 3 hours. Source: http://abc6onyourside.com/news/local/verizon-outages-reported-throughout-central-ohio
39. July 4,
SecurityWeek – (International) Unpatched flaws plague Sierra Wireless
Industrial Gateways. An independent security researcher reported that the
Sierra Wireless AirLink Raven XE and XT modems were plagued with several flaws
including a lack of anti-Cross-Site Request Forgery (CSRF) tokens in AceManager
that could allow an attacker to perform arbitrary actions if they convince
victims to open a malicious link. In addition, the product was plagued with a
flaw that pertained to the existence of a default account that could allow an
attacker, with access to the network, log into the device’s Web administration
interface, among other flaws. Source: http://www.securityweek.com/unpatched-flaws-plague-sierra-wireless-industrial-gateways