Monday, July 11, 2016



Complete DHS Report for July 11, 2016

Daily Report                                            

Top Stories

• A security researcher from Vulnerability Lab reported July 7 that BMW’s ConnectDrive Web portal was plagued with two zero-day vulnerabilities including a cross-site scripting (XSS) flaw and a session vulnerability. – Softpedia

4. July 8, Softpedia – (International) Zero-days in BMW web portal let hackers tamper with customer cars. A security researcher from Vulnerability Lab reported July 7 that BMW’s ConnectDrive Web portal was plagued with two zero-day vulnerabilities including a cross-site scripting (XSS) flaw and a session vulnerability that can allow an attacker to bypass Vehicle Identification Number (VIN) session validation and use another car’s VIN to access and edit another user’s car settings. BMW has yet to patch the flaws. Source: http://news.softpedia.com/news/zero-days-in-bmw-web-portal-let-hackers-tamper-with-customer-cars-506103.shtml

• The chief of the Dallas Police Department announced July 8 that at least three gunman shot and killed five police officers and wounded seven others during a protest in Dallas July 7 over fatal police shootings in other States. – Associated Press

16. July 8, Associated Press – (Texas) Police: 5 officers dead, 7 hurt in Dallas protest shooting. The chief of the Dallas Police Department announced July 8 that at least three gunman shot and killed five police officers and wounded seven others during a protest in Dallas July 7 over fatal police shootings in other States. One suspect was killed in an exchange with police and authorities were continuing to investigate the incident while searching for other suspects involved in the shootings.

• Senrio security researchers found that over 120 other D-Link products were plagued with the same remote-code execution (RCE) flaw found in the D-Link Network Cloud Cameras that could allow attackers to execute arbitrary code on the devices. – Softpedia See item 19 below in the Communications Sector

• Wendy’s fast food restaurant released an updated database July 7 which revealed that addition restaurant locations may have been affected by a 2015 security breach. – United Press International; Wall Street Journal

22. July 7, United Press International; Wall Street Journal – (National) Wendy’s says credit, debit card breach affected over a thousand U.S. locations. Wendy’s restaurant released an updated database July 7 which revealed that addition restaurant locations may have been affected by a 2015 security breach after the company discovered malware on the company’s point-of-sale (PoS) systems May 2016. Company officials allegedly believe more than 1,000 nationwide locations were affected.

Financial Services Sector

7. July 8, Huntsville Times – (National) Former Regions Bank VPs indicted in bribery, wire fraud scheme. Two former vice presidents at Regions Bank, who also served as officers at Regions Equipment Financing Corp., (REFCO) in Birmingham, Alabama, were indicted July 7 for their roles in a $5 million bribery and wire fraud scheme where the duo and a co-conspirator allegedly established a fraudulent company, Residual Assurance Inc., that would enter an agreement with REFCO to provide residual value insurance, directed REFCO’s residual value insurance business to the company, and split the business’s proceeds between September 2010 and November 2015. The charges allege that the former executives collectively received over $3 million for their roles in the scheme. Source: http://www.al.com/news/index.ssf/2016/07/former_regions_bank_vps_indict.html

Information Technology Sector

18. July 7, Softpedia – (International) New “Patchwork” cyber-espionage group uses copy-pasted malware for its attacks. Security researchers from Cymmetria reported that a new cyber-espionage group dubbed, Patchwork Advanced Persistent Threat (APT) was seen infecting at least 2,500 machines since December 2015 and can infect an underlying operating system (OS) with their malware using spear-phishing emails that contain PowerPoint files as attachments, which are embedded with the Sandworm exploit. The cyber criminals use an assortment of copy-pasted code from known malware such as PowerSploit, Meterpreter, Autolt, and UACME. Source: http://news.softpedia.com/news/new-patchwork-cyber-espionage-group-uses-copy-pasted-malware-for-its-attacks-506101.shtml

For additional stories, see item 4 above in Top Stories and 19 below in the Communications Sector

Communications Sector

19. July 8, Softpedia – (International) D-Link vulnerability affects over 120 products, 400,000 devices. Security researchers from Senrio discovered that over 120 other D-Link products were plagued with the same remote-code execution (RCE) vulnerability found in the D-Link DCS-930L Network Cloud Cameras that could allow attackers to execute arbitrary code on the devices. Researchers reported that an alleged 400,000 D-Link products could be affected.

Friday, July 8, 2016



Complete DHS Report for July 8, 2016

Daily Report                                            

Top Stories

• A former executive at Park Hill Group pleaded guilty July 6 to Federal charges after he bilked approximately $38.5 million from more than 10 individuals and entities in a Ponzi-like scheme where he convinced family and friends to invest in a non-existent private equity firm from July 2015 – March 2016. – USA Today

5. July 6, USA Today – (National) Ex-Wall Streeter pleads guilty in fraud case. A former executive at Park Hill Group pleaded guilty July 6 to Federal charges after he bilked approximately $38.5 million from more than 10 individuals and entities in a Ponzi-like scheme where he convinced family and friends to invest in a non-existent private equity firm from July 2015 – March 2016 and used the money for personal option trades, to repay money he had previously diverted from the Park Hill Group, and for personal use, among other illicit purposes. Officials stated the scheme attempted to bilk investors out of nearly $150 million. Source: http://www.usatoday.com/story/money/2016/07/06/ex-wall-streeter-expected-plead-guilty-fraud-case/86747794/

• Over 4,000 California firefighters worked July 6 to contain at least 12 fires that have collectively burned more than 77,000 acres across the State. – San Mateo Patch; California Department of Forestry and Fire Protection

17. July 6, San Mateo Patch; California Department of Forestry and Fire Protection – (California) California wildfire status: 4,000 firefighters assigned to 12+ fires. Over 4,000 California firefighters worked July 6 to contain at least 12 fires that have collectively burned more than 77,000 acres across the State. Source: http://patch.com/california/sanmateo/california-wildfire-status-4-000-firefighters-assigned-12-fires

• General Communication Inc., agreed July 6 to pay $2.4 million to the Federal Communications Commission after more than five 9-1-1 phone outages limited more than 1,000 calls from reaching emergency services. – Alaska Dispatch New See item 24 below in the Communications Sector

• The U.S. Consumer Product Safety Commission is recalling more than 500,000 hoverboards sold from 8 manufacturers in China July 6 after the lithium-ion batteries were reported overheating, catching fire, and causing explosions. – ABC News

25. July 6, ABC News – (International) CPSC recalling more than 500,000 hoverboards because of fire hazards. The U.S. Consumer Product Safety Commission is recalling more than 500,000 hoverboards sold from eight manufacturers in China and made with lithium-ion battery packs July 6 after almost 100 incidences revealed the battery packs overheated, caught fire, and exploded. The hoverboards were primarily sold via online stores from June 2015 – May 2016. Source: http://abcnews.go.com/News/cpsc-recalling-500000-hoverboards-due-fire-hazards/story?id=40359491

Financial Services Sector

5. July 6, USA Today – (National) Ex-Wall Streeter pleads guilty in fraud case. A former executive at Park Hill Group pleaded guilty July 6 to Federal charges after he bilked approximately $38.5 million from more than 10 individuals and entities in a Ponzi-like scheme where he convinced family and friends to invest in a non-existent private equity firm from July 2015 – March 2016 and used the money for personal option trades, to repay money he had previously diverted from the Park Hill Group, and for personal use, among other illicit purposes. Officials stated the scheme attempted to bilk investors out of nearly $150 million. Source: http://www.usatoday.com/story/money/2016/07/06/ex-wall-streeter-expected-plead-guilty-fraud-case/86747794/

Information Technology Sector

19. July 7, Softpedia – (International) Dangerous GNU wget vulnerability still not patche din all Linux distros. Security researchers from Golunski and SecuriTeam discovered a GNU wget vulnerability that could be exploited to allow an attacker to upload arbitrary files and achieve code execution due to wget’s improper handling of file names when redirecting users from an initial Hypertext Transfer Protocol (HTTP) Uniform Resource Locator (URL) to a File Transfer Protocol (FTP) link. Source: http://news.softpedia.com/news/dangerous-gnu-wget-vulnerability-still-not-patched-in-all-linux-distros-506076.shtml

20. July 7, Help Net Security – (International) Google fixes 108 bugs in July Android security update. Google released its July Android Security Bulletin that patched 108 vulnerabilities in several of its products including seven critical remote code execution (RCE) flaws affecting the Mediaserver component and several elevation of privilege and information disclosure flaws in several of its services, libraries, Bluetooth, and the Framework application program interfaces (APIs).

21. July 7, Softpedia – (International) Over 6,000 Redis database servers ready for taking. Security researchers from Risk Based Security released a report detailing that 6,338 Redis servers were compromised after performing a non-intrusive scan using Shodan which revealed that the hacked servers featured the “crackit” Secure Socket Shell (SSH) key and were attached to an email address that was previously seen in other incidences. Researchers recommended that Webmasters update their Redis database to the recent version and activate “protected mode” feature. Source: http://news.softpedia.com/news/over-6-000-redis-database-servers-ready-for-the-taking-506056.shtml

22. July 6, Softpedia – (International) Campaign of infected WordPress and Joomla sites leads to CryptXXX ransomware. Security researchers from Sucuri discovered that a new campaign dubbed Realstatistics was using outdated Content Management Systems (CMSs), primarily WordPress and Joomla Web sites, to hack Web sites using vulnerabilities in plugins rather than using core vulnerabilities after discovering at least 2,000 Web sites were affected by the campaign. Source: http://news.softpedia.com/news/campaign-of-infected-wordpress-and-joomla-sites-leads-to-cryptxxx-ransomware-506054.shtml

23. July 6, Softpedia – (International) Caja toolkit vulnerability exposed Google Docs domain to XSS attacks. Google released patches for several cross-site scripting (XSS) issues in its Caja toolkit used inside its Docs and Developers series after a security researcher found the tool failed to sanitize various types of XSS attacks, potentially allowing attackers to create malicious Google Docs files containing Google Apps Script, that when loaded, could steal cookies and execute malicious actions. Source: http://news.softpedia.com/news/caja-toolkit-vulnerabilities-exposed-google-docs-domains-to-xss-attacks-506052.shtml

Communications Sector

24. July 7, Alaska Dispatch News – (Alaska) GCI to pay $2.4 million in FCC settlement over 911 outages. Alaska telecommunications provider General Communication Inc. (GCI) agreed July 6 to a $2.4 million settlement with the Federal Communications Commission regarding more than five 9-1-1 phone outages between 2008 and 2015 that limited more than 1,000 calls from reaching emergency services. As part of the settlement, GCI has agreed to strengthen its procedures for providing 9-1-1 service and to adapt robust compliance measures. Source: http://www.adn.com/alaska-news/2016/07/06/gci-to-pay-2-4-million-in-fcc-settlement-over-911-outages-4/