Thursday, July 21, 2016



Complete DHS Report for July 21, 2016

Daily Report                                            

Top Stories

• Crews worked July 19 to restore power to about 69,800 customers in east Idaho, Wyoming, and Montana who remained without service after a capacitor bank caught fire at the Goshen substation near Shelley, Idaho. – KPVI 6 Pocatello

2. July 20, KPVI 6 Pocatello – (Idaho) Massive power outage impacts three state region. Crews worked July 19 to restore power to about 69,800 Idaho Falls Power, Rocky Mountain Power, Lower Valley Energy Inc., and Fall River Rural Electric Cooperative customers in east Idaho, Wyoming, and Montana who remained without service after a capacitor bank caught fire at the Goshen substation near Shelley, Idaho. Source: http://www.kpvi.com/news/massive-power-outage-impacting-three-state-region/article_f6fe884c-4e09-11e6-b10b-734def26ad5a.html

• Bar-S Foods Company issued a recall July 19 for approximately 372,684 pounds of its chicken and pork hot dog and corn dog products sold in 5 variations due to potential Listeria monocytogenes contamination. – U.S. Department of Agriculture

9. July 20, U.S. Department of Agriculture – (National) Bar-S Foods Company recalls chicken and pork hot dog and corn dog products due to possible Listeria contamination. Bar-S Foods Company issued a recall July 19 for approximately 372,684 pounds of its chicken and pork hot dog and corn dog products sold in 5 variations due to potential Listeria monocytogenes contamination after recurring Listeria species were found at the firm. There have been no confirmed reports of adverse reactions and the products were distributed to retail locations nationwide. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-061-2016-release

• Oracle released its July Critical Patch Update (CPU) that addressed a total of 276 vulnerabilities in several of its products including 36 security flaws in applications specifically designed for the insurance, health, financial, and utility sectors.– SecurityWeek See item 15 below in the Information Technology Sector

• A former employee at White’s Farm Supply, Inc., in Lenox, New York, was charged July 19 after he allegedly embezzled over $740,000 from the company since 2009. – WTVH 5 Syracuse

23. July 19, WTVH 5 Syracuse – (New York) Employee accused of stealing $740k from White’s Farm Supply since 2009. A former employee at White’s Farm Supply, Inc., in Lenox, New York, was charged July 19 after he allegedly embezzled over $740,000 from the company since 2009 by forging company checks and depositing them into his personal bank account. Source: http://cnycentral.com/news/local/whites-farm-supply-employee-accused-of-stealing-740k-from-company-since-2009

Financial Services Sector

4. July 19, Sacramento Bee – (California, Nevada) Man dubbed ‘Bandaged Bandit’ sought in area bank robberies. The FBI is searching for a man dubbed the “Bandaged Bandit” who is suspected of committing four bank robberies in El Dorado Hills, California, and in Folsom and Stateline, Nevada, since June, including a U.S. Bank branch in Folsom July 15. Source: http://www.sacbee.com/news/local/crime/article90701467.html

For additional stories, see item 15 below in the Information Technology Sector and item 23 above in Top Stories

Information Technology Sector

15. July 20, SecurityWeek – (International) Oracle’s critical patch update for July contains record number of fixes. Oracle released its July Critical Patch Update (CPU) that addressed a total of 276 vulnerabilities in several of its products including 19 critical security flaws affecting the Oracle WebLogic Server component, the Hyperion Financial Reporting component, and the Oracle Health Sciences Clinical Development Center component, among other applications. The update also resolves 36 security flaws in applications specifically designed for the insurance, health, financial, and utility sectors, as well as 159 remote code execution (RCE) flaws that can be exploited without authentication. Source: http://www.securityweek.com/oracle-addresses-276-security-flaws-19-critical-july-2016-cpu

16. July 20, Softpedia – (International) Free decrypter available for Bart ransomware. A security researcher for AVG released a free decrypter for the Bart ransomware that recovers files locked by the ransomware after discovering Bart uses one password for all files placed inside a password-protected ZIP archive. Source: http://news.softpedia.com/news/free-decrypter-available-for-bart-ransomware-506469.shtml

17. July 19, SecurityWeek – (International) Petya ransomware gets encryption upgrade. A security researcher dubbed Hasherezade discovered the Petya ransomware no longer allows for easy data recovery after finding that the malware operators bundled Petya with Mischa, a failsafe designed to encrypt user files one at a time if Petya was unsuccessful in manipulating the Master Boot Record (MBR) to take over the boot process and encrypt the entire hard disk after a reboot. Source: http://www.securityweek.com/petya-ransomware-gets-encryption-upgrade

18. July 19, IDG News Service – (International) Security software that uses ‘code hooking’ opens the door to hackers. Researchers from enSilo discovered 6 security vulnerabilities affecting over 15 different products, including antivirus programs from Kapersky Lab, Trend Micro, and Symantec, among others, using hooking to intercept, monitor, or modify potentially malicious behavior in applications and operating systems (OS), can be exploited by malicious attackers to easily bypass the anti-exploit mitigations provided by Microsoft Windows or third-party applications in order to exploit the vulnerabilities and inject malicious code into any process running on a victim’s device while remaining undetected. Source: http://www.computerworld.com/article/3097202/security/security-software-that-uses-code-hooking-opens-the-door-to-hackers.html

19. July 19, Softpedia – (International) Gmail security filters can be bypassed just by splitting a word in two. Security researchers from SecureState discovered that an attacker can bypass Gmail’s security features responsible for detecting malicious macros in Microsoft Office document attachments by separating “trigger words” into two words or across a row of text after finding that the security filters failed to detect malicious macros in the script when an attacker split a sensitive term on two different lines of the exploit code. Source: http://news.softpedia.com/news/gmail-security-filters-can-be-bypassed-just-by-splitting-a-word-in-two-506447.shtml

20. July 19, SecurityWeek – (International) DoS vulnerability patched in BIND. The Internet Systems Consortium (ISC) released BIND versions 9.9.9-P2 and 9.10.4-P2 addressing a medium severity, remote code execution (RCE) vulnerability that could cause systems using the lightweight resolver protocol (lwresd) to resolve names to enter a denial-of-service (DoS) condition due to an error in the way the protocol was implemented after finding that the server can terminate when the lwresd is asked to resolve a query name that exceeds the maximum allowable length when combined with a search list entry. Source: http://www.securityweek.com/dos-vulnerability-patched-bind

For another story, see item 12 below from the Government Facilities Sector

12. July 20, Softpedia – (National) DDoS attack takes down U.S. Congress Web site for three days. A U.S. Library of Congress spokesperson reported that the U.S. Library of Congress, U.S. Copyright Office, and U.S. Congress Web sites were inaccessible July 17 – July 20 following a distributed denial-of-service (DDoS) attack involving a type of Domain Name System (DNS) attack that affected the infrastructure of the server hosting the Web sites. Officials reported the Web sites have recovered and no other U.S. Government portals appear to have been affected by the attack. Source: http://news.softpedia.com/news/ddos-attack-takes-down-us-congress-website-for-three-days-506451.shtml

Communications Sector

Nothing to report