Friday, July 22, 2016



Complete DHS Report for July 22, 2016

Daily Report                                            

Top Stories

• Federal officials reached a $176 million settlement with Enbridge Energy Partners July 20 following the release of at least 843,000 gallons of crude oil into the Kalamazoo River in Michigan in July 2010. – Associated Press

2. July 20, Associated Press – (National) Enbridge reaches $176M agreement for 2010 Michigan oil spill. The U.S. Department of Justice and U.S. Environmental Protection Agency reached a $176 million settlement with Enbridge Energy Partners July 20 following the release of at least 843,000 gallons of crude oil into the Kalamazoo River in Michigan in July 2010. Under the settlement, Enbridge must replace nearly 300 miles of pipeline between Neche, North Dakota, and Superior, Wisconsin, as well as develop measures to prevent future spills, detect leaks, and prepare for emergencies across Enbridge’s Lakehead network that extends more than 2,000 miles across 7 States, among other requirements. Source: http://abcnews.go.com/International/wireStory/enbridge-reaches-176m-agreement-2010-michigan-oil-spill-40754722

• Two men were arrested in Corona, California, July 16 after authorities found about 150 counterfeit credit cards, an encoding machine, and several counterfeit IDs, among other illicit materials in the duo’s apartment. – San Francisco Bay City News See item 5 below in the Financial Services Sector

• Southwest Airlines reported July 20 that up to 700 flights across its network were canceled and delayed due to multiple performance issues with its technology systems following an outage. – IDG News Service

7. July 20, IDG News Service – (National) Southwest Airlines delay flights after computer issues. Southwest Airlines reported July 20 that up to 700 flights across its network were canceled and delayed due to multiple performance issues with its technology systems following an outage. Normal operations were expected to be restored July 21. Source: http://www.networkworld.com/article/3098307/southwest-airlines-delays-flights-after-computer-issues.html#jump

• Federal officials issued a public health alert July 21 after the Washington State Department of Health reported confirmed cases of Salmonella potentially linked to the use and consumption of Kapowsin Meats Inc.’s, whole hog roasters prepared for barbecue. – U.S. Department of Agriculture

12. July 21, U.S. Department of Agriculture – (National) FSIS issues public health alert for pork product due to possible Salmonella contamination. The U.S. Department of Agriculture’s Food Safety and Inspection Service (FSIS) issued a public health alert July 21 after the Washington State Department of Health notified the FSIS of confirmed case patients involved in a Salmonella outbreak potentially linked to the use and consumption of Kapowsin Meats Inc.’s, whole hog roasters prepared for barbecue after a traceback investigation found three of the case-patients had consumed the pork products. FSIS personnel are working to remove the products from commerce.

Financial Services Sector

4. July 20, KRDO 13 Colorado Springs – (Colorado) “Dum-Dum Bandit” robs 3 Colorado banks in 30 days. The FBI is searching July 20 for a man dubbed the “Dum-Dum” Bandit who is suspected of robbing three banks in Denver since June, including a U.S. Bank branch July 19.

5. July 20, San Francisco Bay City News – (California) Police seize 150 credit cards, IDs in counterfeit bust. Two men were arrested in Corona, California, July 16 after authorities found about 150 counterfeit credit cards, numerous counterfeit IDs, and an encoding machine, among other illicit materials in the duo’s apartment after police received information regarding the illegal activities in May. Officials said the duo used the counterfeit cards to make fraudulent purchases in Los Angeles, Orange, and Riverside counties. Source: http://patch.com/california/temecula/police-seize-150-fake-credit-cards-ids-counterfeit-bust

Information Technology Sector

18. July 21, Help Net Security – (International) Vulnerabilities affecting SAP HANA and SAP Trex put 10,000 customers at risk. Onapsis released security advisories reporting on vulnerabilities in SAP High-Performance Analytic Appliance (HANA) and SAP Trex including a critical risk brute force attack affecting SAP HANA that could allow an attacker to gain unrestricted access to business information, and a critical risk remote command execution flaw affecting SAP Trex that could allow an unauthenticated attacker to modify arbitrary database information, among other vulnerabilities. Researchers from Onapsis reported the flaws pose a risk to over 10,000 SAP customers running different versions of SAP HANA. Source: https://www.helpnetsecurity.com/2016/07/21/sap-vulnerabilities/

19. July 21, Help Net Security – (International) Cisco plugs critical flaw in data center operations management solution. Cisco patched a critical vulnerability affecting its Unified Computing System (UCS) Performance Manager software’s Web framework after a researcher from the Adidas Group discovered that an attacker could exploit the vulnerability by sending crafted Hypertext Transfer Protocol Secure (HTTP) GET requests to an affected system, allowing the attacker to execute arbitrary commands with root user privileges. Source: https://www.helpnetsecurity.com/2016/07/21/data-center-operations-cisco/

20. July 21, SecurityWeek – (International) Chrome 52 patches 48 vulnerabilities. Google released Chrome 52 patching 48 security flaws including 11 high risk flaws and 6 medium severity flaws after external researchers found a high risk sandbox escape flaw in Pepper Plugin application programming interface (PPAPI), a high risk uniform resource locator (URL) spoofing on iOS, a use-after-free in Extensions, and a heap-buffer-overflow issue affecting sfntly, among other vulnerabilities. Source: http://www.securityweek.com/chrome-52-patches-48-vulnerabilities

21. July 20, Softpedia – (International) Backdoor account found in Dell network security products. Researchers from Digital Defense, Inc., (DDI) released patches addressing six serious security flaws affecting the Dell SonicWALL Global Management System (GMS) after discovering the equipment had a hidden account that could be exploited to add non-administrative users via the command-line interface (CLI) Client, thereby elevating an attacker’s privilege and allowing the malicious actor full control of the GMS interface and all attached SonicWALL appliances. DDI researchers also discovered two unauthenticated root command injections that lead to remote code execution (RCE) with root privileges on Dell equipment, among other vulnerabilities. Source: http://news.softpedia.com/news/backdoor-found-in-dell-network-security-products-506477.shtml

22. July 20, SecurityWeek – (International) CrypMIC ransomware emerges as CryptXXX copycat. Trend Micro security researchers discovered a ransomware dubbed CrypMIC was mimicking the CryptXXX ransomware family, in that it exploits the Neurtino exploit kit (EK) to distribute the malware, utilizes the same ransom note and payment site, and employs a custom protocol via transmission control protocol (TCP) Port 443 to communicate with its command and control (C&C) servers, among other similarities. Researchers reported that the source code and capabilities of the two families are different after finding the CrypMIC ransomware cannot harvest credentials and related information from the affected device, as it does not download and execute an information-stealing module on its process memory. Source: http://www.securityweek.com/crypmic-ransomware-emerges-cryptxxx-copycat

23. July 20, Threatpost – (International) SoakSoak botnet pushing Neutrino exploit kit and CryptXXX ransomware. Invincea researchers reported a surge in CryptXXX ransomware infections targeting popular Web sites running the Revslider slideshow plugin for Wordpress after discovering the SoakSoak botnet was delivering the CryptXXX ransomware via business Web sites that were compromised to redirect to the Neutrino exploit kit (EK). Source: https://threatpost.com/soaksoak-botnet-pushing-neutrino-exploit-kit-and-cryptxxx-ransomware/119379/


Communications Sector

Nothing to report