Complete DHS Report for August 9, 2016
Daily Report
Top Stories
• Federal officials approved a $32 million project August 6
permitting Eastern Shore Natural Gas to build new compression facilities,
extend natural gas lines, and install more than 10 miles of underground pipes
in Delaware. – New Castle County News Journal
1. August 6,
New Castle County News Journal – (Delaware) $36M gas pipeline
project in Del. wins federal approval. Federal officials approved a $32
million pipeline project August 6 that permits Eastern Shore Natural Gas to
extend natural gas transmission lines, install more than 10 miles of
underground pipelines, and build new compression facilities in New Castle and
Kent counties in Delaware, among other plans in an effort to strengthen its
transmission infrastructure. The project will begin in September 2016 and is
expected to be completed in 2017. Source: http://www.delawareonline.com/story/money/business/delawareinc/2016/08/06/36m-gas-pipeline-project-del-wins-federal-approval/88332416/
• Eighteen former Midwest Bank officers and directors agreed to
pay $26.5 million to the Federal Deposit Insurance Corporation August 5 to
settle charges alleging that their negligent lending practices from 2005 – 2008
caused the bank over $128 million in losses. – Chicago Tribune See item 2 below in
the Financial Services Sector
• The Hawaii Department of Environmental Services (ENV) reported
August 5 that approximately 12,950 gallons of sewage overflowed near the
University of Hawaii at Manoa. – KHON 2 Honolulu
18. August 6,
KHON 2 Honolulu– (Hawaii) Nearly 13,000 gallons of sewage spill in University
area. Officials from the Hawaii Department of Environmental Services (ENV)
reported August 5 that approximately 12,950 gallons of sewage overflowed near
the University of Hawaii at Manoa after debris that entered a storm drain
caused blockage. Crews released the blockage, cleaned the area, and advised
swimmers to avoid Magic Island and the Ala Wai Boat Harbor. Source: http://khon2.com/2016/08/06/nearly-13000-gallons-of-sewage-spill-in-university-area/
• A former office manager at a dentist’s office in White Plains,
New York, was charged August 4 after she allegedly embezzled over $500,000 from
the business from December 2007 – March 2015. – Lower Hudson Valley Journal
News
19. August 6,
Lower Hudson Valley Journal News – (New York) Mohegan Lake woman
stole $500K from employer, police say. A former office manager at Advanced
Periodontics and Implant Dentistry of Westchester in White Plains, New York,
was charged August 4 after she allegedly embezzled over $500,000 from the
business by opening an unauthorized business credit card to pay for her
personal expenses from December 2007 – March 2015. Source: http://www.lohud.com/story/news/crime/2016/08/06/mohegan-lake-woman-stole-employer/88325462/
Financial Services Sector
2. August 5,
Chicago Tribune – (Illinois) Midwest Bank officials, FDIC in settlement for
$26.5 million over loans. The Federal Deposit Insurance Corporation
announced August 5 that 18 former Midwest Bank officers and directors agreed to
pay a total of $26.5 million to settle charges alleging that the officers’
negligence in lending over $100 million to 6 risky borrowers from 2005 – 2008
without properly analyzing the borrowers’ creditworthiness caused the bank over
$128 million in losses. Source: http://www.chicagotribune.com/business/ct-midwest-bank-settlement-0805-biz-20160804-story.html
3. August 5,
SecurityWeek – (International) New ATM hacking method uses stolen EMV card
data. Rapid7 researchers discovered that Europay, Mastercard, and Visa
(EMV) cards are susceptible to fraudulent transactions after finding that an
attacker could insert a shimming device into the card slot of a point-of-sale
(PoS) system to intercept and capture card data, which is then remotely sent to
another device, dubbed “La-Cara.” La-Cara feeds the stolen transaction data to
the targeted ATM, thereby allowing the fraudsters to withdraw up to $50,000
from the victim’s card. Source: http://www.securityweek.com/new-atm-hacking-method-uses-stolen-emv-card-data
Information Technology Sector
27. August 8,
Help Net Security – (International) Remote Butler attack; APT groups’ dream come
true. Microsoft security researchers developed an extension of the “Evil
Maid” attack dubbed “Remote Butler” which allows attackers to bypass local
Windows authentication to defeat full disk encryption without physical access
to the targeted device. A patch released by Microsoft for the “Evil Maid”
attack also prevents attackers from carrying out a “Remote Butler” attack. Source: https://www.helpnetsecurity.com/2016/08/08/remote-butler-attack/
28. August 6,
Softpedia – (International) Cerber ransomware v2 spotted online, is now
undecryptable. Trend Micro researcher PanicAll discovered that the Cerber
ransomware was updated in versions v1.5 and v2 to break a previous decryption
tool that allowed users to recover their hacked files for free. The updates
changed the extension added at the end of each encrypted file from “.cerber” to
“.cerber2,” and extended encryption keys generated by CryptGenRandom Microsoft
application programming interface (API) from 16 bytes to 32 bytes, among other
updates. Source: http://news.softpedia.com/news/cerber-ransomware-v2-spotted-online-is-now-undecryptable-507045.shtml
29. August 6,
Softpedia – (International) Linux botnets dominate the DDoS landscape. Kaspersky
Lab released its distributed denial-of-service (DDoS) Intelligence Report which
reported that Linux botnets accounted for 70.2 percent of all DDoS attacks
initiated during quarter 2 (Q2) of 2016, while only 44.5 percent of DDoS
attacks were carried out by Linux botnets in quarter 1. The report also stated
that SYN DDoS attacks were the most popular methods for DDoS attacks during Q2,
followed by transmission control protocol (TCP), Hypertext Transfer Protocol
Secure (HTTP), and Internet control message protocol (ICMP) floods. Source: http://news.softpedia.com/news/linux-botnets-dominate-the-ddos-landscape-507043.shtml
30. August 5,
Softpedia – (International) New Remcos RAT available for purchase on
underground hacking forums. Symnatec researchers reported that a malware
developer dubbed Viotto posted the Remcos Remote Access Trojan (RAT) targeting
Microsoft Windows versions XP and higher for sale on underground hacking
forums, which allows hackers the ability to take screenshots of infected
computers, log keystrokes offline or in real times, and record content via the
infected device’s camera, among other malicious actions, and send the stolen
data encrypted via Hypertext Transfer Protocol Secure (HTTPS) to the command
and control (C&C) server. Researchers also discovered the trojan can queue
operations to be carried out when the victim goes online and includes a
password dumping component that can dump passwords from applications like
Microsoft’s Internet Explorer, Mozilla Firefox, and Apple Inc.’s Safari, among
others. Source: http://news.softpedia.com/news/new-remcos-rat-available-for-sale-on-underground-hacking-forums-507018.shtml
31. August 5,
SecurityWeek – (International) VMware Tools flaw allowed code execution via
DLL hijacking. VMware published an advisory describing two vulnerabilities
in several of its products including a dynamic-link library (DLL) hijacking
issue in the Windows version of VMware Tools related to the VMware Host Guest
Client Redirector component that could be exploited to execute arbitrary code
on a targeted system after finding that when a document is opened from a
uniform naming convention (UNC) path, the Client Redirector injects a DLL named
“vmhgfs.dll” into the file in order to open the file, allowing an attacker to
load a malicious DLL into the application and to compromise the system. The
second vulnerability is a Hypertext Transfer Protocol Secure (HTTP) header
injection issue in vCenter Server and ESXi caused by a lack of input validation
that could allow a hacker to launch cross-site scripting (XSS) or malicious
redirect attacks.Source: http://www.securityweek.com/vmware-tools-flaw-allowed-code-execution-dll-hijacking
Communications Sector
See item 5 below from the Transportation Systems
Sector
5. August 8,
NBC News – (International) Delta warns of chaos after power outage,
worldwide system failure. A power outage at the Delta Airlines headquarters
in Atlanta August 8 caused a global computer failure that forced the
cancellation of at least 451 flights and left less than 1,700 of the company’s
6,000 scheduled flights in operation. The outage affected check-in systems,
airport screens, as well as the airline Website and smartphone apps for more
than 6 hours. Source: http://www.nbcnews.com/business/travel/delta-system-outage-triggers-delays-worldwide-n625141