Tuesday, August 16, 2016



Complete DHS Report for August 16, 2016

Daily Report                                            

Top Stories

• Mitsubishi Motors Corporation issued a recall August 15 for 45,731 of its model year 2015 Mitsubishi Outlander Sport vehicles equipped with 2.0-liter engines sold in the U.S. due to improperly secured hose clamps in the vehicles’ continuously variable transmissions, which could cause transmission fluid to leak. – TheCarConnection.com

1. August 15, TheCarConnection.com – (National) 2015 Mitsubishi Outlander Sport recalled for transmission problem: over 45,000 vehicles affected. Mitsubishi Motors Corporation issued a recall August 15 for 45,731 of its model year 2015 Mitsubishi Outlander Sport vehicles equipped with 2.0-liter engines and continuously variable transmissions (CVT) sold in the U.S. due to improperly secured hose clamps in the vehicles’ CVT, which could cause transmission fluid to leak and leave the vehicle inoperable, thereby increasing the risk of a crash, or start a vehicle fire if the fluid comes into contact with a hot surface. Source: http://www.thecarconnection.com/news/1105557_2015-mitsubishi-outlander-sport-recalled-for-transmission-problem-over-45000-vehicles-affected

• Rhode Island police are searching August 12 for a group suspected of installing skimming devices on at least 4 ATMs across the State since June and using the stolen information to make large cash withdrawals. – Bristol Patch See item 2 below in the Financial Services Sector

• Oriental Packing Co., Inc. issued a recall August 12 for approximately 377,000 pounds of its blended seasoning curry products after routine sampling revealed the presence of elevated levels of lead in the products. – U.S. Food and Drug Administration

16. August 12, U.S. Food and Drug Administration – (National) Oriental Packing Co., Inc., issues alert on lead in curry powder. Oriental Packing Co., Inc. issued a recall August 12 for approximately 377,000 pounds of its blended seasoning curry products sold under 5 brands after routine sampling revealed the presence of elevated levels of lead in the products. No illnesses have been reported and the products were sold via Internet sales and to retail stores nationwide. Source: http://www.fda.gov/Safety/Recalls/ucm516541.htm

• City officials from Grayling, Michigan reported that approximately 17,000 gallons of raw sewage leaked into the Au Sable River from the city’s main lift station August 13. – WWTV 9 Cadillac/WWUP 10 Sault Ste. Marie

18. August 15, WWTV 9 Cadillac/WWUP 10 Sault Ste. Marie – (Michigan) Grayling to test Au Sable River following sewage leak. City officials in Grayling, Michigan reported that approximately 17,000 gallons of raw sewage leaked into the Au Sable River from the city’s main lift station August 13 after an electrical surge caused a failure with the alarm system, leading to the sewage leak. Officials advised residents to avoid contact with the river until test results are returned. Source: http://www.9and10news.com/story/32761029/grayling-to-test-au-sable-river-following-sewage-leak

Financial Services Sector

2. August 12, Bristol Patch – (Rhode Island) RI State police following trail left by ATM skimming crime ring. Rhode Island police are searching August 12 for a group suspected of installing skimming devices on at least 4 ATMs across Rhode Island since June and using the stolen information to make large cash withdrawals from ATMs at other area banks.

Information Technology Sector

24. August 14, Softpedia – (International) Sharp increase in malware utilizing SSL. Blue Coat released a report revealing that the number of malware samples employing secure sockets layer (SSL) increased from 500 samples per month to 29,000 over a 2 month period and the number of active command and control (C&C) servers that used SSL-protected connections to communicate with their bots increased from 1,000 servers in quarter 1 of 2015 to 200,000 servers in quarter 2 after the security firm analyzed the detections and infrastructure of common malware families known to implement SSL for protection, and cyber-criminal activity from January 2014 – December 2015. Source: http://news.softpedia.com/news/sharp-increase-in-malware-utilizing-ssl-507291.shtml

25. August 14, Softpedia – (International) New FSS Rowhammer attack hijacks Linux VMs. Researchers from the Vrije University in the Netherlands discovered a new version of the Rowhammer attack, dubbed Flip Feng Shui (FSS) that works in conjunction with memory deduplication is capable of compromising the memory of shared Linux-based virtual machines (VMs) used for cloud hosting services and could allow an attacker to gain control of a victim’s accounts despite the absence of software vulnerabilities if the malicious attacker buys access to cloud services co-hosted with the victim. Researchers discovered the flaw is in the cryptographic software and stated the attack can be used in multiple other forms and applications in the software stack. Source: http://news.softpedia.com/news/new-ffs-rowhammer-attack-targets-linux-vm-setups-507290.shtml

26. August 13, Softpedia – (International) New Windows trojan steals enterprise data and Microsoft Office files. Security researchers from Bleeping Computer discovered malicious actors were distributing a new type of infostealer trojan as a file, dubbed Aug_1st_java.exe that disguises itself as the process of the Google Chrome browser and targets 11 file types specific to enterprise environments, including extensions associated with Microsoft Office applications in order to gather information about the computer, including the username, version of Windows, and a list of currently installed applications, among other data, and then directs and uploads the files to its command and control (C&C) server via the Microsoft Message Queuing (MSMQ) protocol. Researchers also found that the infostealer trojan modifies the Windows Registry after installation in order to gain the ability to run automatically when the victim reboots their computer. Source: http://news.softpedia.com/news/new-windows-trojan-steals-enterprise-data-and-microsoft-office-files-507281.shtml

For additional stories, see item 27 below in the Communications Sector and 28 below from the Commercial Facilities Sector

28. August 15, Softpedia – (National) PoS malware found at 20 HEI Hotels properties. HEI Hotels & Resorts announced August 15 that it notified customers the weekend of August 13 about a security breach of its payment card processor that targeted 20 of its properties nationwide since December 2015 after unauthorized individuals installed malware on its point-of-sale (PoS) systems to capture sensitive data including payment card account number, card verification code, and card expiration date, among other details. The company disabled the malware and is working to reconfigure various network components and payment systems to enhance the security of its systems. Source: http://news.softpedia.com/news/pos-malware-found-at-20-hei-hotels-properties-507311.shtml

Communications Sector

27. August 14, Softpedia – (International) ARMageddon cache attack on Android devices can monitor keystrokes, ARM TrustZone. Researchers from the Graz University of Technology in Austria discovered the first-ever cache attack affecting multi-core Advanced RISC Machines (ARM) central processing units (CPUs) used in hundreds of millions Android devices that could allow a third-party with no elevated privileges to extract small portions of data from a CPU cache using techniques like Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush to monitor keystrokes, the ARM TrustZone, as well as tap and swipe gestures events sent to the CPU for processing in order to infer details about the data being processed. Google patched most of the issues in its March 2016 Android Security Bulletin. Source: http://news.softpedia.com/news/new-armageddon-cache-attack-on-android-devices-can-monitor-keystrokes-507293.shtml