Complete DHS Report for August 17, 2016
Daily Report
Top Stories
• Officials issued a safety order August 15 directing Washington
Metropolitan Area Transit Authority (WMATA) to make changes to enhance safety
after WMATA committed a total of 68 red signal violations since 2012. – WTOP
103.5 FM Washington, D.C.
7. August 15,
WTOP 103.5 FM Washington, D.C. – (Washington, D.C.) After
series of close calls, Metro ordered to make urgent fixes. The Federal
Transit Administration issued a safety order August 15 directing Washington
Metropolitan Area Transit Authority (WMATA) to make 11 changes to enhance rider
and worker safety following an investigation that found that WMATA committed a
total of 68 confirmed red signal violations from January 2012 – July 2016,
among other violations. The 11 corrective actions require WMATA to increase
oversight of train operator and controllers, review its fatigue management
system, and consider new options to automatically stop trains before
collisions. Source: http://wtop.com/tracking-metro-24-7/2016/08/series-trains-blow-red-signals-metro-ordered-make-urgent-fixes/
• The governor of Louisiana declared a state of emergency in East
Baton Rouge, Louisiana, August 15 following severe storms August 12 – August 14
that left at least 4 people dead and displaced more than 10,000 residents. – NBC
News
10. August 15,
NBC News – (Louisiana) Louisiana flooding: At least four dead, 20,000
rescued. The governor of Louisiana declared a state of emergency in East
Baton Rouge, Louisiana, August 15 following severe storms August 12 – August 14
that left at least 4 people dead, forced the closure of more than 100 roads
across the State, damaged thousands of homes, and forced more than 10,000
residents to move to shelters August 14. Officials stated that over 1,700
rescue personnel saved more than 20,000 people from the flooding. Source: http://www.nbcnews.com/news/us-news/louisiana-flooding-least-three-dead-officials-warn-more-rain-come-n630331
• Officials reported August 15 that 13,237 patients at
Professional Dermatology Care, P.C. in Reston, Virginia, were notified of a
data breach after hackers may have gained access to protected patient
information from the provider’s network server between June 19 and June 27. – Reston
Patch; U.S. Department of Health and Human Services
11. August 15,
Reston Patch; U.S. Department of Health and Human Services –
(Virginia) Reston doctor's office hacked, 13,000 patient records
compromised. U.S. Department of Health and Human Services officials
reported August 15 that 13,237 patients at Professional Dermatology Care, P.C.
in Reston, Virginia, were notified of a data breach after hackers outside of
the U.S. may have gained unauthorized access to protected patient information
and financial data, including patient names, Social Security numbers, and
Medicare numbers, among other information, from the provider’s network server
between June 19 and June 27 with the intent to extract money from the company
in order to de-encrypt data. The company does not believe the hackers misused
any of the patient data. Source: http://patch.com/virginia/reston/reston-doctors-office-hacked-13-000-patient-records-compromised
• Lookout researchers reported that 1.4 billion Android devices
are affected by a security flaw in the Linux kernel’s implementation of the
Transmission Control Protocol (TCP) that could allow a hacker to hijack
unencrypted Web traffic. – Softpedia See item 19 below in
the Communications Sector
Financial Services Sector
3. August 15,
KRON 4 San Francisco – (California) ‘Bearded Bandit’ bank robbery suspect arrested
in San Francisco. FBI officials reported August 15 that a man dubbed the
“Dreaded Bandit” was arrested in San Francisco August 12 after he allegedly
committed 4 bank robberies in the San Francisco Bay Area since April. Source: http://kron4.com/2016/08/15/bearded-bandit-bank-robbery-suspect-arrested-in-san-francisco/
For another
story, see item 20 below from the Commercial
Facilities Sector
Information Technology Sector
17. August 16,
Softpedia – (International) FalseCONNECT vulnerability affects software
from Apple, Microsoft, Oracle, more. A security researcher discovered a
flaw in how applications from several vendors respond to Hypertext Transfer
Protocol (HTTP) CONNECT requests via HTTP/1.0 407 Proxy Authentication Required
responses which could allow an attacker with a foothold in a compromised
network and the ability to listen to proxy traffic to detect HTTP CONNECT
requests sent to the local proxy and issue a 407 Proxy Authentication Required
response where the user must input a password to access a specific service and
then authenticate, thereby sending the response to the malicious actor.
Researchers stated that WebKit-based clients including Google Chrome, Apple’s
iTunes, and Google Drive, among others, are most vulnerable to the attack.
18. August 15,
SecurityWeek – (International) Windows script files used to deliver Locky
ransomware. Researchers from Trend Micro warned that a Locky ransomware
variant was being delivered to targeted organizations using Microsoft Windows
script (WSF) files in order to download any malware payload and to make
detection more difficult, as WSF files are not engine-specific, contain more
than one scripting language, and are not monitored by typical endpoint security
solutions, thereby increasing the chances of bypassing sandboxes and
blacklisting technologies. Researchers stated the cybercriminals were targeting
companies and that the files delivering Locky were compressed in ZIP archives
and attached to emails with business-related subject lines.
For additional stories, see
item 2 below from the Critical Manufacturing Sector and 19 below in the Communications Sector
2. August 15,
SecurityWeek – (International) Flaw allows attackers to modify firmware on
Rockwell PLCs. Cisco Talos researchers discovered a high severity flaw in
Rockwell Automation, Inc.’s Allen Bradley MicroLogix 1400 programmable logic
controllers (PLCs) where an undocumented Simple Network Management Protocol
(SNMP) community string, dubbed “wheel” could be exploited to make unauthorized
changes to a device, including replacing the original firmware with a malicious
version. Rockwell Automation advised customers to use the RUN key switch
setting to prevent unauthorized firmware updates and configuration changes.
Communications Sector
19. August 15,
Softpedia – (International) 1.4 billion Android devices affected by Linux
TCP flaw. Lookout security researchers reported that a security flaw in the
Linux kernel’s implementation of the Transmission Control Protocol (TCP), which
could allow a malicious actor to hijack unencrypted Web traffic or shutdown
encrypted connections between two parties without a man-in-the-middle (MitM)
position also affects 1.4 billion Android devices running versions 4.4 or
higher, as the Android mobile operating system (OS) is built on a modified
version of the Linux kernel. Researchers advised users to encrypt their traffic
by employing a virtual private network (VPN), among other methods, to protect
their devices. Source: http://news.softpedia.com/news/1-4-billion-android-devices-affected-by-linux-tcp-flaw-507317.shtml