Complete DHS Report for August 18, 2016
Daily Report
Top Stories
• City officials in Kalamazoo, Michigan, reported August 17 that
more than 570,000 gallons of partially treated wastewater overflowed into the
Kalamazoo River August 16 following severe storms in the area. – Associated
Press; WOOD 8 Grand Rapids
12. August 17,
Associated Press; WOOD 8 Grand Rapids – (Michigan) Warning issued for
Kalamazoo River after wastewater overflow. City officials in Kalamazoo,
Michigan, issued a water advisory August 17 warning people to avoid a 5-mile
stretch of the Kalamazoo River after severe rains caused more than 570,000
gallons of partially treated wastewater to overflow into the river August 16. Source:
http://www.ccenterdispatch.com/news/state/article_fa7706ec-fb46-51c6-be51-ec4d4939a6d6.html
• The governor of California declared a state of emergency for San
Bernardino County August 16 due to the 30,000-acre Blue Cut Fire that has
forced the evacuation of more than 82,000 residents from an estimated 35,000
homes in the area. – ABC News
15. August 17,
ABC News – (California) Devastating southern California wildfire grows
to 30,000 acres, 0% contained. The governor of California declared a state
of emergency for San Bernardino County August 16 due to the 30,000-acre Blue
Cut Fire that has forced the evacuation of more than 82,000 residents from an
estimated 35,000 homes in the area. Source: http://abcnews.go.com/US/massive-southern-california-wildfire-covers-30000-acres-contained/story?id=41452228
• Nearly 1,200 inmates were evacuated from the Louisiana
Correctional Institute for Women in St. Gabriel August 16 as a precautionary
measure after floodwaters have continued to rise in the area. – Baton Rouge
Advocate
17. August 16,
Baton Rouge Advocate – (Louisiana) DOC: 1,200 prisoners to evacuate women’s lockup
in St. Gabriel as precaution. Nearly 1,200 inmates were evacuated from the
Louisiana Correctional Institute for Women in St. Gabriel August 16 as a
precautionary measure after floodwaters have continued to rise in the area.
Officials stated roughly 600 inmates were evacuated from the Livingston Parish
Detention Center and sent to 4 other State prisons the weekend of August 13 due
to rising floodwaters. Source: http://www.theadvocate.com/baton_rouge/news/article_b9854430-63ce-11e6-aa1c-dbffc3042ae7.html
• Social Blade confirmed that its Website and forum were hacked in
August after LeakedSource researchers discovered that the details of 13,009 of
the forum’s users and 273,806 of the Website’s users’ details were leaked,
including password hashes and Internet Protocol (IP) addresses, among other information.
– SecurityWeek See item 20 below in
the Information Technology Sector
Financial Services Sector
2. August 16,
Newark Star-Ledger – (New Jersey) N.J. woman stole $89K in credit card scheme,
cops say. A former accountant at Forever Collectibles in Somerset, New
Jersey, was charged August 16 for her role in an $89,000 credit card fraud
scheme where she and a co-conspirator allegedly put the refunds from customers’
returned items onto her family and friends’ credit cards instead of the
customers’ cards between March and December 2015. Source: http://www.nj.com/somerset/index.ssf/2016/08/nj_woman_stole_89k_from_employer_in_credit_card_sc.html
3. August 16,
SecurityWeek – (International) Vawtrak banking trojan uses SSL pinning, DGA.
Fidelis security researchers discovered that a new version of the Vawtrak
banking trojan includes a domain generation algorithm (DGA) that generates .ru
domains using a pseudorandom number generator (PRNG) in the trojan’s loader,
uses Hypertext Transfer Protocol Secure (HTTPS) to protect command and control
(C&C) communications, and leverages certificate pinning, or secure sockets
layer (SSL) pinning that helps the malware evade detection by enterprise
security solutions that use their own certificates to intercept communications.
Researches stated the trojan conducts checks based on the Common Name to
identify the domain names associated with the certificate, and uses a public
key from the initial inject carried out by the malware loader in order to
ensure that no other certificates are accepted. Source: http://www.securityweek.com/vawtrak-banking-trojan-uses-ssl-pinning-dga
Information Technology Sector
19. August 17,
SecurityWeek – (International) Backdoor abuses TeamViewer to spy on victims.
Dr. Web security researchers discovered a backdoor trojan, dubbed
BackDoor.TeamViewrENT.1 and distributed under the name “Spy-Agent” was
installing legitimate TeamViewer components on a compromised device to spy on
victims in the U.S., Europe, and Russia, steal victims’ personal information,
and to install other malicious programs on a device. Researchers found that the
trojan disables error messaging for the TeamViewer process, changes the
attributes of its files and the TeamViewer files to “system,” “hidden,” and
“ready only”, and kills the TeamViewer process if the Microsoft Windows Task
Manager or Process Explorer are detected in order to hide its presence on an
infected device. Source: http://www.securityweek.com/backdoor-abuses-teamviewer-spy-victims
20. August 17,
SecurityWeek – (International) User data leaked from analytics company
Social Blade. Social Blade, a data provider for YouTube, Twitch, and
Instagram accounts, confirmed that its Website and forum were hacked in August
after LeakedSource researchers discovered that the details of 13,009 of the
forum’s users and 273,806 of the Website’s users’ details were leaked,
including email addresses, usernames, password hashes, and Internet Protocol
(IP) addresses, among other information, after a malicious actor obtained a
partial database dump by exploiting a vulnerability in the forum software.
Social Blade reset all user passwords and shut down its forum.
21. August 16,
Softpedia – (International) Chrome and Firefox attached by simple URL
spoofing bug that facilitates phishing. A security researcher discovered a
flaw affecting security features in Google Chrome and Mozilla Firefox can be
exploited to spoof Universe Resource Locators (URLs) in the browser address bar
after finding that Web browsers handle URLs written with mixed right-to-left
(RTL) (Arabic) and left-to-right (LTR) (Roman) characters incorrectly, which
confuses the browsers and forces them to switch parts of the URL, thereby
tricking the user into thinking that they are accessing a different Website
than the one they are on. The researcher stated a hacker running a phishing
site can add a few Arabic characters onto a server’s Internet Protocol (IP) to
change the domain of a legitimate Website and embed this URL in spam email,
short message service (SMS), or instant messaging (IM) message in order to
redirect an user to the malicious actor’s server. Source: http://news.softpedia.com/news/chrome-and-firefox-affected-by-simple-url-spoofing-bug-that-facilitates-phishing-507369.shtml
For another story, see item 3 above in the Financial Services Sector
Communications Sector
See item 20 above in the Information Technology
Sector