Thursday, August 18, 2016



Complete DHS Report for August 18, 2016

Daily Report                                            

Top Stories

• City officials in Kalamazoo, Michigan, reported August 17 that more than 570,000 gallons of partially treated wastewater overflowed into the Kalamazoo River August 16 following severe storms in the area. – Associated Press; WOOD 8 Grand Rapids

12. August 17, Associated Press; WOOD 8 Grand Rapids – (Michigan) Warning issued for Kalamazoo River after wastewater overflow. City officials in Kalamazoo, Michigan, issued a water advisory August 17 warning people to avoid a 5-mile stretch of the Kalamazoo River after severe rains caused more than 570,000 gallons of partially treated wastewater to overflow into the river August 16. Source: http://www.ccenterdispatch.com/news/state/article_fa7706ec-fb46-51c6-be51-ec4d4939a6d6.html

• The governor of California declared a state of emergency for San Bernardino County August 16 due to the 30,000-acre Blue Cut Fire that has forced the evacuation of more than 82,000 residents from an estimated 35,000 homes in the area. – ABC News

15. August 17, ABC News – (California) Devastating southern California wildfire grows to 30,000 acres, 0% contained. The governor of California declared a state of emergency for San Bernardino County August 16 due to the 30,000-acre Blue Cut Fire that has forced the evacuation of more than 82,000 residents from an estimated 35,000 homes in the area. Source: http://abcnews.go.com/US/massive-southern-california-wildfire-covers-30000-acres-contained/story?id=41452228

• Nearly 1,200 inmates were evacuated from the Louisiana Correctional Institute for Women in St. Gabriel August 16 as a precautionary measure after floodwaters have continued to rise in the area. – Baton Rouge Advocate

17. August 16, Baton Rouge Advocate – (Louisiana) DOC: 1,200 prisoners to evacuate women’s lockup in St. Gabriel as precaution. Nearly 1,200 inmates were evacuated from the Louisiana Correctional Institute for Women in St. Gabriel August 16 as a precautionary measure after floodwaters have continued to rise in the area. Officials stated roughly 600 inmates were evacuated from the Livingston Parish Detention Center and sent to 4 other State prisons the weekend of August 13 due to rising floodwaters. Source: http://www.theadvocate.com/baton_rouge/news/article_b9854430-63ce-11e6-aa1c-dbffc3042ae7.html

• Social Blade confirmed that its Website and forum were hacked in August after LeakedSource researchers discovered that the details of 13,009 of the forum’s users and 273,806 of the Website’s users’ details were leaked, including password hashes and Internet Protocol (IP) addresses, among other information. – SecurityWeek See item 20 below in the Information Technology Sector

Financial Services Sector

2. August 16, Newark Star-Ledger – (New Jersey) N.J. woman stole $89K in credit card scheme, cops say. A former accountant at Forever Collectibles in Somerset, New Jersey, was charged August 16 for her role in an $89,000 credit card fraud scheme where she and a co-conspirator allegedly put the refunds from customers’ returned items onto her family and friends’ credit cards instead of the customers’ cards between March and December 2015. Source: http://www.nj.com/somerset/index.ssf/2016/08/nj_woman_stole_89k_from_employer_in_credit_card_sc.html

3. August 16, SecurityWeek – (International) Vawtrak banking trojan uses SSL pinning, DGA. Fidelis security researchers discovered that a new version of the Vawtrak banking trojan includes a domain generation algorithm (DGA) that generates .ru domains using a pseudorandom number generator (PRNG) in the trojan’s loader, uses Hypertext Transfer Protocol Secure (HTTPS) to protect command and control (C&C) communications, and leverages certificate pinning, or secure sockets layer (SSL) pinning that helps the malware evade detection by enterprise security solutions that use their own certificates to intercept communications. Researches stated the trojan conducts checks based on the Common Name to identify the domain names associated with the certificate, and uses a public key from the initial inject carried out by the malware loader in order to ensure that no other certificates are accepted. Source: http://www.securityweek.com/vawtrak-banking-trojan-uses-ssl-pinning-dga

Information Technology Sector

19. August 17, SecurityWeek – (International) Backdoor abuses TeamViewer to spy on victims. Dr. Web security researchers discovered a backdoor trojan, dubbed BackDoor.TeamViewrENT.1 and distributed under the name “Spy-Agent” was installing legitimate TeamViewer components on a compromised device to spy on victims in the U.S., Europe, and Russia, steal victims’ personal information, and to install other malicious programs on a device. Researchers found that the trojan disables error messaging for the TeamViewer process, changes the attributes of its files and the TeamViewer files to “system,” “hidden,” and “ready only”, and kills the TeamViewer process if the Microsoft Windows Task Manager or Process Explorer are detected in order to hide its presence on an infected device. Source: http://www.securityweek.com/backdoor-abuses-teamviewer-spy-victims

20. August 17, SecurityWeek – (International) User data leaked from analytics company Social Blade. Social Blade, a data provider for YouTube, Twitch, and Instagram accounts, confirmed that its Website and forum were hacked in August after LeakedSource researchers discovered that the details of 13,009 of the forum’s users and 273,806 of the Website’s users’ details were leaked, including email addresses, usernames, password hashes, and Internet Protocol (IP) addresses, among other information, after a malicious actor obtained a partial database dump by exploiting a vulnerability in the forum software. Social Blade reset all user passwords and shut down its forum.

21. August 16, Softpedia – (International) Chrome and Firefox attached by simple URL spoofing bug that facilitates phishing. A security researcher discovered a flaw affecting security features in Google Chrome and Mozilla Firefox can be exploited to spoof Universe Resource Locators (URLs) in the browser address bar after finding that Web browsers handle URLs written with mixed right-to-left (RTL) (Arabic) and left-to-right (LTR) (Roman) characters incorrectly, which confuses the browsers and forces them to switch parts of the URL, thereby tricking the user into thinking that they are accessing a different Website than the one they are on. The researcher stated a hacker running a phishing site can add a few Arabic characters onto a server’s Internet Protocol (IP) to change the domain of a legitimate Website and embed this URL in spam email, short message service (SMS), or instant messaging (IM) message in order to redirect an user to the malicious actor’s server. Source: http://news.softpedia.com/news/chrome-and-firefox-affected-by-simple-url-spoofing-bug-that-facilitates-phishing-507369.shtml

For another story, see item 3 above in the Financial Services Sector

Communications Sector

See item 20 above in the Information Technology Sector