Complete DHS Report for August 22, 2016
Daily Report
Top Stories
• The FBI is searching August 18 for a man dubbed the “Taxicab
Bandit” who is suspected of robbing a BestBank branch in Decatur, Georgia, 2
times since the week of August 8 and other DeKalb County banks. – Atlanta
Journal-Constitution See item 1 below in
the Financial Services Sector
• The U.S. Air Force announced August 18 it awarded a $6.2 million
contract to replace its firefighting foam after a report confirmed that
drinking water contamination in southern El Paso County, Colorado, may be
linked to the firefighting chemicals used at Peterson Air Force Base. – Associated
Press
22. August 18,
Associated Press – (Colorado) Air Force to change fire foam due to water
contamination. The U.S. Air Force announced August 18 it awarded a $6.2
million contract to replace its firefighting foam with an environmentally
friendly foam to reduce the risk of possible contamination of soil and
groundwater after a report issued August 17 confirmed that drinking water
contamination in southern El Paso County, Colorado, and other sites may be
linked to the firefighting chemicals used at Peterson Air Force Base in
Colorado Springs. U.S. Air Force officials stated it will replace the foam in
fire stations and fire vehicles with the new formula by the end of 2016 after
the U.S. Environmental Protection Agency issued stricter guidelines for human
exposure to the chemicals, as they have been linked to cancer and other
illnesses. Source: http://gazette.com/us-air-force-to-change-fire-foam-due-to-water-contamination/article/1583128
• Researchers discovered that the Locky ransomware reverted to
leveraging Microsoft Office documents embedded with malicious macros for
distribution to organizations in the health care, telecommunications, and
transportations industries. – SecurityWeek See item 26 below in
the Information Technology Sector
• Eddie Bauer reported August 18 that its point-of-sale (PoS)
systems at all 350 locations in the U.S. and Canada were breached after
detecting malicious software on its network which may have compromised credit
card information. – Krebs on Security
28. August 18,
Krebs on Security – (International) Malware infected all Eddie Bauer stores in
U.S., Canada. Eddie Bauer reported August 18 that its point-of-sale (PoS)
systems were breached after detecting malicious software on its network which
may have compromised credit and debit card information used at more than 350
locations in the U.S. and Canada between January and July 2016. The company
removed the malicious software from its PoS systems and stated the breach did
not impact purchases made from the company’s online store.
Financial Services Sector
1. August 18,
Atlanta Journal-Constitution – (Georgia) FBI searching for
‘Taxicab Bandit’ wanted in bank robberies. The FBI is searching August 18
for a man dubbed the “Taxicab Bandit” who is suspected of robbing a BestBank
branch in Decatur, Georgia, 2 times since the week of August 8 and other DeKalb
County banks. Source: http://www.ajc.com/news/news/crime-law/fbi-searching-for-taxicab-bandit-wanted-in-bank-ro/nsH3y/
2. August 18,
KCBS 2 Los Angeles – (California) ‘Audi Bandit’ sought in string of Bay Area bank
robberies. The FBI is searching August 18 for a man dubbed the “Audi
Bandit” who is suspected of robbing at least 3 San Francisco Bay Area banks
since May, including a Fremont Bank branch in Livermore and a Wells Fargo Bank
branch in Pleasanton in June. Source: http://sanfrancisco.cbslocal.com/2016/08/18/audi-bandit-sought-in-string-of-bay-area-bank-robberies/
For another story, see item 28 above in Top Stories
Information Technology Sector
24. August 18,
SecurityWeek – (International) Flaws in smart sockets expose networks to
remote attacks. Bitdefender researchers reported a popular brand of smart
electrical sockets is plagued with serious vulnerabilities that could be
exploited by a remote attacker who knows the media access control (MAC) and
default password to take control of the device, make configuration changes, and
obtain user information after finding that the socket’s hotspot is protected by
default credentials and users are not advised to strengthen the credentials,
the mobile app transfers Wi-Fi credentials in clear text, which could allow an
attacker to intercept the information, and that communications between the
device and application go through the manufacturer’s server without being
encrypted, among other flaws. Researchers stated a patch for the flaws is
expected to be released in the third quarter of 2016.
25. August 18,
Softpedia – (International) Global phishing numbers rise as hosting firms
fail to respond. Cyren released its Cyberthreat Report that analyzed global
phishing operations and found that the total number of malicious phishing
Universal Resource Locators (URLs) spread on the Internet increased by 14
percent in quarter 2 of 2016 to 4.44 million, and revealed that 20 percent of all
phishing pages disappear after 3 hours, with only 40 percent of all pages
lasting more than 2 days. The report also states that Google Chrome and Mozilla
Firefox are the quickest to identify phishing pages and malicious sites after
Chrome detected 73.9 percent of phishing pages within 48 hours and Firefox
marked 52.2 percent of the sites. Source: http://news.softpedia.com/news/global-phishing-numbers-rise-as-hosting-firms-fail-to-respond-507441.shtml
26. August 18,
SecurityWeek – (International) Locky ransomware reverts to malicious macros.
FireEye researchers discovered that the Locky ransomware reverted to using
Microsoft Office documents embedded with malicious macros to distribute the
malware to individuals and organizations in the health care, telecommunications,
and transportations industries. Researchers reported that the DOCM files
install the ransomware onto a victim’s device once the malicious macros are
enabled. Source: http://www.securityweek.com/locky-ransomware-reverts-malicious-macros
Communications Sector
See item 26 above in the Information Technology
Sector