Monday, August 22, 2016



Complete DHS Report for August 22, 2016

Daily Report                                            

Top Stories

• The FBI is searching August 18 for a man dubbed the “Taxicab Bandit” who is suspected of robbing a BestBank branch in Decatur, Georgia, 2 times since the week of August 8 and other DeKalb County banks. – Atlanta Journal-Constitution See item 1 below in the Financial Services Sector

• The U.S. Air Force announced August 18 it awarded a $6.2 million contract to replace its firefighting foam after a report confirmed that drinking water contamination in southern El Paso County, Colorado, may be linked to the firefighting chemicals used at Peterson Air Force Base. – Associated Press

22. August 18, Associated Press – (Colorado) Air Force to change fire foam due to water contamination. The U.S. Air Force announced August 18 it awarded a $6.2 million contract to replace its firefighting foam with an environmentally friendly foam to reduce the risk of possible contamination of soil and groundwater after a report issued August 17 confirmed that drinking water contamination in southern El Paso County, Colorado, and other sites may be linked to the firefighting chemicals used at Peterson Air Force Base in Colorado Springs. U.S. Air Force officials stated it will replace the foam in fire stations and fire vehicles with the new formula by the end of 2016 after the U.S. Environmental Protection Agency issued stricter guidelines for human exposure to the chemicals, as they have been linked to cancer and other illnesses. Source: http://gazette.com/us-air-force-to-change-fire-foam-due-to-water-contamination/article/1583128

• Researchers discovered that the Locky ransomware reverted to leveraging Microsoft Office documents embedded with malicious macros for distribution to organizations in the health care, telecommunications, and transportations industries. – SecurityWeek See item 26 below in the Information Technology Sector

• Eddie Bauer reported August 18 that its point-of-sale (PoS) systems at all 350 locations in the U.S. and Canada were breached after detecting malicious software on its network which may have compromised credit card information. – Krebs on Security

28. August 18, Krebs on Security – (International) Malware infected all Eddie Bauer stores in U.S., Canada. Eddie Bauer reported August 18 that its point-of-sale (PoS) systems were breached after detecting malicious software on its network which may have compromised credit and debit card information used at more than 350 locations in the U.S. and Canada between January and July 2016. The company removed the malicious software from its PoS systems and stated the breach did not impact purchases made from the company’s online store.

Financial Services Sector

1. August 18, Atlanta Journal-Constitution – (Georgia) FBI searching for ‘Taxicab Bandit’ wanted in bank robberies. The FBI is searching August 18 for a man dubbed the “Taxicab Bandit” who is suspected of robbing a BestBank branch in Decatur, Georgia, 2 times since the week of August 8 and other DeKalb County banks. Source: http://www.ajc.com/news/news/crime-law/fbi-searching-for-taxicab-bandit-wanted-in-bank-ro/nsH3y/

2. August 18, KCBS 2 Los Angeles – (California) ‘Audi Bandit’ sought in string of Bay Area bank robberies. The FBI is searching August 18 for a man dubbed the “Audi Bandit” who is suspected of robbing at least 3 San Francisco Bay Area banks since May, including a Fremont Bank branch in Livermore and a Wells Fargo Bank branch in Pleasanton in June. Source: http://sanfrancisco.cbslocal.com/2016/08/18/audi-bandit-sought-in-string-of-bay-area-bank-robberies/

For another story, see item 28 above in Top Stories

Information Technology Sector

24. August 18, SecurityWeek – (International) Flaws in smart sockets expose networks to remote attacks. Bitdefender researchers reported a popular brand of smart electrical sockets is plagued with serious vulnerabilities that could be exploited by a remote attacker who knows the media access control (MAC) and default password to take control of the device, make configuration changes, and obtain user information after finding that the socket’s hotspot is protected by default credentials and users are not advised to strengthen the credentials, the mobile app transfers Wi-Fi credentials in clear text, which could allow an attacker to intercept the information, and that communications between the device and application go through the manufacturer’s server without being encrypted, among other flaws. Researchers stated a patch for the flaws is expected to be released in the third quarter of 2016.

25. August 18, Softpedia – (International) Global phishing numbers rise as hosting firms fail to respond. Cyren released its Cyberthreat Report that analyzed global phishing operations and found that the total number of malicious phishing Universal Resource Locators (URLs) spread on the Internet increased by 14 percent in quarter 2 of 2016 to 4.44 million, and revealed that 20 percent of all phishing pages disappear after 3 hours, with only 40 percent of all pages lasting more than 2 days. The report also states that Google Chrome and Mozilla Firefox are the quickest to identify phishing pages and malicious sites after Chrome detected 73.9 percent of phishing pages within 48 hours and Firefox marked 52.2 percent of the sites. Source: http://news.softpedia.com/news/global-phishing-numbers-rise-as-hosting-firms-fail-to-respond-507441.shtml

26. August 18, SecurityWeek – (International) Locky ransomware reverts to malicious macros. FireEye researchers discovered that the Locky ransomware reverted to using Microsoft Office documents embedded with malicious macros to distribute the malware to individuals and organizations in the health care, telecommunications, and transportations industries. Researchers reported that the DOCM files install the ransomware onto a victim’s device once the malicious macros are enabled. Source: http://www.securityweek.com/locky-ransomware-reverts-malicious-macros

Communications Sector

See item 26 above in the Information Technology Sector