Tuesday, August 23, 2016



Complete DHS Report for August 23, 2016

Daily Report                                            

Top Stories

• Crews worked August 20 to restore power to more than 25,000 Consumers Energy customers in Kent County, Michigan, who remained without power following tornadoes that moved through the area. – WZZM 13 Grand Rapids

1. August 20, WZZM 13 Grand Rapids – (Michigan) Thousands of Consumers Energy customers in dark after reported tornadoes. Crews worked August 20 to restore power to more than 25,000 Consumers Energy customers in Kent County, Michigan, who remained without power following tornadoes that moved through west Michigan and the Grand Rapids metropolitan area. Source: http://www.wzzm13.com/weather/at-least-21k-consumers-energy-customers-in-dark-after-reported-tornado/303566325

• Hyundai Motor Company issued a recall August 22 for approximately 64,500 of its model year 2013 Hyundai Elantra vehicles sold in the U.S. due to a faulty brake pedal stopper pad. – TheCarConnection.com  

3. August 22, TheCarConnection.com – (National) 2013 Hyundai Elantra recalled for brake light problem: over 64,000 vehicles affected. Hyundai Motor Company issued a recall August 22 for approximately 64,500 of its model year 2013 Hyundai Elantra vehicles sold in the U.S. due to a faulty brake pedal stopper pad which can deteriorate over time and cause the stop lights to remain illuminated after the brake pedal has been released, allow the driver to move the shift lever without pressing the brake pedal, and allow a driver to start the vehicle without pressing the brake, among other effects, thereby increasing the risk of an accident. Source: http://www.thecarconnection.com/news/1105679_2013-hyundai-elantra-recalled-for-brake-light-problem-over-64000-vehicles-affected

• The FBI is searching August 20 for a man dubbed the “Baggy Eyes Bandit” who is suspected of committing 5 bank robberies and 1 attempted robbery at Citibank branches in Los Angeles, San Bernardino, Orange, and Riverside counties since February. – San Gabriel Valley Tribune See item 4 below in the Financial Services Sector

• About 50,000 gallons of wastewater spilled into a tributary of Bear Creek in southwest Austin, Texas, August 20 following heavy rains that caused the Southland Oaks lift station to overflow. – Austin American-Statesman

25. August 21, Austin American-Statesman – (Texas) 50,000 gallons of wastewater spills as result of heavy rain. About 50,000 gallons of wastewater spilled into a tributary of Bear Creek in southwest Austin, Texas, August 20 following heavy rains that caused the Southland Oaks lift station to overflow. Officials issued a boil water advisory for residents using private wells near the lift station and stated the sewage overflow did not impact Austin’s water supply. Source: http://www.statesman.com/news/news/local/50000-gallons-of-wastewater-spills-as-result-of-he/nsJ2C/

Financial Services Sector

4. August 20, San Gabriel Valley Tribune – (California) ‘Baggy Eyes Bandit’ sought in 4-county bank robbery spree. The FBI is searching August 20 for a man dubbed the “Baggy Eyes Bandit” who is suspected of committing 5 bank robberies and 1 attempted robbery at Citibank branches in Los Angeles, San Bernardino, Orange, and Riverside counties since February. Source: http://www.dailybulletin.com/general-news/20160819/baggy-eyes-bandit-sought-in-4-county-bank-robbery-spree

Information Technology Sector

34. August 21, Softpedia – (International) GnuPG project fixes “critical security problem” that existed since 1998. The GnuPG project patched a critical security problem affecting the mixing function in the random number generator (RNG) used for Libgcrypt in all GnuPG (Gnu Privacy Guard) versions released since 1998 after researchers from the Karlsruhe Institute of Technology discovered that an attacker who can obtain 4640 bits from the RNG can predict the next 160 bits of output. Researchers advised all users to update their software to the latest version to avoid the problem. Source: http://news.softpedia.com/news/gnupg-project-fixes-critical-security-problem-that-existed-since-1998-507505.shtml

35. August 21, Softpedia – (International) Around four in five DNSSEC servers can be hijacked for DDoS attacks. Security researchers from Neustar reported that 80 percent of Domain Name System Security Extensions (DNSSEC) servers have been improperly configured and contain vulnerabilities that could allow an attacker to reflect and amplify distributed denial-of-service (DDoS) attacks. Researchers found that attackers were sending DNSSEC requests to a domain name server signed with the ANY command in order to force the DNSSEC server to gather all the Domain Name System (DNS) information about that domain and respond to the query with its digital signature attached, thereby sending junk traffic to the victim’s Internet Protocol (IP) address. Source: http://news.softpedia.com/news/around-four-in-five-dnssec-servers-can-be-used-in-ddos-attacks-507503.shtml

36. August 19, Softpedia – (International) Rex Linux trojan can launch DDoS attacks, lock websites, mine for cryptocurrency. Stormshield and Dr. Web researchers discovered a Linux trojan, dubbed Rex received updates that allow the trojan to infect more content management system (CMS) platforms than before, operate via an advanced peer-to-peer (P2P)-based botnet, launch distributed denial-of-service (DDoS) attacks, mine for crypto-currency on infected hosts, and self-propagate to other vulnerable devices or servers on the local network. Researchers also found the trojan can affect Drupal, WordPress, and Magneto, among other sites, and can be used to threaten other Webmasters with DDoS attacks unless a ransom fee is paid with Bitcoin, as well as distribute spam messages. Source: http://news.softpedia.com/news/rex-linux-trojan-can-launch-ddos-attacks-lock-websites-mine-for-cryptocurrency-507486.shtml

37. August 19, Softpedia – (International) UAC bypass with elevated privileges works on all Windows versions. An enSilo security researcher discovered a method to bypass the Microsoft Windows User Account Control (UAC) mechanism in all supported Windows versions where malicious actors can use modified environment variables including the user’s current username and PC’s domain, among other details, to create malicious child processes under a legitimate app and carry out attacks with elevated privileges, as Windows UAC trusts the apps execution and will not display a warning due to the apps high privileges. The researcher found the flaw can be exploited to load malicious dynamic link libraries (DLLs) on the system if an attacker creates a copy of the C:/ Windows folder and modifies the system-wide environment variable to point to the wrong Windows operating system (OS) folder. Source: http://news.softpedia.com/news/uac-bypass-with-elevated-privileges-works-on-all-windows-versions-507481.shtml

For another story, see item 38 below in the Communications Sector

Communications Sector

38. August 20, Softpedia – (International) Marcher Android trojan can steal logins from Facebook, WhatsApp, Skype, Gmail. Zscaler security researchers discovered an Android trojan, dubbed Marcher received an update that allows the trojan to collect user login credentials by displaying fake login screens for various Android apps including WhatsApp, Viber, Skype, Facebook, and Google Chrome, among others, which is then sent to an online server under the attacker’s control via a secure socket layer (SSL)-protected channel. Researchers found malicious actors were using non-official Google domains to distribute the malware disguised as a fake Android firmware security update and urged users not to install applications from outside the Google Play Store. Source: http://news.softpedia.com/news/marcher-android-trojan-can-steal-logins-from-facebook-whatsapp-skype-gmail-507497.shtml