Complete DHS Report for August 26, 2016
Daily Report
Top Stories
• Crews worked August 23 to restore power to approximately 75,000
Harris County, Texas residents after a transformer faulted and caught fire at
the CenterPoint Energy substation in northwest Harris County. – KTRK 13
Houston
1. August 24,
KTRK 13 Houston – (Texas) Most power restored after CenterPoint substation
fire. Crews worked to restore power to approximately 75,000 Harris County,
Texas residents August 23 after a transformer faulted and caught fire at the
CenterPoint Energy substation in northwest Harris County, prompting officials
to issue a 3-hour shelter-in-place for nearby residents, evacuate Hamilton
Middle School, and close the Lone Star College Cypress-Fairbanks location until
August 24. Source: http://abc13.com/news/thousands-without-power-after-centerpoint-substation-fire/1482037/
• The Georgia Environmental Protection Division finished removing
500,000 gallons of contaminated water from an unnamed tributary of the
Nickajack Creek in Smyrna, Georgia, August 22 after 2,300 gallons of cleaning
fluid leaked into the creek from an Apollo Technologies facility August 13. – Atlanta
Journal-Constitution
11. August 23,
Atlanta Journal-Constitution – (Georgia) Cleanup of chemical
spill in creek complete near Cobb homes. The Georgia Environmental
Protection Division finished removing 500,000 gallons of contaminated water
from an unnamed tributary of the Nickajack Creek in Smyrna, Georgia, August 22
after 2,300 gallons of carburetor cleaning fluid leaked into the creek from an
Apollo Technologies facility August 13. Source: http://www.ajc.com/news/news/local/cleanup-chemical-spill-cobb-county-creek-coming-al/nsKyM/
• LeakedSource reported that over 25 million user records and
private data were leaked from 3 of Mail.ru forums, including Cross Fire game,
ParaPa Dance City game, and Ground War: Tank game due to outdated vBulletin
forum software. – Softpedia
22. August 24,
Softpedia – (International) Mail.ru forums hack compromises over 25
million user accounts. LeakedSource reported that over 25 million user
records from 3 of Mail.ru forums, including Cross Fire game, ParaPa Dance City
game, and Ground War: Tank game were leaked due to outdated vBulletin forum
software that was compromised to allow hackers access to data including
usernames, passwords, and emails, among other information. The Mail.Ru Group
stated that the leaked passwords were no longer valid and were associated with
forums of game projects the company previously acquired. Source: http://news.softpedia.com/news/mail-ru-forums-hack-compromises-over-25-million-user-accounts-507599.shtml
• The U.S. Bureau of Reclamation awarded American Hydro of York,
Pennsylvania a $19 million contract August 11 to update pump generation units
at the John W. Keys III Pump Generating Plant near Spokane, Washington. – U.S.
Bureau of Reclamation
23. August 22,
U.S. Bureau of Reclamation – (Idaho) Reclamation awards $19 million
contract for pump-generating plant upgrades at Grand Coulee Dam. The U.S.
Bureau of Reclamation announced August 22 it awarded American Hydro of York,
Pennsylvania a $19 million contract August 11 to replace and update equipment
for pump generation units 5 and 6 at the John W. Keys III Pump Generating Plant
at the Grand Coulee Dam near Spokane, Washington, in order to provide greater
efficiency, flood control, water delivery, and hydropower production at the
facility. The updates are part of a 20-year modernization effort that is
expected to be completed in January 2020.
Financial Services Sector
See item 19 below in the Information Technology
Sector
Information Technology Sector
17. August 25,
SecurityWeek – (International) Cisco updates ASA software to address
NSA-linked exploit. Cisco began releasing updates for its Adaptive Security
Appliance (ASA) software resolving a remote code execution flaw leveraged by a
zero-day exploit, dubbed EXTRABACON which affects the Simple Network Management
Protocol (SNMP) code of the ASA software and can be exploited by a remote
hacker to cause a system crash or execute arbitrary code. Cisco advised users
to update their installations to version 9.1.7(9) or later. Source: http://www.securityweek.com/cisco-updates-asa-software-address-nsa-linked-exploit
18. August 25,
SecurityWeek – (International) Attackers can target enterprises via
GroupWise collaboration tool. Micro Focus released patches resolving
critical vulnerabilities in its GroupWise collaboration tool, including two
reflected cross-site scripting (XSS) flaws that can be abused to execute
arbitrary JavaScript and hijack and admin’s session, a persistent XSS
vulnerability affecting the GroupWise WebAccess message viewer that can be
exploited by embedding malicious code in an email and getting the victim to
interact with the message, and a heap-based buffer overflow flaw affecting the
GroupWise Post Office Agent and GroupWise WebAccess that could be used to
achieve remote code execution, among other vulnerabilities. Micro Focus advised
users to update their installations to GroupWise 2014 R2 SP1 HP1 or later. Source: http://www.securityweek.com/attackers-can-target-enterprises-groupwise-collaboration-tool
19. August 24,
SecurityWeek – (International) Android botnet uses Twitter for receiving
commands. Researchers from ESET reported a new Android backdoor, dubbed
Android/Twitoor impersonates a MMS program or adult content player application
and uses a defined Twitter account to receive commands after being launched,
which either instruct the backdoor to download malicious applications,
including mobile banking malware onto the infected device or to switch to a
different command and control (C&C) Twitter account. Researchers also found
that Twitoor botnet’s transmitted messages are encrypted and use new
communication methods, such as social networks in order to remain undetected
and more difficult to block.
20. August 24,
SecurityWeek – (International) Flaw allow attackers to hijack VMware vRA
appliances. VMware addressed vulnerabilities affecting its vRealize
Automation (vRA) appliances, including a flaw in vRA 7.0.x appliance via port
40002 that can be abused for remote code execution and allow an attacker to
gain access to a low-privileged account on the affect device, and a second flaw
in vRA 7.0.x and VMware Identity Manager 2.x that can be exploited by a hacker
with access to a low-privileged account to obtain root privileges. VMware
reported attackers could combine the vulnerabilities to compromise and take
control of a vRA appliance and urged users to update vRA to version 7.1.
For another story, see item 22 above
in Top Stories
Communications Sector
Nothing to report