Monday, August 29, 2016



Complete DHS Report for August 29, 2016

Daily Report                                            

Top Stories

• More than 20,000 Indianapolis Power & Light customers in Marion County, Indiana, lost power August 26 following severe storms that moved through the area. – WRTV 6 Indianapolis

1. August 26, WRTV 6 Indianapolis – (Indiana) More than 20,000 without power after strong, sudden storms plow through Marion Co. More than 20,000 Indianapolis Power & Light customers in Marion County, Indiana, lost power August 26 following severe storms that prompted authorities to issue tornado warnings for the area and forced the closure of Eastwood Middle School. Source: http://www.theindychannel.com/news/local-news/more-than-20000-without-power-after-strong-sudden-storms-plow-through-marion-co

• Sentry Foods issued a recall August 25 for approximately 21,570 pounds of its frozen chicken entrees products sold in 3 variations due to potential contamination with glass or hard plastic fragments. – U.S. Department of Agriculture

11. August 26, U.S. Department of Agriculture– (Indiana, Pennsylvania, Texas) Sentry Foods recalls frozen chicken entrĂ©es due to possible foreign matter contamination. Sentry Foods issued a recall August 25 for approximately 21,570 pounds of its frozen chicken entrees products sold in 3 variations due to potential contamination with glass or hard plastic after the firm received consumer complaints stating extraneous materials were found in the products. There have been no confirmed reports of adverse reactions and the products were shipped to retail locations in Indiana, Texas, and Pennsylvania. Source:

• Apple released an emergency security update for its iOS devices after discovering three zero-day vulnerabilities plaguing iPhones, iPads, and iPod touches that could allow an attacker to compromise a targeted device. – SecurityWeek See item 17 below in the Information Technology Sector

• A Russian cyber-criminal was convicted August 25 after he stole more than 1.7 million credit card numbers from the point-of-sale systems of various businesses, causing 3,700 financial institutions more than $169 million in losses. – U.S. Department of Justice

21. August 25, U.S. Department of Justice – (International) Russian cyber-criminal convicted of 38 counts related to hacking businesses and stealing more than two million credit card numbers. A Russian cyber-criminal was convicted August 25 after he stole than 1.7 million credit card numbers from various businesses from a server he operated in Russia by hacking retail point-of-sale (PoS) systems and installing malware on the servers in order to make fraudulent purchases, causing 3,700 financial institutions more than $169 million in losses. Source: https://www.justice.gov/opa/pr/russian-cyber-criminal-convicted-38-counts-related-hacking-businesses-and-stealing-more-two

Financial Services Sector

See item 21 above in Top Stories

Information Technology Sector

16. August 26, Softpedia – (International) New Locky ransomware version delivered as DLL file. Cyren security researchers discovered that a variant of the Locky ransomware, Zepto received updates and is now installed on infected devices as dynamic-link library (DLL) files, instead of executable (EXE) files. Researchers also found that the DLL file uses a custom packer in order to prevent detection from anti-malware scanners. Source: http://news.softpedia.com/news/new-locky-ransomware-version-delivered-as-dll-file-507646.shtml

17. August 26, SecurityWeek – (International) Apple issues emergency fix for iOS zero-days: What you need to know. Apple released an emergency security update for its iOS devices after discovering its iPhone 4s and later, iPad 2 and later, and iPod touch fifth generation and later versions were plagued with three zero-day vulnerabilities, dubbed Trident, including an information leak in the Kernel, a memory corruption bug that could allow an attacker to jailbreak the device and install surveillance software without user knowledge, and a memory corruption bug in the Safari WebKit, which could allow an attacker to execute arbitrary code and compromise the device when a user clicks a link on a specially crafted Website. Researchers found the vulnerabilities were exploited by Pegasus, a high-end surveillance software, and were leveraged in attacks against human rights activists and journalists via a text message phishing campaign. Source: http://www.securityweek.com/apple-issues-emergency-fix-ios-zero-days-what-you-need-know

18. August 25, Softpedia – (International) PowerShell script steals credentials from IIS config files. SecureWorks researchers discovered attackers were exploiting already compromised devices to upload and execute a malicious PowerShell script that searchers for Microsoft Internet Information Server (IIS) configuration files on the infected machine, which store credentials for other connection services as connectionStrings in order to steal the access credentials and copy the content to the local /TEMP folder. Source: http://news.softpedia.com/news/powershell-script-steals-credentials-from-iis-config-file-507638.shtml

19. August 25, Softpedia – (International) Security firm releases decrypter for Alma Locker ransomware. PhishLabs malware analysts released a decrypter for the Alma Locker ransomware family that allows victims to recover their files without paying the ransom after finding the malware’s decrypter was susceptible to a Man-in-the-Middle attack, which allowed the researchers to spoof communications from the attackers’ command and control (C&C) server in order to gain insight into how the ransomware’s decrypter operates. Source: http://news.softpedia.com/news/security-firm-releases-free-decrypter-for-alma-locker-ransomware-507613.shtml

Communications Sector

Nothing to report