Friday, December 2, 2016



Complete DHS Report for December 2, 2016

Daily Report                                            

Top Stories

• Alabama Power crews worked to restore power to an estimated 17,800 customers who remained without power November 29 following severe storms that knocked out power to nearly 45,000 customers. – Birmingham News

2. November 29, Birmingham News – (Alabama) Alabama Power crews work through the night to restore power as thunderstorms hit Alabama. Alabama Power crews worked November 29 to restore power to an estimated 17,800 customers who remained without power after strong storms knocked out service to nearly 45,000 customers across the State November 28 – 29. Bagley Elementary School was closed November 29 due to the outages. Source: http://www.al.com/news/birmingham/index.ssf/2016/11/power_outages_continue_as_thun.html

• Officials are investigating after a discharge line experienced an outflow of over 100,000 gallons of treated wastewater in west Flower Mound, Texas, November 29. – Flower Mound Cross Timbers Gazette

12. December 1, Flower Mound Cross Timbers Gazette – (Texas) Wastewater spill reported in Flower Mound. Trinity River Authority officials are investigating after a discharge line within the Denton Creek Regional Wastewater System experienced an outflow of over 100,000 gallons of treated wastewater in west Flower Mound, Texas, November 29. Officials reported that public drinking water supplies were not threatened or contaminated and there was no threat to human health or the environment. Source: http://www.crosstimbersgazette.com/2016/12/01/wastewater-spill-reported-in-flower-mound/

• Security researchers discovered a new variant of an Android malware campaign dubbed Gooligan that has breached the security of more than 1 million Google accounts since August 2016. – Help Net Security See item 21 below in the Information Technology Sector

• Eight people were arrested November 26 near Farmersville, Illinois, for their alleged involvement in a theft ring believed to be responsible for $1.9 million in stolen goods and damages. – Jacksonville Journal-Courier

24. November 30, Jacksonville Journal-Courier – (National) Chase uncovers multi-million dollar theft ring, police say. Eight people were arrested November 26 near Farmersville, Illinois, for their alleged involvement in a theft ring that struck high-end retail establishments in 4 States and is believed to be responsible for $1.9 million in stolen goods and damages.

Financial Services Sector

Nothing to report

Information Technology Sector

19. December 1, Softpedia – (International) PayPal fixes security flaw allowing hackers to steal OAuth tokens. PayPal Holdings, Inc. patched a critical security flaw in its application after an Adobe Systems security researcher found a vulnerability that could allow attackers to steal OAuth tokens due to the way PayPal allows developers to register their apps with PayPal through a dashboard that generates token requests which are submitted to a central authentication server. The researcher found a hacker can trick the authentication server into using a localhost as a redirect_uri parameter to redirect a PayPal validation to a third-party domain where an attacker could access the data. Source: http://news.softpedia.com/news/paypal-fixes-security-flaw-allowing-hackers-to-steal-oauth-tokens-510642.shtml

20. December 1, SecurityWeek – (International) Kelihos botnet spreading Troldesh ransomware. Security researchers reported the Kelihos botnet was spotted distributing the Troldesh encryption ransomware to targeted devices via spam emails that contain URLs that redirect a victim to a JavaScript file and a Microsoft Word document before encrypting users’ files and adding the .no_more_ransom extension. The Troldesh ransomware displays a spam message impersonating Bank of America that convinces a user to open a malicious attachment claiming to have information on an outstanding debt, but instead downloads the malware and Pony info-stealer onto a victim’s device. Source: http://www.securityweek.com/kelihos-botnet-spreading-troldesh-ransomware

21. November 30, Help Net Security – (International) Gooligan Android malware used to breach a million Google accounts. Check Point security researchers discovered a new variant of an Android malware campaign dubbed Gooligan that has breached the security of more than 1 million Google accounts since August 2016 by rooting Android devices and stealing email addresses and authentication tokens stored on them, thereby enabling a malicious actor to access users’ sensitive data from Gmail, Google Docs, Google Photos, and Google Drive, among other programs. The researchers found the Gooligan campaign infects 13,000 devices daily and installs at least 30,000 apps on those infected devices each day, among other findings.

22. November 30, SecurityWeek – (International) Flaws found in Emerson DeltaV, Liebert products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published three advisories outlining flaws affecting Emerson’s DeltaV and Liebert products after a security researcher from Positive Technologies found that Emerson’s Liebert SiteScan tool versions 6.5 and earlier are plagued with an Extensible Markup Language (XML) external entity (XXE) flaw that can be remotely exploited to execute arbitrary code or access files from a server or connected network. The advisory also describes a vulnerability in the DeltaV Easy Security Management app that could be exploited to elevate privileges on the control system, among other flaws.

Communications Sector

Nothing to report