Daily Report
Top Stories
• Symantec researchers identified an ongoing,
multi-phase cyberattack campaign targeting the energy sector in the U.S. and
several other countries. – Securityweek
1.
June 30, Securityweek – (International) Energy companies in Europe,
US hit by sophisticated attack campaign. Symantec researchers identified an
ongoing cyberattack campaign by a group known as Dragonfly or Energetic Bear
targeting the energy sector in the U.S. and several other countries. The
campaign has used phishing emails, watering hole attacks, and a
recently-uncovered compromise of several industrial control system
manufacturers’ Web sites. Source:
http://www.securityweek.com/energy-companies-europe-us-hit-sophisticated-attack-campaign
• General Motors
announced recalls June 27 covering 474,000 vehicles globally, with the largest
recall affecting around 467,000 Chevrolet and GMC trucks and SUVs mainly in the
U.S. and Canada. – Associated Press
4. June 27, Associated Press – (International) GM issues
3 more recalls covering 474,000 vehicles. General Motors announced recalls
June 27 covering 474,000 vehicles globally, with the largest recall affecting
around 467,000 model year 2014 and 2015 Chevrolet Silverado, Suburban, and
Tahoe, and GMC Sierra and Yukon vehicles mainly in the U.S. and Canada due to a
transmission software glitch that could cause the vehicles to shift into
neutral on their own. Source: http://www.wzzm13.com/story/news/2014/06/27/gm-recalling-474k-vehicles/11557881/
• The Alabama
Department of Public Health notified over 500 people that their identities may
have been stolen from department records as part of an alleged $20 million tax
fraud that operated in Alabama and Georgia. – WBMA 58 Birmingham
20. June 27, WBMA
58 Birmingham – (Alabama; Georgia) Alabama Department of Public Health
warns patient records may have been compromised. The Alabama Department of
Public Health notified over 500 people that their identities may have been
stolen from department records as part of a tax fraud scheme in which 10 people
have already been indicted for allegedly using the stolen information to file
over $20 million in fake tax returns in Alabama and Georgia. Source: http://www.abc3340.com/story/25888518/alabama-department-of-public-health-warns-patient-records-may-have-been-compromised
• Butler University
in Indianapolis informed 163,000 current and past students and employees that
their personal and financial information may have been compromised in a hacking
incident sometime between November 2013 and May. – WXIN 59 Indianapolis
22. June 30, WXIN
59 Indianapolis – (Indiana; California) Butler alumni, current and
prospective students warned of data breach. Butler University in
Indianapolis informed 163,000 current and past students and employees that
their personal and financial information may have been compromised in a hacking
incident sometime between November 2013 and May. The university began its
investigation after authorities in California arrested an individual in
possession of a flash drive containing information of Butler University
employees. Source: http://fox59.com/2014/06/30/butler-university-alumni-current-students-warned-of-data-breach
Financial Services Sector
6. June 30, Securityweek –
(International) “Emotet” banking malware steals data via network sniffing. Researchers
at Trend Micro identified a new piece of banking malware dubbed Emotet that
attempts to steal banking credentials by logging outgoing traffic and comparing
it against a list of targeted financial institutions. The malware is
distributed via spam emails containing a link to a malicious Web site, and
currently is primarily targeting financial institutions in Germany. Source: http://www.securityweek.com/emotet-banking-malware-steals-data-network-sniffing
For another story, see item 20 from the Healthcare and Public
Healthcare Sector below:
20. June 27, WBMA 58 Birmingham –
(Alabama; Georgia) Alabama Department of Public Health warns patient records
may have been compromised. The Alabama Department of Public Health notified
over 500 people that their identities may have been stolen from department
records as part of a tax fraud scheme in which 10 people have already been
indicted for allegedly using the stolen information to file over $20 million in
fake tax returns in Alabama and Georgia. Source: http://www.abc3340.com/story/25888518/alabama-department-of-public-health-warns-patient-records-may-have-been-compromised
Information Technology Sector
26. June 30, The Register – (International) London teen
charged over Spamhaus mega-DDoS attacks. Authorities in the U.K. charged a
teenager for his alleged involvement in several major distributed denial of
service (DDoS) attacks against anti-spam service Spamhaus during 2013. The attacks
were also led to worldwide disruptions in Internet exchanges and services.
Source: http://www.theregister.co.uk/2014/06/30/ddos_charges/
27. June 30, Threatpost – (International) PHP fixes
OpenSSL flaws in new releases. The PHP Group released new versions of PHP,
closing two vulnerabilities in OpenSSL that are related to timestamps. Source: http://threatpost.com/php-fixes-openssl-flaws-in-new-releases/106908
28. June 30, Help Net Security – (International) Google
Drive update fixes data-leaking flaw. Google closed a security issue in its
Google Drive service that previously allowed some files shared with a direct
link to be accessed by unauthorized third parties. Some files could still be
seen by unauthorized parties, and Google advised users with files that met
certain criteria to remove them. Source: http://www.net-security.org/secworld.php?id=17067
For another story, see item 1 above in Top Stories
Communications Sector
See
item 25 below from the Emergency Services Sector
25.
June 26, Salem Statesman Journal – (Oregon) 9-1-1 service restored in
north end of valley. Frontier Communications announced June 26 that a
telephone fiber was severed during road construction work near the city of Dundee
prompting an outage of emergency 9-1-1 landline phone service, regular landline
service, and Internet access in parts of Mid-Valley that lasted for more than 4
hours. Source: http://www.statesmanjournal.com/story/news/2014/06/26/service-restored-north-end-valley/11429945/