Complete DHS Report for December 11, 2014
Daily Report
Top Stories
• CHARGE Anywhere
stated December 9 that attackers had gained access to its network using a
previously unknown and undetected piece of malware and were able to capture
payment card data from some unencrypted communications. – Securityweek See item 6 below in the Financial Services Sector
• A winter storm in
the Northeast caused hazardous road conditions for several States and prompted
at least 300 school closures or delays in New Hampshire December 9. – Associated
Press
18. December 9, Associated Press – (New Hampshire) Northeast
dealing with heavy rains, snow, wind. A winter storm moving through the
Northeast caused hazardous road conditions for several States and caused at
least 300 school closures or delays in New Hampshire December 9 due to snow,
freezing rain, and sleet. Source: http://www.msn.com/en-us/news/other/northeast-dealing-with-heavy-rains-snow-wind/ar-BBgx4lH
• Researchers
identified and analyzed a cyber-espionage campaign that appears similar to the
RedOctober campaign dubbed Cloud Atlas or Inception Framework that has been
targeting the devices of specific users in a number of industry sectors in
several countries via spearphishing. – Softpedia See item 22 below in the Information Technology Sector
• A December 10 fire
at the Gatewood Apartments complex in Dallas left 2 people dead, 3 others
injured, and triggered the evacuation of about 300 individuals from the
facility. – Reuters
33. December 10, Reuters – (Texas) Two die in
Dallas fire at senior apartment complex: reports. A December 10 fire at the
Gatewood Apartments assisted-living senior apartment complex in Dallas left 2
people dead, 3 others injured, and triggered the evacuation of about 300
individuals from the facility. Authorities are investigating the source of the
blaze that trapped residents on balconies and prompted the rescue of several
individuals with limited mobility. Source: http://www.reuters.com/article/2014/12/10/us-usa-texas-fire-idUSKBN0JO1EZ20141210
Financial Services Sector
6. December
9, Securityweek – (International) Hackers breached payment
solutions provider CHARGE Anywhere: Undetected since 2009. Electronic
payment solutions provider CHARGE Anywhere stated December 9 that attackers had
gained access to its network as early as November 2009 using a previously
unknown and undetected piece of malware and were able to capture payment card
data from some communications that did not have encryption. The company
discovered the compromise September 22 and an investigation found that network
traffic capture occurred between August 17 and September 24. Source: http://www.securityweek.com/hackers-breach-payment-solutions-provider-charge-anywhere-numerous-merchants-affected
For another story, see item 22 below
in the Information Technology Sector
Information Technology Sector
22. December
10, Softpedia – (International) Red October cyber spy op goes mobile via
spear-phishing. Researchers with Blue Coat and Kaspersky Lab identified and
analyzed a cyber-espionage campaign that appears similar to the RedOctober
campaign dubbed Cloud Atlas or Inception Framework that has been targeting the
Android, iOS, and BlackBerry devices of specific users in the government,
finance, energy, military, and engineering sectors in several countries via
spearphishing. The malware appears to primarily be designed to record phone
conversations and can also track locations, monitor text messages, and read
contact lists. Source: http://news.softpedia.com/news/Red-October-Cyber-Spy-Op-Goes-Mobile-Via-Spear-Phishing-467099.shtml
23. December
10, Securityweek – (International) Trihedral fixes vulnerability in SCADA
monitoring and control software. Trihedral Engineering Ltd., released
software updates for its VTScada (VTS) supervisory control and data acquisition
(SCADA) software to close a vulnerability that could be used by an
unauthenticated attacker to crash VTS servers. The software is used in
industries including the energy, chemical, manufacturing, agriculture,
transportation, and communications sectors. Source: http://www.securityweek.com/trihedral-fixes-vulnerability-scada-monitoring-and-control-software
24. December
10, Softpedia – (International) Flash Player 16.0.0.235 fixes remote code
execution bug exploited in the wild. Adobe released patches for six
vulnerabilities in its Flash Player software, including a vulnerability
reported by a researcher that could allow arbitrary code to be executed on
affected systems. The arbitrary code execution vulnerability has been observed
being exploited in the wild and all users were advised to update their versions
of Flash Player as soon as possible. Source: http://news.softpedia.com/news/Flash-Player-16-0-0-235-Fixes-Remote-Code-Execution-Bug-Exploited-in-the-Wild-467030.shtml
25. December
10, Securityweek – (International) SQL injection, other vulnerabilities found in
InfiniteWP admin panel. A researcher with Slik identified and reported
several vulnerabilities in the InfiniteWP administration application for
WordPress Web sites, including SQL injection vulnerabilities that could be used
by an unauthenticated attacker to gain control of WordPress sites. Source: http://www.securityweek.com/sql-injection-other-vulnerabilities-found-infinitewp-admin-panel
26. December
10, Securityweek – (International) Flaw in AirWatch by VMware leaks info in
multi-tenant environments. VMware released an update for its AirWatch
enterprise mobile management and security platform December 10 that closes
vulnerabilities that could allow a user that manages a deployment in a
multi-tenant environment to view the statistics and organizational information
of another tenant. Source: http://www.securityweek.com/flaw-airwatch-vmware-leaks-info-multi-tenant-environments
27. December
10, Securityweek – (International) Recursive DNS resolvers affected by serious
vulnerability. The Computer Emergency Response Team Coordination Center
(CERT/CC) reported December 9 that recursive Domain Name System (DNS) resolvers
are vulnerable to an issue where a malicious authoritative server can cause
them to follow an infinite chain of referrals, leading to a denial of service
(DoS) state. Source: http://www.securityweek.com/recursive-dns-resolvers-affected-serious-vulnerability
28. December
10, Securityweek – (International) Third-party bundling made IBM products most
vulnerable: Study. Secunia released a report on security vulnerabilities
disclosed between August and October and found that vulnerabilities increased
by 40 percent compared to the previous year to a total of 1,841 vulnerabilities
in the 20 most vulnerable products, among other findings. The report also found
that Google Chrome had the largest number of disclosed security issues, and
that IBM was the most vulnerable vendor due to products being bundled with
third-party software. Source: http://www.securityweek.com/third-party-bundling-made-ibm-products-most-vulnerable-study
29. December
9, Securityweek – (International) Microsoft releases critical IE security
update on Patch Tuesday. Microsoft released its monthly Patch Tuesday round
of updates for its products December 9, which included 7 security bulletins
addressing 24 vulnerabilities. Three vulnerabilities were considered critical
and affected Internet Explorer, Microsoft Word and Office Web Apps, and the
VBScript scripting engine. Source: http://www.securityweek.com/microsoft-releases-critical-ie-security-update-patch-tuesday
30. December
9, Threatpost – (International) New version of Destover malware signed by
stolen Sony certificate. Researchers at Kaspersky Lab identified a new
variant of the Destover malware used in an attack on Sony Pictures
Entertainment that uses a stolen, legitimate certificate from Sony. The malware
is basically identical to previous versions except for the use of a
certificate. Source: http://threatpost.com/new-version-of-destover-malware-signed-by-stolen-sony-certificate/109777
31. December
9, SC Magazine – (International) SEO poisoning campaign ensnares several
thousand websites, security expert finds. A webmaster identified and
researchers from Websense and High-Tech Bridge confirmed that several thousand
legitimate Web sites hosted on GoDaddy and other services had been compromised
to improve the search engine optimization (SEO) ranking of other sites by
inserting links into the legitimate sites. GoDaddy stated that the company was
investigating the issue. Source: http://www.scmagazine.com/thousands-of-websites-compromised-by-seo-poisoning/article/387453/
For another story, see item 5 below from the Critical Manufacturing Sector
5. December 9, U.S. Consumer Product Safety Commission –
(International) Lenovo recalls computer power cords due to fire and burn
hazards. Lenovo announced a recall for around 544,000 Lenovo LS-15 AC power
cords in the U.S. and Canada due to the potential for the power cords to
overheat, posing fire and burn hazards. Source: http://www.cpsc.gov/en/Recalls/2015/Lenovo-Recalls-Computer-Power-Cords/
Communications Sector
See item 23 above in the Information Technology
Sector