Wednesday, October 14, 2015



Complete DHS Report for October 14, 2015

Daily Report                                            

Top Stories

  • Twenty-five coal units at Michigan power plants are scheduled to be shut down by 2020 due to additional restrictive environmental regulations and old age. – Detroit Free Press

1. October 10, Detroit Free Press – (Michigan) 25 Michigan coal plants are set to retire by 2020. Additional restrictive environmental regulations and old age prompted the closure of 25 coal units at Michigan power plants, which are scheduled to be shut down by 2020. Michigan officials were ordered to submit a detailed plan in September 2016 on how the State will come into compliance with the Clean Power Plan. Source: http://www.freep.com/story/money/business/michigan/2015/10/10/25-michigan-coal-plants-set-retire-2020/73335550/

 • Southwest Airlines issued a statement October 12 that technical systems were repaired after a computer glitch caused 836 flight delays out of 3,355 flights scheduled October 11. – NBC News; Associated Press

13. October 12, NBC News; Associated Press – (National) Outdated technology likely culprit in Southwest Airlines outage. Southwest Airlines issued a statement October 12 that technical systems were repaired after a computer glitch prevented passengers from checking in and caused 836 delays out of 3,355 flights scheduled October 11. The cause of the failure is believed to be from outdated technology. Source: http://www.nbcnews.com/business/travel/outdated-technology-likely-culprit-southwest-airlines-outage-n443176

 • Officials reported October 9 that the operators of Maryland Health Benefit Exchange’s Web site improperly stored customer information while awarding over $100 million in contracts without ensuring that the money would be spent properly. – Washington Post

18. October 9, Washington Post – (Maryland) Audit: Maryland health-insurance site failed to protect patient information. The Maryland Office of Legislative Audits released a report October 9 which found that the operators of Maryland Health Benefit Exchange’s Web site improperly stored Social Security numbers and other customer information, while awarding over $100 million in contracts without ensuring that the money was being properly spent. The exchange stated that it took steps to increase security measures and safeguards to help protect consumer information. Source: https://www.washingtonpost.com/local/dc-politics/audit-maryland-health-insurance-site-failed-to-protect-patient-information/2015/10/09/68f70a14-6e9f-11e5-9bfe-e59f5e244f92_story.html

 • Officials released October 12 that 11 of the 17 dams that failed during recent heavy rains in South Carolina had been cited repeatedly for deficiencies by the State over several years. – Columbia State

35. October 13, Columbia State – (South Carolina) Failed Richland dams had flaws, inspection records show. South Carolina officials released records October 12 that 11 of the 17 dams that failed in Richland County following historic rains throughout the month of October, were cited repeatedly over several years in State inspection reports according to South Carolina Department of Health and Environmental Control. Officials also reported that they had no record for two of the dams that breached and two others were not under the agency’s jurisdiction. Source: http://www.thestate.com/news/local/article38896089.html

Financial Services Sector

6. October 12, Securityweek – (National) Dow Jones suffers data breach. Dow Jones & Company alerted customers October 9 after discovering that hackers targeted contact details of current and former subscribers between August 2012 – July 2015, and may have accessed financial information belonging to 3,500 individuals. There is reportedly no direct evidence that any information was stolen or misused, and law enforcement officials believe that the attack was linked to a broader hacking campaign. Source: http://www.securityweek.com/dow-jones-suffers-data-breach

7. October 9, Washington Post – (National) E-Trade notifies 31,000 customers that their contact info may have been breached in 2013 hack. E-Trade notified about 31,000 customers in the week of October 5 that their personal information including email account names and physical names and addresses may have been compromised in a 2013 cyberattack. The company reportedly warned customers out of an abundance of caution and found no fraud or losses resulting from the incident.

Information Technology Sector

23. October 13, Securityweek – (International) Cisco IOS rootkits can be created with limited resources: Researchers. Security researchers from Grid32 released research revealing that cybercriminals could easily create a basic Cisco IOS rootkit within a month or less which could rival the effectiveness of the SYNful Knock malware designed to replace router firmware. Cisco has implemented several new security technologies in current devices to help mitigate threats. Source: http://www.securityweek.com/cisco-ios-rootkits-can-be-created-limited-resources-researchers

24. October 12, Securityweek – (International) Command injection flaw found in HP SiteScope. Security researchers from Rapid7 and Knowledge Consulting Group discovered a vulnerability in HP SiteScope in which an attacker with local system access could execute arbitrary operating system (OS) commands by accessing a default deployment of the product’s administration panel. Source: http://www.securityweek.com/command-injection-flaw-found-hp-sitescope

25. October 12, Help Net Security – (International) Thousands of Zhone SOHO routers can easily be hijacked. A security researcher from Vantage Point Security revealed a number of recently patched vulnerabilities, including a remote code execution (RCE) flaw in Zhone Technologies Small Office/Home Office (SOHO) routers, and reported that some users could not access the products’ administration panels to apply the corresponding firmware update. Source: http://www.net-security.org/secworld.php?id=18967

26. October 12, Securityweek – (International) Schneider Electric patches flaw in Motion USA website. Schneider Electric patched a cross-site scripting (XSS) vulnerability on its e-order.biz Web site which allowed customers to order products from Schneider Electric Motion USA. The vulnerability could allow an attacker to execute JavaScript code to steal cookies and session identifiers to hijack accounts or redirect users to phishing sites due to the site’s failure to sanitize the input passed by remote users in a hypertext transfer protocol (HTTP) request. Source: http://www.securityweek.com/schneider-electric-patches-flaw-motion-usa-website

27. October 11, Softpedia – (International) Kaspersky Antivirus fixes bug that allowed attackers to block Windows Update and other services. Kaspersky Antivirus fixed a flaw in its Internet Security package’s Network Attack Blocker component that could have allowed an attacker to spoof traffic and to use the product to block services such as Microsoft Windows Update, Kaspersky’s update servers, or other services that would enable a system to be compromised further. The company reported that the flaw had never been exploited in the wild. Source: http://news.softpedia.com/news/vulnerability-open-to-abuse-fixed-in-kaspersky-internet-security-antivirus-494280.shtml

28. October 11, Softpedia – (International) Android Adware hits to Google Play Store once again. Google removed applications from the Google Play Store after security researchers from ESET discovered a new Android adware in which the “Cheats for Pou,” “Cheats for Subway,” and “Guide for SubWay,” applications were compromised with malware that would show fullscreen ads intermittently. Source: http://news.softpedia.com/news/android-adware-hits-to-google-play-store-once-again-494285.shtml

29. October 10, Softpedia – (International) DDoS attacks can bypass mitigation services by taking aim at a website’s origin IP. Security researchers from the U.S. and Belgium released research revealing that most Cloud-Based Security Providers’ (CBSP) distributed denial-of-service (DDoS) mitigation can be bypassed by attackers who discover targeted Web site’s origin Internet protocol (IP) addresses either by analyzing outbound connections, Secure Sockets Layer (SSL) certificates, via sensitive files hosted on the server, or during migration or maintenance operations that expose the site. Researchers found that 71.5 percent of 17,877 scanned Web sites revealed origin IP addresses.

For additional stories, see items 6 above in the Financial Services Sector and 32 below from the Commercial Facilities Sector

32. October 12, AL.com – (International) America’s thrift store hit by cyber attack, Birmingham-based company says credit card data exposed. Birmingham-based America’s Thrift Store reported October 12 that cyber criminals from Eastern Europe accessed its systems through a third-party provider and installed malwares onto its system, allowing unauthorized access to customers’ payment card numbers from September 1 – September 27. Officials reported the malware has since been removed and the U.S. Secret Service is investigating the breach. Source: http://www.al.com/news/index.ssf/2015/10/americas_thrift_store_hit_by_c.html

Communications Sector

Nothing to report