Tuesday, December 8, 2015



Complete DHS Report for December 8, 2015

Daily Report                                            

Top Stories

Microsoft reported that the company will no longer provide security updates, non-security updates, online content updates, or technical support for older versions of its web browser, Internet Explorer. – Help Net Security See item 28 below in the Information Technology Sector

Researchers reported that Russian-linked hacker group, Pawn Storm, has updated its data theft tools and is utilizing a new version of the AZZY trojan, which is being delivered by another piece of malware instead of a zero-day exploit. – SecurityWeek See item 30 below in the Information Technology Sector

Global law enforcement agencies have partnered with IT companies to disrupt the Dorkbot botnet, dubbed Nrgbot, after the malware spread through multiple channels affecting over a million computers in 190 countries. – SecurityWeek See item 31 below in the Information Technology Sector

South Carolina officials reported December 7 that at least 23 additional broken dams were found in 2 counties and that an additional $7 million was needed to repair roads damaged by the breaks. – Savannah Morning News

37. December 5, Marysville Appeal-Democrat – (California) 8.5 million funds more levee work in Sutter County. A mile of levee upgrades was added to the Feather River West Levee project in Sutter County, pending $8.5 million in funding received from California. The project will help raise flood protection in urban and rural areas. Source: http://www.appeal-democrat.com/news/million-funds-more-levee-work-in-sutter-county/article_9d73c2b0-9ba8-11e5-9ee0-0f56ff698cd9.html

Financial Services Sector

8. December 4, SecurityWeek – (International) Botnet takes “shotgun” approach to hack PoS systems. Researchers at Trend Micro reported a new campaign dubbed operation Black Atlas that targets point-of-sale (PoS) systems at small and medium sized businesses and healthcare organizations worldwide utilizing various penetration testing tools including brute force, Simple Mail Transfer Protocol (SMTP) scanners, and remote desktop viewers. Black Atlas received its name from the BlackPOS malware, works in stages, and uses variants of other known malware, allowing hackers to potentially steal sensitive information. Source: http://www.securityweek.com/botnet-takes-shotgun-approach-hack-pos-systems

9. December 4, Sacramento Bee – (California) Placer County women guilty in multimillion-dollar mortgage fraud scheme. A Federal jury in Sacramento found 2 Placer County women guilty December 4 for their roles in a mortgage fraud scheme that netted over $16 million and involved more than 30 properties in the Sacramento area that were purchased through straw buyers. The women created fraudulent loan applications and ran an escrow company used in a majority of the real estate transactions. Source: http://www.sacbee.com/news/local/crime/article48104005.html

10. December 4, U.S. Department of Justice – (Massachusetts) Two Massachusetts men indicted in massive stolen identity tax refund fraud scheme. Two Dominican men residing in Massachusetts were charged December 3 for allegedly participating in a scheme to prepare and file fake Federal income tax returns using the stolen identities of more than 800 U.S. citizens including Puerto Rican residents, in order to obtain tax refund checks. The pair also reportedly sold more than 16 tax refund checks valuing over $100,000 to one individual. Source: http://www.justice.gov/opa/pr/two-massachusetts-men-indicted-massive-stolen-identity-tax-refund-fraud-scheme

Information Technology Sector

27. December 7, Softpedia – (International) Trifecta of security bugs affecting Dell, Lenovo, and Toshiba products. Security researchers from LizardHQ reported that three major security vulnerabilities were affecting current and older versions of computer products including Dell System Detect, Lenovo’s Solution Center, and Toshiba Service Station that allows attackers to abuse an application program interface (API) to bypass the Windows User Account Control limitations on Dell products, run malicious code and escalate privileges to administrative rights on Lenovo products, and allows attackers to read parts of the Windows registry as a SYSTEM-level users in Toshiba products. The companies released recommendations on how to fix the vulnerabilities. Source: http://news.softpedia.com/news/trifecta-of-security-bugs-affecting-dell-lenovo-and-toshiba-products-497226.shtml

28. December 7, Help Net Security – (International) Microsoft warns of imminent end of support for all but the latest Internet Explorer versions. Microsoft reported that the company will no longer provide security updates, non-security updates, online content updates, or technical support for older versions of its web browser, Internet Explorer in an attempt to encourage users to upgrade from Internet Explorer 11 to Microsoft Edge and Windows 10. Source: http://www.net-security.org/secworld.php?id=19197

29. December 7, SecurityWeek – (International) Serious flaws found in Honeywell gas detectors. Honeywell released firmware updates to it Midas gas detectors after a security researcher discovered that Midas gas detectors running firmware versions 1.13b1 and older, and Midas Black products running firmware versions 2.13b1 and older, were susceptible to a path traversal flaw and a clear text flaw that can be exploited remotely by an attacker with low skill by typing a targeted Uniform Resource Locator (URL) into the device to bypass authentication procedures. Source: http://www.securityweek.com/serious-flaws-found-honeywell-gas-detectors

30. December 7, SecurityWeek – (International) Russian cyberspies use updated arsenal to attack defense contractors. Researchers from Kaspersky Lab reported that Russian-linked cyber espionage group, Pawn Storm, which targets international military, media, defense, and government organizations has updated its data theft tools and is utilizing a new version of the AZZY trojan which is being delivered by another piece of malware instead of a zero-day exploit. The new AZZY backdoor also uses an external library for command and control (C&C) communications. Source: http://www.securityweek.com/russian-cyberspies-use-updated-arsenal-attack-defense-contractors

31. December 4, SecurityWeek – (International) International operation disrupts dorkbot botnet. Global law enforcement agencies have partnered with Microsoft, ESET, and CERT Polska to disrupt the Dorkbot botnet, dubbed Nrgbot, after the malware spread through multiple channels, including Universal Serial Bus (USB) flash drives, instant messaging programs, social network sites, exploit kits (EK), and spam emails, affecting over a million computers in 190 countries. Researchers advised users to keep their antivirus programs updated at all times to ensure proper protection from the malware that steals personal information and credentials and distributes other forms of malware. Source: http://www.securityweek.com/international-operation-disrupts-dorkbot-botnet

Communications Sector

Nothing to report