Thursday, January 14, 2016



Complete DHS Report for January 14, 2016

Daily Report                                            

Top Stories

• A convenience store operator in Tampa Bay was charged January 12 for his involvement in an area fraud scheme in which he bought 430 Electronic Benefit Transfer cards and caused more than $1 million in losses to taxpayers. – Tampa Tribune See item 3 below in the Financial Services Sector

• Snow storms traveling across Indiana caused three interstates to shut down for several hours including westbound lanes of Interstate 70, southbound lanes of Interstate 65, and lanes of Interstate 74 due to three separate multi-vehicle accidents. – WXIN 59 Indianapolis

4. January 13, WXIN 59 Indianapolis – (Indiana) I-70 in Richmond reopens after more than a dozen vehicles involved in massive pileup. An intense snow storm traveling across Indiana caused three interstates to shut down for several hours including westbound lanes of Interstate 70, southbound lanes of Interstate 65, and lanes of Interstate 74 after three multi-vehicle accidents occurred on each highway January 12. Source: http://fox59.com/2016/01/12/i-70-in-richmond-reopens-after-more-than-a-dozen-vehicles-involved-in-massive-pileup/

• Eastbound lanes of Interstate 70 in Pennsylvania were closed for several hours January 13 due to a 12-vehicle accident that injured several people. – WTAE 4 Pittsburg

5. January 13, WTAE 4 Pittsburg – (Pennsylvania) TRAFFIC: I-70 eastbound reopens after seven-vehicle pileup. Eastbound lanes of Interstate 70 in Pennsylvania were closed for several hours January 13 while crews worked to clear the wreckage from a 12-vehicle crash that injured several people. Source: http://www.post-gazette.com/news/transportation/2016/01/13/TRAFFIC-Crash-on-Parkway-East-inbound-snarls-commute-pittsburgh/stories/201601130165

• The governor of Michigan deployed the U.S. National Guard January 12 to assist in distributing bottled water and water filters in Flint, Michigan due to elevated levels of lead found in the water. – Associated Press

8. January 12, Associated Press – (Michigan) Michigan activates National Guard in Flint drinking crisis. The governor of Michigan deployed the U.S. National Guard January 12 to assist in distributing bottled water and filters in Flint due to elevated levels of lead found in the water, resulting in 43 cases of high lead levels in resident’s blood. The City has returned to the Detroit’s system for water, but officials are still concerned about residual corrosion effects caused by the Flint River water. Source: http://www.oregonlive.com/today/index.ssf/2016/01/michigan_activates_national_gu.html

Financial Services Sector

2. January 13, SecurityWeek – (International) Android banking trojan “SlemBunk” targets users worldwide. Researchers at FireEye discovered that the banking trojan, SlemBunk has a longer infection chain and makes it difficult for detection, allowing the malware to be more persistent on a victim’s device by initiating a drive-by download and serving the SlemBunk dropper app, which unpacks the logic needed to recover a downloader to later customize a command and control (C&C) server and retrieve the final payload via in-app downloading. Source: http://www.securityweek.com/android-banking-trojan-slembunk-targets-users-worldwide

3. January 12, Tampa Tribune – (Florida) Police: Widespread fraud scheme made use of EBT cards. Authorities announced January 12 that a convenience store operator was charged with public assistance fraud, scheme to defraud, and trafficking in credit cards after an investigation revealed that the man was linked to an area fraud scheme in which he bought 430 Electronic Benefit Transfer (EBT) cards for 50 cents on the dollar, used the cards to buy items for local businesses, and sold them to 6 other convenience stores, which resulted in more than $1 million in losses to taxpayers.

Information Technology Sector

13. January 13, Softpedia – (International) Three XSS bugs found on Mozilla’s add-ons and support portals. Mozilla released one patch for its Add-ons portal addressing a cross-site scripting (XSS) flaw that was exploited via the “Create new collection” feature, allowing attackers to add malicious code to the collection’s name field. The company reported they are also working to release patches for two other XSS flaws in its Add-ons portal and in its Support Center. Source: http://news.softpedia.com/news/three-xss-bugs-found-on-mozilla-s-add-ons-and-support-portals-498860.shtml

14. January 13, Help Net Security – (International) Fortinet says backdoor is found in FortiOS is “a management authentication issue.” Fortinet reported that a previously reported secure shell (SSH) backdoor found in its operating system, FortiOS was not a backdoor vulnerability, but a management authentication issue after its company engineers implemented their own method of authentication for logging into FortiOS-powered devices. Source: http://www.net-security.org/secworld.php?id=19322

15. January 13, SecurityWeek – (International) SAP security updates patch 4 new vulnerabilities. Software maker, SAP released security updates for its products that resolved 23 vulnerabilities, 3 of which are Support Security notes, and 13 security flaws including cross-site scripting (XSS) flaws, disclosure flaws, and denial of service vulnerabilities, among other patched flaws. Source: http://www.securityweek.com/sap-security-updates-patch-4-new-vulnerabilities

16. January 13, SecurityWeek – (International) IoT devices easily hacked to be backdoors: Experiment. Researchers from Vectra Networks reported that commercial Internet of Things (IoT) products including Wi Fi cameras, had security flaws and were susceptible to attacks that can allow hackers to reprogram the firmware and use the device as network backdoors without disrupting the device’s operations. Source: http://www.securityweek.com/iot-devices-easily-hacked-be-backdoors-experiment

For another story, see item 2 above in the Financial Services Sector

Communications Sector

Nothing to report