Complete DHS Report for January 14, 2016
Daily Report
Top Stories
• A convenience store operator in Tampa Bay was charged
January 12 for his involvement in an area fraud scheme in which he bought 430
Electronic Benefit Transfer cards and caused more than $1 million in losses to
taxpayers. – Tampa Tribune See
item 3 below in the Financial Services Sector
• Snow storms traveling across Indiana caused three
interstates to shut down for several hours including westbound lanes of
Interstate 70, southbound lanes of Interstate 65, and lanes of Interstate 74
due to three separate multi-vehicle accidents. – WXIN 59 Indianapolis
4. January
13, WXIN 59 Indianapolis – (Indiana) I-70 in Richmond reopens after
more than a dozen vehicles involved in massive pileup. An intense snow
storm traveling across Indiana caused three interstates to shut down for
several hours including westbound lanes of Interstate 70, southbound lanes of
Interstate 65, and lanes of Interstate 74 after three multi-vehicle accidents
occurred on each highway January 12. Source: http://fox59.com/2016/01/12/i-70-in-richmond-reopens-after-more-than-a-dozen-vehicles-involved-in-massive-pileup/
• Eastbound lanes of Interstate 70 in Pennsylvania were
closed for several hours January 13 due to a 12-vehicle accident that injured
several people. – WTAE 4 Pittsburg
5. January
13, WTAE 4 Pittsburg – (Pennsylvania) TRAFFIC: I-70 eastbound reopens after
seven-vehicle pileup. Eastbound lanes of Interstate 70 in Pennsylvania were
closed for several hours January 13 while crews worked to clear the wreckage
from a 12-vehicle crash that injured several people. Source: http://www.post-gazette.com/news/transportation/2016/01/13/TRAFFIC-Crash-on-Parkway-East-inbound-snarls-commute-pittsburgh/stories/201601130165
• The governor of Michigan deployed the U.S. National Guard
January 12 to assist in distributing bottled water and water filters in Flint,
Michigan due to elevated levels of lead found in the water. – Associated
Press
8. January
12, Associated Press – (Michigan) Michigan activates National Guard in Flint
drinking crisis. The governor of Michigan deployed the U.S. National Guard
January 12 to assist in distributing bottled water and filters in Flint due to
elevated levels of lead found in the water, resulting in 43 cases of high lead
levels in resident’s blood. The City has returned to the Detroit’s system for
water, but officials are still concerned about residual corrosion effects
caused by the Flint River water. Source: http://www.oregonlive.com/today/index.ssf/2016/01/michigan_activates_national_gu.html
Financial Services Sector
2. January
13, SecurityWeek – (International) Android banking trojan “SlemBunk” targets
users worldwide. Researchers at FireEye discovered that the banking trojan,
SlemBunk has a longer infection chain and makes it difficult for detection,
allowing the malware to be more persistent on a victim’s device by initiating a
drive-by download and serving the SlemBunk dropper app, which unpacks the logic
needed to recover a downloader to later customize a command and control
(C&C) server and retrieve the final payload via in-app downloading. Source:
http://www.securityweek.com/android-banking-trojan-slembunk-targets-users-worldwide
3. January
12, Tampa Tribune – (Florida) Police: Widespread fraud scheme made use of EBT
cards. Authorities announced January 12 that a convenience store operator
was charged with public assistance fraud, scheme to defraud, and trafficking in
credit cards after an investigation revealed that the man was linked to an area
fraud scheme in which he bought 430 Electronic Benefit Transfer (EBT) cards for
50 cents on the dollar, used the cards to buy items for local businesses, and
sold them to 6 other convenience stores, which resulted in more than $1 million
in losses to taxpayers.
Information Technology Sector
13. January
13, Softpedia – (International) Three XSS bugs found on Mozilla’s add-ons and
support portals. Mozilla released one patch for its Add-ons portal
addressing a cross-site scripting (XSS) flaw that was exploited via the “Create
new collection” feature, allowing attackers to add malicious code to the
collection’s name field. The company reported they are also working to release
patches for two other XSS flaws in its Add-ons portal and in its Support
Center. Source: http://news.softpedia.com/news/three-xss-bugs-found-on-mozilla-s-add-ons-and-support-portals-498860.shtml
14. January
13, Help Net Security – (International) Fortinet says backdoor is
found in FortiOS is “a management authentication issue.” Fortinet reported
that a previously reported secure shell (SSH) backdoor found in its operating
system, FortiOS was not a backdoor vulnerability, but a management authentication
issue after its company engineers implemented their own method of
authentication for logging into FortiOS-powered devices. Source: http://www.net-security.org/secworld.php?id=19322
15. January
13, SecurityWeek – (International) SAP security updates patch 4 new
vulnerabilities. Software maker, SAP released security updates for its
products that resolved 23 vulnerabilities, 3 of which are Support Security
notes, and 13 security flaws including cross-site scripting (XSS) flaws,
disclosure flaws, and denial of service vulnerabilities, among other patched
flaws. Source: http://www.securityweek.com/sap-security-updates-patch-4-new-vulnerabilities
16. January
13, SecurityWeek – (International) IoT devices easily hacked to be backdoors:
Experiment. Researchers from Vectra Networks reported that commercial
Internet of Things (IoT) products including Wi Fi cameras, had security flaws
and were susceptible to attacks that can allow hackers to reprogram the
firmware and use the device as network backdoors without disrupting the
device’s operations. Source: http://www.securityweek.com/iot-devices-easily-hacked-be-backdoors-experiment
For another story, see item 2 above in the Financial Services Sector
Communications Sector
Nothing to report