Complete DHS Report for May 3, 2016
Daily Report
Top Stories
• Nissan Motor Company Ltd., issued a recall April 29 for nearly
3.2 million of its model years 2013 – 2017 vehicles in 11 makes, and model
years 2015 – 2016 Chevrolet City Express vehicles sold in the U.S. due to
potentially faulty passenger-side air bag sensors. – Reuters
7. April 29,
Reuters – (International) Nissan to recall 3.53 million vehicles: air
bags may not deploy. Nissan Motor Company Ltd., issued a recall April 29
for nearly 3.2 million of its model years 2013 – 2017 vehicles in 11 makes, and
model years 2015 – 2016 Chevrolet City Express vehicles sold in the U.S. due to
potentially faulty passenger-side air bag sensors that may register an adult
front seat passenger as a child or an empty seat, thereby preventing the air
bag from deploying in the event of a crash after the company received 1,271
consumer complaints and warranty claims linked to the issue. The recall also
includes 622,110 of Nissan’s Sentra vehicles due to a front passenger seat belt
bracket issue where the bracket may become deformed if it used to secure a
child restraint system. Source: http://www.reuters.com/article/us-autos-nissan-recall-idUSKCN0XQ2A8
• A CSX freight train carrying 15,500 gallons of chemicals
derailed, sent14 cars off the tracks, spilled three different chemicals, and
closed Rhode Island Avenue-Brentwood Metro Station for several hours May 1. – WRC
4 Washington, D.C.
16. May 1, WRC
4 Washington, D.C. – (Washington, D.C.) CSX: Train derails in DC, leaks 3
different chemicals. Rhode Island Avenue-Brentwood Metro Station was closed
for several hours May 1 and Washington Metropolitan Area Transit Authority
(Metro) service on the Red Line was suspended after a CSX freight train
carrying 15,500 gallons of chemicals derailed, sending 14 cars off the tracks
and spilling its load of ethanol, sodium hydroxide, and calcium chloride. The
train derailment also ruptured an underground gas line, forcing officials to
turn off gas for the surrounding area. Source: http://www.nbcwashington.com/news/local/CSX-Train-Derails-Hazardous-Material-Leaking-377725691.html
• Heavy storms April 30 caused more than 100 power outages,
impacted more than 6,000 customers, and knocked out power at 2 water pumping
stations, and forced officials to issue a boil water advisory May 1 in Atlanta.
– Associated Press
23. May 1,
Associated Press – (Georgia) Boil water advisory issued for large part of
Atlanta. Heavy storms April 30 caused more than 100 power outages, impacted
more than 6,000 customers, and knocked out power at 2 water pumping stations,
forcing officials to issue a boil water advisory May 1 for several parts of
Atlanta. The Department of Watershed Management was flushing the system as a
precaution to ensure no contamination in the water system. Source: http://www.ledger-enquirer.com/news/state/georgia/article74997177.html
• A multi-alarm fire caused approximately $1.5 million dollars in
damages to a Mount Vernon commercial block May 1 due to a fire that reportedly
began at the Craft Stove. – KING 5 Seattle
39. May 1,
KING 5 Seattle – (Washington) Massive fire destroys Mount Vernon businesses. A
Mount Vernon commercial block May 1 sustained approximately $1.5 million in
damages after a multi-alarm fire was first discovered at the Craft Stove and
spread to surrounding businesses. Fire crews remained on site for several hours
containing the incident and no injuries were reported. Source: http://www.king5.com/news/local/fire-causes-15-million-in-damages-in-mt-vernon/163666825
Financial Services Sector
8. April 29,
Newark Star-Ledger – (National) Man in $5M ATM ‘skimming’ ring pleads guilty. A
Romanian man pleaded guilty April 29 to Federal charges for his role in a $5
million ATM skimming ring where he and co-conspirators allegedly installed
skimming devices on ATMs at banks in New Jersey, New York, Connecticut, and
Florida, and transferred the stolen data onto blank ATM cards which were used
to withdraw funds from customers’ accounts. Officials stated that a total of 16
people were charged for their involvement and one suspect remains at large. Source:
http://www.nj.com/news/index.ssf/2016/04/man_in_5m_atm_skimming_ring_pleads_guilty.html
9. April 29,
WJW 8 Cleveland – (Ohio) Cleveland FBI asks for help identifying ‘breakdown
lane bandit.’ FBI officials and local police departments in Cleveland are
searching April 29 for a man dubbed the “BDL Bandit” who is suspected of
committing three bank robberies in the Cleveland area since March, including a
PNC Bank branch, a First Merit Bank branch, and a US Bank branch. Authorities
stated that the suspect is armed and believed to have an accomplice. Source: http://fox8.com/2016/04/29/cleveland-fbi-asks-for-help-identifying-breakdown-lane-bandit/
10. April 29,
Bergen County Record – (New Jersey) Police seeking Garfield bank robber who may be
‘Count Down Bandit.’ Authorities are searching for a man suspected of
robbing an M&T Bank branch in Bergen County, New Jersey, April 28.
Officials stated that the suspect is believed to be the “Count Down Bandit,” a
man allegedly responsible for seven other bank robberies in Bergen and Passaic
counties since July 2015. Source: http://www.northjersey.com/news/police-seeking-garfield-bank-robber-who-may-be-count-down-bandit-1.1555809
11. April 29,
KCPQ 13 Tacoma – (Washington) ‘Baseball Hat Bandit:’ Guaranteed $1,000 reward
to identify serial bank robber wearing different caps for slew of capers. Authorities
offered a reward April 29 in exchange for information about a man dubbed the
“Baseball Hat Bandit,” who is suspected of robbing five banks in King and
Pierce counties in Washington. Source: http://q13fox.com/2016/04/29/baseball-hat-bandit-guaranteed-1000-reward-to-identify-serial-bank-robber-wearing-different-caps-for-slew-of-capers/
Information Technology Sector
31. May 2,
SecurityWeek – (International) Serious flaw found in “PL/SQL Developer” update
system. Allround Automations released a new version of its PL/SQL Developer
product after an application security consultant discovered that version
11.0.4, and earlier versions, used Hyper Text Transfer Protocol (HTTP) updates
and did not validate the downloaded file’s authenticity, allowing a
man-in-the-middle (MitM) attacker to replace the authentic Uniform Resource
Locator (URL) with another URL that leads to a malicious file, as well as
replace the download link with an arbitrary command that will execute in a
user’s context during the PL/.SQL Developer update process.
32. May 2,
SecurityWeek – (International) Microsoft adds Nano server to bug bounty
program. Microsoft reported April 29 that it is offering large monetary
rewards for vulnerabilities found in the Nano Server installation option of its
Windows Server 2016 Technical Preview 5 and all subsequent releases after
stating that the product was ideal for a compute host for Hyper-V virtual
machines, a storage host for Scale-Out File Server, a Domain Name System (DNS)
server, and a host for cloud apps, and if infected, could pose severe damages
to each component.
33. May 1,
Softpedia – (International) Valve fixes steam crypto bug that exposed passwords
in plaintext. Valve updated its Steam gaming client after a security
researcher found that the lack of Message Authentication Code (MAC) in its
application’s crypto package allowed an attacker to carry out man-in-the-middle
(MitM) attacks, enabled victims to become Valve Anti-Cheat (VAC) banned, or
potentially exposed users’ passwords in plaintext. Source: http://news.softpedia.com/news/valve-fixes-steam-crypto-bug-that-exposed-passwords-in-plaintext-503583.shtml
34. May 1,
Softpedia – (International) Decrypter for Alpha ransomware lets victims
recover files for free. A team of security researchers discovered and
decrypted a new ransomware version called Alpha ransomware, which demands
targets pay $400 worth of iTunes gift cards to decrypt encrypted files by using
AES-256 encryption to lock files, change each file’s name with the .encrypted
extension, add a ransom note in text format in each folder, change the target’s
wallpaper, and delete itself to avoid detection. Researchers found a weakness
in the ransomware’s encryption routine and released a decrypter to help victims
retrieve locked files. Source: http://news.softpedia.com/news/decrypter-for-alpha-ransomware-lets-victims-recover-files-for-free-503581.shtml
35. April 29,
Softpedia – (International) Crooks deliver android malware via Fake
Google Chrome updates. Security researchers from Zscaler discovered that
cyber criminals were distributing fake Google Chrome update packages disguised
as Android application package (APK) files affecting Android users to steal a
target’s credit card information, terminate the device’s antivirus software,
monitor incoming and outgoing calls and Short Message Service (SMS) messages,
as well as start or end calls, among other actions. Attackers were seen using
large collections of domain names to host the malware, which were changed a
regular intervals. Source: http://news.softpedia.com/news/crooks-deliver-android-malware-via-fake-google-chrome-updates-503559.shtml
36. April 29,
Softpedia – (International) BPlug trojan hides in Chrome Extensions and
Spams your Facebook friends. Security researchers from Dr. Web discovered
that over 12,000 users were infected with the trojan titled, Trojan.BPlug.1074
or BPlug after the bug was seen hiding in Google Chrome’s extensions and
collecting a target’s Facebook user identifier (UID) and their cross-site
request forgery (CSRF) token to execute actions on a Facebook users’ behalf.
Attackers can send out malicious links disguised as YouTube videos to Facebook
friends in an aim to increase the trojan’s infection. Source: http://news.softpedia.com/news/bplug-trojan-hides-in-chrome-extensions-and-spams-your-facebook-friends-503554.shtml
37. April 29,
SecurityWeek – (International) Malware leverages Windows “God Mode” for
persistency. Researchers from Intel Security reported that the malware
dubbed, “Dynamer” was abusing the Microsoft Windows Easter Egg called “God
Mode” function to gain persistency on an infected machine by installing itself
into a folder inside the %AppData% directory, creating a registry run key, and
executing its capability normally. Researchers advised affected users to
terminate the malware’s process via Task Manager and run a specially crafted
command from the command prompt. Source: http://www.securityweek.com/malware-leverages-windows-god-mode-persistency
Communications Sector
Nothing to report