Complete DHS Report for September 2, 2016
Daily Report
Top Stories
• Two men were arrested in Torrance, California, August 30 for
their roles in an $85,000 ATM skimming scheme. – Southern California City
News Service
2. August 31,
Southern California City News Service – (California) Duo arrested in
widespread LA ATM machine skimming scam. Two men were arrested in Torrance,
California, August 30 for their roles in an $85,000 ATM skimming scheme where
the duo installed skimming devices on ATM machines in Burbank and elsewhere in
Los Angeles County and stole the account information from over 50 bank
customers to create cloned ATM cards and withdraw cash from other ATMs in the
county. Officials discovered an additional $233,000 in declined transactions
attempted by the duo.
Source: http://patch.com/california/northhollywood/duo-arrested-widespread-la-atm-machine-skimming-scam
• About 209 patients were evacuated from the Regional Medical
Center Bayonet Point in Hudson, Florida, August 31 following an electrical fire
in a generator room that knocked out power to the hospital. – WFLA 8 Tampa
10. September
1, WFLA 8 Tampa – (Florida) Electrical fire forces Florida hospital to evacuate
as Tropical Storm Hermine nears. A total of 209 patients were evacuated
from the Regional Medical Center Bayonet Point in Hudson, Florida, August 31
following an electrical fire in a generator room that knocked out power to the
hospital. Officials stated nearly 50 patients were transferred to Oak Hill
Hospital in Brooksville and the other patients were transported to regional
facilities. Source: http://wsav.com/2016/09/01/electrical-fire-forces-florida-hospital-to-evacuate-as-tropical-storm-hermine-nears/
• More than 1,500 fire fighters reached 8 percent containment
August 31 of the 17,302-acre Gap Fire burning in the Klamath National Forest
between Yreka, California, and Happy Camp in Siskiyou County. – Redding
Record Searchlight
11. September
1, Redding Record Searchlight – (California) Gap Fire in
Siskiyou County grows to over 17,000 acres. More than 1,500 fire fighters
reached 8 percent containment August 31 of the 17,302-acre Gap Fire burning in
the Klamath National Forest between Yreka, California, and Happy Camp in
Siskiyou County, which has destroyed at least 9 structures and 12 outbuildings. Source: http://www.redding.com/news/local/gap-fire-in-siskiyou-county-grows-to-over-13000-acres-3b667660-1063-3abb-e053-0100007fbdfd-391970221.html
• Kimpton Hotel & Restaurant Group, LLC officials confirmed
August 31 that credit and debit cards used at more than 60 restaurants and
hotel reception desks from February 2016 – July 2016 may have been compromised
by malware. – Krebs on Security
17. September
1, Krebs on Security – (National) Kimpton Hotels acknowledges data breach. Officials
from the Kimpton Hotel & Restaurant Group, LLC confirmed August 31 that
malware detected on payment terminals may have compromised credit and debit
cards used at more than 60 restaurants and hotel reception desks from February
16, 2016 – July 7, 2016. The source and extent of the breach remains under
investigation.
Financial Services Sector
1. August 31,
KTLA 5 Los Angeles – (California) FBI seeks help identifying ‘Helmet Head Bandit’
in connection with 2 recent bank robberies. Authorities are searching
August 31 for a man dubbed the “Helmet Head Bandit” who is suspected of robbing
2 banks in La Canada Flintridge and Tujunga, California, and attempting to rob
1 other in Tujunga August 31. Source: http://ktla.com/2016/08/31/fbi-seek-help-identifying-helmet-head-bandit-in-connection-with-3-recent-bank-robberies
2. August 31,
Southern California City News Service – (California) Duo arrested in
widespread LA ATM machine skimming scam. Two men were arrested in Torrance,
California, August 30 for their roles in an $85,000 ATM skimming scheme where
the duo installed skimming devices on ATM machines in Burbank and elsewhere in
Los Angeles County and stole the account information from over 50 bank
customers to create cloned ATM cards and withdraw cash from other ATMs in the
county. Officials discovered an additional $233,000 in declined transactions
attempted by the duo.
Source: http://patch.com/california/northhollywood/duo-arrested-widespread-la-atm-machine-skimming-scam
Information Technology Sector
13. September
1, SecurityWeek – (International) Betabot starts delivering Cerber ransomware. Security
researchers from Invincea discovered the Betabot ransomware began carrying out
a second-stage payload where the malware delivers the Cerber ransomware on the
endpoint of a compromised machine after stealing user passwords in the
first-stage, in order for the malware operators to increase their profits.
Researchers also found the ransomware was being delivered by the Neutrino
exploit kit (EK) and stated the malware avoids detection and analysis through
virtual machine awareness and by checking for sandboxes. Source: http://www.securityweek.com/betabot-starts-delivering-cerber-ransomware
14. September
1, SecurityWeek – (International) Cisco fixes severe flaw in WebEx, small
business products. Cisco released software and firmware updates addressing
several vulnerabilities in its WebEx Meetings Player version T29.10 for WebEx
Recording Format (WRF) files after a COSIG security researcher discovered a
critical flaw that could allow an unauthenticated attacker to execute arbitrary
code remotely by tricking a user to open a specially crafted file, and a medium
severity vulnerability that could allow an unauthenticated attacker to remotely
crash the program by convincing the user to access a malicious file. Cisco also
released fixes for three denial-of-service (DoS), cross-site request forgery
(CSRF), and cross-site scripting (XSS) issues plaguing its Small Business 220
Series Smart Plus (Sx220) switches that could allow a remote, unauthenticated
attacker to gain access to Simple Network Management Protocol (SNMP) objects on
a compromised device. Source: http://www.securityweek.com/cisco-fixes-severe-flaws-webex-small-business-products
15. September
1, Softpedia – (International) Vulnerability in Yandex browser allows
attackers to steal victims’ browsing data. A security researcher from
Netsparker discovered the login form of the Yandex Browser was plagued with a
cross-site forgery request (CSRF) vulnerability that could allow an attacker to
steal a victim’s passwords, bookmarks, autocomplete info, and browser history,
among other data, by convincing a user to visit a malicious Website that
includes code to create a Yandex Browser data sync login form and submits the
information with the attacker’s credentials, thereby starting an automatic
syncing process that sends a copy of the user’s data to the attacker.
16. August 31,
SecurityWeek – (International) Adobe patches critical vulnerability in
ColdFusion. Adobe released security updates for ColdFusion versions 10 and
11 resolving a critical vulnerability after a researcher from legalhackers.com
discovered the flaw is related to parsing specially crafted XML entities and
could lead to information disclosure. Adobe officials advised users to install
the patches and apply secure configuration settings to avoid the security flaw.
Source: http://www.securityweek.com/adobe-patches-critical-vulnerability-coldfusion
Communications Sector
Nothing to report