Friday, May 27, 2016



Complete DHS Report for May 27, 2016

Daily Report                                            

Top Stories

• Seattle City Light is investigating the cause of a power outage that knocked out power to downtown Seattle for about 1 hour May 25, causing 60 percent of the area to lose service. – Seattle Times

1. May 26, Seattle Times – (Washington) Power restored after major, hour-long outage in downtown Seattle. Seattle City Light is investigating the cause of a power outage that knocked out power to downtown Seattle for about 1 hour May 25, causing 60 percent of the area to lose service and 12,000 electric meters to be affected. Traffic was gridlocked during the outage and several people were trapped in the elevators of various buildings.

• The U.S. Food and Drug Administration finalized May 26 a new food safety rule that requires food facilities to establish food defense monitoring procedures and corrective actions as part of an effort to prevent wide-scale public health harm. – U.S. Food and Drug Administration

8. May 26, U.S. Food and Drug Administration – (National) FDA issues final food defense regulation. The U.S. Food and Drug Administration finalized May 26 a new food safety rule under its Food Safety Modernization Act that requires foreign and domestic food facilities to complete and maintain a written food defense plan that assesses the companies’ potential vulnerabilities to deliberate contamination intended to cause wide-scale public health risks, to identify and implement mitigation strategies to address the vulnerabilities, and to establish food defense monitoring procedures and corrective actions, among other requirements as part of an effort to prevent wide-scale public health harm and to protect the food supply.

• The CEO of NS1 reported that the company experienced dozens of large distributed denial-of-service (DDoS) attacks and attacks against the company’s upstream network providers. – Help Net Security See item 18 below in the Information Technology Sector

• Officials reported that at least three people were injured and one person was killed May 25 after a suspect opened fire at the Irving Plaza music venue in New York City during a music performance. – CNN  

22. May 26, CNN – (New York) One killed in shooting at rapper’s concert. The New York Police Department reported that at least three people were injured and one person was killed May 25 after a suspect opened fire at the Irving Plaza music venue in New York City during a music performance, prompting about 950 attendees to evacuate the building.

Financial Services Sector

5. May 25, U.S. Department of Justice – (West Virginia) West Virginia business owners indicted for failing to pay employment taxes. The owners of Taylor Contracting/Taylor Ready-Mix LLC and Bluegrass Aggregates LLC in West Virginia were indicted May 25 after the pair failed to collect, account for, and pay more than $1 million in Federal income taxes, Social Security taxes, and Medicare taxes withheld from the wages of its employees to the U.S. Internal Revenue Service from 2007 – 2010. Source: https://www.justice.gov/opa/pr/west-virginia-business-owners-indicted-failing-pay-employment-taxes

Information Technology Sector

17. May 26, SecurityWeek – (International) “Wekby” group uses DNS requests for C&C communications. Security researchers from Palo Alto Networks discovered that an advanced persistent threat (APT) group named Wekby, APT 18, Dynamite Panda, and TG-0416, was using the “pisloader” malware to infiltrate a system via Domain Name System (DNS) requests for command & control (C&C) communications, which allows the malware to bypass security products. The “pisloader” malware was believed to be a variant of the HTTPBrowser, a remote access trojan (RAT). Source: http://www.securityweek.com/wekby-group-uses-dns-requests-cc-communications

18. May 26, Help Net Security – (International) DNS provider NS1 hit with multi-faceted DDoS attacks. The CEO of NS1 reported that during the week of May 16 the company experienced dozens of large distributed denial-of-service (DDoS) attacks including simple volumetric attacks, complex direct Domain Name System (DNS) lookup attacks, and attacks against the company’s upstream network providers. The motive behind the attacks is unknown, but the attacks were seen targeting the DNS, content delivery network (CDN), and Internet infrastructure industries in Europe, U.S., and Asia. Source: https://www.helpnetsecurity.com/2016/05/26/dns-ddos-ns1/

19. May 26, Softpedia – (International) Hackers prefer file upload, XSS, and SQLi bugs when attacking WordPress sites. Check Point released a report that analyzed telemetry data from its security products and attacks against WordPress plugins which revealed that attackers were using automated scripts to scan WordPress Web sites for vulnerabilities to exploit payloads and use the collected information to create a security status report and compromise the Web sites. Attackers compromised the Web sites with malicious redirects, sending visitors to exploit kit (EK) sites, and leveraged File Upload vulnerabilities. Source: http://news.softpedia.com/news/hackers-prefer-file-upload-xss-and-sqli-bugs-when-attacking-wordpress-sites-504496.shtml

20. May 25, Softpedia – (International) FBI: Ransomware complaints doubled in 2015. The FBI’s Internet Crime Complaint Center (IC3) released its 2015 Internet Crime Report which revealed that during 2015, the FBI recorded 2,453 ransomware complaints and estimated that the recorded infections caused over $1.6 million in damages to the victims. Reports by Enigma Software and Kaspersky found that ransomware campaigns grew with a 14 percent increase from year-to-year. Source: http://news.softpedia.com/news/fbi-ransomware-complaints-doubled-in-2015-504492.shtml

Communications Sector

21. May 25, Tampa Bay Times – (Florida) Seffner man fined $48,000 by FCC for using cell phone jammer on daily commute. The U.S. Federal Communications Commission issued a $48,000 fine May 25 to a Seffner man for illegally interfering with cellular service along Interstate 4 and disrupting police communications for up to 2 years via a cell phone jamming device. Source: http://www.tampabay.com/news/publicsafety/crime/seffner-man-fined-48000-by-fcc-for-using-cell-phone-jammer-on-daily-commute/2278972

Thursday, May 26, 2016



Complete DHS Report for May 26, 2016

Daily Report                                            

Top Stories

• The governor of Michigan declared a state of energy emergency in Michigan May 24, suspending regulations related to hours-of-service for motor carriers and drivers transporting all transportation fuels within the State. – WDIV 4 Detroit  

1. May 25, WDIV 4 Detroit – (Michigan) Governor declares energy emergency for holiday weekend. The governor of Michigan issued Executive Order 2016-10 May 24, declaring a state of energy emergency in Michigan, suspending State and Federal regulations related to hours-of-service for motor carriers and drivers transporting all transportation fuels within the State, and enabling workers to exceed the number of hours and consecutive days for operating a commercial motor vehicle. The executive order follows an unplanned outage of the Marathon refinery in Detroit and the shutdown of a fuel pipeline in Wisconsin. Source: http://www.clickondetroit.com/news/gov-snyder-declares-energy-emergency-to-ensure-adequate-supplies-of-gasoline-for-holiday-weekend

• Five Cuban nationals were arrested May 24 in Miami for their roles in an estimated $2 million fraud scheme where the group posed as U.S. Internal Revenue Service agents and threatened victims to make immediate payments. – Associated Press See item 4 below in the Financial Services Sector

• Crews reached 30 percent containment May 23 of a 3,000-acre brush fire near Hermiston, Oregon that burned 2 buildings and forced the closure of Interstate 82 due to a multi-vehicle accident. – East Oregonian  

12. May 24, East Oregonian – (Oregon) Fire sweeps across Umatilla Depot, causes wrecks on I-82. Crews reached 30 percent containment May 23 of a 3,000-acre brush fire that moved across the Umatilla Chemical Depot west of Hermiston, burning 2 buildings and causing a multi-vehicle accident on Interstate 82 that left 4 people injured and forced the closure of the interstate for several hours. Source: http://www.eastoregonian.com/eo/local-news/20160523/fire-sweeps-across-umatilla-depot-causes-wrecks-on-i-82

• Researchers discovered that Moxa’s MiiNePort E1, E2, and E3 device models were plagued with at least three serious vulnerabilities including a weak credentials management issue, a clear text password issue, and a cross-site request forgery (CSRF) flaw. – SecurityWeek See item 18 below in the Information Technology Sector

Financial Services Sector

3. May 24, Houston Chronicle – (Texas) Elderly ex-con arrested for alleged $5M fraud scheme. Texas officials announced May 24 that a former executive at AG Cooper & Associates was arrested and indicted the week of May 16 on charges alleging that the executive orchestrated a wire and mail fraud scheme that bilked over 50 investors out of $5 million by issuing false quarterly statements to investors that indicated their funds were earning over 11 percent in legitimate investments. Officials stated that the executive used the funds for personal use. Source: http://www.chron.com/news/houston-texas/article/Senior-citizen-arrested-for-alleged-5-million-7942108.php

4. May 24, Associated Press – (National) The Treasury Department says it has arrested five people in Miami accused of defrauding victims of nearly $2 million by posing as IRS agents and demanding payment of overdue taxes. Officials from the U.S. Treasury Inspector General for Tax Administration office announced May 24 that 5 Cuban nationals were arrested in Miami for their roles in an estimated $2 million fraud scheme where the group posed as U.S. Internal Revenue Service (IRS) agents in telephone calls and threatened to arrest victims if they did not make an immediate payment of overdue taxes or other fees. Authorities stated that the victims were required to wire transfer the money, which is a method not used by the IRS. Source: http://www.greenfieldreporter.com/view/story/c9addb360ebc4bf991616a51d1e7ee22/US--IRS-Tax-Scam

Information Technology Sector

16. May 25, Softpedia – (International) Fiverr removes DDoS-for-Hire services from its marketplace. Fiverr banned and removed a series of ads reportedly providing distributed denial-of-service (DDoS)-related offerings on its marketplace Web site after security researchers from Incapsula found several DDoS services. Source: http://news.softpedia.com/news/fiverr-removes-ddos-for-hire-services-from-its-marketplace-504475.shtml

17. May 25, Softpedia – (International) Hackers take over thousands of Twitter accounts and tweet out adult content. Symantec discovered that over 2,500 Twitter accounts were compromised after hackers took over Twitter profiles, changed a user’s avatar picture, and sent out links to adult Web sites or Web cam sites by using Uniform Resource Identifier (URL) shorteners, primarily Bit.ly, to hide a link to adult Web sites using referral tags. Source: http://news.softpedia.com/news/hackers-take-over-thousands-of-twitter-accounts-and-tweet-out-adult-content-504468.shtml

18. May 25, SecurityWeek – (International) Unpatched flaws plague Moxa connectivity products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and an independent security researcher discovered that Moxa’s MiiNePort E1, E2, and E3 device models were plagued with at least three serious vulnerabilities including a weak credentials management issue, a clear text password issue, and a cross-site request forgery (CSRF) flaw. The devices are used in the commercial facilities sector, critical manufacturing sector, the energy sector, and the transportation sector. Source: http://www.securityweek.com/unpatched-flaws-plague-moxa-connectivity-products

19. May 24, Softpedia – (International) After record high numbers, a lot of people still don’t know what ransomware is. Kaspersky released a report after studying over 5,000 users in the U.S. and Canada which revealed that 43 percent of users studied were unfamiliar with ransomware and were unaware that they could lose critical data after such infections. The lack of knowledge reveals why users are unaware of how to deal with ransomware infections. Source: http://news.softpedia.com/news/after-record-high-numbers-a-lot-of-people-still-don-t-know-what-ransomware-is-504437.shtml

Communications Sector

Nothing to report