Tuesday, September 1, 2015



Complete DHS Report for September 1, 2015

Daily Report                                            

Top Stories

 • Puget Sound Energy and Seattle City Lights reported 111,000 customers were without power August 30 after a powerful windstorm knocked out power for at least 250,000 Seattle residents and thousands more in Oregon August 29. – KING 5 Seattle

2. August 30, KING 5 Seattle – (Washington; Oregon) Some customers will be without power until Tuesday. Puget Sound Energy and Seattle City Lights reported 111,000 customers were without power August 30 after a powerful windstorm with winds reaching 87 mph knocked out power for at least 250,000 Seattle residents and thousands more in Oregon August 29. Two deaths were reported as a result of the storm, and officials warned it could take until September 1 to restore power to all customers. Source: http://www.king5.com/story/weather/2015/08/30/storm-power-outages/71424188/

 • An 8-mile stretch of Interstate 101 in Burlingame was shut down for 18 hours after a crane operated by Caltrans contractor struck a high-voltage tower, causing the tower to collapse and power lines to fall across the highway August 28. – Associated Press

10. August 30, Associated Press – (California) Closure planned for Bay Area freeway hit by power lines. An 8-mile stretch of Interstate 101 in Burlingame was shut down for about 18 hours after a crane operated by Caltrans contractor struck a high-voltage tower, causing the tower to collapse and power lines to fall across the highway August 28. One lane reopened August 29, but authorities reported that another closure will occur from August 30 to August 31. Source: http://www.washingtontimes.com/news/2015/aug/30/bay-area-freeway-closed-for-8-miles-by-downed-powe/

 • Graham, Washington-based Kapowsin Meats expanded a recall August 27 to include an additional 523,380 pounds of its pork products due to possible Salmonella contamination. –U.S. Department of Agriculture

19. August 28, U.S. Department of Agriculture – (National) Kapowsin Meats recalls pork products due to possible Salmonella contamination. Graham, Washington-based Kapowsin Meats expanded a recall August 27 to include an additional 523,380 pounds of its pork products due to possible Salmonella contamination following an initial August 13 recall that identified 152 patient cases of Salmonella illness linked to the consumption of Kapowsin Meats. The products were produced from April 18 – August 26 and shipped to retail stores nationwide. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2015/recall-110-2015-release-expansion

 • Officials shut off taps, showers, and closed the kitchen at San Quentin State Prison in California after 6 inmates tested positive for Legionnaires’ disease and over 50 others showed symptoms beginning August 27. – Los Angeles Times

28. August 30, Los Angeles Times – (California) Several San Quintin prison inmates have tested positive for Legionnaires’ disease. Officials shut off taps, showers, and closed the kitchen at San Quentin State Prison in California after 6 inmates tested positive for Legionnaires’ disease and over 50 others showed symptoms beginning August 27. All visitation and volunteer programs were temporarily suspended while authorities investigate the source of the infection. Source: http://www.latimes.com/local/lanow/la-me-ln-san-quentin-20150830-story.html

Financial Services Sector

8. August 28, Associated Press – (International) 5 charged in $30 million investment pyramid scheme. Five suspects were indicted August 27 for an investment pyramid scheme in which Hong Kong-based companies purportedly ran online children’s education courses, but instead solicited $30 million in investments from Chinese-Americans in Los Angeles, San Francisco, and New York.

9. August 28, Reuters – (New Mexico) New Mexico’s prosecutor charges State official with embezzlement. New Mexico’s Secretary of State was charged August 28 with embezzlement, money laundering, and campaign finance violations after an investigation revealed that she withdrew over $430,000 from bank accounts at 8 New Mexico casinos from 2013 – 2014, and authorities allege that she used campaign contributions for personal gain. Source: http://www.reuters.com/article/2015/08/29/usa-corruption-new-mexico-idUSL1N11400W20150829

Information Technology Sector

30. August 31, IDG News Service – (International) Russian-speaking hackers breach 97 Web sites, many of them dating ones. Security researchers from Hold Security discovered that hackers breached 97 Web sites between July - August after analysts found batches of stolen information including a list of Web sites and their vulnerabilities, notes, and large lists of email addresses and unencrypted passwords. Source: http://www.computerworld.com/article/2977464/security/russian-speaking-hackers-breach-97-websites-many-of-them-dating-ones.html#tk.rss_security

31. August 31, IDG News Service – (International) ‘KeyRaider’ iOS malware targets jailbroken devices. Security researchers from Palo Alto Networks discovered that hackers have compromised over 225,000 Apple user accounts using malware called KeyRaider to target jailbroken devices. The malware steals account usernames, passwords, device identification codes, certificates, private keys, and purchase receipts, and was also observed being used as ransomware. Source: http://www.computerworld.com/article/2977467/security/keyraider-ios-malware-targets-jailbroken-devices.html#tk.rss_security

32. August 31, Securityweek – (International) Vulnerability allowed hackers to hijack Smartsheet accounts. Smartsheet patched an insecure direct object reference vulnerability in its cloud application that could have allowed an attacker to hijack user accounts via the software’s “import users” feature. The application is used by over 65,000 businesses and 5 million users worldwide. Source: http://www.securityweek.com/vulnerability-allowed-hackers-hijack-smartsheet-accounts

33. August 31, Softpedia – (International) Hackers linked to Russian government impersonate EFF Web site to spread malware. Google security researchers discovered that hackers affiliated with Operation Pawn Storm were using spear phishing emails purporting to be from an Electronic Frontier Foundation domain to deliver a recently discovered Java zero-day exploit that would inject the affected system with Sednit malware. Source: http://news.softpedia.com/news/hackers-linked-to-russian-government-impersonate-eff-website-to-spread-malware-490473.shtml

34. August 31, The Register – (International) Cisco ISE carries HTML authentication bug. Cisco discovered a vulnerability in its Identity Services Engine (ISE) in which an attacker could exploit a lack of access control for uploaded HyperText Markup Language (HTML) files to see custom pages an administrator has created, which can include sensitive network and security information. Source: http://www.theregister.co.uk/2015/08/31/cisco_ise_carries_html_authentication_bug/

35. August 31, Securityweek – (International) IBM warns of new CoreBot stealer. Security researchers at IBM discovered a new threat dubbed “CoreBot” that uses a modular plugin system to steal local data from Web browsers, applications, File Transfer Protocol (FTP) clients, email clients, and other software after setting up a key in the Microsoft Windows Registry to maintain persistence. The malware also contains a domain generation algorithm (DGA), and can download and execute other threats through Windows PowerShell. Source: http://www.securityweek.com/ibm-warns-organizations-new-corebot-stealer

Communications Sector

See item 31 above in the Information Technology Sector

Monday, August 31, 2015



Complete DHS Report for August 31, 2015

Daily Report                                            

Top Stories

  • Officials released August 27 that California residents cut their water usage by 31 percent in July, surpassing government-mandated targets for the second month in a row. – Sacramento Bee

15. August 27, Sacramento Bee – (California) California residents cut water use 31 percent in July. The California State Water Resources Control Board released August 27 that California residents cut their water usage by 31 percent in July, surpassing government-mandated targets for the second month in a row. Source: http://www.msn.com/en-us/news/us/california-residents-cut-water-use-31-percent-in-july/ar-BBmaXAm

• Thousands of firefighters and U.S. military personnel worked August 27 to contain over 60 wildfires that have burned nearly 1.7 million acres across western States. – Reuters

21. August 27, Reuters – (National) Senate hearing on wildfires urged to help bolster firefighting capabilities. Thousands of firefighters and U.S. military personnel worked August 27 to contain over 60 wildfires that have burned nearly 1.7 million acres across western States. Source: http://www.reuters.com/article/2015/08/28/us-usa-wildfires-idUSKCN0QV29Y20150828

• A California woman pleaded guilty August 27 for her role in an immigration fraud scheme that provided student visas to foreign nationals netting as much as $6 million from citizens of South Korea, China, and other nations. – Beverly Hills Patch

22. August 27, Beverly Hills Patch – (California) Beverly Hills man charged in $6 million ‘pay to stay’ immigration fraud. A Los Angeles woman pleaded guilty August 27 for her role in an immigration fraud scheme that provided student visas to foreign nationals, who never went to class, netting as much as $6 million from citizens of South Korea, China, and other nations. The woman worked with a Beverly Hills man who owns Koreatown schools Prodee University, Walter Jay M.D. Institute, and the American College of Forensic Studies, among others. Source: http://patch.com/california/beverlyhills/beverly-hills-man-charged-6-million-pay-stay-immigration-fraud

• An August 27 fire destroyed a Linn County Sheriff’s Office substation in Oregon, causing an estimated $900,000 in damage. – Portland Oregonian

27. August 27, Portland Oregonian – (Oregon) Fire destroys Linn County Sheriff’s Office substation in Mill City. An August 27 fire destroyed a Linn County Sheriff’s Office substation in Mill City, causing an estimated $900,000 in damage after the fire reportedly started when a city public works employee parked small equipment in the building. Employees evacuated the building after failing to extinguish the fire.

Financial Services Sector

4. August 27, U.S. Department of the Treasury – (International) Settlement agreement between the U.S. Department of the Treasury’s Office of Foreign Assets Control and UBS AG. The Office of Foreign Assets Control announced a $1.7 million settlement with UBS AG August 27 to resolve allegations that the bank violated Global Terrorism Sanctions regulations through 222 transactions related to securities held in custody in the U.S. for a client believed to have committed, threatened to commit, or supported terrorism. Source: http://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20150827_33.aspx

5. August 27, U.S. Department of Justice – (National) Business email compromise. The FBI’s Internet Crime Complaint Center (IC3) released an advisory warning corporations of Business Email Compromise (BEC) scams carried out through social engineering or various computer intrusion techniques to conduct unauthorized wire transfers, and cited a 270 percent increase in victims and exposed losses since January. BEC scams accounted for over $747 million in losses to 7,066 victims in all 50 States from October 2013 – August 2015. Source: http://www.ic3.gov/media/2015/150827-1.aspx#fn2

6. August 27, WCBS 2 New York City; Associated Press – (New York) $1.8 million burglary of armored car company on Long Island foiled by alert officer. Nassau County authorities were searching for 4 accomplices in an attempted August 16 robbery of $1.8 million from the Loomis Armored Inc., warehouse in Hicksville, after an officer arrested another suspect and found cash in his vehicle’s trunk on the night of the incident. The perpetrators reportedly used a sledgehammer and hydraulic jack to access a vault containing $20 million. Source: http://newyork.cbslocal.com/2015/08/27/long-island-armored-car-company-robbery/

For another story, see item 34 below in the Information Technology Sector

Information Technology Sector

29. August 28, Securityweek – (International) Moxa patches flaws in industrial ethernet switches. Security researchers from Applied Risk discovered serious privilege escalation, denial-of-service (DoS), and cross-site scripting (XSS) vulnerabilities affecting Moxa industrial ethernet switches that could allow an unauthenticated remote attacker to compromise the device and connected industrial assets. Moxa recently released an update addressing nine heap-based buffer overflow and classic buffer overflow vulnerabilities in its SoftCMS closed-circuit television (CCTV) central management software. Source: http://www.securityweek.com/moxa-patches-flaws-industrial-ethernet-switches

30. August 28, Securityweek – (International) Mozilla updates Firefox 40 to patch two serious flaws. Mozilla released Firefox version 40.0.3 addressing a use-after free vulnerability in which an attacker could crash Firefox or execute arbitrary code with user privileges, and an add-on notification bypass through data Uniform Resource Locator (URL) that an attacker could use to trick users into installing a malicious add-on. Source: http://www.securityweek.com/mozilla-updates-firefox-40-patch-two-serious-flaws

31. August 28, Securityweek – (International) Adobe releases hotfix to patch ColdFusion vulnerability. Adobe released a hotfix addressing a vulnerability in ColdFusion in which a security hole could be exploited to compromise data security, affecting LiveCycle Data Services and BlazeDS. Source: http://www.securityweek.com/adobe-releases-hotfix-patch-coldfusion-vulnerability

32. August 28, Softpedia – (International) Phishing costs an average company up to $3.7 million per year. A Wombat Security Technologies report carried out on 377 U.S. organizations revealed that an average-sized organization can lose up to $3.77 million per year in extrapolated costs due to phishing attacks, that 48% of the costs come from productivity losses in mitigating the attacks, and that uncontained malware attacks can cause industry losses up to $105 million, among other findings.

33. August 27, Threatpost – (International) BitTorrent patch throttles reflective DDoS attacks. BitTorrent released a patch addressing a libuTP protocol vulnerability that could allow attackers to carry out User Datagram Protocol (UDP) distributed reflection denial-of-service (DRDoS) attacks. Source: https://threatpost.com/bittorrent-patch-throttles-reflective-ddos-attacks/114446

34. August 27, SC Magazine – (International) DD4BC are DDoS attack driving force, new report claims. VeriSign released findings from its “Distributed Denial of Service (DDoS) Trends Report – 2nd Quarter 2015” revealing a period of increased activity from the DDoS for Bitcoin (DD4BC) threat group, and that 22 percent of the attacks analyzed targeted the financial and payment sector. Attacks by the group typically start with threats and demands for ransom, followed by increased demands and ramped up DDoS attacks. Source: http://www.scmagazineuk.com/dd4bc-are-ddos-attack-driving-force-new-report-claims/article/435234/

Communications Sector

Nothing to report