Thursday, July 31, 2014




Complete DHS Report for July 31, 2014

Daily Report

Top Stories

 · Pacific Gas and Electric Company was issued 28 new charges July 29 and face proposed fines exceeding $3 billion in connection to the 2010 San Bruno, California pipeline explosion that killed 8 people and caused extensive damage to a neighborhood. – Associated Press 

1. July 30, Associated Press – (California) PG&E charged with obstruction of justice over deadly 2010 gas pipeline explosion. A federal grand jury issued new charges against Pacific Gas and Electric Company July 29 that included an obstruction of justice charge and 27 others for lying to federal investigators in connection to the 2010 San Bruno pipeline explosion that killed 8 people and caused extensive damage to a neighborhood. The company faces more than $3 billion in total fines. Source: http://www.foxnews.com/us/2014/07/30/pge-charged-with-obstruction-justice-over-deadly-2010-gas-pipeline-explosion/

 · Lloyds Banking Group agreed to pay $370 million in fines to U.S. and U.K. authorities to settle an investigation into the group’s role in manipulating the London interbank offered rate (LIBOR). – Reuters See item 6 below in the Financial Services Sector

 · A physician assistant and a certified nursing assistant both licensed in Florida were convicted July 28 for participating in a Medicare fraud scheme that totaled approximately $200 million in fraudulent billings by American Therapeutic Corporation. – U.S Department of Justice 

18. July 28, U.S. Department of Justice – (Florida) Physician assistant and certified nursing assistant convicted in $200 million Medicare fraud scheme. A physician assistant and a certified nursing assistant both licensed in Florida were convicted by a federal jury July 28 for participating in a Medicare fraud scheme that totaled approximately $200 million in fraudulent billings by American Therapeutic Corporation (ATC). The two individuals, along with co-conspirators took part in the scheme that stretched across seven ATC locations by submitting false claims to Medicare seeking reimbursement for mental health services that were not provided or were provided to ineligible patients. Source: http://www.justice.gov/opa/pr/2014/July/14-crm-791.html
 
 · Six facilities on the University of California, Los Angeles campus were damaged after a 30-inch water pipe burst July 29 spilling 8 million gallons of water onto the roadway causing flooding and stranding at least 5 people. – Associated Press

19. July 30, Associated Press – (California) UCLA wades through damages from pipe flooding. Six facilities on the University of California, Los Angeles campus were damaged after a 30-inch water pipe burst July 29 spilling 8 million gallons of water onto the roadway causing flooding and stranding at least 5 people. Utility crews reported July 30 that repairing the pipe could take several days. Source: http://news.msn.com/us/broken-water-main-floods-ucla-5-people-rescued
  
Financial Services Sector

4. July 29, KXAN 36 Austin – (Texas) Credit card skimming ring stretched from Sunset Valley to Round Rock. Police in Travis County arrested a woman July 25 on fraud charges for allegedly using a payment card skimmer to collect customers’ card data from the Chipotle restaurant where she worked in Sunset Valley. A skimmer found in her possession contained 527 card numbers and police alleged that she was selling the numbers to a man arrested in April on similar charges. Source: http://kxan.com/2014/07/29/credit-card-skimming-ring-stretched-from-sunset-valley-to-round-rock/

5. July 29, WCBS 2 New York City – (New York) Customs agents seize more than $200k in counterfeit cash at JFK. Customs and Border Protection agents at a John F. Kennedy International Airport cargo facility in New York City reported that they seized over 2,000 counterfeit $100 bills July 15-16 that were hidden in two shipments. Source: http://newyork.cbslocal.com/2014/07/29/customs-agents-seize-more-than-200k-in-counterfeit-cash-at-jfk/

6. July 28, Reuters – (International) Lloyds Banking Group to pay $370 million Libor rigging fines. British financial institution Lloyds Banking Group agreed to pay $370 million in fines to U.S. and U.K. authorities to settle an investigation into the group’s role in manipulating the London interbank offered rate (LIBOR). Source: http://www.cnbc.com/id/101860773

Information Technology Sector

23. July 30, Softpedia – (International) Malicious Android apps can impersonate trusted ones. Researchers at Bluebox Security reported a vulnerability present in Android versions below 4.4 (KitKat) can allow malicious apps to benefit from the access permissions of legitimate apps due to signatures issued from a legitimate app not being checked. Source: http://news.softpedia.com/news/Malicious-Android-Apps-Can-Impersonate-Trusted-Ones-452659.shtml

24. July 30, Securityweek – (International) Tor warns of attack attempting to deanonymize users. The Tor Project reported that an attack that could have broken users’ anonymity on the Tor network was detected July 4 and may have been part of a research project. The attack used a combination of a Sybil attack and a traffic confirmation attack, and the vulnerabilities exploited were closed in a patch issued July 30. Source: http://www.securityweek.com/tor-warns-attack-attempting-deanonymize-users

25. July 30, IDG News Service – (International) Zero-day flaws found in Symantec’s Endpoint Protection. Offensive Security researchers reported finding three zero day vulnerabilities in Symantec’s Endpoint Protection product that could allow a logged-in user to gain system access and perform attacks such as identifying domain administrator cache credentials or hash dumping. Source: http://www.computerworld.com/s/article/9250047/Zero_day_flaws_found_in_Symantec_s_Endpoint_Protection

26. July 30, Threatpost – (International) Trio of flaws fixed in Facebook Android app. Facebook issued an update for its Android app that closes a vulnerability where an HTTP server used for video playback would accept requests from any client, leading to the potential for attacks to cause a denial of service (DoS) condition or transfer large amounts of data to run up charges on a victim’s mobile bill. Source: http://threatpost.com/trio-of-flaws-fixed-in-facebook-android-app

27. July 29, Securityweek – (International) Many antivirus engines plagued by vulnerabilities: Researcher. A researcher with Coseinc presenting at the SyScan 360 conference reported that 14 of 17 antivirus products tested contained at least one vulnerability due to a variety of factors. Some vulnerabilities have since been patched, while the researcher reported that others remain exploitable. Source: http://www.securityweek.com/many-antivirus-engines-plagued-vulnerabilities-researcher

28. July 29, Securityweek – (International) 70 percent of IoT devices vulnerable to cyberattacks: HP. HP released a report on Internet of Things (IoT) devices and found that 70 percent of devices tested contained serious vulnerabilities, while 80 percent raised privacy concerns, among other findings. Source: http://www.securityweek.com/70-iot-devices-vulnerable-cyberattacks-hp

29. July 29, Softpedia – (International) Instagram account hijack code published. A developer released a proof-of-concept that exploits the lack of HTTPS encryption in certain functions of the Instagram app for iOS that could allow an attacker on the same network to intercept session cookies and use them to take over Instagram accounts. Instagram parent company Facebook stated that they are aware of the issue and are working to find a solution. Source: http://news.softpedia.com/news/Instagram-Account-Hijack-Code-Published-452658.shtml


Communications Sector

30. July 29, KERO 23 Bakersfield– (California) Phone service outage in west Kern County. A damaged cable knocked out Verizon landline phone and 9-1-1 services in Taft, McFarland, and Glenville in west Kern County July 29. Crews worked to repair the cut cable. Source: http://www.turnto23.com/news/local-news/phone-service-outage-in-west-kern-county-072914

31. July 29, Stroudsburg Pocono Record – (Pennsylvania) Crews work to restore Internet, cable after fire at Luna Rossa Cafe. Crews worked to repair by July 30 a damaged fiber optic cable in Gilbert after Internet service for PennTeleData customers and phone and cable service to Blue Ridge Cable and Palmerton Telephone customers was knocked out when a fire broke out at the Luna Rossa Cafe July 27 damaging the cable. Source: http://www.poconorecord.com/apps/pbcs.dll/article?AID=/20140729/NEWS/140729810/-1/news

32. July 29, Charleston Post and Courier – (South Carolina) Comcast restores service in Charleston County. Internet, phone, and cable services were restored for Comcast customers in parts of Charleston County, South Carolina, after a 6-hour outage July 28 due to a severed cable caused by a tree-trimming crew. Source: http://www.postandcourier.com/article/20140729/PC05/140729296/1177/comcast-restores-service-in-charleston-county