Thursday, August 14, 2014




Complete DHS Report for August 14, 2014

Daily Report

Top Stories

 · A severe storm that left roughly 1,000 vehicles stranded in floodwaters and one person dead prompted authorities in Detroit to close portions of Interstates 75, 94, 696, and the Lodge and Southfield freeways August 11. – Associated Press
9. August 12, Associated Press – (Michigan) Woman dies in flood after record rainfall snarls roadways in southeastern Detroit. A severe storm that left roughly 1,000 vehicles stranded in floodwaters and one person dead after being trapped in high water prompted authorities in Detroit to close portions of Interstates 75, 94, 696, and the Lodge and Southfield freeways after 5.2 inches of rain fell August 11. Source: http://www.usnews.com/news/us/articles/2014/08/12/detroit-area-hit-by-severe-flooding-1-woman-dies

 · A state of emergency was issued in Bay County, Michigan, August 11 due to a water shortage caused by a water main leak releasing up to 10 million gallons per day discovered August 9 next to the waste treatment plant on Trumbull. – WNEM 5 Bay City 

17. August 11, WNEM 5 Bay City – (Michigan) City officials find water main leak. A state of emergency was issued in Bay County, Michigan, August 11 due to a water shortage caused by a water main leak releasing up to 10 million gallons per day discovered August 9 next to the waste treatment plant on Trumbull. A water usage ban remained in effect for all consumers who receive water from the city of Bay City Water Treatment Plant until further notice. Source: http://www.wnem.com/story/26245364/state-of-emergency-issued-due-to-water-main-break

 · A dermatologist in McLean, Virginia, was charged August 12 for allegedly intentionally misdiagnosing patients and performing unnecessary surgeries as part of a health-care fraud scheme at several Virginia and Washington, D.C. offices. – Washington Post 

18. August 12, Washington Post – (Washington, D.C.; Virginia) Dermatologist who worked in Virginia, the District indicted on fraud charges. The owner of Skin & Laser Surgery Center in McLean, Virginia, was charged August 12 by federal authorities for intentionally misdiagnosing patients with skin cancer and performing unnecessary surgeries as part of a health-care fraud scheme across several Virginia and Washington, D.C. offices. Authorities alleged that the dermatologist would direct unlicensed and unqualified medical assistants and nurse practitioners to perform procedures unsupervised. Source: http://www.washingtonpost.com/local/crime/dermatologist-who-worked-in-virginia-the-district-indicted-on-fraud-charges/2014/08/12/650c5de4-225d-11e4-8593-da634b334390_story.html

 · A Maricopa County Sheriff’s Office civilian employee was arrested after allegedly posing as a law enforcement officer and obtaining sensitive documents from various law enforcement sites, including DHS and the Los Angeles County Sheriff’s Office, and passing them along to unauthorized individuals. – KPHO 5 Phoenix

26. August 13, KPHO 5 Phoenix – (National) MCSO worker indicted for impersonation, distributing confidential info. A Maricopa County Sheriff’s Office civilian employee was arrested after allegedly posing as a law enforcement officer and obtaining hundreds of sensitive documents from various law enforcement sites, including the U.S. Department of Homeland Security and the Los Angeles County Sheriff’s Office, and passing them along to individuals including an author based in New York City. Source: http://www.wfsb.com/story/26261416/mcso-worker-indicted-for-impersonation-distributing-confidential-info

Financial Services Sector

5. August 12, Bergen County Record – (New Jersey) Bergen County father and son agree to pay $5.5 million settlement in fraud case. Two men from Bergen County agreed August 12 to pay $5.5 million to settle New Jersey Bureau of Securities charges that they defrauded around 30 investors by using misleading or false statements to sell unregistered 5-year notes in Metropolitan Ambulatory Surgical Center, a holding company one of the men controlled. . Source: http://www.northjersey.com/news/bergen-county-father-and-son-agree-to-pay-5-5-million-settlement-in-fraud-case-1.1066208

6. August 12, Bellingham Herald – (Washington) Bellingham bank bandit linked to other robberies. The FBI announced August 12 that it is offering a reward for information on a suspect known as the “Alabama Band Bandit” after the man was connected to two bank robberies in Bellingham and three others in Shoreline and Lynwood during July. Source: http://www.bellinghamherald.com/2014/08/12/3798364/bank-robber-story.html?sp=/99/101/

7. August 12, Chicago Sun-Times – (Illinois) ‘No Boundaries Bandit’ strikes 9th bank since May. The FBI reported that a suspect known as the “No Boundaries Bandit” was responsible for the robbery of a Park Federal Savings branch in Chicago August 11, the ninth robbery in the metro Chicago area linked to the suspect. Source: http://voices.suntimes.com/news/breaking-news/no-boundaries-bandit-strikes-9th-bank-since-may/
 
Information Technology Sector

29. August 13, Softpedia – (International) New Google Chrome 36 Stable fixes 12 vulnerabilities. Google released an update for its Chrome browser, closing 12 vulnerabilities. The new version also includes the latest version of Adobe Flash Player. Source: http://news.softpedia.com/news/New-Google-Chrome-36-Stable-Fixes-12-Vulnerabilities-454790.shtml

30. August 13, Softpedia – (International) iOS malware hijacks revenue from 22 million ads. A researcher published a paper detailing the operation of the AdThief (also known as Spad) malware that infected around 75,000 jailbroken iOS devices and stole ad revenue from around 22 million ads. The researcher found that the revenue was diverted to the attackers using a Cydia Substrate extension to modify the ads developer ID to one used by the attackers. Source: http://news.softpedia.com/news/iOS-Malware-Hijacks-Revenue-from-22-Million-Ads-454866.shtml

31. August 13, Softpedia – (International) Kovter ransomware thrives in Q2 2014, reaches 43,713 infections in a single day. Damballa released its State of Infections report for the second quarter (Q2) of 2014 and found that the daily infection rate of the Kovter ransomware increased by around 153 percent between April and May, infecting 43,713 systems in one day. Source: http://news.softpedia.com/news/Kovter-Ransomware-Thrives-in-Q2-2014-Reaches-43-713-Infections-In-A-Single-Day-454891.shtml

32. August 12, Softpedia – (International) Adobe Reader and Acrobat zero-day vulnerability patched in 11.0.08. Adobe released an out-of-band patch for Adobe Acrobat and Adobe Reader to close a vulnerability in Windows versions of the software that could allow attackers to bypass sandbox protections. Attackers were observed exploiting the vulnerability in targeted attacks and all users were advised to update their installations as soon as possible. Source: http://news.softpedia.com/news/Adobe-Reader-and-Acrobat-11-0-08-Patches-Zero-Day-Vulnerability-454752.shtml

33. August 12, IDG News Service – (International) Microsoft’s Patch Tuesday updates focus on Internet Explorer. Microsoft released its August round of Patch Tuesday updates August 12, which addressed 37 vulnerabilities in Microsoft products including 26 patches for Internet Explorer and a critical vulnerability in OneNote. Source: http://www.computerworld.com/s/article/9250332/Microsoft_s_Patch_Tuesday_updates_focus_on_Internet_Explorer

34. August 12, Softpedia – (International) Seven critical Flash Player vulnerabilities fixed in new version. Adobe released an update for its Adobe Flash Player product that closes seven critical security vulnerabilities. Source: http://news.softpedia.com/news/Seven-Critical-Flash-Player-Vulnerabilities-Fixed-in-New-Version-454753.shtml

35. August 12, IDG News Service – (International) 15 new vulnerabilities reported during router hacking contest. A security contest held at the DefCon 22 conference resulted in researchers identifying and reporting 15 new vulnerabilities in 5 popular models of wireless routers. Source: http://www.computerworld.com/s/article/9250322/15_new_vulnerabilities_reported_during_router_hacking_contest

36. August 12, Dark Reading – (International) Security holes exposed in Trend Micro, Websense, open source DLP. Two researchers from Duo Security and Tumblr presenting at the Black Hat conference reported identifying several cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities in four commercial data loss prevention (DLP) products and one open-source DLP product that could allow attackers to access or manipulate data. The majority of the flaws were in the products’ Web-based interfaces. Source: http://www.darkreading.com/vulnerabilities---threats/security-holes-exposed-in-trend-micro-websense-open-source-dlp-/d/d-id/1297966

37. August 12, Softpedia – (International) New Android malware Krysanec infects legitimate apps. Researchers at ESET identified a new remote access trojan (RAT) for Android devices known as Krysanec that is integrated into legitimate apps and can allow attackers to remotely control various device functions and steal information. The malware is being spread through several methods, including social networks and pirated content Web sites. Source: http://news.softpedia.com/news/New-Android-Malware-Krysanec-Takes-Photos-Records-Audio-454754.shtml

Communications Sector

Nothing to report