Complete DHS Report for
May 4, 2015
Daily Report
Top Stories
· The U.S.
Department of Energy reported April 30 that the agency will pay New Mexico $73
million in projects for violations that led to a radiation leak in February
2014. – Reuters
1. May 1,
Reuters – (New Mexico) U.S. Government to pay New Mexico $73
million over radiation leak. U.S. Department of Energy officials reported
April 30 that the agency will pay New Mexico $73 million in projects in and
around the Waste Isolation Pilot Plant in Carlsbad for violations at the plant
and at the Los Alamos National Laboratory that led to a radiation leak in
February 2014. Projects include road improvements, nuclear waste transportation
routes, storm-water management upgrades, and the construction of an emergency
operations center. Source: http://in.reuters.com/article/2015/05/01/us-usa-new-mexico-nuclear-idINKBN0NM2X020150501
· The U.S.
Department of Justice announced a $20 million pilot program May 1 to extend the
use of police body cameras in order to help enhance transparency, advance
public safety, and promote accountability. – NBC News
16. May 1,
NBC News – (National) Police body cams: DOJ unveils $20M program
to expand use. The U.S. Department of Justice announced a $20 million pilot
program May 1 to extend the use of police body cameras in order to help enhance
transparency, advance public safety, and promote accountability. Source: http://www.nbcnews.com/storyline/baltimore-unrest/body-worn-cameras-get-20m-federal-pilot-amid-baltimore-protests-n351721
·
Federal authorities announced April 29 that 13 current and former law
enforcement officers from North Carolina and Virginia were charged in
connection to allegedly protecting cocaine and heroin shipments along the East
Coast. – WTVD 11 Durham
17. May 1,
WTVD 11 Durham – (North Carolina; Virginia) 13 current and former
North Carolina and Virginia law enforcement officers indicted. Federal
authorities announced April 29 that 13 current and former law enforcement
officers from North Carolina and Virginia, along with 2 civilians, were charged
in connection to allegedly protecting cocaine and heroin shipments along the
East Coast. The officers and civilians were charged with allegedly
collaborating to distribute controlled substances and conspire to use firearms
in relation to drug trafficking offenses. Source: http://abc11.com/news/13-current-and-former-law-enforcement-officers-indicted/688835/
· AT&T
and its former subsidiary, Southern New England Telephone agreed to pay a
combined $10.9 million in penalties April 29 to resolve an investigation by the
U.S. Federal Communications Commission for overbilling the FCC’s Lifeline
program. – U.S. Federal Communications Commission See item 22 below in the Communications Sector
Financial Services Sector
4. April
30, KESQ 42 Palm Springs – (National) 2 men arrested with
hundreds of fraudulent credit cards. Two individuals were arrested April 29
in Palm Desert for burglary, fraud, identity theft, and possession of stolen
property after authorities discovered hundreds of manufactured credit cards,
purchased gift cards, and stolen clothing and electronics from several local
businesses in a rental car. Investigators allege the pair racked up tens of
thousands of dollars in fraudulent charges in the area with stolen credit card
numbers from victims across the U.S. Source: http://www.kesq.com/news/2-men-arrested-with-hundreds-of-fraudulent-credit-cards/32671160
For another story, see item 20 below
in the Information Technology Sector
Information Technology Sector
18. May 1,
Securityweek – (International) Security bug in ICANN portals exploited to
access user data. The Internet Corporation for Assigned Names and Numbers
(ICANN) released April 30 initial findings from an investigation revealing that
a vulnerability in two of the organizations generic top-level domain (gTLD) portals
had resulted in the exposure of 330 advanced search result records pertaining
to 96 applicants and 21 registry operators since April 2013. The organization
plans to contact both the affected users and those who exploited the
vulnerability to access the records. Source: http://www.securityweek.com/security-bug-icann-portals-exploited-access-user-data
19. May 1,
Help Net Security – (International) Unnoticed for years, malware turned Linux and
BSD servers into spamming machines. Security researchers at ESET discovered
that servers running BSD and Linux operating systems (OS) worldwide have been
targeted for the past 5 years by a group that compromised systems via a
backdoor trojan that would use a commercial automated e-mail distribution
system to send out anonymous emails. Source: http://www.net-security.org/malware_news.php?id=3030
20. May 1,
Threatpost – (International) Dyre banking trojan jumps out of sandbox. Security
researchers at Seculert discovered a new strain of the Dyre banking trojan,
called Dyreza, that evades detection by checking for the number of processor
cores running on an infected machine, and terminating itself if there is only
one. The researchers also noted that the new strain changed to a new user agent
and included other minor updates to avoid signature-based detection products.
Source: https://threatpost.com/dyre-banking-trojan-jumps-out-of-sandbox/1125
21. April 30,
Threatpost – (International) MySQL bug can strip SSL protection from connections.
Researchers at Duo Security identified a serious vulnerability in how versions
of Oracle’s MySQL database product handle requests for secure connections, in
which an attacker could use a man-in-the-middle (MitM) attack to force an unencrypted
connection and intercept unencrypted queries from the client to the database.
In this scenario, the attack could occur regardless of whether or not the
server is toggled to require secure socket layer (SSL). Source: https://threatpost.com/mysql-bug-can-strip-ssl-protection-from-connections/112513
Communications Sector
22. April 29, U.S. Federal Communications Commission –
(National) AT&T and SNET to pay $10.9 million for overbilling Lifeline
program. AT&T and its former subsidiary Southern New England Telephone
(SNET) agreed to pay a combined $10.9 million in penalties April 29 to resolve
an investigation by the U.S. Federal Communications Commission (FCC) for
overbilling the FCC’s Lifeline program by providing service to landline
customers without recertifying eligibility within the time limit set. Source: https://www.fcc.gov/document/att-and-snet-pay-109-million-overbilling-lifeline-program