Friday, May 15, 2015




Complete DHS Report for May 15, 2015

Daily Report

Top Stories

 · An estimated 198,000 gallons of household wastewater spilled into La Volla Creek in Corpus Christi, Texas, May 13 from a flooded sewage line. – Corpus Christi Caller-Times

18. May 14, Corpus Christi Caller-Times – (Texas) 198,000 gallons of wastewater seep into creek. An estimated 198,000 gallons of household wastewater spilled into La Volla Creek in Corpus Christi May 13 from a flooded sewage line near the Greenwood Wastewater Treatment Plant, prompting a precautionary boil advisory for area residents until the water supply is tested. Source: http://www.caller.com/news/local-news/weather/198000-gallons-of-wastewater-seep-into-creek_10234019

  · The U.S. Attorney’s Office in Tampa announced May 13 that CVS Health Corp., will pay $22 million in a settlement to resolve allegations that 2 of its pharmacies in Florida sold non-prescribed painkillers. – Reuters

19. May 13, Reuters – (Florida) CVS pays $22 million to resolve Florida painkiller probe. The U.S. Attorney’s Office in Tampa announced May 13 that CVS Health Corp., will pay $22 million in a settlement to resolve allegations that 2 of its pharmacies in central Florida sold painkillers that were not prescribed for legitimate medical purposes. Federal agents discovered that the pharmacies ordered about 3 million oxycodone pills in 2011 and ignored red flags that the prescriptions were not legitimate. Source: http://www.reuters.com/article/2015/05/13/us-cvs-health-settlement-idUSKBN0NY2O920150513

 · OSIsoft advised customers to mitigate an incorrect default permissions vulnerability in its PI Asset Framework (PI AF) that could potentially lead to information disclosure, data tampering, privilege escalation, and/or denial-of-service (DoS) conditions. – Securityweek

26. May 13, Securityweek – (International) Flaw found in OSIsoft product deployed in critical infrastructure sectors. OSIsoft advised customers to mitigate an incorrect default permissions vulnerability in its PI Asset Framework (PI AF) in which an unauthorized remote attacker could leverage “Trusted Users” group status in some product installations to execute arbitrary structured query language (SQL) statements on the affected system, potentially leading to information disclosure, data tampering, privilege escalation, and/or denial-of-service (DoS) conditions. Source: http://www.securityweek.com/flaw-found-osisoft-product-deployed-critical-infrastructure-sectors

 · Downington, Pennsylvania police declared the North Park Plaza strip mall a total loss May 14 after 10 businesses and both floors of the mall were severely damaged in a May 12 fire. – Chester County Daily Local News

28. May 14, Chester County Daily Local News – (Pennsylvania) Officials call fire a ‘total loss.’ Downingtown Police declared the North Park Plaza strip mall a total loss May 14 after 10 businesses and both floors of the mall were severely damaged in a May 12 fire. Preliminary reports estimated that the total amount of damage exceeded $4 million, and officials determined that the fire began in a florist shop. Source: http://www.dailylocal.com/general-news/20150513/officials-call-fire-a-total-loss

Financial Services Sector

9. May 13, Reuters – (Connecticut) Connecticut fund executive faces new SEC fraud charges. The U.S. Securities and Exchange Commission charged and froze the assets of a former Oak Investment Partners venture capital executive from Greenwich, May 13, alleging that the suspect transferred $27.5 million worth of investors’ funds to himself, induced his firm to overpay for investments into 2 Asian e-commerce companies for which he pocketed $20 million, and induced the firm to pay I-Cubed Domains LLC $7.5 million for its stake in an e-commerce company without disclosing that he and his wife owned I-Cubed Domains and had purchased the stake for $2 million. Source: http://www.reuters.com/article/2015/05/13/sec-ahmed-fraud-idUSL1N0Y42NC20150513

10. May 13, Philadelphia Business Journal – (Pennsylvania) Delco mortgage lender charged with $9.7M fraud scheme. A former co-owner of Folsom-based Capital Financial Mortgage Corporation was charged May 13 for his role in a $9.7 million mortgage fraud scheme in which he allegedly defrauded lenders including Wells Fargo & Co., and Customers Bank into purchasing second mortgages that he represented as first mortgages and defrauded other lenders that loaned money to the company on a warehouse line of credit. Authorities claim he used the fraudulent profits to pay for personal expenses. Source: http://www.bizjournals.com/philadelphia/morning_roundup/2015/05/delco-mortgage-lender-charged-with-9-7m-fraud.html

11. May 13, Lake View Patch – (Illinois) FBI increases reward for serial ‘Bandage Bandit’ bank robbery suspect. The FBI increased the reward for information leading to the arrest of the bank robber dubbed the “Bandage Bandit” to $10,000, after a May 9 robbery at a Chase Bank in Chicago was attributed to him, bringing the total to 5 robberies since March. Source: http://patch.com/illinois/lakeview/fbi-increases-reward-serial-bandage-bandit-bank-robber-suspect

Information Technology Sector

23. May 14, Softpedia – (International) Cisco TelePresence vulnerable to unauthorized root access, denial of service. Cisco reported two vulnerabilities in versions of its TelePresence TC and TE video conference products in which an attacker could exploit improper authentication protocols for internal services to bypass authentication and obtain root access on the system, and a flaw in the network drivers in which an attacker could use specially crafted internet protocol (IP) packets sent at a high rate to cause a denial-of-service (DoS) condition. Source: http://news.softpedia.com/news/Cisco-TelePresence-Vulnerable-to-Unauthorized-Root-Access-Denial-of-Service-481183.shtml

24. May 14, V3.co.uk – (International) APT17 DeputyDog hackers are pushing Blackcoffee malware using TechNet. Research by FireEye revealed that the APT17 threat group used posts and profiles on the TechNet blog as a way to conceal their use of the Blackcoffee backdoor by embedding strings that the malware would decode to find and communicate with the malware’s true command-and-control (C&C) server. The TechNet blog was not compromised and the operation was shut down, but FireEye warned that other groups may mimic the tactic. Source: http://www.v3.co.uk/v3-uk/news/2408533/apt17-deputydog-hackers-are-pushing-blackcoffee-malware-using-technet

25. May 13, Threatpost – (International) XSS, CSRF vulnerabilities identified in WSO2 Identity Server. Researchers at SEC Consult discovered three cross-site scripting (XSS), cross-site request forgery (CSRF), and extensible markup language (XML) external injection vulnerabilities in version 5.0.0 of WSO2 Identity Server that could allow an attacker to take over a victim’s session, add arbitrary users to the server, or inject arbitrary XML entities. Source: https://threatpost.com/xss-csrf-vulnerabilities-identitified-in-wso2-identity-server/112789

26. May 13, Securityweek – (International) Flaw found in OSIsoft product deployed in critical infrastructure sectors. OSIsoft advised customers to mitigate an incorrect default permissions vulnerability in its PI Asset Framework (PI AF) in which an unauthorized remote attacker could leverage “Trusted Users” group status in some product installations to execute arbitrary structured query language (SQL) statements on the affected system, potentially leading to information disclosure, data tampering, privilege escalation, and/or denial-of-service (DoS) conditions. Source: http://www.securityweek.com/flaw-found-osisoft-product-deployed-critical-infrastructure-sectors

For another story, see item 1 from the Energy Sector

1. May 13, Dark Reading – (International) Oil & gas firms hit by cyberattacks that forgo malware. Panda Lab researchers discovered a unique targeted attack campaign dubbed Phantom Menace that has infiltrated and stolen credentials from 10 international oil and gas maritime transportation companies since August 2013, via a spear-phishing email containing a fake Adobe PDF file utilizing a file transfer protocol (FTP) server. The attackers contact oil brokers and request a fee in exchange for fake barrels of oil sold at a discounted rate, which are never delivered. Source: http://www.darkreading.com/attacks-breaches/oil-and-gas-firms-hit-by-cyberattacks-that-forgo-malware/d/d-id/1320417

Communications Sector

27. May 13, Allentown Morning Call – (Pennsylvania) TV service disrupted for 12,000 Service Electric customers. About 12,000 Service Electric Cable TV & Communications Inc., customers in Leigh County lost television reception for approximately 2 hours May 13 after a satellite time server failed during routine database maintenance. Source: http://www.mcall.com/news/local/mc-service-electric-tv-outage-20150513-story.html