Complete DHS Report for
July 1, 2015
Daily Report
Top Stories
· The U.S.
Department of Defense took the Joint Personnel Adjudication System offline
after the Office of Personnel Management announced plans June 29 to shut down
its e-QIP system for 4-6 weeks for security improvements. – Nextgov.com
5. June
30, Nextgov.com – (International) Pentagon, OPM shut down
background check systems. The U.S. Department of Defense Joint Personnel
Adjudication System was taken offline following the Office of Personnel
Management’s (OPM) June 29 announcement that the e-QIP system would be offline
4-6 weeks for security improvements. A vulnerability in the OPM tool that links
to JPAS was discovered during a probe of the recent OPM breach. Source: http://www.defenseone.com/technology/2015/06/pentagon-opm-shut-down-background-check-systems/116554/
· An
international law enforcement operation targeting airline fraudsters and
organized at 140 airports in 49 countries detained 130 individuals June 16 –
17. – Softpedia
8. June
30, Softpedia – (International) 130 arrested in global operation
against airline ticket fraudsters. An international law enforcement
operation targeting airline fraudsters and organized at 140 airports in 49
countries, detained 130 individuals for possessing airline tickets purchased
using stolen payment card data June 16 – 17. Source: http://news.softpedia.com/news/130-arrested-in-global-operation-against-airline-ticket-fraudsters-485663.shtml
·
Approximately 4,000 Baltimore residents and businesses were without water
service June 30 while crews replaced 2 underground valves after a 16-inch water
main break. – WBLA 11 Baltimore
12. June 30,
WBLA 11 Baltimore – (Maryland) Thousands remain without water in north Baltimore.
Approximately 4,000 Baltimore residents and businesses were without water
service June 30 while crews replaced 2 underground valves after a 16-inch water
main break. Repairs should be completed by the end of June 30. Source: http://www.wbaltv.com/news/thousands-to-lose-water-service-in-north-baltimore/33833834
·
The FBI and the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives
reported June 29 that an investigation is ongoing to determine if 5 church
fires were linked to arson in 4 southern States during the week of June 21. – Washington
Post
22. June 29, Washington Post – (National) Five predominately black southern churches burn within a week; arson suspected in at least three. The FBI and the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives reported June 29 that an investigation is ongoing to determine if 5 church fires were linked to arson in 4 southern States during the week of June 21. The motives remain unclear. Source: http://www.washingtonpost.com/news/morning-mix/wp/2015/06/29/six-predominately-black-southern-churches-burn-within-a-week-with-arson-suspected-in-at-least-three/
Financial Services Sector
6. June
30, WWLP 22 Springfield – (Massachusetts) 2 downtown Springfield
banks robbed, 3 suspicious packages left behind. Springfield officials are
investigating two bank robberies at a United Bank and a Bank of America in
Springfield, Massachusetts, after a suspect allegedly left three suspicious
packages and stole cash June 29. Source: http://wwlp.com/2015/06/29/downtown-springfield-bank-robbed-police-investigating-3-suspicious-packages/
For additional stories, see items 17 and 19 below in the Information Technology
Sector
Information Technology Sector
17. June 30, Softpedia – (International) Dridex
is the most prevalent banking malware in the corporate sector. SecurityScorecard
released findings from a report revealing that the Dridex banking trojan was
the most prevalent malware found in corporate environments from January – May,
primarily targeting the manufacturing and retail sectors, followed by the Beloh
and Tinba trojans, which targeted telecommunications and technologies
companies. Source: http://news.softpedia.com/news/dridex-is-the-most-prevalent-banking-malware-in-the-corporate-sector-485679.shtml
18. June 30, Securityweek – (International) Yahoo
patches SSRF vulnerability in image processing system: researcher. A
security researcher reported that Yahoo patched a server-side request forgery
(SSRF) vulnerability affecting all of its services that required images to be
processed in which an attacker could use the vulnerability to bypass controls
and access data on the affected system. Source: http://www.securityweek.com/yahoo-patches-ssrf-vulnerability-image-processing-system-researcher
19. June 29, Securityweek – (International) Many
organizations using Oracle PeopleSoft vulnerable to attacks: report. ERPScan
released findings from a report revealing that Oracle’s PeopleSoft contained
several vulnerabilities including information disclosure, extensible markup
language external entity (XXE), cross-site scripting (XSS), and authentication
bypass flaws as well as configuration-related issues that could allow an
attacker to breach PeopleSoft systems connected to the Internet. Source: http://www.securityweek.com/many-organizations-using-oracle-peoplesoft-vulnerable-attacks-report
For another story, see
item 5 above in Top Stories
Communications Sector
See item 17 above in the Information Technology
Sector