Complete DHS Report for
August 31, 2015
Daily Report
Top Stories
• Officials
released August 27 that California residents cut their water usage by 31
percent in July, surpassing government-mandated targets for the second month in
a row. – Sacramento Bee
15. August 27,
Sacramento Bee – (California) California residents cut water use 31 percent in
July. The California State Water Resources Control Board released August 27
that California residents cut their water usage by 31 percent in July,
surpassing government-mandated targets for the second month in a row. Source: http://www.msn.com/en-us/news/us/california-residents-cut-water-use-31-percent-in-july/ar-BBmaXAm
• Thousands of firefighters and U.S. military personnel
worked August 27 to contain over 60 wildfires that have burned nearly 1.7
million acres across western States. – Reuters
21. August 27,
Reuters – (National) Senate hearing on wildfires urged to help bolster
firefighting capabilities. Thousands of firefighters and U.S. military
personnel worked August 27 to contain over 60 wildfires that have burned nearly
1.7 million acres across western States. Source: http://www.reuters.com/article/2015/08/28/us-usa-wildfires-idUSKCN0QV29Y20150828
• A California woman pleaded guilty August 27 for her role
in an immigration fraud scheme that provided student visas to foreign nationals
netting as much as $6 million from citizens of South Korea, China, and other
nations. – Beverly Hills Patch
22. August 27,
Beverly Hills Patch – (California) Beverly Hills man charged in $6 million ‘pay to
stay’ immigration fraud. A Los Angeles woman pleaded guilty August 27 for
her role in an immigration fraud scheme that provided student visas to foreign
nationals, who never went to class, netting as much as $6 million from citizens
of South Korea, China, and other nations. The woman worked with a Beverly Hills
man who owns Koreatown schools Prodee University, Walter Jay M.D. Institute,
and the American College of Forensic Studies, among others. Source: http://patch.com/california/beverlyhills/beverly-hills-man-charged-6-million-pay-stay-immigration-fraud
• An August 27
fire destroyed a Linn County Sheriff’s Office substation in Oregon, causing an
estimated $900,000 in damage. – Portland Oregonian
27. August 27,
Portland Oregonian – (Oregon) Fire destroys Linn County Sheriff’s Office
substation in Mill City. An August 27 fire destroyed a Linn County
Sheriff’s Office substation in Mill City, causing an estimated $900,000 in
damage after the fire reportedly started when a city public works employee
parked small equipment in the building. Employees evacuated the building after
failing to extinguish the fire.
Financial Services Sector
4. August 27,
U.S. Department of the Treasury – (International) Settlement
agreement between the U.S. Department of the Treasury’s Office of Foreign
Assets Control and UBS AG. The Office of Foreign Assets Control announced a
$1.7 million settlement with UBS AG August 27 to resolve allegations that the
bank violated Global Terrorism Sanctions regulations through 222 transactions
related to securities held in custody in the U.S. for a client believed to have
committed, threatened to commit, or supported terrorism. Source: http://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20150827_33.aspx
5. August 27,
U.S. Department of Justice – (National) Business email compromise. The
FBI’s Internet Crime Complaint Center (IC3) released an advisory warning
corporations of Business Email Compromise (BEC) scams carried out through
social engineering or various computer intrusion techniques to conduct
unauthorized wire transfers, and cited a 270 percent increase in victims and
exposed losses since January. BEC scams accounted for over $747 million in
losses to 7,066 victims in all 50 States from October 2013 – August 2015. Source:
http://www.ic3.gov/media/2015/150827-1.aspx#fn2
6. August 27,
WCBS 2 New York City; Associated Press – (New York) $1.8 million
burglary of armored car company on Long Island foiled by alert officer. Nassau
County authorities were searching for 4 accomplices in an attempted August 16
robbery of $1.8 million from the Loomis Armored Inc., warehouse in Hicksville,
after an officer arrested another suspect and found cash in his vehicle’s trunk
on the night of the incident. The perpetrators reportedly used a sledgehammer
and hydraulic jack to access a vault containing $20 million. Source: http://newyork.cbslocal.com/2015/08/27/long-island-armored-car-company-robbery/
For another story, see item 34 below in the Information Technology Sector
Information Technology Sector
29. August 28,
Securityweek – (International) Moxa patches flaws in industrial ethernet
switches. Security researchers from Applied Risk discovered serious
privilege escalation, denial-of-service (DoS), and cross-site scripting (XSS)
vulnerabilities affecting Moxa industrial ethernet switches that could allow an
unauthenticated remote attacker to compromise the device and connected
industrial assets. Moxa recently released an update addressing nine heap-based
buffer overflow and classic buffer overflow vulnerabilities in its SoftCMS
closed-circuit television (CCTV) central management software. Source: http://www.securityweek.com/moxa-patches-flaws-industrial-ethernet-switches
30. August 28,
Securityweek – (International) Mozilla updates Firefox 40 to patch two
serious flaws. Mozilla released Firefox version 40.0.3 addressing a
use-after free vulnerability in which an attacker could crash Firefox or
execute arbitrary code with user privileges, and an add-on notification bypass through
data Uniform Resource Locator (URL) that an attacker could use to trick users
into installing a malicious add-on. Source: http://www.securityweek.com/mozilla-updates-firefox-40-patch-two-serious-flaws
31. August 28,
Securityweek – (International) Adobe releases hotfix to patch ColdFusion
vulnerability. Adobe released a hotfix addressing a vulnerability in
ColdFusion in which a security hole could be exploited to compromise data
security, affecting LiveCycle Data Services and BlazeDS. Source: http://www.securityweek.com/adobe-releases-hotfix-patch-coldfusion-vulnerability
32. August 28,
Softpedia – (International) Phishing costs an average company up to $3.7
million per year. A Wombat Security Technologies report carried out on 377
U.S. organizations revealed that an average-sized organization can lose up to
$3.77 million per year in extrapolated costs due to phishing attacks, that 48%
of the costs come from productivity losses in mitigating the attacks, and that
uncontained malware attacks can cause industry losses up to $105 million, among
other findings.
33. August 27,
Threatpost – (International) BitTorrent patch throttles reflective DDoS
attacks. BitTorrent released a patch addressing a libuTP protocol
vulnerability that could allow attackers to carry out User Datagram Protocol
(UDP) distributed reflection denial-of-service (DRDoS) attacks. Source: https://threatpost.com/bittorrent-patch-throttles-reflective-ddos-attacks/114446
34. August 27,
SC Magazine – (International) DD4BC are DDoS attack driving force, new
report claims. VeriSign released findings from its “Distributed Denial of
Service (DDoS) Trends Report – 2nd Quarter 2015” revealing a period of
increased activity from the DDoS for Bitcoin (DD4BC) threat group, and that 22
percent of the attacks analyzed targeted the financial and payment sector.
Attacks by the group typically start with threats and demands for ransom,
followed by increased demands and ramped up DDoS attacks. Source: http://www.scmagazineuk.com/dd4bc-are-ddos-attack-driving-force-new-report-claims/article/435234/
Communications Sector
Nothing to report