Thursday, September 17, 2015



Complete DHS Report for September 17, 2015

Daily Report                                            

Top Stories

 • A September 15 rain storm in California prompted 100 residents to evacuate, left 10,000 customers without power overnight, and caused all lanes of 710 Freeway to shut down. – KTLA 5 Los Angeles

7. September 16, KTLA 5 Los Angeles – (California) Record rainfall wreaks havoc on SoCal roads, prompting evacuations and leaving thousands without power. A September 15 rain storm in Southern California prompted 100 residents to evacuate from an assisted living facility, left 10,000 Department of Water and Power customers without power overnight, and caused all lanes of 710 Freeway in Bell, California, to shut down after up to two-inches of rain flooded Los Angeles County. Several SigAlerts were issued after multiple collisions occurred.Source: http://ktla.com/2015/09/15/rain-moves-into-southern-california-overnight-flood-advisory-issued-in-parts-of-l-a-county/

 • Residents in Utah and Arizona were issued boil water advisory September 14 due to a flash flood that damaged and killed 16 people and injured several others. – CNN

18. September 16, CNN – (Utah) Floods in Utah kill 16, leave four missing. Residents in Hildale, Utah, and Colorado City, Arizona, were issued boil water advisory September 14 after a flash flood damaged surrounding areas and carried vehicles and debris throughout the city, killing 16 people and injuring several others. Source: http://www.cnn.com/2015/09/15/us/utah-arizona-flooding/index.html

 • A Los Angeles-based surgeon was charged in an indictment unsealed September 15 for working with 14 associates to bilk insurance companies out of $150 million through unnecessary operations performed by untrained staff. – Associated Press

20. September 16, Associated Press – (California) California surgeon charged in $150M insurance scam. A Los Angeles-based orthopedic surgeon was charged in an indictment unsealed September 15 for working with 14 associates to bilk insurance companies out of $150 million through unnecessary operations performed by untrained staff. The orthopedic surgeon allegedly conspired to pay attorneys and marketers up to $10,000 a month to illegally refer patients, 21 of which sustained lasting scars and required additional surgeries. Source: http://www.foxnews.com/us/2015/09/16/california-surgeon-charged-in-150-million-insurance-scam/

 • A Russian national pleaded guilty September 15 to leading a hacking and data breach scheme that compromised the Nasdaq stock market and payment systems at several companies, resulting in losses of over $300 million between 2005 and 2012. – Agence France-PresseSee item 35 below in the Information Technology Sector


Financial Services Sector

5. September 15, U.S. Attorney’s Office Southern District of New York – (National) Two defendants plead guilty in Manhattan federal court for their roles in orchestrating $18.5 million mortgage modification fraud scheme. Two men pleaded guilty September 15 for their roles in a mortgage modification scheme which defrauded over 8,000 homeowners out of more than $18.5 million by charging homeowners exorbitant fees for promised mortgage modifications that were never provided.

6. September 15, Reuters – (International) RBS in $129.6 mln mortgage securities deal with U.S. regulator. The Royal Bank of Scotland Group PLC (RBS) agreed September 15 to pay $129.6 million to the National Credit Union Administration to resolve allegations that RBS ignored underwriting guidelines and sold toxic mortgage-backed securities to now-failed credit unions.Source: http://www.reuters.com/article/2015/09/15/rbs-settlement-mbs-idUSL1N11L2R020150915

For additional stories, see item 20 above in Top Stories and item 35 below in the Information Technology Sector

Information Technology Sector

29. September 16, Securityweek – (International) Major malvertising operation went undetected for three weeks. Security researchers from Malwarebytes discovered a malvertising campaign affecting Web sites of several major companies including eBay, Drudge Report, and Answers.com, in which attackers were able to redirect victims to malware-serving Web sites containing the Angler exploit kit (EK) by loading ads through a rogue ad server. The campaign went undetected for nearly three weeks, and 46 percent of the affected users were in the U.S. Source: http://www.securityweek.com/major-malvertising-operation-went-undetected-three-weeks

30. September 16, Help Net Security – (International) Persistent XSS flaw in SharePoint 2013 revealed, patched. Microsoft patched a persistent cross-site scripting (XSS) vulnerability in SharePoint 2013 in which an attacker could obtain information about a user’s operating system (OS), browser, plugins, and other information in order to steal sensitive information, gain control of the system, and download and execute malicious code remotely. Source: http://www.net-security.org/secworld.php?id=18860

31. September 16, Securityweek – (International) WordPress patches XSS, privilege escalation vulnerabilities. The developers of WordPress released version 4.3.1 content management system (CMS) addressing 3 vulnerabilities and 26 bugs, including a cross-site scripting (XSS) flaw related to the processing of shortcode tags in which an attacker could inject malicious JavaScript code into objects rendered on WordPress pages, a flaw that allows users to publish private “sticky” posts that can be combined with the XSS vulnerability, and a separate XSS vulnerability. Source: http://www.securityweek.com/wordpress-patches-xss-privilege-escalation-vulnerabilities

32. September 16, Help Net Security – (International) Android 5 bug allows attackers to easily unlock password-protected devices. The University of Texas at Austin Information Security Office discovered a lockscreen bypass vulnerability affecting Android version 5.1.1 in which an attacker could use a large string password with the camera app open to crash the password lockscreen and gain full access to the device. Google addressed the issue in Android 5.1.1 build LMY48M.Source: http://www.net-security.org/secworld.php?id=18858

33. September 16, Threatpost – (International) Bug in iOS allows writing of arbitrary files via AirDrop. Researchers from Azimuth Security discovered a vulnerability in a library of Apple’s iOS and OS X operating systems which an attacker could leverage via AirDrop with or without the user’s approval to execute a director traversal attack, and arbitrarily write files to any location in an affected device’s file system. Source: https://threatpost.com/bug-in-ios-and-osx-allows-writing-of-arbitrary-files-via-airdrop/114681/

34. September 15, The Register – (International) Thought Heartbleed was dead? Nope – hundreds of thousands of things still vulnerable to attack. The founder of the Shodan search engine reported that over 200,000 devices on the Internet are still vulnerable to the Heartbleed OpenSSL vulnerability discovered in 2014, including 57,272 devices in the U.S. The vulnerability allows an attacker to extract passwords and other sensitive information due to a missing bounds check that allowed repeated data checks from server memory. Source: http://www.theregister.co.uk/2015/09/15/still_200k_iot_heartbleed_vulns/

35. September 15, Agence France-Presse – (International) Russian pleads guilty in major hacking case. A Russian national arrested in 2012 and extradited to the U.S. in February 2015 pleaded guilty September 15 to leading a hacking and data breach scheme that compromised the Nasdaq stock market and payment systems at 7-Eleven, Carrefour, JC Penny, and other companies, resulting in losses of over $300 million between 2005 and 2012. Source: http://www.securityweek.com/russian-pleads-guilty-major-hacking-case

For another story, see item 24 below from the Government Facilities Sector

24. September 16, Reuters – (National) Homeland Security websites vulnerable to cyber attack: Audit. The Office of the Inspector General for DHS released a report September 15 citing several deficiencies within DHS’ information systems including lapses in internal systems used by several agencies that may allow unauthorized individuals to gain access to sensitive data, and the need to establish a cyber-training program for analysts and investigators, among other findings.

Communications Sector

36. September 14, WJXX 25 Jacksonville; WTLV 12 Jacksonville – (Florida) Retirement community upset over phone and internet outages. All 450 AT&T customers residing in The Cascades in St. Augustine, were without phone or Internet service for 5 days following severe weather that damaged landline service. Crews repaired the damage landline September 14. Source: http://www.firstcoastnews.com/story/news/2015/09/14/--not--inconvenience---dangerous/72279836/

For additional stories, see item 7 above in Top Stories and items 32 and 33 above in the Information Technology Sector