Complete DHS Report for
December 2, 2015
Daily Report
Top Stories
• The former New York State Assembly speaker was charged
November 30 for 7 counts of honest services fraud, extortion, and money
laundering after gaining $4 million in kickbacks. – New York Times See item 9 below in the Financial Services Sector
• Plano, Texas officials reported November 30 that heavy
rainfall and overflows in aged pipes caused more than 300,000 gallons of water
to leak from 8 sewage spills over the weekend of November 28. – Dallas
Morning News
14. November
30, Dallas Morning News – (Texas) Several sewage spills over weekend
did not harm Plano’s public water supply, city says. Plano officials
reported November 30 that more than 300,000 gallons of water leaked from 8
sewage spills over the weekend of November 28, prompted by heavy rainfall and
overflows in aged underground pipes. Authorities reported that the pipes would
be repaired and that there was no threat to public drinking water. Source: http://planoblog.dallasnews.com/2015/11/several-sewage-spills-over-weekend-did-not-harm-planos-public-water-supply-city-says.html/
• An audit of the Louisiana State University (LSU) Health
Care Services Division revealed November 30 that nearly $6 million in
state-owned hospital equipment could not be located and over $15 million in
equipment for the LSU Medical Center was not properly recorded. – Associated
Press
16. November
30, Associated Press – (Louisiana) $6 million in equipment missing from state
hospitals, audit says. An audit of the Louisiana State University (LSU)
Health Care Services Division conducted by the State’s legislative auditor was
released November 30 and found that nearly $6 million in state-owned hospital
equipment could not be located and that over $15 million in equipment bought
for the LSU Medical Center in New Orleans was not properly recorded and tagged
before it was turned over to the hospital operator. LSU stated that it is
working to locate and properly tag all medical equipment purchased.
• Schneider Electric released updates for its ProClima product
addressing a remote control execution (RCE) flaw that can enable a remote
attacker to execute unauthorized code via ActiveX controls connected to
Internet Explorer. – Securityweek See item 23 below
in the Information Technology Sector
Financial Services Sector
7. December
1, InsideNoVa.com – (Virginia) Fairfax police arrest 4 in credit-card scheme. Fairfax
County Police arrested 2 men November 23 for allegedly buying 21 iPhone 6S Plus
smartphones worth more than $19,000 with fraudulent credit cards at the Apple
store in Tysons Corner Center shopping mall in Virginia. An investigation of
the suspects’ vehicle led to the discovery of 241 fraudulent credit cards as
well as the arrest of two more suspects involved in the scheme. Source: http://www.insidenova.com/news/crime_police/fairfax/fairfax-police-arrest-in-credit-card-scheme/article_07d5317e-9795-11e5-bc22-3b35b28f28ec.html
8. November
30, U.S. Securities and Exchange Commission – (International) Standard
Bank to pay $4.2 million to settle SEC charges. Officials from the U.S.
Securities and Exchange Commission (SEC) reported November 30 that London-based
Standard Bank Plc was charged with violating the Foreign Corrupt Practices Act
by failing to disclose a payment of $6 million made by the Bank affiliate to a
firm with no substantial role in a $600 million debt transaction with the
Government of Tanzania in 2013. The Bank agreed to pay the SEC $4.2 million in
settlements and is also facing action on the part of the United Kingdom’s
Serious Fraud Office. Source: http://www.sec.gov/news/pressrelease/2015-268.html
9. November
30, New York Times – (New York) Ex-New York Assembly speaker, is found guilty on
all counts. The former speaker of the New York State Assembly was found
guilty in New York City November 30 on 7 counts of honest services fraud,
extortion, and money laundering for his role in a scheme in which he gained $4
million in kickbacks from a cancer research center and 2 real estate firms that
he subsequently hid in Weitz & Luxenberg firm. Source: http://www.nytimes.com/2015/12/01/nyregion/sheldon-silver-guilty-corruption-trial.html
10. November
30, WWLP 22 Springfield – (Massachusetts) Florida man charged with
wire fraud in western Mass. A Florida man was charged November 30 for his
role in an investment scheme from 2008 – 2012 in which he falsely promised 23
investors inflated returns on $600,000 worth of investments of which he used
some for personal gain. The suspect also wrote 40 bad checks worth nearly $1.8
million when investors asked for their money back. Source: http://wwlp.com/2015/11/30/florida-man-charged-with-wire-fraud-in-western-mass/
Information Technology Sector
22. December
1, Securityweek – (International) Unpatched flaws allow hackers to compromise
Belkin routers. A researcher discovered multiple vulnerabilities affecting
Belkin’s N150 wireless home routers, including an HTML/script injection that
affects the “language” parameter present and causes the device’s web interface
to become inoperable; a session hijacking vulnerability that allows an attacker
to easily obtain data through a brute force attack due to the fixed state of
the session ID as a hexadecimal string; and a remote control access flaw that
allows an attack to gain root privileges, among other vulnerabilities. Source: http://www.securityweek.com/unpatched-flaws-allow-hackers-compromise-belkin-routers
23. December
1, Securityweek – (International) Schneider patches RCE flaws in ProClima
software. Schneider Electric released security updates for its ProClima
product addressing a series of vulnerabilities, including a remote control
execution (RCE) flaw that can enable a remote attacker to execute unauthorized
code via ActiveX controls connected to the Internet Explorer web browser. The
products were distributed to the U.S. and Europe and affect sectors such as
energy, critical manufacturing, and commercial facilities. Source: http://www.securityweek.com/schneider-patches-rce-flaws-proclima-software
24. December
1, Securityweek – (International) Videofied Alarm System flaws allow hackers to
intercept data. Researchers from U.K.-based Cybergibbons identified high
severity vulnerabilities in RSI Video Technologies’ Videofied alarm systems including
the CVE-2015-8252 and CVE-2015-8253 flaws that allows remote attackers to
obtain the device’s authentication key from its serial number transmitted
through plain text and enables hackers to spoof alarms and intercept data
including messages and videos in the form of plain text and MJPEG files. The
vulnerabilities affect devices sold in over 70 countries. Source: http://www.securityweek.com/videofied-alarm-system-flaws-allow-hackers-intercept-data
25. November
30, Securityweek – (International) OpenSSL to patch several vulnerabilities. The
OpenSSL Project announced November 30 that it will be releasing scheduled
updates December 3 addressing several OpenSSL vulnerabilities, including
several threats ranging from low to high security levels including flaws that
can be exploited remotely to compromise server private key, vulnerabilities
that disclose contents of server memory, and flaws where remote code execution
is possible in common situations. Source: http://www.securityweek.com/openssl-patch-several-vulnerabilities
Communications Sector
26. December
1, WDTN 2 Dayton – (National) Time Warner Cable recovering from massive outage. Time
Warner Cable worked to restore Internet and cable services December 1 following
a reported outage that affected over 16,000 customers across several States
November 30.