Complete DHS Report for
December 7, 2015
Daily Report
Top Stories
• A December 3 explosion at the Ramsey Natural Gas
Processing Plant near Orla prompted over 250 oil workers to evacuate, caused a
10-mile evacuation radius, and left 2 workers with injuries. – Carlsbad
Current-Argus
2. December
3, Carlsbad Current-Argus – (Texas) Workers escape serious injury
after plant explosion. A December 3 explosion at the Anadarko Petroleum
Corporation-operated Ramsey Natural Gas Processing Plant near Orla, Texas,
prompted over 250 oil workers to evacuate, caused a mandatory evacuation of
people within a 10-mile radius, and left 2 workers with minor injuries.
Operations at the plant were reduced and the cause of the explosion is under
investigation. Source: http://www.currentargus.com/story/news/local/new-mexico/2015/12/03/major-explosion-texas-gas-plant/76723494/
• The U.S. Department of Justice unsealed a 92-count
indictment December 3, charging numerous members of the International
Federation of Association Football’s (FIFA) Executive Committee for their in
role in a 24-year racketeering, wire fraud, and money laundering scheme. – U.S.
Department of Justice See
item 7 below in the Financial Services Sector
• Chipotle Mexican Grill, Inc. announced December 4 that it
would overhaul its food-safety procedures and adapt all recommendations
following a multi-State E. coli outbreak that sickened 45 people and forced
restaurants closures in 2 States.– USA Today
12. December
4, USA Today – (National) Chipotle overhauls safety standards after E. coli
outbreak. Chipotle Mexican Grill, Inc. officials announced December 4 that
it would overhaul its food-safety procedures and adapt all recommendations sent
by Seattle-based IEH Laboratories following a multi-State E. coli outbreak that
sickened 45 people and forced restaurants in Oregon and Washington to close
November 20. Source:
http://www.usatoday.com/story/money/2015/12/04/chipotle-commits-new-standards-after-ecoli-outbreak/76774132/
• A carbon monoxide leak at Horace Mann Elementary School
in Chicago caused 14 staff members and 139 students to be transported to area
hospitals as a precaution December 3. – Chicago Sun-Times
24. December
3, Chicago Sun-Times – (Illinois) More than 100 hospitalized after CO incident at
South Side school. A carbon monoxide leak December 3 at Horace Mann
Elementary School in Chicago caused 14 staff members and 139 students to be transported
to area hospitals as a precaution. The school was evacuated and classes will be
held in an annex building until the school building is deemed safe for
re-entry. Source: http://chicago.suntimes.com/news/7/71/1149755/south-side-elementary-school-evacuated-high-co-levels
Financial Services Sector
5. December
4, Southern California City News Service – (California) Ex-Beverly
Hills broker charged in $200 million stock scheme. A Los Angeles man was
taken into custody December 3 amid Federal charges that he and a German hedge
fund manager defrauded investors of more than $200 million from September 2004
to September 2007 by making illegal trades to boost the value of their co-owned
company, Absolute Capital Management Holdings. The indictment also states that
the suspect lied about $10 million in illicit profits in a secret bank account
on the Cook Islands. Source: http://www.dailynews.com/general-news/20151203/ex-beverly-hills-broker-charged-in-200-million-stock-scheme
6. December
3, U.S. Department of Justice – (Georgia) Former bank teller
pleads guilty to theft of public money. A Columbus woman pleaded guilty in
Federal court December 3 to one-count of theft of public money while she worked
at a Suntrust Bank branch from February 2013 to May 2014 in which she cashed
approximately 361 fraudulent tax returns to the U.S. Internal Revenue Service
worth $780,760.17 for numerous people in exchange for a fee. Source: http://www.justice.gov/opa/pr/former-bank-teller-pleads-guilty-theft-public-money
7. December
3, U.S. Department of Justice – (International) Sixteen
additional FIFA officials indicted for racketeering conspiracy and corruption. Officials
from the U.S. Department of Justice unsealed a 92-count indictment December 3
that charged numerous high-ranking members of the International Federation of
Association Football’s (FIFA) Executive Committee, Confederation of North,
Central American, and Caribbean Association of Football (CONCACAF), and other
suspects with ties to global soccer organizations for their role in a 24-year
racketeering, wire fraud, and money laundering scheme in which soccer officials
accepted over $200 million in bribes to sell lucrative media rights for
tournaments and matches. Source: http://www.justice.gov/opa/pr/sixteen-additional-fifa-officials-indicted-racketeering-conspiracy-and-corruption
Information Technology Sector
25. December
3, Securityweek – (International) Ponmocup botnet still actively used for
financial gain. Researchers from Fox-IT released a report stating that the
malware Ponmocup botnet has infected more than 15 million devices since 2009
and that its infrastructure consists of different components used to deliver,
install, execute, and control the malware to prevent researchers from
reengineering it. The botnet infects a device via encryption and stores its
components in different locations to evade detection, while using different
domains for installation, stealing file transfer protocol (FTP) and Facebook
credentials to allow hackers to spread the malware. Source: http://www.securityweek.com/ponmocup-botnet-still-actively-used-financial-gain
26. December
3, Securityweek – (International) Heartbleed, other flaws found in Advantech
ICS Gateways. Researchers from Rapid7 discovered that the newest firmware
versions for Advantech Modbus gateway products including EKI-136X, EKI-132X,
and EKI-122X were susceptible to Heartbleed attacks and Shellshock attacks
which can be exploited via the Boa web server by administering any of the shell
scripts in /www/sgi-bin. The vulnerabilities were tested with the genuine
binaries in an emulator environment with a Metasploit module. Source: http://www.securityweek.com/heartbleed-other-flaws-found-advantech-ics-gateways
27. December
3, Securityweek – (International) OpenSSL patches moderate severity
vulnerabilities. OpenSSL Project released updates to its cryptographic
software library versions 1.0.2e, 1.0.1q, 1.0.0t, and 0.9zh, patching 3
vulnerabilities including the CVE-2015-3193 flaw that can produce incorrect
results on x86_64 systems via exploitation against RSA algorithms, Digital
Signature Algorithms (DSA), and Diffie-Hellman (DH) algorithms; the
CVE-2015-3194 flaw that can administer denial-of-service (DoS) attacks; and the
CVE-2015-3195 flaw that can leak system memory when presented with a malformed
X509_ATTRIBUTE structure. Source: http://www.securityweek.com/openssl-patches-moderate-severity-vulnerabilities
28. December
3, Softpedia – (International) Linux users targeted by new Rekoobe trojan. Security
researchers from Dr. Web reported that an updated version of the trojan,
Linux.Rekoobe.1 can target Linux personal computers (PCs) running on Intel
chips in 32-bit and 64-bit architectures by using the XOR algorithm to stop
researchers from detecting the trojan. The malware includes the functionality
to download files from its command-and-control (C&C) server, upload files to
the C&C server, and execute commands on the local shell, allowing attackers
to deliver powerful payloads on infected systems. Source: http://news.softpedia.com/news/linux-users-targeted-by-new-rekoobe-trojan-497085.shtml
For another story, see item 29 below in the Communications Sector
Communications Sector
29. December
3, Securityweek – (National) Popular mobile modems plagued by zero-day flaws. Security
researchers with Positive Technologies tested mobile broadband modems and
routers from Huawei, Gemtek, Quanta, and ZTE and found that the 3G/4G devices
were vulnerable to remote code execution, had cross-site scripting (XSS)
vulnerabilities, and lacked cross-site request forgery (CSRF) protection, among
other issues, leaving the devices open to attackers for exploitation. Huawei
was the only vendor that released firmware updates addressing the
vulnerabilities, out of the four companies tested. Source: http://www.securityweek.com/popular-mobile-modems-plagued-zero-day-flaws