Thursday, March 31, 2016



Complete DHS Report for March 31, 2016

Daily Report                                            

Top Stories

• A clogged utility line in Woodland Park caused approximately 660,000 gallons of raw sewage to spill into Fountain Creek March 28, prompting Colorado Springs Utilities to open overflow pits to separate sewage. – KOAA 5 Pueblo

14. March 29, KOAA 5 Pueblo – (Colorado) More than 600,000 gallons of sewage spill into Fountain Creek. A clogged utility line in Woodland Park caused approximately 660,000 gallons of raw sewage to spill into Fountain Creek March 28, prompting Colorado Springs Utilities to open overflow pits to separate any sewage that made it through. The raw sewage dissipated into the soil of the dried creek and health officials posted signs warning residents of the spill. Source: http://www.koaa.com/story/31594658/more-than-600000-gallons-of-sewage-spills-into-fountain-creek

• Michigan authorities announced March 29 that at least 13 former and current principals in the Detroit Public Schools system were charged in a conspiracy scheme involving over $900,000 in kickbacks and bribes in exchange for doing business worth $2.7 million with Allstate Sales. – NBC News

19. March 29, NBC News – (Michigan) Feds charge 13 Detroit Public School principals in $900K kickback scheme. Michigan authorities announced March 29 that at least 13 former and current principals in the Detroit Public Schools system were charged in a conspiracy scheme involving over $900,000 in kickbacks and bribes in exchange for doing business worth $2.7 million with Allstate Sales, a vendor that provides school supplies. Source: http://www.nbcnews.com/news/us-news/feds-charge-13-detroit-public-school-principals-900k-kickback-scheme-n547341

• A security researcher discovered that hundreds of thousands of Internet of Things (IoT) printers were susceptible to attacks after finding that many IoT printers did not require authentication when connecting to the device. – SecurityWeek See item 25 below in the Information Technology Sector

• Two separate building fires March 29 caused a total of about $600,000 in damages, prompted the closure of surrounding roads, and the evacuation of nearby areas in Salt Lake City. – KSL 5 Salt Lake City

29. March 29, KSL 5 Salt Lake City – (Utah) 2 Salt Lake fires cause up to $600K in damage. Salt Lake City officials reported March 29 that 2 separate large building fires caused a total of about $600,000 in damages, prompted the closure of surrounding roads, and the evacuation of nearby areas after one of the blazes allegedly began from an overheated fluorescent light ballast. Officials stated another fire began in a Salt Lake City warehouse March 28 after a fire used to keep people warm ignited propane bottles inside the facility. Source: https://www.ksl.com/?sid=39096233&nid=960&title=2-salt-lake-fires-cause-up-to-600k-in-damage

Financial Services Sector

3. March 29, WCBS 2 New York City – (New York) Police: 2 men wanted in ATM skimming device incidents in Brooklyn, Queens. Officials from the New York City Police Department and the FBI are searching March 29 for two men suspected of installing and removing ATM skimming devices at five different TD Bank locations in Brooklyn and Queens, New York, from September 2015 – November 2015.

4. March 29, Softpedia – (International) Repeated DDoS attacks force Coinkite Bitcoin wallet to close down web service. One of the first Web-based bitcoin wallet services, Coinkite reported March 28 that it will be closing down its Web-based wallet service with the intention of solely developing its hardware products after their services received constant denial-of-service (DDoS) attacks for the past three years. The company warned users of potential phishing scams that will trick users into revealing their account credentials or tricking users into sending bitcoins to the wrong account. Source: http://news.softpedia.com/news/repeated-ddos-attacks-force-coinkit-bitcoin-wallet-to-close-down-web-service-502335.shtml

5. March 28, Middletown Times Herald-Record – (New York) Montgomery man pleads guilty in $2.5 million fraud case. Two Pennsylvania men and a New York resident pleaded guilty March 28 to Federal charges alleging that the trio defrauded banks from 2007 – 2015 by lying about their income in order to secure over $2.5 million in fraudulent loans and lines of credit from banks and credit unions, then defaulting on the loans. Officials from the U.S. Attorney’s Office for the Southern District of New York stated that the trio used the loans to pay off credit card purchases, business expenses, and other loans to conceal the fraud. Source: http://www.recordonline.com/article/20160328/NEWS/160329452

6. March 28, U.S. Department of Justice – (National) Connecticut insurance salesman convicted of tax fraud. The U.S. Department of Justice Tax Division announced March 28 that a Connecticut-based insurance salesman was found guilty of tax fraud after he attempted to obstruct the U.S. Internal Revenue Service (IRS) by filing 3 false tax returns for 2007, including a fraudulent request for a $14 million refund, sending false and threatening correspondence to the IRS to defeat its assessment, collection, and investigative efforts, and by submitting threatening correspondence to those insurance companies that cooperated with IRS activities. Officials stated the salesman also established nominee entities to divert his insurance commissions in order to conceal assets and prevent the IRS from collecting on his tax liabilities. Source: https://www.justice.gov/opa/pr/connecticut-insurance-salesman-convicted-tax-fraud

Information Technology Sector

24. March 29, SecurityWeek – (International) “Vaccine” available for CTB-Locker, Locky, TeslaCrypt. French cybersecurity company, Lexsi released a “vaccine” that can improve users’ computer defenses against ransomware including CTB-Locker, Locky, and TeslaCrypt and stated that users can create a specific mutex or registry key, or change the simple system parameter as long as the modification does not pose an inconvenience to other users. Source: http://www.securityweek.com/vaccine-available-ctb-locker-locky-teslacrypt

25. March 29, SecurityWeek – (International) Thousands of printers “hacked” to spew anti-semitic flyers. A security researcher discovered that hundreds of thousands of Internet of Things (IoT) printers were susceptible to attacks after finding that many IoT printers did not require authentication when connecting to the device. The researcher found the vulnerability when using Masscan, a mass Internet Protocol (IP) scanner that collected all vulnerable printers in its vicinity. Source: http://www.securityweek.com/thousands-printers-hacked-spew-anti-semitic-fliers

26. March 29, Softpedia – (International) vBulletin servers hacked, admins force password reset for all users. A company official for vBulletin.org and vBulletin.com reported that its Web domains went offline from March 24 – March 25 for a non-scheduled maintenance outage and forced its users to reset their passwords after hackers accessed the company’s vBulletin Germany (VGB) servers that carry user information. The exploit was allegedly reported to have used the content management system (CMS) used to run the company’s VGB’s presentation site. Source: http://news.softpedia.com/news/vbulletin-servers-hacked-admins-force-password-reset-for-all-users-502331.shtml

For additional stories, see item 4 below in the Financial Services Sector, item 20 below from the Government Facilities Sector and item 28 below from the Commercial Facilities Sector

20. March 29, SecurityWeek – (National) Marine Corps activates cyber warfare group. The U.S. Marine Corps activated a new Cyberspace Warfare Group (MCCYWG) in Fort Meade, Maryland, March 25 which will help train and equip Marine Cyberspace mission teams to perform defensive and offensive cyber operations in support of the U.S. Cyber Command and U.S. Marine Corps Forces Cyberspace Command. The unit is active and will be fully operational in fiscal year 2017.

28. March 29, Softpedia – (International) Magento stores targeted by new KimcilWare ransomware. Security researchers from MalwareHunterTeam discovered a new ransomware dubbed KimcilWare was targeting Magento online stores and Web servers by encrypting users’ Magento store files and adding the “.kimcilware” extension to each file, thus making the store inoperable. Researchers reported the ransomware was in its early stages of activity and were unsure about its mode of operation. Source: http://news.softpedia.com/news/magento-stores-targeted-by-new-kimcilware-ransomware-502328.shtml

Communications Sector

Nothing to report

Wednesday, March 30, 2016



Complete DHS Report for March 30, 2016

Daily Report                                            

Top Stories

• The U.S. Coast Guard worked March 29 to clean approximately 11,500 gallons of crude oil that spilled and reached the Bayou Teche while a tank was being filled at PSC Industrial Outsourcing in Louisiana March 28. – WAFB 9 Baton Rouge; Associated Press

1. March 29, WAFB 9 Baton Rouge; Associated Press – (Louisiana) Contractor reportedly cleaning more than 11,000 gallons of oil due to spill near Charenton. The U.S. Coast Guard was working to clean March 29 approximately 11,500 gallons of crude oil that spilled and reached the Bayou Teche while a tank was being filled at PSC Industrial Outsourcing in Louisiana March 28. The spill prompted a shelter in place advisory for nearby residents, the closure of LA 98, and the closure of the Bayou Teche to all commercial boat traffic between Jeanerette and Charenton for several hours. Source: http://www.ksla.com/story/31584484/charenton-sorrel-area-residents-under-shelter-in-place-advisory-due-to-chemical-spill

• A dust storm that passed through San Bernardino County March 28 led to a 15-car pileup near California 18 and Rabbit Springs Road that left 28 people injured. – Los Angeles Times

12. March 28, Los Angeles Times – (California) Dust storm triggers 15-vehicle pile-up in Lucerne Valley; 28 people injured. A dust storm that passed through San Bernardino County March 28 led to a 15-car pileup near California 18 and Rabbit Springs Road that left 28 people injured.

• Rainfall and melting snow led to the discharge of more than 49 million gallons of treated wastewater after 3 of Saginaw’s retention treatment basins overflowed March 24 – March 27. – Saginaw News

15. March 28, Saginaw News – (Michigan) 49 million gallons of treated sewage discharged into Saginaw River. Rainfall and melting snow led to the discharge of more than 49 million gallons of treated wastewater into the Saginaw River after 3 of Saginaw’s retention treatment basins overflowed beginning March 24 through March 27. Source: http://www.mlive.com/news/saginaw/index.ssf/2016/03/49_million_gallons_of_treated.html

• MedStar Health Inc., reported March 28 that a computer virus forced its records systems offline in Washington, D.C and Maryland, leaving patients unable to book appointments and locking staff out of email access. – Associated Press (See item 16)

16. March 29, Associated Press – (Maryland; Washington, D.C.) FBI probing virus behind outage at MedStar Health facilities. MedStar Health Inc., reported March 28 that a computer virus forced its records systems offline for thousands of patients and doctors in Washington, D.C and Maryland, leaving patients unable to book appointments and kept staff locked out of email accounts. The FBI is assisting in the investigation. Source: http://www.newscenter1.tv/story/31582141/fbi-probing-virus-behind-outage-at-medstar-health-facilities

Financial Services Sector

7. March 29, Softpedia – (National) TreasureHunt PoS malware linked to illegal credit card sharing forum. Researchers from FireEye reported that a new strain of point of sale (PoS) malware, dubbed TreasureHunt was being used by BearsInc, a cyber-crime group, to power its malicious campaign targeting small businesses and banks in the U.S. that have not yet transitioned to the new Europay, MasterCard, and Visa (EMV) chip and Personal Identification Number (PIN) card system. The new strain adds a registry key for boot persistence to a device, scans the device’s memory for credit card information, and encodes and sends the data to a command and control (C&C) server.

8. March 29, McDonough Henry Herald – (Georgia) Miami men arrested for possessing over 100 fraudulent bank cards. Two Florida men were arrested in Henry County, Georgia, March 22 after authorities found 187 fraudulent bank cards and 2 electronic card skimming devices in the pair’s vehicle after a Police Department K-9 unit detected the illicit materials during a traffic stop, prompting a search of the vehicle. Source: http://www.henryherald.com/news/miami-men-arrested-for-possessing-over-fraudulent-bank-cards/article_b7a3c22e-dfb4-5589-a9b7-22762fd24a66.html

9. March 28, U.S. Securities and Exchange Commission – (New York) Securities professional charged with defrauding institutional investors. The U.S. Securities and Exchange Commission charged a New York-based securities professional March 28 after he allegedly solicited approximately $95 million from 2 institutional investors by offering promissory notes issued by Irving Place III SPV LLC, a shell entity with no legitimate business operations, obtained a $25 million investment in November 2015 and used the funds for personal use, and attempted to solicit an additional $70 million from 2 investors using false and misleading statements. The U.S. Attorney’s Office for the Southern District of New York announced March 28 parallel criminal charges against the securities officer. Source: https://www.sec.gov/news/pressrelease/2016-58.html

10. March 28, KHON 2 Honolulu – (International) Honolulu man arrested in credit card scheme involving cyber black market. FBI officials arrested a man from Hawaii March 28 after he allegedly purchased information on the cyber black market to obtain credit cards from Russia, China, and Vietnam as part of an elaborate scheme that used online credit card applications, temporary mail forwarding requests, burner phones, and shopping sprees to steal the identities of over 40 people, open 80 bank accounts with the stolen information, and accumulate over $100,000 in fraudulent credit card activity. Source: http://khon2.com/2016/03/28/fbi-arrests-honolulu-man-for-credit-card-fraud/

Information Technology Sector

21. March 28, Softpedia – (International) Flaw in Truecaller Android app leaves data of millions of users exposed. Security researchers from Cheetah Mobile Security Research Lab discovered a remotely exploitable flaw in the Truecaller app that exposed the personal information of millions of users and could allow attackers to modify users’ account settings through the application’s international mobile equipment identity (IMEI) code. Attackers could write scripts through query random IMEI codes to collect a user’s data and subsequently, use the collected data in spam or phishing campaigns.

22. March 28, SecurityWeek – (International) Zen Cart patches multiple XSS vulnerabilities. Zen Cart released an updated version to its online open source shopping cart application, Zen Cart 1.5.4 that patched several cross-site scripting (XSS) vulnerabilities after researchers from Trustwave found the flaws in the administrative section of Zen Cart that could result in access to cookies, sensitive information, or site defacement. Researchers advised users to upgrade their software to the latest version to avoid the flaws. Source: http://www.securityweek.com/zen-cart-patches-multiple-xss-vulnerabilities

23. March 28, Softpedia – (International) Facebook fixes Instagram issue that allowed account takeover. A Belgian security researcher discovered critical flaws in Instagram that could have allowed an attacker to reset emails attached to an account and reset the account’s password after Facebook was discovered printing sensitive Instagram user information on the Web page. In addition, an Insecure Direct Object Reference vulnerability allowed unauthenticated users to access other users’ information and could potentially allow an attacker to do the same. Source: http://news.softpedia.com/news/facebook-fixes-instagram-issue-that-allowed-account-takeover-502277.shtml

For another story, see item 7 above in the Information Technology Sector

Communications Sector

24. March 28, CNBC – (National) Sprint struck with multistate network problems. Sprint Corporation announced March 28 that network issues prompted a loss of service for customers across several States. All services were restored after crews spent several hours resolving the issue.