Wednesday, October 05, 2016
Complete DHS Report for October 05, 2016
• Approximately 6,000 gallons of untreated wastewater leaked into Lake Norman in North Carolina October 2 after roughly 7,000 gallons spilled from a broken 4-inch force main in Mooresville. – WCNC 36 Charlotte
9. October 3, WCNC 36 Charlotte – (North Carolina) 6000 gallons of wastewater spill into Lake Norman. Approximately 6,000 gallons of untreated wastewater leaked into Lake Norman in North Carolina October 2 after roughly 7,000 gallons spilled from a broken 4-inch force main near the Pier 33 Condominiums in Mooresville. Crews repaired the main and Aqua North Carolina officials were assessing the environmental impact. Source: http://www.wcnc.com/news/health/6000-gallons-of-wastewater-spill-into-lake-norman/328664151
• Tenet Healthcare Corporation and 2 of its Atlanta-based subsidiaries agreed October 3 to pay a total of more than $513 million after the medical centers allegedly paid kickbacks to the operators of prenatal care clinics in return for the referral of those patients for delivery medical services at Tenet hospitals. – U.S. Department of Justice
10. October 3, U.S. Department of Justice – (National) Hospital chain will pay over $513 million for defrauding the United States and making illegal payments in exchange for patient referrals; two subsidiaries agree to plead guilty. Tenet Healthcare Corporation and 2 of its Atlanta-based subsidiaries, Atlanta Medical Center Inc. and North Fulton Medical Center Inc. agreed October 3 to pay a total of more than $513 million to resolve charges and civil claims relating to a scheme where the medical centers allegedly paid bribes and kickbacks to the owners and operators of prenatal care clinics in return for the referral of those patients for labor and delivery medical services at Tenet facilities from 2013 – 2014. The charges also allege the companies falsely claimed patients’ childbirth costs would be covered by Medicaid and claimed patients were required to deliver their children at a Tenet hospital. Source: https://www.justice.gov/opa/pr/hospital-chain-will-pay-over-513-million-defrauding-united-states-and-making-illegal-payments
• Trend Micro security researchers warned that a mobile malware family, dubbed DressCode has infected over 3,000 apps distributed by several popular Android mobile markets, including the Google Play store. – SecurityWeek See item 18 below in the Information Technology Sector
• A 2-alarm fire at a Jamaica, New York apartment building October 3 damaged 70 units and prompted Consolidated Edison, Inc. to shut off power to parts of the complex after a man lit a container of gasoline on fire in an apartment unit. – WCBS 2 New York
19. October 3, WCBS 2 New York – (New York) Person in custody after fire breaks out in Jamaica, Queens building. A 2-alarm fire at a Jamaica, New York apartment building October 3 damaged 70 units and prompted Consolidated Edison, Inc. to shut off power to parts of the complex after a man lit a container of gasoline on fire in an apartment unit. Authorities stated the man was taken into custody at the scene.
Financial Services Sector
Nothing to report
Information Technology Sector
15. October 4, SecurityWeek – (International) EMC patches critical flaws in VMAX storage products. Dell EMC released patches resolving six vulnerabilities in versions 8.0.x – 8.2.x of its VMAX Unisphere Web-based management console and vApp Manager configuration and support tool for VMware deployments after researchers from Digital Defense, Inc. (DDI) discovered a critical vulnerability that can be exploited to add new admin users and compromise the virtual appliance, as well as a flaw that can be exploited by an unauthenticated attacker to execute arbitrary commands with root privileges and hijack the targeted appliance via maliciously crafted Action Message Format (AMF) messages, among other vulnerabilities.
16. October 4, Help Net Security – (International) Polyglot ransomware decryption tool released. Kaspersky Lab security researchers released a decryption tool for the Polyglot trojan, also known as MarsJoke, which allows victims to restore their files after finding that the trojan mimics the CTB-Locker ransomware, in that it uses a weak encryption key generator that allowed security researchers to develop a tool capable of unlocking a victim’s data. Source: https://www.helpnetsecurity.com/2016/10/04/polyglot-ransomware-decryption-tool-released/
17. October 3, SecurityWeek – (International) OpenJPEG flaw allows code execution via malicious image files. OpenJPEG released an update addressing several security flaws after Cisco Talos researchers discovered that the open-source library was plagued with an out-of-bounds heap write issue that could allow an attacker to execute arbitrary code on a targeted system when the victim opens a maliciously crafted JPEG2000 image or PDF document that contains a malicious file, among other vulnerabilities.
18. October 3, SecurityWeek – (International) DressCode malware infects 400 apps in Google Play. Trend Micro security researchers warned that a mobile malware family, dubbed DressCode has infected over 3,000 apps distributed by several popular Android mobile markets, including the Google Play store. The malware connects with the command and control (C&C) server, which turns the device into a proxy that can relay traffic between the attacker and internal servers that the device is connected to, thereby allowing the attacker to compromise the user’s network environment, download sensitive data, or use the device as a bot that can be leveraged for distributed denial-of-service (DDoS) attacks or spam email campaigns. Source: http://www.securityweek.com/dresscode-malware-infects-400-apps-google-play
See item 18 above in the Information Technology Sector