Wednesday, January 13, 2016



Complete DHS Report for January 13, 2016

Daily Report                                            

Top Stories

• The U.S. District Court for the Northern District of Texas entered a consent decree for permanent injunction January 11 against Downing Labs LLC, its two owners, and the pharmacist-in-charge to prevent them from distributing adulterated drugs in interstate commerce. – U.S. Department of Justice

12. January 11, U.S. Department of Justice – (Texas) District court enters permanent injunction to prevent Dallas compounding pharmacy and three individuals from distributing adulterated drugs. The U.S. District Court for the Northern District of Texas entered a consent decree for permanent injunction January 11 against Downing Labs LLC, its two owners, and the pharmacist-in-charge to prevent them from distributing adulterated drugs in interstate commerce at the McEwan Road Facility in Dallas, until their processes are compliant with the law. The complaint stems from multiple U.S. Food and Drug Administration investigations which found numerous deficiencies regarding the firm’s sterile drug production. Source: http://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-prevent-dallas-compounding-pharmacy-and-three

• Authorities are investigating a series of bomb threats made to at least 13 schools in Delaware, Maryland, and Virginia January 11 which prompted evacuations, some of which lasted for several hours. – Washington Post  

14. January 11, Washington Post – (National) Robo-calls delivered school bomb threats Monday, causing evacuations. Authorities are investigating a series of bomb threats made to at least 13 schools in Delaware, Maryland, and Virginia January 11 which prompted evacuations, some of which lasted for several hours. No injuries were reported and no suspicious devices were found. Source: https://www.washingtonpost.com/local/public-safety/robo-calls-delivered-school-bomb-threats-monday-causing-evacuations/2016/01/11/d3e46dae-b8b3-11e5-b682-4bb4dd403c7d_story.html

• eBay released patches for a cross-site scripting (XSS) vulnerability found on its official Web site after a researcher named MLT discovered the flaw allowed attackers to steal users’ credentials and abuse the stolen information. – Softpedia

24. January 12, Softpedia – (International) eBay bug allows hackers to steal user passwords. eBay released patches for a cross-site scripting (XSS) vulnerability found on its official Web site after a researcher named MLT discovered the flaw allowed attackers to steal users’ credentials and abuse the stolen information by creating an authentic-looking eBay login page using an PHP script that allowed the submitted information to be sent to an attacker’s server instead of eBay’s server. Source: http://news.softpedia.com/news/ebay-bug-allows-hackers-to-steal-user-passwords-498793.shtml

• A January 9 fire at a Harker Heights apartment complex displaced about 25 residents, damaged 24 units, and caused approximately $1 million in damages. – KWTX 10 Waco  

26. January 11, KWTX 10 Waco – (Texas) Local apartment fire causes estimated $1 million in damage. A January 9 fire at a Harker Heights apartment complex displaced about 25 residents, damaged 24 units, and caused approximately $1 million in damages. The cause of the fire is under investigation, but officials believe the incident was accidental.

Financial Services Sector

See item 21 below in the Information Technology Sector

Information Technology Sector

19. January 12, IDG News Service – (International) Mozilla Persona login system to shut down in November. Mozilla reported that its login system, Persona (persona.org) and related domains will be shut down November 30 due to limited resources and low customer usage within the last two years. The company will continue to maintain the system including providing security fixes and support, but will not introduce new features or produce major enhancements. Source: http://www.computerworld.com/article/3021772/internet/mozilla-persona-login-system-to-shut-down-in-november.html#tk.rss_security

20. January 12, SecurityWeek – (International) Google researcher finds RCE flaws in Trend Micro product. Trend Micro released updates for its Password Manager product addressing a remote code execution (RCE) flaw, security feature flaws, and several application program interface (API) flaws, among others, that exposed nearly 70 APIs to the Internet, which could have enabled an attacker to steal user passwords without the consent or knowledge of the user. Source: http://www.securityweek.com/google-researcher-finds-rce-flaws-trend-micro-product

21. January 11, Softpedia – (International) WhatsApp users targeted by sneaky spam campaign. Researchers from Comodo discovered that the Nivdort malware has been using WhatsApp users to steal information about a victim’s computer and send the collected information to a command-and-control server (C&C) where hackers can send additional malware, including banking trojans, complex spyware, or point-of-sale (PoS) malware via spam email campaigns that contain malicious file attachments disguised as WhatsApp messages, images, audio, or video files. Source: http://news.softpedia.com/news/whatsapp-users-targeted-with-sneaky-spam-campaign-498729.shtml

22. January 11, Softpedia – (International) US DHS just spent $1.7 million to develop better DDoS protection tech. DHS awarded a $1.7 million contract to Galois, a U.S. Research and Development company to help develop a new technology dubbed, DDoS Defense for Community of Peers (3DCoP) that will mitigate and stop denial-of-service (DDoS) attacks by detecting, tracking, and preventing ongoing attacks via a unique traffic flow monitoring capability that will find patterns of interest. Source: http://news.softpedia.com/news/us-dhs-just-spent-1-7-million-to-develop-better-ddos-protection-tech-498752.shtml

23. January 11, Softpedia – (International) Smartwatches can be used to spy on your card’s PIN code. A software engineer released a report titled, Deep-Spying: Spying using Smartwatch and Deep Learning that introduces a new theoretical attack that can allow attackers to extract sensitive information including credit card information or phone access personal information number (PIN) codes by interpreting data from a smartphone’s motion sensor and making an analogy to each PIN pad’s keystrokes. Source: http://news.softpedia.com/news/smartwatches-can-be-used-to-spy-on-your-card-s-pin-code-498756.shtml

For additional stories, see item 17 below from the Government Facilities Sector and 24 above in Top Stories

Communications Sector

Nothing to report