Complete DHS Report for February 22, 2016
Daily Report
Top Stories
• California State officials announced February 18 that a
leaking natural gas well at the Aliso Canyon storage field in Porter Ranch was
permanently sealed and taken out of service. – Los Angeles Times
1. February
18, Los Angeles Times – (California) Porter Ranch gas leak
permanently capped, officials say. The California Department of
Conservation and Southern California Gas Company announced February 18 that a
leaking natural gas well at the Aliso Canyon storage field in Porter Ranch was
permanently sealed and taken out of service. The utility stated that it will
develop a plan to mitigate the damage caused by the leaking well, support new
regulations, and conduct a full inspection and testing of other wells at the
storage field before resuming injections. Source: http://www.latimes.com/local/lanow/la-me-ln-porter-ranch-gas-leak-permanently-capped-20160218-story.html
• Apple Inc., issued a recall February 18 for 814,000 of
its World Travel Adapter Kits and wall plug adapters due to electric shock
hazards. – U.S. Consumer Product Safety Commission
2. February
18, U.S. Consumer Product Safety Commission – (International) Apple
recalls travel adapter kits and plugs due to risk of electric shock. Apple
Inc., issued a recall February 18 for 814,000 of its World Travel Adapter Kits
and wall plug adapters due to electric shock hazards from two-prong wall plug
adapters that can break and expose the metal portion of the adapter after the
company received 12 reports of adaptors breaking and shocking consumers. An
additional 81,000 adapters were sold in Canada.
• A Federal report released February 19 found that improper
encryption and poorly trained employees helped expose the personal health information
of approximately 1 million South Carolina Medicaid patients to the risk of
cybertheft. – Associated Press
11. February
19, Associated Press – (South Carolina) SC Medicaid computer breach exposes data of
1 million. The U.S. Department of Health and Human Services’ Office of
Inspector General released a report February 19 which found that a 4 decade old
computer system without proper encryption and poorly trained employees helped
expose the personal health information of approximately 1 million South
Carolina Medicaid patients to the risk of cybertheft. The agency stated that it
has implemented safety measures suggested in the report, which also found no
evidence that any hacking of Medicaid data had occurred. Source: http://chronicle.augusta.com/news/government/2016-02-19/sc-medicaid-computer-breach-exposes-data-1-million
• Check Point researchers discovered that eBay’s platform
was susceptible to a JSF*** cross-site scripting (XSS) attack that was
exploited in the wild and allowed attackers to convert the site’s JavaScript
syntax into the JSF*** non-standard character set and insert it in the product
description field. – Softpedia See item 15 below
in the Information Technology Sector
Financial Services Sector
3. February
18, U.S. Securities and Exchange Commission – (International) VimpelCom
to pay $795 million in global settlement for FCPA violations. The U.S.
Securities and Exchange Commission (SEC) announced February 18 that VimpelCom
Ltd., agreed to pay a total of $795 million to the SEC, U.S. Department of
Justice, and Dutch regulators to resolve its violations of the Foreign Corrupt
Practices Act (FCPA) after the company paid an Uzbek government official tied
to the president of Uzbekistan at least $114 million in bribes while attempting
to enter the Uzbek telecommunications market and obtain government-issued
licenses, frequencies, channels, and number blocks. VimpelCom Ltd., funneled
the bribes through sham contracts and charitable contributions. Source: https://www.sec.gov/news/pressrelease/2016-34.html
4. February
18, Bowling Green Daily News – (Tennessee) BG man convicted
in federal wire fraud in Tennessee. The U.S. District Court in Eastern
Tennessee announced February 18 that a Bowling Green, Kentucky man was found
guilty for his role in a $15 million Ponzi scheme after he impersonated a
legitimate coal purchaser for New Century Coal and structured financial
transactions to conceal the diversion of more than 160 investor’s funds into
accounts used to pay for gambling trips, thoroughbred horses, racing cars, and
other personal expenses from 2011 – 2014. Nine other co-defendants pleaded
guilty to charges in connection with the scheme.
Information Technology Sector
15. February
19, Softpedia – (International) JSF***eBay XSS bug exploited in the wild,
despite the company’s fix. Security researchers from Check Point discovered
that eBay’s platform was susceptible to a JSF*** cross-site scripting (XSS)
attack that was exploited in the wild and allowed attackers to convert the
site’s JavaScript syntax into the JSF*** non-standard character set, disguise
the code to pass through eBay’s XSS filters, and store the character set in the
product’s description, allowing the malicious code to execute and infect a
system once the victim opens the eBay store. Source: http://news.softpedia.com/news/jsf-ebay-xss-bug-exploited-in-the-wild-despite-the-company-s-fix-500651.shtml
16. February
19, SecurityWeek – (International) Google pays $25,000 reward for critical
Chrome flaw. Google released an updated version for its Chrome Web browser
affecting Microsoft Windows, Apple Mac, and Linux systems after a security
researcher found a flaw in the Blink Web browser engine and Chrome sandbox
escape.
17. February
18, SecurityWeek – (International) “Locky” ransomware encrypts unmapped network
shares. Security researchers from BleepingComputer discovered that a new
ransomware named Locky uses the Advanced Encryption Standard (AES) encryption
algorithm to target certain file extensions after it creates and assigns a
unique 16 hexadecimal number to a victim’s computer and scans all unmapped
network shares and drives for files to encrypt. The ransomware renames
encrypted files to [unique_id][identifier].locky and deletes all Shadow Volume
Copies to prevent victims from restoring encrypted files. Source: http://www.securityweek.com/locky-ransomware-encrypts-unmapped-network-shares
Communications Sector
Nothing to report