Wednesday, April 13, 2016



Complete DHS Report for April 13, 2016

Daily Report                                            

Top Stories

• Indiana Michigan Power Co., reported that it is continuing to investigate and clean up an April 8 spill at its Donald C. Cook Nuclear Plant in Bridgman, Michigan, after a transformer failed and spilled about 25,000 gallons of oil. – Detroit Free Press

1. April 11, Detroit Free Press – (Michigan) SW Michigan nuclear plant cleaning up after oil spill. Indiana Michigan Power Co., reported that it is continuing to investigate and clean up an April 8 spill at its Donald C. Cook Nuclear Plant in Bridgman, Michigan, after a transformer failed and spilled about 25,000 gallons of oil inside the facility, while about 2,000 gallons of the oil spilled outside the facility. No radioactive threat was reported. Source: http://www.freep.com/story/news/local/michigan/2016/04/11/cook-nuclear-plant-oil-spill/82901742/

• The U.S. Department of Justice reached a $5.06 billion settlement with Goldman Sachs Group, Inc. April 11 related to the firm’s conduct in the sale, and issuance of residential mortgage-backed securities from 2005 – 2007. – U.S. Department of Justice See item 4 below in the Financial Services Sector

• The U.S. Department of Justice announced April 8 that it reached a $1.2 billion settlement with Wells Fargo & Company after the bank admitted to falsely certifying that many of its 2001 – 2008 home loans qualified for Federal Housing Administration insurance. – Reuters See item 5 below in the Financial Services Sector

• An April 10 water main break in Milledgeville, Georgia, forced the closure of more than 150 businesses and temporarily halted all patient admittance at Oconee Regional Medical Center. – Milledgeville Union Recorder

12. April 11, Milledgeville Union Recorder – (Georgia) Water main break disrupts lives of thousands. Milledgeville, Georgia was placed under a boil water advisory April 10 following an April 9 water main break in Fishing Creek that forced the closure of more than 150 businesses and schools, 2 local colleges and the temporarily cessation of patient admittance into the Oconee Regional Medical Center. Source: http://www.unionrecorder.com/news/water-main-break-disrupts-lives-of-thousands/article_2094f2b8-003f-11e6-9ea9-830cedc34dde.html

Financial Services Sector

4. April 11, U.S. Department of Justice – (National) Goldman Sachs agrees to pay more than $5 billion in connection with its sale of residential mortgage backed securities. The U.S. Department of Justice announced April 11 that Goldman Sachs Group, Inc., agreed to pay a total of $5.06 billion to settle charges related to the firm’s conduct in the packaging, securitization, marketing, sale, and issuance of residential mortgage-backed securities from 2005-2007 after the firm falsely assured prospective investors that the securities it sold were backed by sound mortgages, thereby causing billions of dollars in losses to financial institutions. As part of the settlement, Goldman Sachs must pay a civil penalty, provide monetary relief to homeowners and distressed borrowers, and pay a fine to settle claims with other Federal and State entities, among other requirements.

5. April 9, Reuters – (National) Wells Fargo admits deception in $1.2 billion U.S. mortgage accord. The U .S. Department of Justice announced April 8 that it reached a $1.2 billion settlement with Wells Fargo & Company and resolved claims with a former vice president after the bank admitted to falsely certifying that many of its home loans qualified for Federal Housing Administration insurance from 2001-2008, and failing to file timely reports on several thousand loans with material defects from 2002-2010. The agreement also resolved claims by Federal prosecutors in California that Wells Fargo-owned American Mortgage Network, LLC allegedly issued false loan certifications. Source: http://www.reuters.com/article/us-wellsfargo-settlement-idUSKCN0X52HK

Information Technology Sector

23. April 12, SecurityWeek – (International) Ramdo Click-Fraud malware continues to evolve. Security researchers from Dell SecureWorks and Palo Alto Networks released an analysis on the Ramdo click-fraud malware, also known as Redyms, which stated that the Ramdo malware was capable of downloading and installing additional malicious software on infected devices after it tricks users into selecting an online ad from other infection systems. The report stated that while the malware was not very sophisticated, its operators were actively working on implementing new features and methods to avoid detection and prevent analysis. Source: http://www.securityweek.com/ramdo-click-fraud-malware-continues-evolve

24. April 11, SecurityWeek – (International) WordPress.com pushes free HTTPS to all hosted sites. WordPress reported that it will host all free Hypertext Transfer Protocol Secure (HTTPS) traffic for all custom domains including blogs and Web sites which will ensure users are provided with only secured, HTTPS traffic. Source: http://www.securityweek.com/wordpresscom-pushes-free-https-all-hosted-sites

25. April 11, SecurityWeek – (International) Malware found in IoT cameras sold by Amazon. The co-founder of Proctorio discovered that a set of security cameras sold from Amazon.com, Inc., were infected with malware after finding that an iframe, brenz_pl/rc/, was linked to a malicious Web site when connecting to a personal computer that could potentially allow attackers remote control, remote access, and to control components in a targets’ home. Source: http://www.securityweek.com/malware-found-iot-cameras-sold-amazon

26. April 11, Softpedia – (International) “ID Ransomware” website helps identify ransomware infections. An independent security researcher launched a new Web site named ID Ransomware that will help ransomware victims recover their encrypted files without paying the ransomware fee by allowing users to upload their encrypted files to the Web site where a thorough analysis will be conducted to notify victims which ransomware variant has locked their computers or files. Once the Web site detects the ransomware type, users will receive a link to download a decrypter to unlock encrypted files. Source: http://news.softpedia.com/news/id-ransomware-website-helps-identify-ransomware-infections-502814.shtml

27. April 11, Softpedia – (International) Jigsaw ransomware threatens to delete your files, free decrypter available. Security researchers from @MalwareHunterTeam discovered a new ransomware dubbed Jigsaw was infecting computers with an unknown infection method and threatening victims to pay the ransomware fee by targeting 226 different file types, encrypting each file with an Advanced Encryption Standard (AES) algorithm, and adding the .fun extension at the end of each file name. Researchers advised victims to download the JigSawDecrypter to decrypt locked files. Source: http://news.softpedia.com/news/jigsaw-ransomware-threatens-to-delete-your-files-free-decrypter-available-502824.shtml

28. April 8, SecurityWeek – (International) Google improves safe browsing for Network Admins. Google reported that it made improvements to its Safe Browsing Alerts for Network Administrators service that will inform administrators about Universal Resource Language (URL) related to malicious software, potentially unwanted programs (PUPs), and social engineering, as well as inform users about compromised pages on their networks that can allegedly harm users via drive-by downloads or exploits. Source: http://www.securityweek.com/google-improves-safe-browsing-network-admins

For another story, see item 29 below in the Communications Sector

Communications Sector

29. April 11, SecurityWeek – (International) Malware changes router DNS settings via mobile devices. Security researchers from Trend Micro discovered a JavaScript malware dubbed, JS_JITON can allow attackers to access a home router’s device and change its Doman Name Server (DNS) settings as the malware’s code includes 1,4000 combinations of common credential and was seen distributed via compromised Web sites from a mobile device. Researchers noted that only the ZTE modem exploit was active and the malware is executed solely from a mobile device.