Complete DHS Report for May 2, 2016
Daily Report
Top Stories
• Officials announced charges April 28 against 25 Miami-area
defendants in 3 separate cases for their alleged roles in various schemes to
defraud Medicare of nearly $26 million in false claims through the Medicare D
program. – U.S. Department of Justice
12. April 28,
U.S. Department of Justice – (Florida) Twenty-five Miami-area
defendants charged with submitting $26 million in false claims to the Medicare
Part D program. The U.S. Department of Justice and Florida officials
announced charges April 28 against 25 Miami-area defendants in 3 separate cases
for their alleged participation in various schemes to defraud Medicare of
nearly $26 million in false claims through the Medicare D program. The suspects
reportedly submitted false claims for prescription drugs from at least eight
Miami-Dade County area pharmacies that were not medically necessary and not
provided to recruited Medicare beneficiaries.
• Security researchers reported that companies in all industries
may be at risk after finding that developers were leaving sensitive credentials
inside open-sourced code. – Softpedia See item 18 below in
the Information Technology Sector
• Officials reported April 29 that the Balmoral cruise ship was
docked at the Half Moone Cruise and Celebration Center in Norfolk, Virginia,
and 7 guests remained in isolation for norovirus following reports that 153
passengers had vomiting and diarrhea symptoms April 27. – WTKR 3 Norfolk
23. April 29,
WTKR 3 Norfolk – (Virginia) Cruise ship passengers in Norfolk isolated for
norovirus. Officials reported April 29 that the Balmoral cruise ship,
operated by Fred. Olsen Cruise Lines, was docked at the Half Moone Cruise and
Celebration Center in Norfolk, Virginia, and 7 guests remained in isolation for
norovirus following reports that 153 passengers had vomiting and diarrhea
symptoms April 27. The ship’s crew increased cleaning and disinfecting
procedures, collected stool samples from passengers, and sent the health and
sanitation manager to assist with implementing sanitation and outbreak
responses. Source: http://wtkr.com/2016/04/29/cruise-ship-in-norfolk-reportedly-quarantined-for-norovirus/
• The WBFF-TV news station building in Baltimore was evacuated for
several hours April 28 after a man armed with a fake vest bomb threatened to
blow up the building after being denied entry into the station’s lobby. – WBFF
45 Baltimore
24. April 28,
WBFF 45 Baltimore – (Maryland) Man in animal costume shot after making bomb
threat at Baltimore’s FOX45. The WBFF-TV news station building in Baltimore
was evacuated for several hours April 28 after a man dressed in a panda
“onesie” and armed with a fake vest bomb, allegedly threatened to blow up the
building after being denied entry into the station’s lobby when he insisted the
news station air a story saved on a flash drive. Police crews, a SWAT team, and
a bomb squad apprehended the man after shooting the suspect when he was
non-compliant with officers. Source: http://foxbaltimore.com/news/local/fox45-evacuated-after-reported-threat-vehicle-fire
Financial Services Sector
See item 18 below in
the Information Technology Sector
Information Technology Sector
18. April 28,
Softpedia – (International) Slack API credentials left in GitHub repos
open new door for corporate hacking. Security researchers from Detectify
Labs reported that companies in all industries may be at risk after finding
that developers were leaving sensitive credentials inside open-sourced code
following a scan on GitHub projects which revealed over 1,500 Slack access
tokens were available online. The access tokens could allow attackers to access
application program interfaces (APIs) and harvest user data, view Slack channel
conversations, group information, private messages, and automate the use of
Slack’s search feature. Source: http://news.softpedia.com/news/slack-api-credentials-left-in-github-repos-open-new-doors-for-corporate-hacking-503527.shtml
19. April 28,
Softpedia – (International) Google and Mozilla address security issues in
Chrome 50 and Firefox 46. Google released its newest web browser, Chrome
50.0.2661.94 which patched nine security flaws including two use-after-free
vulnerabilities, one vulnerability in the Blink engine’s V8 bindings, and one
vulnerability in the browser’s extensions component, among other patched flaws.
20. April 28,
Softpedia – (International) Microsoft patches Office 365 platform against
SAML exploit. Microsoft released a temporary patch for its Security
Assertion Markup Language (SAML) Service Provider implementation used for its
Office 365 platform after two security researchers found the product had an
authentication bypass vulnerability that allowed attackers to authenticate
themselves on a service and access user’s data on all shared domains. Microsoft
was working to release a permanent patch. Source: http://news.softpedia.com/news/microsoft-patches-entire-office-365-platform-against-saml-exploit-503517.shtml
21. April 28,
SecurityWeek – (International) OpenSSL to patch high severity
vulnerabilities. The OpenSSL Project reported that it will release OpenSSL
versions 1.0.2h and 1.0.1t May 3 to patch several flaws affecting the crypto
library as well as flaws rated as high-severity vulnerabilities.
22. April 28,
Agence France-Presse – (International) Pentagon working to ‘take out’ Islamic
State’s internet. Pentagon officials reported April 28 that the U.S. military’s
Cyber Command (CYBERCOM) was working to destroy the Islamic State’s Internet
connection and leave the terrorist group in virtual isolation by interrupting
the Islamic State’s command and control (C&C), interrupting the group’s
ability to move funds, and interrupting the group’s ability to recruit
externally, among other actions. The task will be the command’s first major
combat operation in relation to the Islamic State threat.
Communications Sector
See item 18 above in
the Information Technology Sector