Complete DHS Report for May 5, 2016
Daily Report
Top Stories
• The U.S. Attorney’s Office for the Eastern District of New York
announced charges May 3 against 9 people for defrauding investors into
purchasing $131 million worth of ForceField Energy Inc., stocks from December
2009 – April 2015. – Reuters See item 7 below in
the Financial Services Sector
• The National Transportation Safety Board issued a report May 3
faulting the Washington Metropolitan Area Transit Authority (Metro) for failing
to properly install and maintain third-rail power cables, among other charges,
regarding a January 2015 Metro fire. – Associated Press
9. May 4,
Associated Press – (Washington, D.C.) Feds: Poor maintenance led to fatal DC
subway fire. The National Transportation Safety Board (NTSB) issued its
final report May 3 faulting the Washington Metropolitan Area transit Authority
(Metro) for failing to properly install and maintain third-rail power cables,
failing to install smoke detectors in tunnels, and failing to train its
employees on how to use fans, among other violations, regarding a January 2015
Metro fire incident where a subway train filled with smoke inside an
underground tunnel and killed one passenger while sickening a dozen others. In
addition, the NTSB faulted Metro for failing to make meaningful safety
improvements following a 2009 deadly collision, as well as failing to address
various safety issues in relation to the first fatal accident in 1982. Source: http://www.msn.com/en-us/news/us/feds-poor-maintenance-led-to-fatal-dc-subway-fire/ar-BBsAtdF
• The World Organization for Animal Health announced May 3 that
U.S. officials destroyed 39,000 turkeys in Jasper County, Missouri, due to an
outbreak of a mild form of H5N1 avian bird flu that was first detected in
April. – Reuters
12. May 3,
Reuters – (Missouri) U.S. kills 39,000 turkeys in outbreak of mild bird
flu - OIE. The World Organization for Animal Health announced May 3 that
U.S. officials destroyed 39,000 turkeys in Jasper County, Missouri, due to an
outbreak of a mild form of H5N1 avian bird flu that was first detected in
April. State authorities instituted a quarantine of the farm and have taken
surveillance measures to watch for other cases of the virus.
• The California Water Resources Control Board approved a $3.2
million grant May 3 to bring clean water to a mobile home park near Fresno,
where 36 households received uranium contaminated tap water for several years.
– Associated Press
16. May 3,
Associated Press – (California) $3.2 million grant to help cut uranium in
trailer park drinking water. The California Water Resources Control Board
approved a $3.2 million grant May 3 to bring clean water to the Double L Mobile
Rand Park located outside Fresno, where 36 households had received contaminated
tap water for several years after officials found dangerous levels of uranium
in the water. The grant will pay to install lines from a new well in a nearby
town to the trailer park. Source: http://sacramento.cbslocal.com/2016/05/03/3-2-million-grant-to-help-cut-uranium-in-trailer-park-drinking-water/
Financial Services Sector
6. May 4,
Associated Press – (Rhode Island) New York man pleads guilty to role in ATM
skimming scam. A New York man pleaded guilty May 3 to Federal charges for
his alleged role in a $709,000 ATM skimming scheme where the man installed
skimming devices on ATMs at banks across Rhode Island in order to steal account
information from 1,329 victims’ credit cards, and encoded the data onto
counterfeit credit cards which were used to make fraudulent purchases. Source: http://www.wacotrib.com/new-york-man-pleads-guilty-to-role-in-atm-skimming/article_1fc1f499-a961-5593-ac6b-7f6b59ed1a94.html
7. May 3,
Reuters – (National) 9 accused of losing investors $131M in ForceField
Energy scheme. The U.S. Attorney’s Office for the Eastern District of New
York announced May 3 charges against 9 stock promoters, brokers, and investor
relations officials for defrauding investors into purchasing worthless
ForceField Energy Inc., stock from December 2009 – April 2015 by secretly
trading the stock in undisclosed accounts, inflating trading volume to create a
false sense of demand, and concealing kickbacks to stock promoters and brokers,
causing investors $131 million in losses. The U.S. Securities and Exchange
Commission also filed related civil charges against the defendants.
Source: http://www.cnbc.com/2016/05/03/9-accused-of-losing-investors-131m-in-forcefield-energy-scheme.html
Information Technology Sector
20. May 4,
SecurityWeek – (International) Attackers exploit critical ImageMagick
vulnerability. Two security researchers discovered a remote code execution
(RCE) vulnerability dubbed, “ImageTragick,” was leveraged in the wild and found
in the open-source software, ImageMagick. Attackers could exploit the flaw to
gain access to the victim’s server by creating an exploit file and assigning
the file an image extension to bypass the security check, which tricks
ImageMagick into converting the malicious file and activating the malicious
code.
21. May 3,
Softpedia – (International) Stored XSS bug affects all bbPress WordPress
Forum versions. Automattic released its newest version of its WordPress
forum plugin, bbPress 2.5.9 that patched a stored cross-site scripting (XSS)
vulnerability after a security researcher from Sucuri found attackers could use
the bbPress user mention (@username) system to store malicious code inside
forum posts, allowing skilled attackers to craft malicious code to steal
cookies from forum admins and impersonate them with elevated privileged on the
WordPress backend. Source: http://news.softpedia.com/news/stored-xss-bug-affects-all-bbpress-wordpress-forum-versions-503646.shtml
22. May 3,
Softpedia – (International) MosQUito exploit stealing legitimate traffic
from WordPress and Joomla Websites. eZanga.com, Inc., published a list that
revealed 9,285 Web sites were affected by a malicious campaign dubbed, MosQUito
after discovering that hackers were searching for Web sites where the jQuery
JavaScript library was loaded and replaced with a malicious PHP file,
jQuery.min.php, to steal paid traffic from legitimate businesses and to
redirect victims to another Web site controlled by the attacker. Source: http://news.softpedia.com/news/mosquito-exploit-stealing-legitimate-traffic-from-wordpress-and-joomla-websites-503647.shtml
For another story, see item 4 below from the Critical Manufacturing Sector
4. May 3,
Softpedia – (International) Samsung smart home platform exposes door lock
codes. Researchers from the University of Michigan and Microsoft discovered
two security flaws within Samsung’s SmartThings smart home management platform
including a flaw which allowed SmartApps to access more operations on devices
than the apps’ functionality requires, and a flaw in SmartThings event
subsystem which did not sufficiently protect events that carry sensitive
information such as lock pincodes, allowing attackers to open locks on command.
Officials from SmartThings reported the flaws have been patched. Source: http://news.softpedia.com/news/samsung-smart-home-platform-exposes-door-lock-codes-503643.shtml
Communications Sector
Nothing to report