Tuesday, June 7, 2016



Complete DHS Report for June 7, 2016

Daily Report                                            

Top Stories

• Eight financial services firms paid $190 million to settle claims June 2 that they violated Federal and State securities laws after they misled 5 U.S. banks into buying risky residential mortgage-backed securities (RMBS). – Reuters See item 5 below in the Financial Services Sector

• Officials in Collier County, Florida, announced June 5 that they will dig up and replace more than 10,000 feet of aging, asbestos containing water pipes as part of a $1.4 million project. – Naples Daily News

21. June 5, Naples Daily News – (Florida) Collier water utility’s $1.4M project to include 10K feet of asbestos pipes in East Naples. Water officials in Collier County, Florida, announced June 5 that they will dig up and replace more than 10,000 feet of aging, asbestos containing water pipes by 2017 as part of a $1.4 million project to remove 75 percent of the county’s asbestos containing pipes. The project is scheduled to take up to 10 years, and is estimated to cost between $30 million and $50 million. Source: http://www.naplesnews.com/news/local/collier-water-utilitys-14m-project-to-include-10k-feet-of-asbestos-pipes-in-east-naples-3465a20c-0e4-381900131.html

• The City of Cisco in Texas was placed under a boil water advisory June 3 after the Cisco water treatment plant flooded the week of May 30, prompting officials to pump 300,000 gallons of partially treated water into the city’s water towers for daily use. – Abilene Reporter-News  

23. June 5, Abilene Reporter-News – (Texas) Cisco working to restore water. The City of Cisco was placed under a boil water advisory June 3 after the Cisco water treatment plant flooded the week of May 30, prompting officials to pump 300,000 gallons of partially treated water into the city’s water towers for daily use until a portable water treatment trailer arrived. Crews worked to clean up Lake Cisco, Lake Brownwood, Pecan Bayou, and all streets affected by the spill. Source: http://www.reporternews.com/news/big-country/cisco-working-to-restore-water-348fbc17-d966-06d9-e053-0100007f5b42-381915691.html

• The hacker GhostShell, reportedly leaked 36 million user records from 110 MongoDB servers online after the hacker found 5.6 gigabytes of data on the hacked server’s Internet Protocol (IP). – Softpedia

33. June 4, Softpedia – (International) GhostShell leaks around 36 million records from 110 MongoDB servers. The Romanian hacker, GhostShell reportedly leaked 36 million user records from 110 MongoDB servers online after the hacker found 5.6 gigabytes of data on the hacked server’s Internet Protocol (IP), which contain real names, usernames, email addresses, passwords, general social media data, and details about the user’s smartphone model, among other personal information. The hacker revealed that the hack was part of a campaign to raise awareness on the importance of cyber security practices. Source: http://news.softpedia.com/news/ghostshell-leaks-around-36-million-records-from-110-mongodb-servers-504856.shtml

Financial Services Sector

5. June 2, Reuters – (International) FDIC, banks in $190 million settlement over risky Countrywide debt. The U.S. Federal Deposit Insurance Corporation (FDIC) announced June 2 that 8 financial services firms paid the FDIC $190 million to settle claims that they violated Federal and State securities laws after they misled 5 U.S. banks into buying risky residential mortgage-backed securities (RMBS) from the former Countrywide Financial Corp., by making material misrepresentations in the offering documents for 21 Countrywide RMBS the financial firms underwrote from 2005 – 2007. The settlement funds will be distributed among the five banks, which failed in 2008 and 2009 in part as a result of the risky mortgage securities. Source: http://www.reuters.com/article/us-usa-banks-fdic-idUSKCN0YO2IU

Information Technology Sector

30. June 6, The Register – (International) CryptXXX ransomware improves security, GUI slurps Cisco creds. Security researchers from Proofpoint reported that the developers behind the CryptXXX malware released new variations of the malware that can encrypt network shares and steal account logins by using a StillerX to steal account credentials from various software programs including Cisco Virtual Private Networks (VPNs), Microsoft Credential Manager, and online poker platforms after researchers found the new variant had updates to its encryption, network share scanning, cosmetic updates, and updates to lock screen behavior. Source: http://www.theregister.co.uk/2016/06/06/cryptxxx_proofpoint/

31. June 6, SecurityWeek – (International) High severity DoS vulnerability patched in NTP. NTP project released a new version of its Network Time Protocol daemon (ntpd) patching five vulnerabilities including a high severity denial-of-service (DoS) flaw that an off-path attacker can leverage to cause a preemptable client association to be demobilized. Other patched flaws included bad authentication demobilizes ephemeral associations, processing spoofed server packets, autokey association reset, and a broadcast interleave issue. Source: http://www.securityweek.com/high-severity-dos-vulnerability-patched-ntp

32. June 6, Softpedia – (International) New Cerber ransomware variants morph every 15 seconds. Security researchers from Invincea reported that the developers behind the Cerber ransomware were using a technique called “malware factory” to change the ransomware’s mode of operation to bypass basic scanning techniques and infect computers even with antivirus products by sending out different file hashes every 15 seconds from its command and control (C&C) server. Source: http://news.softpedia.com/news/new-cerber-ransomware-variants-morph-every-15-seconds-504896.shtml

33. June 4, Softpedia – (International) GhostShell leaks around 36 million records from 110 MongoDB servers. The Romanian hacker, GhostShell reportedly leaked 36 million user records from 110 MongoDB servers online after the hacker found 5.6 gigabytes of data on the hacked server’s Internet Protocol (IP), which contain real names, usernames, email addresses, passwords, general social media data, and details about the user’s smartphone model, among other personal information. The hacker revealed that the hack was part of a campaign to raise awareness on the importance of cyber security practices. Source: http://news.softpedia.com/news/ghostshell-leaks-around-36-million-records-from-110-mongodb-servers-504856.shtml

Communications Sector

34. June 4, WCMH 4 Columbus – (National) Cricket Wireless says service restored for all customers after nationwide outage. Cricket Wireless reported that its services were restored after an unknown amount of customers experienced a nationwide outage for approximately 18 hours June 3 – June 4. Source: http://nbc4i.com/2016/06/03/cricket-wireless-customers-reporting-nationwide-outage/