Wednesday, June 22, 2016



Complete DHS Report for June 22, 2016

Daily Report                                            

Top Stories

• The California Independent System Operator declared a Flex Alert for southern California for 11 hours June 20 due to a heat wave that put a strain on the State’s power grid. – KABC 7 Los Angeles

1. June 20, KABC 7 Los Angeles – (California) Flex Alert as SoCal heat wave strains power grid. The California Independent System Operator declared a Flex Alert for southern California for 11 hours June 20 due to a heat wave that put a strain on the State’s power grid. The Flex Alert urges residents to voluntarily conserve electricity by turning off unneeded lighting, refraining from the use of major appliances, and by setting air conditioning thermostats to 78 degrees or higher. Source: http://abc7.com/weather/flex-alert-issued-as-socal-heat-wave-strains-power-grid/1393006/

• A Massachusetts woman pleaded guilty June 20 to orchestrating a scheme where she and co-conspirators cashed 236 fraudulent Federal income tax refund checks in order to steal nearly $1.4 million in tax returns. – Springfield Republican See item 5 below in the Financial Services Sector

• Acer Inc., reported that its online store was compromised after a hacker leaked 34,500 customers’ data including customer names, addresses, and credit card numbers with expiration dates and CVC security codes from May 2015 – April 2016. – PC World See item 20 below in the Information Technology Sector

• The New York State Canal Corp. announced June 17 that a 30-mile stretch of the Erie Canal between Brockport and the village of Middleport will be closed for several weeks beginning June 27 for repair. – Associated Press

26. June 17, Associated Press – (New York) 30-mile stretch of Erie Canal to close for culvert repairs. The New York State Canal Corp. announced June 17 that a 30-mile stretch of the Erie Canal between Brockport and the village of Middleport will be closed for several weeks beginning June 27 while crews repair one of a series of century-old culverts built under the waterway. 



Financial Services Sector

4. June 20, Barnegat-Manahawkin Patch – (National) Stafford police arrest man wanted for $386,000 in bank fraud by opening up phony bank accounts. A New Jersey man was arrested in Atlantic City June 18 after he and co-conspirators allegedly defrauded TD Bank out of $386,000 by opening over 86 fraudulent checking accounts at bank branches in New Jersey, Pennsylvania, New York, Connecticut, and Massachusetts since June 2015. The man was arrested after a bank employee recognized the man from previous fraud attempts and notified authorities. Source: http://patch.com/new-jersey/barnegat-manahawkin/stafford-police-arrest-man-wanted-386-000-bank-fraud-opening-phony

5. June 20, Springfield Republican – (Massachusetts) Springfield woman admits cashing $1.4M worth of fake tax refund checks. A Springfield, Massachusetts woman pleaded guilty June 20 to orchestrating a scheme where she and co-conspirators cashed 236 fraudulent Federal income tax refund checks in order to steal nearly $1.4 million in tax returns from January 2012 – May 2013. Authorities stated that the group filed the fraudulent returns and Social Security numbers under the names of people living in Puerto Rico, while the addresses were falsely listed as Massachusetts and New York. Source: http://www.masslive.com/news/index.ssf/2016/06/springfield_woman_admits_cashi.html

Information Technology Sector

19. June 20, SecurityWeek – (International) Cybercriminals use new tricks in phishing attacks. Sucuri researchers reported that phishing attacks were increasing and cyber attackers were using new techniques to avoid detection after discovering that attackers were leveraging hosting providers’ failures to properly configure temporary Uniform Resource Locators (URLs), which were offered to users to test their Web sites before linking them to separate domains. An attacker can register an account on a shared server, upload their phishing pages, and compile a list of other Web sites on that server, which enables hackers’ access from any neighboring domain names.

20. June 20, PC World – (International) Acer security breach exposes data of 34,500 online shoppers. Acer Inc., reported that its online store was compromised after a hacker leaked 34,500 customers’ data including customer names, addresses, and credit card numbers with expiration dates and CVC security codes from May 2015 – April 2016. The breach was considered a security issue when the company inadvertently stored customer data in an unsecured format. Source: http://www.computerworld.com/article/3086155/security/acer-security-breach-exposes-data-of-34500-online-shoppers.html

Communications Sector

21. June 21, SecurityWeek – (International) Apple patches RCE flaw in AirPort routers. Apple released firmware versions 7.6.7 and 7.7.7 for OS X or iOS operating systems patching a remote code execution (RCE) flaw in its AirPort Express, Extreme, and Time Capsule routers due to an issue with memory corruption related to Domain Name System (DNS) data parsing, which could potentially allow a remote attacker to execute arbitrary code and compromise the user’s entire network. Source: http://www.securityweek.com/apple-patches-rce-flaw-airport-routers

22. June 20, SecurityWeek – (International) Silent OS 3.0 for Blackphone brings new security features. Silent Circle released version 3.0 for its Silent operating system (OS) used in Blackphone 2 smartphones, patching security vulnerabilities in addition to two new features in the Security Center. The two new features include the Privacy Meter and the Cellular Intrusion Detection System (CIDS) which monitors the device’s configuration, checks for any data security or privacy threats, and warns users about possible threats related to the baseband and its connection to the cellular network.