Thursday, June 23, 2016



Complete DHS Report for June 23, 2016

Daily Report                                            

Top Stories

• Pacific Gas and Electric Co. agreed June 21 to close the Diablo Canyon Power Plant in California by 2025 and replace the nuclear plant with solar power and other energy sources. – Associated Press

3. June 21, Associated Press – (California) California closing last nuclear plant after 3 decades. Pacific Gas and Electric Co., and several environmental groups agreed June 21 to close the Diablo Canyon Power Plant in San Luis Obispo County by 2025 and replace the nuclear plant with solar power and other energy sources that do not produce climate-changing greenhouse gases. The closure will ensure that earthquakes will not fracture the facility as the plant sits 650 yards from the nearest fault line. Source: http://abc7.com/news/california-closing-last-nuclear-plant-after-3-decades/1394704/

• U.S. officials announced June 21 that Analogic Corp., and its Danish subsidiary, BK Medical ApS, agreed to pay nearly $15 million to settle parallel civil and criminal actions involving Foreign Corrupt Practices Act (FCPA) violations. – U.S. Securities and Exchange Commission

19. June 21, U.S. Securities and Exchange Commission – (International) SEC charges medical device manufacturer with FCPA violations. The U.S. Securities and Exchange Commission announced June 21 that Analogic Corp., and its Danish subsidiary, BK Medical ApS, agreed to pay nearly $15 million to settle parallel civil and criminal actions involving Foreign Corrupt Practices Act (FCPA) violations after the Danish subsidiary engaged in hundreds of sham transactions with distributors that funneled about $20 million to third parties, while Analogic Corp., reportedly failed to keep accurate books and records and maintain adequate internal accounting controls.

• The governor of Michigan signed a $617 million bailout and restructuring plan June 21 for Detroit Public Schools which will split the district in two July 1. – Associated Press

21. June 21, Associated Press – (Michigan) Michigan governor signs $617M Detroit schools bailout. The governor of Michigan signed a $617 million bailout and restructuring plan June 21 for Detroit Public Schools which will split the district in two July 1. A new school board is set to be elected in November and a commission of State appointees that oversee city budgets will review the schools’ finances. Source: http://www.freep.com/story/news/education/2016/06/21/michigan-governor-rick-snyder-signs-617m-detroit-schools-bailout/86202378/

• Florida officials announced June 20 that Florida Power & Light will have 10 years to clean up a large underground plume of saltwater threatening drinking water well fields near its Turkey Point plant. – Miami Herald

32. June 21, Miami Herald – (Florida) Florida gives FPL 10 years to clean up cooling canals. The Florida Department of Environmental Protection announced June 20 that Florida Power & Light will have 10 years to clean up a large underground plume of saltwater threatening drinking water well fields near its Turkey Point plant, which will include freshening and improving the efficiency of the 5,900-acre loop of canals used to cool two nuclear reactors at the plant, and the installation of a network of extraction wells to halt and ultimately shrink the plume, among other plans.

Financial Services Sector

5. June 21, U.S. Securities and Exchange Commission – (California) SEC halts scheme defrauding pro athletes. The U.S. Securities and Exchange Commission unsealed a complaint June 21 charging and freezing the assets of The Ticket Reserve Inc., its chief executive officer, a chief operating officer, and a managing director from RGT Capital Management after the group allegedly siphoned more than $33 million from professional athletes’ bank accounts without their authorization in order to invest the money into The Ticket Reserve, make Ponzi-like payments to existing investors using money from new investors, and falsify documents, among other illicit actions in order to conceal the scheme. The charges also allege that the managing director received nearly $2 million in hidden compensation from the company, failed to disclose to investors that he was a member of The Ticket Reserve’s board of directions, and falsely claimed to be a certified public accountant (CPA). Source: https://www.sec.gov/news/pressrelease/2016-124.html

Information Technology Sector

24. June 22, SecurityWeek – (International) Over a dozen flaws patched in Pidgin chat client. Pidgin chat client released Pidgin 2.11.0 patching 16 information disclosure flaws, denial-of-service (DoS) flaws, directory traversal, and buffer overflow flaws after a security researcher from Cisco Talos discovered the vulnerabilities could allow a man-in-the-middle (MitM) attacker to overwrite arbitrary files on the system, among other actions. Source: http://www.securityweek.com/over-dozen-flaws-patched-pidgin-chat-client

25. June 22, Softpedia – (International) Carbonite online backup service resets all users passwords after cyber-attack. Carbonite, the online backup software for Apple Mac and Microsoft Window products, reported that it issued a service-wide password reset for all of its users June 21 after the company discovered an ongoing, large account takeover (ATO) or Identify Testing Attacks in its systems. The company stated the third-party attack did not compromise any users’ accounts and initiated the password reset as a precautionary measure. Source: http://news.softpedia.com/news/carbonite-online-backup-service-resets-all-users-passwords-after-cyber-attack-505512.shtml

26. June 22, Softpedia – (International) WordPress 4.5.3 fixes bug that allowed password change via stolen cookies. WordPress released its newest version WordPress 4.5.3 fixing 8 security bugs and 17 maintenance issues including simple cross-site scripting (XSS) flaws, a denial-of-service (DoS) flaw, and an insecure input filtering flaw after a company security researcher discovered that one of the flaws could allow attackers to change a user’s password by leveraging stolen cookies. Source: http://news.softpedia.com/news/wordpress-4-5-3-fixes-bug-that-allowed-password-change-via-stolen-cookies-505508.shtml

27. June 21, SecurityWeek – (International) Several vulnerabilities patched in Libarchive library. Libarchive released a new version for its open-source library, Libarchive 3.2.1 after a security researcher from Cisco Talos discovered three severe flaws in the system, including a stack-based buffer overflow flaw and a heap corruption flaw that can lead to arbitrary code execution, as well as an integer overflow flaw that could allow an attacker to execute arbitrary code using specially crafted 7-Zip files. Source: http://www.securityweek.com/several-vulnerabilities-patched-libarchive-library

For another story, see item 28 below in the Communications Sector

Communications Sector

28. June 21, IDG News Service – (International) New Android malware can secretly root your phone and install programs. Security researchers from Trend Micro reported that a new Android malware dubbed Godless is targeting devices running Android 5.1 and earlier versions to root the operating system (OS) on a device and allow unauthorized apps to be installed, opening the software to potential spyware installation. Source: http://www.computerworld.com/article/3087003/security/new-android-malware-can-secretly-root-your-phone-and-install-programs.html#tk.rss_security