Thursday, August 11, 2016



Complete DHS Report for August 11, 2016

Daily Report                                            

Top Stories

• Pacific Gas & Electric Co. was found guilty August 9 of violating pipeline safety regulations and failing to identify a high risk gas line prior to a fatal pipeline explosion in San Bruno, California, in 2010 that killed eight people. – Associated Press

1. August 10, Associated Press – (California) Pacific Gas & Electric guilty: Utility convicted of obstruction in San Bruno blast probe. Pacific Gas & Electric Co. (PG&E) was found guilty August 9 of violating pipeline safety regulations and misleading investigators about how the utility identified high-risk pipelines after the utility failed to gather information pertinent to evaluating potential gas line threats and failed to classify a gas line as high risk prior to a fatal natural gas pipeline explosion in 2010 that killed 8 people and destroyed 38 homes in San Bruno, California. The utility could be fined up to $3 million for the violations. Source: http://www.smdailyjournal.com/articles/lnews/2016-08-10/pacific-gas-electric-guilty-utility-convicted-of-obstruction-in-san-bruno-blast-probe/1776425166449.html

• The former owner and operator of California-based Rodis Law Group pleaded guilty August 9 for his role in a $9 million fraudulent mortgage modification scheme where he and others convinced over 1,500 homeowners to pay for fraudulent services from October 2008 – June 2009. – Orange County Register See item 4 below in the Financial Services Sector

• The U.S. Environmental Protection Agency fined the State of Hawaii Department of Land and Natural Resources August 8 for violating a Federal ban on large capacity cesspools on Maui and the Big Island. – U.S. Environmental Protection Agency

14. August 8, U.S. Environmental Protection Agency – (Hawaii) EPA enforces ban on cesspools on Big Island and Maui. The U.S. Environmental Protection Agency (EPA) announced three separate agreements with the County of Hawaii, the County of Maui, and the State of Hawaii Department of Land and Natural Resources (DLNR) August 8 to close cesspools on Maui and the Big Island after the EPA discovered the counties were violating a Federal ban on large capacity cesspools. Under the agreements, the County of Hawaii will pay a $105,000 fine for its two cesspools, the County of Maui will pay $33,000 for their cesspool at the Maui Raceway Track, and the DLNR will pay a $50,000 fine for their cesspools at Waianapanapa State Park, as well as close or convert smaller cesspools at 7 State parks and recreation areas. Source: https://www.epa.gov/newsreleases/epa-enforces-ban-cesspools-big-island-and-maui

• Eight Florida residents were charged August 9 for their roles in a health care fraud scheme where the group allegedly submitted nearly $663 million in fraudulent reimbursement claims from October 2012 – December 2015. – U.S. Department of Justice

15. August 9, U.S. Department of Justice – (Florida) Eight individuals charged in multimillion-dollar compounding pharmacy fraud scheme. Eight Florida residents were charged in an indictment unsealed August 9 for their roles in a multi-million dollar health care fraud scheme where the group allegedly used the A to Z Pharmacy Inc., in New Port Richey and several Miami-area pharmacies to submit nearly $663 million in fraudulent reimbursement claims for prescription compounded medications to private insurance companies, Medicare and Tricare, and received approximately $157 million in reimbursement claims from October 2012 – December 2015 that were based on prescriptions generated as a result of kickbacks and bribes. The charges also allege that the group used shell companies to transfer and distribute the money and conceal the fraudulent activities. Source: https://www.justice.gov/opa/pr/eight-individuals-charged-multimillion-dollar-compounding-pharmacy-fraud-scheme
  
Financial Services Sector

4. August 9, Orange County Register – (National) Brea man pleads guilty in $9 million mortgage modification scheme. The former owner and operator of California-based Rodis Law Group pleaded guilty August 9 for his role in a $9 million fraudulent mortgage modification scheme where he and co-conspirators convinced over 1,500 struggling homeowners to pay for fraudulent services from the Rodis Law Group by falsely claiming the firm consisted of a team of attorney’s experienced in negotiating lower principal balances and interest rates on mortgage loans, among other misrepresentations from October 2008 – June 2009. Two other co-conspirators have pleaded guilty for their roles in the scheme. Source: http://www.ocregister.com/articles/antonio-725190-rodis-law.html

Information Technology Sector

19. August 10, Softpedia – (International) Data of nearly 2 million users exposed in Dota2 forum hack. Researchers from LeakedSource reported that the Dota2 official developers forum was breached after hackers stole the usernames, email addresses, user identifiers, passwords, and IP addresses of nearly 2 million of the forum’s users July 10 by hashing and salting the password with the MD5 algorithm. Forum administrators patched the vulnerability and reset all user account passwords. Source: http://news.softpedia.com/news/data-of-nearly-2-million-users-exposed-in-dota2-forum-hack-507162.shtml

20. August 10, SecurityWeek – (International) Microsoft patches flaws in Windows, Office, browsers. Microsoft released 9 security bulletins patching a total of 27 important and critical vulnerabilities including 9 critical vulnerabilities in Internet Explorer and 8 critical flaws in Edge that can be exploited for remote code execution and information disclosure by tricking a targeted user into visiting a malicious Website, remote code execution issues in Windows, Office, Skype for Business and Lync caused by the way Windows font library handles specially crafted embedded fonts, and critical flaws in Office that can be leveraged for remote code execution if a victim opens a malicious file, among other vulnerabilities.

21. August 10, SecurityWeek – (International) Juniper starts fixing IPv6 processing vulneraibility. Juniper Networks released hotfixes for its JUNOSe F3 and F2 products resolving a vulnerability in its JUNOSe and Junos routers after Cisco researchers discovered the flaw can be exploited to cause a denial-of-service (DoS) condition by sending a flood of specially crafted IPv6 Neighbor Disovery (ND) packets from non-link-local sources to affected devices in order to fill up the packet processing queue and cause legitimate IPv6 ND packets to drop. The company was working to release patches for the issue. Source: http://www.securityweek.com/juniper-starts-fixing-ipv6-processing-vulnerability

22. August 9, Softpedia – (International) Researchers hide malware inside digitally signed files without breaking hashes. Security researchers from Deep Instinct discovered attackers could inject malware inside a digitally signed binary without affecting the overall file hash after finding that Microsoft Windows does not include three fields from a file’s Portable Executable (PE) headers during the file hash validation process and that modifying these fields does not break the certificate’s validity, allowing the malicious files to avoid detection by security and antivirus software. Researchers stated the technique does not require attackers to hide the malicious code via packers and bypasses any secondary checks of security software. Source: http://news.softpedia.com/news/researchers-hide-malware-inside-digitally-signed-files-without-breaking-hashes-507146.shtml

23. August 9, SecurityWeek – (International) Go-based Linux trojan used for cryptocurrency. Doctor Web researchers reported that a new Linux trojan, dubbed Linus.Lady.1 allows hackers to earn a profit by exploiting infected systems for cryptocurrency mining after finding that the trojan collects information on an infected machine, including the operating system, central processing unit (CPUs), and processes, and sends the harvested data back to a command and control (C&C) server, which then provides a configuration file for downloading a cryptocurrency mining application designed for Monero (XMR) mining. Researchers also found the trojan is capable of spreading to other Linux computers on an infected network by connecting to remote hosts over port 6379 without a password and downloading a script from a specified Uniform Resource Locator (URL) which is responsible for downloading and installing a copy of the trojan.

For another story, see item 24 below from the Commercial Facilities Sector

24. August 9, Softpedia – (International) Criminal group uses LogMeIn to compromise PoS systems with malware. Researchers from PandaLabs discovered a criminal group was using compromised LogMeIn accounts belonging to systems running point-of-sale (PoS) software and connected to PoS terminals to access over 200 devices and infect them with the PunkeyPOS, Multigrain, or PosCardStealer malware. The researchers reported that the hackers exploited weak login credentials or discovered the login credentials from other sources. Source: http://news.softpedia.com/news/criminal-group-uses-logmein-to-compromise-pos-systems-with-malware-507112.shtml

Communications Sector

Nothing to report