Complete DHS Report for August 19, 2016
Daily Report
Top Stories
• Authorities are searching August 17 for a group suspected of
stealing tens of thousands of dollars from more than 100 people in St. Paul,
Minnesota, after installing skimming devices on 2 ATMs at area banks. – KARE
11 Minneapolis
3. August 17,
KARE 11 Minneapolis – (Minnesota) Thousands stolen with ATM skimmers in St. Paul. Authorities
are searching August 17 for a group suspected of stealing tens of thousands of
dollars from more than 100 people in St. Paul, Minnesota, after installing
skimming devices on 2 ATMs at a Bremer Bank branch and a Top Line Federal
Credit Union branch in St. Paul. Source: http://www.kare11.com/news/suspects-stealing-atm-card-information/300877065
• A Miami resident pleaded guilty August 15 for his role in a $4.2
million health care fraud scheme where he facilitated the submission of
fraudulent claims to Medicare beginning in March 2014. – U.S. Department of
Justice
12. August 15,
U.S. Department of Justice – (Florida) Miami man pleads guilty to fraud
charges for role in $4.2 million home health care scheme. A Miami resident
pleaded guilty August 15 for his role in a $4.2 million health care fraud
scheme where he was recruited by the owners of Golden Home Health Care Inc. to
falsely and fraudulently represent himself as an owner of the company, and
signed Medicare applications and other documents in order to facilitate the
submission of fraudulent claims to Medicare beginning in March 2014. Officials
stated that two co-conspirators were charged for their roles in the scheme in
June 2016. Source: https://www.justice.gov/opa/pr/miami-man-pleads-guilty-fraud-charges-role-42-million-home-health-care-scheme
• Cisco released security patches after The Shadow Brokers, a group
selling stolen hacking tools, leaked tools that contain exploits to leverage a
zero-day vulnerability in the Simple Network Management Protocol (SNMP) code of
Cisco Adaptive Security Appliance (ASA) software, which can lead to remote code
execution. – Softpedia See item 17 below in the Information Technology Sector
• The governor of Pennsylvania issued $25.7 million in funding
August 17 for repairs at 5 high-hazard damns in the State, including Donegal
Lake in Westmoreland County and Somerset Lake in Somerset County. – Pittsburg
Tribune-Review
23. August 17,
Pittsburg Tribune-Review – (Pennsylvania) State releases $25.7M to
repair unsafe dams at Donegal, Somerset lakes. The governor of Pennsylvania
issued $25.7 million in funding August 17 for repairs at 5 high-hazard dams in
the State, including Donegal Lake in Westmoreland County and Somerset Lake in
Somerset County, as well as 3 other dams. Officials stated the funding will
also pay for the start of design work on dams in Belmont Lake and Lower Woods
Pond in Wayne County. Source: http://triblive.com/news/westmoreland/10985948-74/lake-dams-county
Financial Services Sector
3. August 17,
KARE 11 Minneapolis – (Minnesota) Thousands stolen with ATM skimmers in St. Paul. Authorities
are searching August 17 for a group suspected of stealing tens of thousands of
dollars from more than 100 people in St. Paul, Minnesota, after installing
skimming devices on 2 ATMs at a Bremer Bank branch and a Top Line Federal
Credit Union branch in St. Paul. Source: http://www.kare11.com/news/suspects-stealing-atm-card-information/300877065
Information Technology Sector
16. August 18,
SecurityWeek – (International) Cisco patches critical flaws in Firepower
Management Center. Cisco released patches for its Firepower Management
Center to address several flaws in the appliance’s Web-based graphical user
interface (GUI) including a medium-severity cross-site scripting (XSS) flaw, a
critical vulnerability that could allow an authenticated attacker to remotely
execute arbitrary commands on a device with root-level privileges, and a flaw
that could allow an authenticated attacker to elevate user account privileges
due to insufficient authorization checking in the Fire Management Center and
the Cisco ASA 5500-X series with select versions of FirePOWER Services. Cisco
researchers stated there is no evidence the flaws have been exploited in the
wild. Source: http://www.securityweek.com/cisco-patches-critical-flaws-firepower-management-center
17. August 17,
Softpedia – (International) Cisco patches zero-day included in Shadow
Brokers leak. Cisco released security patches after The Shadow Brokers, a
group selling hacking tools stolen from the Equation Group, leaked tools that
contain exploits to leverage two vulnerabilities, one of which is a zero-day
vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco
Adaptive Security Appliance (ASA) software, which can allow an unauthenticated
attacker to cause a reboot of affected products and lead to remote code
execution (RCE). Cisco researchers found that the exploits also leverage a
vulnerability in the command-line interface (CLI) parse of ASA software that
could allow an authenticated, local attacker to execute arbitrary code on the
device or create a denial-of-service (DoS) condition. Source: http://news.softpedia.com/news/cisco-patches-zero-day-exposed-in-shadow-brokers-leak-507410.shtml
18. August 17,
Softpedia – (International) WordPress plugin hijacks websites to show
payday loan ads. WordFence researchers discovered the authors of the 404
and 301 WordPress plugin were hijacking the content of other Web sites by
adding code to the original Web site in order to show search engine
optimization (SEO) spam email on a user’s homepage and to display ads for
payday loan services. The plugin authors removed the code responsible for
delivering the ads and researchers stated version 2.3.0 is safe to use. Source:
http://news.softpedia.com/news/wordpress-plugin-hijacks-websites-to-show-payday-loan-ads-507402.shtml
19. August 17,
Softpedia – (International) Adwind RAT rebrands yet again, this time as
JBifrost. Fortinet researchers discovered that the criminal group behind
the Adwind remote access trojan (RAT) rebranded the malware as JBifrost and
updated the malware to include a new column that shows an infected system’s
keyboard status, a column that shows the title of the victim’s current window,
a new feature that enables attackers to steal data from Web forms displayed in
the Google Chrome browser, and a new tab called Misc that enables users to
configure additional JBifrost servers. Researchers also found that JBifrost
only accepts Bitcoin and that the RAT’s Web site now requires an invitation
code to register and purchase the malware. Source: http://news.softpedia.com/news/adwind-rat-rebrands-yet-again-this-time-as-jbifrost-507395.shtml
Communications Sector
Nothing to report