Thursday, September 22, 2016



Complete DHS Report for September 22, 2016

Daily Report                                            

Top Stories

• Four North Texas residents were convicted September 20 for their roles in a $16 million money laundering scheme where the group facilitated the transmission of profits obtained from the distribution of drugs via wire transfers to Michoacan, Mexico. – U.S. Attorney’s Office, Eastern District of Texas See item 3 below in the Financial Services Sector

• Crews completed repairs to a 24-inch sewer main break in Indian Harbour Beach, Florida, that leaked up to 750,000 gallons of sewage September 20. – Florida Today

13. September 21, Florida Today – (Florida) Beachside sewage leak repaired; normal water usage OK’d. Officials from the Brevard County Emergency Management office in Florida reported September 21 that crews completed repairs to a 24-inch sewer main break in Indian Harbour Beach that leaked up to 750,000 gallons of sewage into storm drains that flow into the Oars and Paddle Park canal areas, Sea Park Pond, and lift station overflow ponds September 20. County officials stated affected residents in Indian Harbour Beach and Satellite Beach were allowed to resume normal water usage. Source: http://www.floridatoday.com/story/news/local/environment/2016/09/20/water-use-advisory-issued-after-sewer-main-break/90731246/

• Charlotte, North Carolina officials reported September 21 that at least 16 police officers were hospitalized following a protest over a fatal police shooting in a University City apartment complex September 20. – Charlotte Observer

17. September 21, Charlotte Observer – (North Carolina) Charlotte faces aftermath of protests ignited by fatal police shooting; 16 officers injured. Charlotte, North Carolina officials reported September 21 that at least 16 police officers were hospitalized following a protest over a fatal police shooting in a University City apartment complex in Charlotte September 20. Officials stated motorists on Interstate 85 were also injured when protestors threw debris from an interstate overpass onto the roadway.

• The Shadowserver Foundation reported September 21 that more than 840,000 Cisco devices worldwide were affected by a vulnerability in Cisco’s IOS, IOS XE, and IOS XR software Internet Key Exchange version 1 packet processing code that can be remotely exploited to access potentially sensitive memory content. – SecurityWeek See item 19 below in the Information Technology Sector

Financial Services Sector

1. September 21, Softpedia – (International) Security bug lets hackers steal Monero, today’s 2nd most popular cryptocurrency. A security researcher at MWR Labs discovered that Monero’s Simplewallet tool was plagued with a cross-site request forgery (CSRF) flaw that can be exploited to empty a user's Simplewallet and potentially initiate the command and transfer of the user’s funds after an attacker issued malicious commands to a Remote Procedure Call (RPC) service on port 18082 using maliciously crafted JavaScript code. Monero stated it was working to develop a Simplewallet user interface without the vulnerable RPC service. Source: http://news.softpedia.com/news/security-bug-lets-hackers-steal-monero-today-s-2nd-most-popular-cryptocurrency-508506.shtml

2. September 20, U.S. Attorney’s Office, Northern District of Oklahoma – (Oklahoma) Federal jury finds a serial bank robber guilty of three counts of bank robbery. The U.S. District Court for the Northern District of Oklahoma convicted an individual September 20 for his role in 3 bank robberies in Tulsa and Fairfax, Oklahoma, in June 2016. Source: https://www.justice.gov/usao-ndok/pr/federal-jury-finds-serial-bank-robber-guilty-three-counts-bank-robbery

3. September 20, U.S. Attorney’s Office, Eastern District of Texas – (International) North Texas business owners guilty in money laundering scheme. Four North Texas residents were convicted September 20 for their roles in a more than $16 million money laundering scheme from June 2013 – October 2015 where the group, who owned and operated money services business (MSBs), used their authority as authorized agents of over 8 international money transfer companies to facilitate the transmission of profits obtained from the distribution of drugs through wire transfers to Michoacan, Mexico. The charges state that the MSBs charged wire transaction fees and structured the wires in amounts under $1,000, in addition to using fabricated sender information to circumvent financial reporting requirements and hide the ownership and source of the illegal profits. Source: https://www.justice.gov/usao-edtx/pr/north-texas-business-owners-guilty-money-laundering-scheme

Information Technology Sector

18. September 21, SecurityWeek – (International) MacOS 10.12 patches over 60 vulnerabilities. Apple Inc., released the final version of its Mac operating system (OS) Sierra 10.12 resolving at least 65 vulnerabilities, including 16 flaws in the “apache_mod_php” module that could lead to arbitrary code execution or unexpected application termination, as well as denial-of-service issues and arbitrary code execution flaws in Apple’s implementation of Apache, Audio, and Bluetooth, among other components. Apple also released Safari 10, macOS Server 5.2, and iCloud for Windows 6.0 patching a flaw in WebKit that could lead to arbitrary code execution when a device is processing specially crafted Web content, among other vulnerabilities.

19. September 21, SecurityWeek – (International) Over 840,000 Cisco devices affected by NSA-linked flaw. The Shadowserver Foundation reported that as of September 21, more than 840,000 Cisco devices, including 255,000 in the U.S. were found to be affected by the vulnerability in Cisco’s IOS, IOS XE, IOS XR software Internet Key Exchange version 1 (IKEv1) packet processing code that can be exploited by a remote, unauthenticated attacker to access memory content potentially containing sensitive information, which was originally discovered following the Shadow Brokers leak. Source: http://www.securityweek.com/over-840000-cisco-devices-affected-nsa-linked-flaw

For another story see item 1 above in the Financial Services Sector
Communications Sector

Nothing to report