Complete DHS Report for November 22, 2016
Daily Report
Top Stories
• JPMorgan Chase & Co. agreed November 17 to pay a total of
more than $264 million to resolve charges stemming from alleged violations of
the Foreign Corrupt Practices Act. – U.S. Securities and Exchange Commission
See item 2 below in the Financial
Services Sector
• Officials reported that more than 200,000 gallons of wastewater
spilled into Rocky Creek in Tampa, Florida, November 18 after bypass piping
failed during valve replacement work. – Tampa Bay Times
13. November 19, Tampa
Bay Times – (Florida) Hillsborough utilities: More than 200,000 gallons
of wastewater discharged into Rock Creek. Hillsborough County Public
Utilities officials reported that more than 200,000 gallons of wastewater
spilled into Rocky Creek in Tampa, Florida, November 18 after bypass piping
failed during valve replacement work. Officials advised people not to fish,
wade, or swim in Rocky Creek or in the vicinity of where the creek flows into
Tampa Bay. Source: http://www.tampabay.com/news/publicsafety/hillsborough-utilities-more-than-200000-gallons-of-wastewater-discharged/2303468
• Michigan State University officials reported November 18 that an
unauthorized party breached one of its servers November 13 and accessed a
database containing 400,000 records containing the names, Social Security
numbers, and birthdates of current and former students and employees. – SecurityWeek;
WSYM 47 Lansing
14. November 21,
SecurityWeek; WSYM 47 Lansing – (Michigan) 400,000 records exposed in
Michigan State University breach. Michigan State University (MSU) officials
reported November 18 that an unauthorized party breached one of its servers
November 13 and accessed a database containing 400,000 records containing
names, Social Security numbers, and birthdates of current and former students
and employees, among other personal information. The hackers reportedly
attempted to extort the university after accessing the database, and officials
believe only a few hundred records were actually stolen. Source: http://www.securityweek.com/400000-records-exposed-michigan-state-university-breach
• More than 6,300 firefighters continued working November 20 to
contain wildfires that have collectively burned more than 119,000 acres across
8 southeastern States. – Knoxville News Sentinel
15. November 20,
Knoxville News Sentinel – (National) Forest fires burn 119,000 acres in
8 southeastern states. More than 6,300 firefighters continued working
November 20 to contain wildfires that have collectively burned more than
119,000 acres across 8 southeastern States. Source: http://www.usatoday.com/story/news/nation-now/2016/11/20/forest-fires-burn-119000-acres-8-southeastern-states/94169774/
Financial Services Sector
1. November 18, Pocono
Record – (Pennsylvania) Two charged with stealing credit card info in
Monroe County. Two men were charged November 17 for allegedly stealing
credit card account information and transferring the information onto
fraudulent credit cards after authorities discovered 78 suspected fake credit
cards, a credit card embossing machine, and 2 card skimming devices, among
other illicit items, at one of the co-conspirator’s residence in Tobyhanna,
Pennsylvania. Source: http://www.poconorecord.com/news/20161118/two-charged-with-stealing-credit-card-info-in-monroe-county
2. November 17, U.S.
Securities and Exchange Commission – (International) JPMorgan Chase
paying $264 million to settle FCPA charges. The U.S. Securities and
Exchange Commission announced November 17 that JPMorgan Chase & Co. agreed
to pay a total of more than $264 million to resolve charges stemming from
alleged violations of the Foreign Corrupt Practices Act (FCPA) after the company
reportedly won business from clients and corruptly influenced government
officials in the Asia-Pacific region by providing their friends and family
members with jobs and internships over the course of 7 years. According to the
settlement, JPMorgan hired around 100 interns and full-time personnel at the
request of foreign government officials, enabling the company to accumulate
over $100 million in revenues from winning or retaining business.
Information Technology Sector
18. November 21, Help Net
Security – (International) Malware masquerading as an image spreads via
Facebook. A malware researcher discovered malware is spreading via Facebook
in the form of Scalable Vector Graphics (SVG) image files that contain embedded
content and are automatically sent from compromised user accounts in order to
redirect users to a Website impersonating YouTube where a victim is required to
install a specific codec extension before viewing the video, which gives the
malware the capability to alter a user’s data on the Websites they visit. The
researcher reported the SVG file also contains the Nemucod downloader; however
it has not been spotted downloading the Locky ransomware or other malware.
19. November 21,
SecurityWeek – (International) Palo Alto Networks patches flaws found by
Google researcher. Palo Alto Networks, Inc. patched several vulnerabilities
in its PAN-OS operating system after a Project Zero researcher found three
security flaws affecting the products including an issue that could allow an
attacker with network access to the Web management interface to execute
arbitrary code or cause a denial-of-service (DoS) condition due to how the Web
management server handles a buffer overflow. The patches also addressed two
local privilege escalation bugs that could be exploited to obtain root
permissions, an OpenSSH flaw, and a post-authentication flaw that could allow
XPath manipulation. Source: http://www.securityweek.com/palo-alto-networks-patches-flaws-found-google-researcher
20. November 20,
Softpedia – (International) Microsoft Xbox, PlayStation, other popular
Twitter accounts hacked. Twitter Counter confirmed its service experienced
a security breach and several high-profile Twitter accounts, including those
owned by Microsoft Xbox, the U.S. National Transportation Safety Board, and the
Minnesota governor, among others were hacked to post links to services that
increase a user’s number of followers for other accounts. Twitter Counter
stated an investigation into the breach is ongoing and the hackers can no
longer post on another user’s behalf. Source: http://news.softpedia.com/news/microsoft-xbox-playstation-other-popular-twitter-accounts-hacked-510357.shtml
21. November 18,
SecurityWeek – (International) Over-the-air update mechanism exposes
millions of Android devices. Security researchers reported that over 2.8
million Android devices across 55 device models were vulnerable to
Man-in-the-Middle (MitM) attacks and could allow a remote, unauthenticated attacker
to replace server responses with their own and execute arbitrary commands as
root on the device due to an insecure implementation of the over-the-air (OTA)
update mechanism from Ragentek Group, which failed to use an encrypted channel
for transactions from the binary to third-party endpoint.
22. November 18,
SecurityWeek – (International) Moxa, Vanderbilt surveillance products
affected by serious flaws. The Industrial Control Systems-Computer
Emergency Readiness Team (ICS-CERT) released an advisory which reported that
Moxa’s SoftCMS central management software was plagued with three serious
vulnerabilities after security researchers discovered a Structured Query
Language (SQL) injection flaw that could be remotely exploited to access the
software with administrator privileges, a double free condition that could lead
to a denial-of-service (DoS) condition, and an improper input validation flaw
that could lead to a crash of the application. ICS-CERT and Siemens also
informed customers that several Siemens-brand Vanderbilt IP cameras were
affected by a flaw that could allow an attacker with network access to obtain
administrative privileges using maliciously crafted requests. Source: http://www.securityweek.com/moxa-vanderbilt-surveillance-products-affected-serious-flaws
23. November 17, Help Net
Security – (International) Ransoc browser locker/ransomware blackmails
victims. Security researchers discovered the Ransoc ransomware is being
distributed via malvertising to target and blackmail Microsoft Windows users
who frequent adult Websites, and scans an infected device to collect information
from the victim’s Facebook, LinkedIn, and Skype accounts, as well as scans
local media filenames for strings associated with files downloaded via torrents
in order to uncover illegal or illicit content. The ransomware then displays a
ransom note, or “penalty notice” tailored to the information it finds,
threatening to expose a victim’s illicit online activity to the user’s social
and professional network connections if the fine is not paid. Source: https://www.helpnetsecurity.com/2016/11/17/ransoc-browser-lockerransomware-blackmails-victims/
Communications Sector
Nothing to report