Complete DHS Report for December 8, 2016
• A Buffalo, New York resident pleaded guilty December 6 to committing six bank robberies at First Niagara Bank and KeyBank branches in Buffalo, Lancaster, and Depew, New York. – U.S. Attorney’s Office, Western District of New York See item 3 below in the Financial Services Sector
• National Steak and Poultry expanded a previous recall December 4 to include approximately 1,976,089 additional pounds of its ready-to-eat chicken products due to adulteration from possible undercooking. – U.S. Department of Agriculture
10. December 5, U.S. Department of Agriculture – (National) National Steak and Poultry recalls ready-to-eat chicken that may be undercooked. National Steak and Poultry expanded a previous recall December 4 to include approximately 1,976,089 additional pounds of its ready-to-eat chicken products due to adulteration because of possible undercooking discovered after the firm received a customer complaint stating that the product appeared to be undercooked. There have been no adverse reactions or illnesses reported and the products were sold directly to retail customers and to food service locations nationwide. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-115-2016-expanded
• Ko Olina, Hawaii officials announced December 6 that a November 30 sewage spill caused 201,600 gallons of sewage to be released after a 16-inch water main broke. – KHON 2 Honolulu
11. December 7, KHON 2 Honolulu – (Hawaii) More than 200,000 gallons of sewage spilled near Ko Olina. Ko Olina, Hawaii officials announced December 6 that a November 30 sewage spill caused 201,600 gallons of sewage to be released after a 16-inch water main broke, an increase from the more than 1,000-gallon estimate that the city initially reported. Officials stated that the sewage did not reach waterways and crews returned to deodorize the site the week of December 5 and apply another dose of disinfectant.
• Officials approved December 6 the construction of a new, nearly $10 million water treatment plant in Kettleman City, California, following the discovery of unsafe levels of arsenic in the city’s water supply. – KVPR 89.3 FM Fresno
13. December 6, KVPR 89.3 FM Fresno – (California) Kettleman City water treatment plant gets green light. The California State Water Resources Control Board approved December 6 the construction of a new water treatment plant to serve Kettleman City following the discovery of unsafe levels of arsenic in the city’s drinking water supply. The project will receive nearly $10 million from State and Federal governments and construction is slated to begin in early 2017.
Financial Services Sector
3. December 6, U.S. Attorney’s Office, Western District of New York – (New York) Buffalo man convicted of multiple bank robberies. A Buffalo, New York resident pleaded guilty December 6 to committing or helping to commit six bank robberies at First Niagara Bank and KeyBank branches in Buffalo, Lancaster, and Depew, New York. Source: https://www.justice.gov/usao-wdny/pr/buffalo-man-convicted-multiple-bank-robberies
4. December 6, U.S. Attorney’s Office, Middle District of Pennsylvania – (National) Florida woman guilty of interstate stolen credit card scheme. A Ft. Lauderdale, Florida woman pleaded guilty December 6 after she and co-conspirators used stolen credit cards to fraudulently purchase Apple iPads, iPods, MacBooks, and other electronic goods and gift cards from Target Corporation, Best Buy, and other stores in central Pennsylvania over the course of roughly 8 months from 2014 – 2015, resulting in an estimated total loss of $179,500. The group broke into vehicles from Florida to Pennsylvania in order to steal the credit cards and victims’ identification documents before making the fraudulent purchases. Source: https://www.justice.gov/usao-mdpa/pr/florida-woman-guilty-interstate-stolen-credit-card-scheme-0
Information Technology Sector
18. December 7, SecurityWeek – (International) Windows 10 Creators Update brings new security capabilities. Microsoft reported that the Windows 10 Creators Update, which is scheduled to be released in the spring of 2017, will include several security enhancements including improved detection, intelligence, and remediation capabilities in Windows Defender Advanced Threat Protection (ATP), a feature that will link the Windows Security Center to Office 365 ATP to allow administrators to track a threat across endpoints and email, as well as expanded ATP sensors to detect kernel-level exploits and threats that occur only in memory, among other updated features. Source: http://www.securityweek.com/windows-10-creators-update-brings-new-security-capabilities
19. December 7, SecurityWeek – (International) Locky variant Osiris distributed via Excel documents. BleepingComputer security researchers discovered that the Locky ransomware began appending the .osiris extension to encrypted files, while leveraging malicious Microsoft Excel spreadsheets for distribution. The Excel documents are hidden inside ZIP archives and attached to spam emails concealed as invoices, which contain macros that download and install Locky on a victim’s device once enabled.
20. December 6, SecurityWeek – (International) Google patches 74 vulnerabilities in Android. Google released its December 2016 Android Security Bulletin which includes patches for a total of 74 vulnerabilities, including 11 critical flaws, a total of 43 high severity flaws, and 20 medium risk vulnerabilities. The critical flaw patches include a fix for the Dirty COW vulnerability, as well as an elevation of privilege vulnerability in kernel memory subsystem affecting Pixel C, Pixel, and Pixel XL devices, and elevation of privilege issues in NVIDIA GPU Driver, kernel, kernel ION driver, and the Qualcomm Mobile Station Modem (MSM) interface, among other patched flaws.
21. December 6, SecurityWeek – (International) Flash Player remains main target of exploit kits: report. Threat intelligence firm Recorded Future released a report after performing an analysis of 141 exploit kits (EKs), which found that Adobe Flash Player, Microsoft Windows, Internet Explorer, and Silverlight were the main targets of EKs in 2016. Flash Player accounted for 6 of the top 10 flaws leveraged by EKs, and an Internet Explorer flaw tracked as CVE-2016-0189, which was integrated into several EKs including Sundown, Neutrino, and RIG, was the most referenced vulnerability on security blogs and dark Websites.
Nothing to report