Complete DHS Report for December 8, 2016
Daily Report
Top Stories
• A Buffalo, New York resident pleaded guilty December 6 to
committing six bank robberies at First Niagara Bank and KeyBank branches in
Buffalo, Lancaster, and Depew, New York. – U.S. Attorney’s Office, Western
District of New York See item 3 below in the Financial Services Sector
• National Steak and Poultry expanded a previous recall December 4
to include approximately 1,976,089 additional pounds of its ready-to-eat
chicken products due to adulteration from possible undercooking. – U.S.
Department of Agriculture
10. December 5, U.S.
Department of Agriculture – (National) National Steak and Poultry
recalls ready-to-eat chicken that may be undercooked. National Steak and
Poultry expanded a previous recall December 4 to include approximately
1,976,089 additional pounds of its ready-to-eat chicken products due to
adulteration because of possible undercooking discovered after the firm
received a customer complaint stating that the product appeared to be
undercooked. There have been no adverse reactions or illnesses reported and the
products were sold directly to retail customers and to food service locations
nationwide. Source:
http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-115-2016-expanded
• Ko Olina, Hawaii officials announced December 6 that a November
30 sewage spill caused 201,600 gallons of sewage to be released after a 16-inch
water main broke. – KHON 2 Honolulu
11. December 7, KHON 2
Honolulu – (Hawaii) More than 200,000 gallons of sewage spilled near Ko
Olina. Ko Olina, Hawaii officials announced December 6 that a November 30
sewage spill caused 201,600 gallons of sewage to be released after a 16-inch
water main broke, an increase from the more than 1,000-gallon estimate that the
city initially reported. Officials stated that the sewage did not reach
waterways and crews returned to deodorize the site the week of December 5 and
apply another dose of disinfectant.
• Officials approved December 6 the construction of a new, nearly
$10 million water treatment plant in Kettleman City, California, following the
discovery of unsafe levels of arsenic in the city’s water supply. – KVPR
89.3 FM Fresno
13. December 6, KVPR 89.3
FM Fresno – (California) Kettleman City water treatment plant gets green
light. The California State Water Resources Control Board approved December
6 the construction of a new water treatment plant to serve Kettleman City
following the discovery of unsafe levels of arsenic in the city’s drinking
water supply. The project will receive nearly $10 million from State and
Federal governments and construction is slated to begin in early 2017.
Financial Services Sector
3. December 6, U.S.
Attorney’s Office, Western District of New York – (New York) Buffalo man
convicted of multiple bank robberies. A Buffalo, New York resident pleaded
guilty December 6 to committing or helping to commit six bank robberies at
First Niagara Bank and KeyBank branches in Buffalo, Lancaster, and Depew, New
York. Source: https://www.justice.gov/usao-wdny/pr/buffalo-man-convicted-multiple-bank-robberies
4. December 6, U.S.
Attorney’s Office, Middle District of Pennsylvania – (National) Florida
woman guilty of interstate stolen credit card scheme. A Ft. Lauderdale,
Florida woman pleaded guilty December 6 after she and co-conspirators used
stolen credit cards to fraudulently purchase Apple iPads, iPods, MacBooks, and
other electronic goods and gift cards from Target Corporation, Best Buy, and
other stores in central Pennsylvania over the course of roughly 8 months from
2014 – 2015, resulting in an estimated total loss of $179,500. The group broke
into vehicles from Florida to Pennsylvania in order to steal the credit cards
and victims’ identification documents before making the fraudulent purchases. Source:
https://www.justice.gov/usao-mdpa/pr/florida-woman-guilty-interstate-stolen-credit-card-scheme-0
Information Technology Sector
18. December 7,
SecurityWeek – (International) Windows 10 Creators Update brings new
security capabilities. Microsoft reported that the Windows 10 Creators
Update, which is scheduled to be released in the spring of 2017, will include
several security enhancements including improved detection, intelligence, and
remediation capabilities in Windows Defender Advanced Threat Protection (ATP),
a feature that will link the Windows Security Center to Office 365 ATP to allow
administrators to track a threat across endpoints and email, as well as
expanded ATP sensors to detect kernel-level exploits and threats that occur
only in memory, among other updated features. Source: http://www.securityweek.com/windows-10-creators-update-brings-new-security-capabilities
19. December 7,
SecurityWeek – (International) Locky variant Osiris distributed via
Excel documents. BleepingComputer security researchers discovered that the
Locky ransomware began appending the .osiris extension to encrypted files,
while leveraging malicious Microsoft Excel spreadsheets for distribution. The
Excel documents are hidden inside ZIP archives and attached to spam emails
concealed as invoices, which contain macros that download and install Locky on
a victim’s device once enabled.
20. December 6,
SecurityWeek – (International) Google patches 74 vulnerabilities in
Android. Google released its December 2016 Android Security Bulletin which
includes patches for a total of 74 vulnerabilities, including 11 critical
flaws, a total of 43 high severity flaws, and 20 medium risk vulnerabilities.
The critical flaw patches include a fix for the Dirty COW vulnerability, as
well as an elevation of privilege vulnerability in kernel memory subsystem
affecting Pixel C, Pixel, and Pixel XL devices, and elevation of privilege
issues in NVIDIA GPU Driver, kernel, kernel ION driver, and the Qualcomm Mobile
Station Modem (MSM) interface, among other patched flaws.
21. December 6,
SecurityWeek – (International) Flash Player remains main target of
exploit kits: report. Threat intelligence firm Recorded Future released a
report after performing an analysis of 141 exploit kits (EKs), which found that
Adobe Flash Player, Microsoft Windows, Internet Explorer, and Silverlight were
the main targets of EKs in 2016. Flash Player accounted for 6 of the top 10
flaws leveraged by EKs, and an Internet Explorer flaw tracked as CVE-2016-0189,
which was integrated into several EKs including Sundown, Neutrino, and RIG, was
the most referenced vulnerability on security blogs and dark Websites.
Communications Sector
Nothing to report