Wednesday, December 14, 2016



Complete DHS Report for December 14, 2016

Daily Report                                            

Top Stories

• Officials reported December 12 that about 176,000 gallons of oil leaked from a 6-inch Belle Fourche Pipeline Co. pipeline into a tributary of the Little Missouri River and a hillside near Belfield, North Dakota. – Duluth News Tribune

2. December 12, Duluth News Tribune – (North Dakota) North Dakota oil pipeline spill estimated at 176,000 gallons. The North Dakota Department of Health announced December 12 that an estimated 176,000 gallons of oil leaked from a 6-inch Belle Fourche Pipeline Co. pipeline into a tributary of the Little Missouri River and a hillside near Belfield. Cleanup crews have recovered 36,876 gallons of oil since the leak was discovered by a landowner December 5. Source: http://www.duluthnewstribune.com/news/4178352-north-dakota-oil-pipeline-spill-estimated-176000-gallons

• Two New Jersey men were charged December 12 for allegedly orchestrating a securities fraud scheme that netted over $26 million in illegal proceeds. – Associated Press See item 6 below in the Financial Services Sector

• A Kansas couple pleaded guilty December 12 for their roles in a trade based money laundering conspiracy where the duo deposited at least $1.6 million in undeclared cash and $5.2 million worth of undeclared third-party checks into their joint account. – Garden City Telegram See item 7 below in the Financial Services Sector

• Quest Diagnostics Incorporated is investigating December 12 after a third-party accessed an Internet application on its network November 26 and obtained the protected health information of roughly 34,000 patients. – WPXI 11 Pittsburgh

24. December 12, WPXI 11 Pittsburgh – (National) Quest Diagnostics says hackers obtained protected health information of 34,000 patients. Quest Diagnostics Incorporated announced December 12 that it is investigating after a third-party accessed the MyQuest by Care360 Internet application on the company’s network November 26 and obtained the protected health information of roughly 34,000 patients. Company officials stated there is no evidence that the patient information has been misused. Source: http://www.wpxi.com/news/quest-diagnostics-says-hackers-obtained-protected-health-information-of-34000-patients/475436855
  
Financial Services Sector

5. December 12, Boston Globe – (Massachusetts) Chelsea man charged with series of bank robberies. A man dubbed the “Spelling Bee Bandit” was charged December 12 for allegedly committing 4 bank robberies in the Greater Boston area between October and November 2016. Source: http://www.boston.com/news/crime/2016/12/12/chelsea-man-charged-with-series-of-bank-robberies

6. December 12, Associated Press – (National) 2 charged in securities fraud plot netting $26M illegally. Two New Jersey men were charged December 12 for allegedly orchestrating a securities fraud scheme that netted over $26 million in illegal proceeds by using dozens of brokerage accounts, some of which were listed in the names of family members or other individuals, to drive up the cost of $10 billion in securities, and subsequently sell the securities they owned at inflated prices. The duo was barred from future trading in securities on others’ accounts. Source: http://www.nytimes.com/aponline/2016/12/12/us/ap-us-securities-fraud-charges.html?_r=0

7. December 12, Garden City Telegram – (International) Meade couple pleads guilty to money laundering. A Meade, Kansas couple pleaded guilty December 12 for their roles in a trade based money laundering conspiracy where the duo deposited at least $1.6 million in undeclared cash and $5.2 million worth of undeclared third-party checks that the husband received from his trips to Mexico into a joint account they kept at Plains State Bank in Plains, Kansas. The couple would then transfer the funds in the account to buy genetically modified corn seed that was transported to Mexico. Source: http://www.gctelegram.com/news/local/meade-couple-pleads-guilty-to-money-laundering/article_28fc9c0d-4c89-51bf-bbac-296ba1163e7f.html

8. December 12, SecurityWeek – (International) Ostap backdoor installs banking trojans, PoS malware. Proofpoint security researchers reported that a newly spotted backdoor, dubbed Ostap was being leveraged by a threat group to install banking trojans such as Dridex, Ursnif, and Tinba, as well as point-of-sale (PoS) malware on devices belonging to financial services companies in several countries. Proofpoint found that the threat group leveraged spam emails with malicious Microsoft Word attachments for distribution, and the backdoor remains active on a targeted device after the Word attachment has been closed, and writes a copy of itself to the victim’s Startup folder for persistence, among other malicious actions. Source: http://www.securityweek.com/ostap-backdoor-installs-banking-trojans-pos-malware

For another story, see item 27 below in the Information Technology Sector

Information Technology Sector

27. December 13, SecurityWeek – (International) Flaw in PwC security tool exposes SAP systems to attacks. Security researchers at ESNC discovered PricewaterhouseCoopers’ Automated Controls Evaluator (ACE) tool was plagued with a remote code execution flaw that could be exploited to remotely inject and execute malicious Advanced Business Application Programming (ABAP) code on a targeted Systems, Applications and Products (SAP) system. The flaw could allow a malicious actor to manipulate accounting documents and financial results, bypass segregation of duties restrictions, and bypass change management controls, potentially resulting in fraud, theft or manipulation of sensitive data, and unauthorized payment transactions and transfer of money.

28. December 13, SecurityWeek – (International) Serious vulnerabilities found in McAfee Enterprise product. A security researcher discovered Intel Security’s McAfee VirusScan Enterprise for Linux (VSEL) product versions 2.0.3 and earlier are plagued by 10 vulnerabilities, including information disclosure flaws, cross-site request forgery (CSRF) bugs, remote code execution flaws, and privilege escalation issues, among others vulnerabilities, 4 of which can be chained to achieve remote code execution with root privileges. Intel Security advised users to upgrade to Endpoint Security for Linux (ENSL) 10.2 or later to avoid the flaws. Source: http://www.securityweek.com/serious-vulnerabilities-found-mcafee-enterprise-product

29. December 12, SecurityWeek – (International) Flaws allow remote hacking of Moxa MiiNePort devices. Moxa released firmware updates for its MiiNePort embedded serial device servers after a security researcher found the devices were plagued with two vulnerabilities, one of which can be exploited to brute-force an active session cookie and download a device’s configuration file containing sensitive information such as the administrator password remotely from the Internet, which could give a malicious actor unrestricted privileges and allow the attacker access to the device. The second vulnerability relates to how the configuration data is stored in a file without being encrypted. Source: http://www.securityweek.com/flaws-allow-remote-hacking-moxa-miineport-devices

30. December 12, SecurityWeek – (International) Users warned of Zcash miner infections. Kaspersky Lab reported that cybercriminals have covertly infected roughly 1,000 devices with software that mine for Zcash (ZEC), a new cryptocurrency worth about $49 per ZEC, in order to make a significant profit. Kaspersky Lab stated cybercriminals were disguising the miners as legitimate applications and distributing them via torrent Websites, and reported that no attempts to install the miners using Website vulnerabilities or email spam campaigns have been spotted.

31. December 12, SecurityWeek – (International) Alpha version of Sandboxed Tor Browser available for Linux. The Tor developer known as Yawning Angel released Sandboxed Tor Browser 0.0.2, a version of the browser designed to offer additional security to users as it traps exploits and prevents them from accessing files, real Internet Protocols (IPs) and media access control (MAC) addresses from the host. The developer warned the new version has unresolved issues affecting security and fingerprinting, and the application is only compatible with Linux systems as it leverages bubblewrap, a sandboxing utility for Linux.

Communications Sector

Nothing to report