Thursday, November 21, 2013

Complete DHS Daily Report for November 21, 2013

Daily Report

Top Stories

 • Around 89,000 residents remained without power in Michigan after severe weekend storms knocked out service. – Detroit Free Press

1.            November 20, Detroit Free Press – (Michigan) 89,000 in Michigan still without power after storm. Utility crews continued work November 20 to restore power to about 89,000 customers throughout Michigan’s Lower Peninsula that remained without electricity after severe storms November 17 knocked out service. Source:

 • One of the largest manufacturers of chromium, Elementis Chromium, Inc., will pay the U.S. Environmental Protection Agency $2,571,800 in penalties for violating the Toxic Substances Control Act. – U.S. Environmental Protection Agency

6. November 14, U.S. Environmental Protection Agency – (North Carolina; Texas) Chemical company failed to disclose public health risks, judge rules in favor of EPA. The U.S. Environmental Protection Agency ordered Elementis Chromium, Inc. a chromium chemicals manufacturer based out of East Windsor, New Jersey, to pay a penalty of $2,571,800 for failing to disclose information about risks to worker’s health from exposure to hexavalent chromium at chemical production plants, as required by the Toxic Substances Control Act. Source:

 • In a settlement with the U.S. Department of Justice, JPMorgan Chase will pay $13 billion in penalties for selling non-compliant residential mortgage-backed securities. – USA Today (See item 12) below in the Financial Services Sector

 • USPlabs LLC announced an expanded recall of additional OxyELITE Pro dietary supplement products linked to liver damage cases in Hawaii that are being investigated by the U.S. Food and Drug Administration. – U.S. Food and Drug Administration

24. November 19, U.S. Food and Drug Administration – (National) USPlabs LLC announces a recall of OxyELITE Pro dietary supplements due to possible health risk, recall expanded to include: raspberry lemonade OxyELITE Pro super thermo powder. USPlabs LLC of Dallas, Texas, voluntarily expanded a recalled of OxyElite Pro dietary supplement products, to include OxyElite Pro Super Thermo capsules, OxyElite Pro Ultra-Intense Thermo capsules, and OxyElite Pro Super Thermo Powder, because the products contain Aegeline, which has been associated with liver damage cases in Hawaii. The U.S. Food and Drug Administration’s investigation of these products is ongoing. Source:


Financial Services Sector

12. November 20, USA Today – (National) JPMorgan, Justice Dept. reach $13B settlement. JPMorgan Chase and the U.S. Department of Justice finalized an agreement November 19 where the bank admitted that residential mortgage-backed securities it sold did not comply with guidelines and were not fit for sale. JPMorgan Chase agreed to pay $13 billion in penalties to settle the case. Source:

13. November 19, Reuters – (Texas) Texas bank robber ‘Mesh Mask Bandit’ pleads guilty: records. A Farmer’s Branch, Texas man known as the “Mesh Mask Bandit” pleaded guilty November 19 to robbing or attempting to rob a total of 20 banks in 2013. Source:

14. November 19, IDG News Service – (International) Court shuts down online business listing operation. The U.S. District Court for the Northern District of Illinois issued a temporary restraining order against a Canada-based online business listing operation that allegedly used fraudulent tactics to induce small businesses and churches to pay more than $14 million for business listings they did not order. Source:

15. November 19, Colorado Springs Gazette – (Colorado) Colorado Springs businessman convicted of fraud. A Colorado Springs businessman was convicted of 13 counts of securities fraud and racketeering November 18 for raising $8.5 million for purported vacation home investments and then using the money to pay investors in other ventures he controlled and for personal expenses. Source:

Information Technology Sector

38. November 20, Krebs on Security – (International) Cupid Media hack exposed 42M passwords. Personal information including names, unencrypted passwords, email addresses, and birthdays belonging to around 42 million Cupid Media customers was discovered on the same servers that stored stolen information from Adobe, PR Newswire, and other organizations. The Australia-based dating site company stated that the data appeared to be related to a January 2013 breach. Source:

39. November 20, – (International) Google adds Android and Apache to open source security rewards programme. Google expanded its security rewards program for researchers who reveal security issues to include its Android mobile operating system, Apache httpd, and others. Google plans to further expand the platforms included in the program before the end of the year. Source:

40. November 20, Softpedia – (International) Your LG Smart TV is spying on you, even if you tell it to stop. A security researcher found that LG Smart TVs can collect data on channels watched, device IDs, and the file names of external media even if the device’s advertisement service option is disabled. The information is then transmitted without encryption. Source:

41. November 20, Help Net Security – (New Jersey) E-Sports to pay $1M to settle covert Bitcoin mining complaint. E-Sports Entertainment entered into a settlement with the State of New Jersey and agreed to pay $1 million to resolve allegations that it infected around 14,000 computers in New Jersey with malware that allowed E-Sports to monitor subscribers’ program usage, mine Bitcoins, and create a botnet. Source:

42. November 19, Softpedia – (International) Google Ads point to fake Snapchat downloads. Researchers at ThreatTrack Security found that users searching for “Snapchat download” may encounter sponsored results that lead to potentially unwanted applications when they intend to download Snapchat. Similar campaigns of misleading sponsored search results have appeared on Bing as well. Source:

43. November 19, SC Magazine – (International) Phony anti-virus programs evade detection with stolen certificates. Researchers at BitDefender found a fake antivirus program named Antivirus Security Pro utilizing stolen digital certificates issued for East Entertainment Services in 2012. BitDefender contacted Ease Entertainment so that the certificates can be revoked. Source:

44. November 18, IDG News Service – (International) Hackers actively exploiting JBoss vulnerability to compromise servers, researchers say. Researchers have spotted an increase in attackers using a known vulnerability found in products from several vendors to compromise JBoss Java EE application servers. Source:

45. November 18, IDG News Service – (International) Google to pay $17 million to States in Apple cookies case. Google reached a settlement with 37 States and the District of Columbia over its unauthorized placement of cookies on devices running Apple’s Safari Web browser, and agreed to pay $17 million. Source:

Communications Sector

Nothing to report