Monday, August 25, 2014




Complete DHS Report for August 25, 2014

Daily Report

Top Stories

 · A cardiologist in Westlake, Ohio, was indicted for allegedly performing and referring unnecessary medical procedures on patients as part of a scheme to overbill Medicaid and private health-insurance companies by $7.2 million. – Federal Bureau of Investigation

19. August 21, Federal Bureau of Investigation – (Ohio) Westlake cardiologist indicted for overbilling Medicare and others of $7.2 million for unnecessary procedures. A cardiologist in Westlake was indicted for allegedly performing unnecessary medical procedures and referring patients for bypass surgeries they did not need as part of a scheme to overbill Medicaid and private health-insurance companies by $7.2, defrauding Medicade and private insurers of around $1.5 million between February 16 and June 28. The 16-count indictment includes 1 count of health care fraud, 14 counts of making false statements, and 1 count of engaging in monetary transactions in property derived from criminal activity. Source: http://www.fbi.gov/cleveland/press-releases/2014/westlake-cardiologist-indicted-for-overbilling-medicare-and-others-of-7.2-million-for-unnecessary-procedures

 · University of Alaska campuses statewide experienced a network outage for several hours August 20 after hackers targeted the university’s servers with a distributed denial of service attack. – Fairbanks Daily News Miner 

20. August 21, Fairbanks Daily News-Miner – (Alaska) University of Alaska internet outage caused by denial of service attack. University of Alaska campuses in Fairbanks, Anchorage, and Juneau experienced a network outage for several hours August 20 after hackers targeted the university’s servers with a distributed denial of service (DDoS) attack that came from multiple sources and consumed 490,000 of 500,000 available sessions on the university’s firewall. The outage caused off-campus users to lose access to the university’s Web sites and blocked Internet access for on-campus users. Source: http://www.newsminer.com/news/local_news/university-of-alaska-internet-outage-caused-by-denial-of-service/article_a44f2834-2905-11e4-939e-0017a43b2370.html

 · Police are searching for suspects who broke into Central Elementary School in Effingham County, Georgia, and stole equipment and tens of thousands of dollars in copper wiring, leaving the building without power. – WTOC 11 Savannah

21. August 21, WTOC 11 Savannah – (Georgia) Copper wiring worth tens of thousands stolen in Effingham County. Police are searching for suspects who broke into Central Elementary School in Effingham County and stole equipment and tens of thousands of dollars in copper wiring, leaving the vacant school building that hosts public events and houses offices without power. Source: http://www.wtoc.com/story/26342715/copper-wiring-worth-tens-of-thousands-stolen-in-effingham-county

 · Clark County fire officials reported that an August 17 fire that caused an estimated $1.5 million in damage at Amazing Grace Baptist Church in Hazel Dell, Washington, was human-caused, while it remains unclear if the fire was intentionally set. – Clark County Columbian 

34. August 20, Clark County Columbian – (Washington) Hazel Dell church fire was caused by someone. Clark County fire officials reported that an August 17 fire that caused an estimated $1.5 million in damage at Amazing Grace Baptist Church in Hazel Dell was human-caused, while it remains unclear if the fire was intentionally set. Source: http://www.kirotv.com/news/ap/washington/hazel-dell-church-fire-was-caused-by-someone/ng6h3/

Financial Services Sector

7. August 21, KMGH 7 Denver – (Colorado) Photos released of suspect linked to multiple robberies at Bank of the West branches in Aurora. The FBI and police in Aurora asked for the public’s help in identifying a suspect linked to four robberies at two Bank of the West branches, with the most recent robbery occurring August 20. Source: http://www.thedenverchannel.com/news/local-news/photos-released-of-suspect-linked-to-multiple-robberies-at-bank-of-the-west-branches-in-aurora08212014

For another story, see item 27 below in the Information Technology Sector

Information Technology Sector

26. August 22, Softpedia – (International) Credentials can be stolen in UI state inference attack. Researchers presenting at the USENIX Security Symposium published a paper outlining a new form of attack called a user interface (UI) inference attack that can steal Android users’ credentials by conducting a side-channel attack relying on a common shared-memory mechanism used by window managers. The attack uses a malicious app that does not require permissions and the researchers believe that the same vulnerability likely exists in other operating systems such as iOS, Windows, and OSX. Source: http://news.softpedia.com/news/Credentials-Can-Be-Stolen-In-UI-State-Inference-Attack-456028.shtml

27. August 22, Securityweek – (International) Vulnerability found in Google Wallet, Alipay payment SDKs. Researchers with Trend Micro identified and reported a security vulnerability in the in-app payment SDKs for Google Wallet and Alibaba Alipay in Android that can be exploited by attackers using intent-filters to display phishing messages and obtain user credentials. Alibaba and Google both released updates to their apps after being informed by the researchers May 27. Source: http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks

28. August 22, Softpedia – (International) Vulnerability in Akeeba Backup for Joomla went undetected for years. Sucuri researchers found a vulnerability in the Akeeba Backup extension for Joomla that has existed for years and could allow a skilled attacker to access backup files created with Akeeba and download them. The researchers stated that the security risk presented by the vulnerability was low due to the difficulty in exploiting it, and the newest version of Akeeba is no longer vulnerable. Source: http://news.softpedia.com/news/Vulnerability-in-Akeeba-Backup-for-Joomla-Went-Undetected-for-Years-455961.shtml

Communications Sector

Nothing to report