Tuesday, March 17, 2015



Complete DHS Report for  March 17, 2015

Daily Report

Top Stories

 · Germany-based Commerzbank AG and its U.S. branch, Commerz New York, entered into an agreement March 12 with federal authorities and agreed to pay a total of $1.45 billion in penalties and forfeitures related to violations of the International Emergency Economic Powers Act and the Bank Secrecy Act. – U.S. Department of Justice See item 6 below in the Financial Services Sector

 · A power outage at a sanitary sewer lift in St. Augustine, Florida, led to an estimated 60,750- gallon spill of raw sewage into the San Sebastian River March 14. – St. Augustine Record

16. March 14, St. Augustine Record – (Florida) Power outage leads to 60,750-gallon raw sewage spill in San Sebastian River. A power outage at a sanitary sewer lift in St. Augustine, Florida, led to an estimated 60,750- gallon spill of raw sewage into the San Sebastian River March 14. Temporary power was restored and crews continued to sample the waterway while the public was notified of the spill. Source: http://staugustine.com/news/local-news/2015-03-14/power-outage-leads-60750-gallon-sewage-spill-san-sebastian-river#

 · Approximately 100,000 gallons of wastewater overflowed onto Amala Road March 13 following an electrical outage at the Kaa Pump Station in Kahului, Hawaii. – Honolulu Star-Advertiser

17. March 13, Honolulu Star-Advertiser – (Hawaii) 100K-gallon sewage spill reported inKahului. Approximately 100,000 gallons of wastewater overflowed onto Amala Road March 13 following an electrical outage at the Kaa Pump Station in Kahului. Impacted areas were disinfected and standing water was removed. Source: http://www.staradvertiser.com/news/breaking/20150313_100Kgallon_sewage_spill_reported_in_Kahului.html?id=296306871

 · Eighteen individuals from south Florida were charged for their involvement in a $125 million private health insurance fraud scheme. – Associated Press; Washington Times

19. March 16, Associated Press; Washington Times – (Florida) 18 charged in Florida in $125M private insurance fraud scam. Eighteen individuals from south Florida were charged by federal authorities for their involvement in a $125 million private health insurance fraud scheme. Four people were charged the week of March 9 for controlling 30 companies in Miami that stole the names and licensing information of dozens of physicians, while others received kickbacks for referring beneficiaries to specific medical clinics where they would sign documents claiming they received medical services that were never performed. Source: http://www.washingtontimes.com/news/2015/mar/16/18-charged-in-florida-in-125m-private-insurance-fr/

Financial Services Sector

6. March 12, U.S. Department of Justice – (International) Commerzbank AG admits to sanctions and bank secrecy violations, agrees to forfeit $563 million and pay $79 million fine. Frankfurt, Germany-based Commerzbank AG and its U.S. branch, Commerz New York, entered into a deferred prosecution agreement March 12 with federal authorities and agreed to pay a total of $1.45 billion in penalties and forfeitures related to violations of the International Emergency Economic Powers Act and the Bank Secrecy Act after the bank moved and concealed $263 million on behalf of Iranian and Sudanese entities and allowed Japanese-based Olympus to commit a multibillion dollar securities fraud scheme by failing to maintain adequate policies, practices, and procedures to ensure compliance with U.S. law. Source: http://www.justice.gov/opa/pr/commerzbank-ag-admits-sanctions-and-bank-secrecy-violations-agrees-forfeit-563-million-and


Information Technology Sector

25. March 16, The Register – (International) Brute force box lets researchers, cops, pop iDevice locks. A security researcher from MDSec discovered that the IP-Box tool exploits a vulnerability in iOS devices running versions 8.1 and older for iPhones or iPads that allows unlimited password guesses of four-digit personal identification numbers (PIN) allowing hackers to bypass rate-limiters and settings to gain personal data after a set of failed attempts. Source: http://www.theregister.co.uk/2015/03/16/hardware_bruteforce_passwords/

26. March 16, Securityweek – (International) WPML WordPress plugin vulnerabilities expose 400,000 websites. WPML developers released an update to address security flaws in its WordPress premium multilingual plugin, including a vulnerability that allows an attacker to leverage an SQL injection exploit to read contents on affected users’ databases, including password hashes and other user detail, and another that allows the removal of content from Web sites due to lack of access control in the “menu sync” functionality. More than 400,000 commercial Web sites utilize the plugin. Source: http://www.securityweek.com/wpml-wordpress-plugin-vulnerabilities-expose-400000-websites

27. March 14, Softpedia – (International) Over 5.3 million Upatre infections detected in the US since January. Security researchers at Microsoft’s Malware Protection Center discovered that the U.S. has recorded the largest number of Upatre malware infections in the world at 5,326,970 since January, 7 times more than the next country. Upatre is usually delivered through malicious emails and via botnets, and is used by cybercriminals as a distribution platform for other malware. Source: http://news.softpedia.com/news/Over-5-3-Million-Upatre-Infections-Detected-in-the-US-Since-January-475816.shtml

For another story, see item 20 below from the Government Facilities Sector

20. March 15, WLNE 6 New Bedford – (Rhode Island) A Providence high school’s website hacked. Officials with Providence Public Schools reported March 15 that Classical High School’s Web site was breached March 14 by a group claiming to support the Islamic State (ISIS) group after every page on the site was linked to a pagcontaining text in reference to the terror group. The site’s private vendor disabled the Web site and the school assured the public that no information was compromised. Source: http://www.abc6.com/story/28523467/a-providence-high-schools-website-hacked

Communications Sector

28. March 13, Cincinnati Enquirer – (Ohio) Cincinnati Bell restores channels after outage. Cincinnati Bell restored all channels 10 hours after customers began experiencing issues with their Fioptics TV platform that resulted in the loss of a number of channels for an unknown number of customers March 13. Source: http://www.cincinnati.com/story/news/2015/03/13/cincinnati-bell-fiopticsexperiencing-outages/70263584/