Complete DHS Report for March
17, 2015
Daily Report
Top Stories
· Germany-based
Commerzbank AG and its U.S. branch, Commerz New York, entered into an agreement
March 12 with federal authorities and agreed to pay a total of $1.45 billion in
penalties and forfeitures related to violations of the International Emergency
Economic Powers Act and the Bank Secrecy Act. – U.S. Department of Justice See item 6 below in the Financial Services Sector
· A power
outage at a sanitary sewer lift in St. Augustine, Florida, led to an estimated
60,750- gallon spill of raw sewage into the San Sebastian River March 14. – St.
Augustine Record
16. March
14, St. Augustine Record – (Florida) Power outage leads to
60,750-gallon raw sewage spill in San Sebastian River. A power outage at a
sanitary sewer lift in St. Augustine, Florida, led to an estimated 60,750-
gallon spill of raw sewage into the San Sebastian River March 14. Temporary
power was restored and crews continued to sample the waterway while the public
was notified of the spill. Source: http://staugustine.com/news/local-news/2015-03-14/power-outage-leads-60750-gallon-sewage-spill-san-sebastian-river#
· Approximately
100,000 gallons of wastewater overflowed onto Amala Road March 13 following an
electrical outage at the Kaa Pump Station in Kahului, Hawaii. – Honolulu
Star-Advertiser
17. March
13, Honolulu Star-Advertiser – (Hawaii) 100K-gallon sewage spill
reported inKahului. Approximately 100,000 gallons of wastewater overflowed
onto Amala Road March 13 following an electrical outage at the Kaa Pump Station
in Kahului. Impacted areas were disinfected and standing water was removed.
Source: http://www.staradvertiser.com/news/breaking/20150313_100Kgallon_sewage_spill_reported_in_Kahului.html?id=296306871
· Eighteen
individuals from south Florida were charged for their involvement in a $125
million private health insurance fraud scheme. – Associated Press;
Washington Times
19. March 16, Associated Press; Washington Times –
(Florida) 18 charged in Florida in $125M private insurance fraud scam. Eighteen
individuals from south Florida were charged by federal authorities for their
involvement in a $125 million private health insurance fraud scheme. Four
people were charged the week of March 9 for controlling 30 companies in Miami
that stole the names and licensing information of dozens of physicians, while
others received kickbacks for referring beneficiaries to specific medical
clinics where they would sign documents claiming they received medical services
that were never performed. Source: http://www.washingtontimes.com/news/2015/mar/16/18-charged-in-florida-in-125m-private-insurance-fr/
Financial Services Sector
6. March
12, U.S. Department of Justice – (International) Commerzbank AG
admits to sanctions and bank secrecy violations, agrees to forfeit $563 million
and pay $79 million fine. Frankfurt, Germany-based Commerzbank AG and its
U.S. branch, Commerz New York, entered into a deferred prosecution agreement
March 12 with federal authorities and agreed to pay a total of $1.45 billion in
penalties and forfeitures related to violations of the International Emergency
Economic Powers Act and the Bank Secrecy Act after the bank moved and concealed
$263 million on behalf of Iranian and Sudanese entities and allowed
Japanese-based Olympus to commit a multibillion dollar securities fraud scheme
by failing to maintain adequate policies, practices, and procedures to ensure
compliance with U.S. law. Source: http://www.justice.gov/opa/pr/commerzbank-ag-admits-sanctions-and-bank-secrecy-violations-agrees-forfeit-563-million-and
Information Technology Sector
25. March 16,
The Register – (International) Brute force box lets researchers, cops, pop
iDevice locks. A security researcher from MDSec discovered that the IP-Box
tool exploits a vulnerability in iOS devices running versions 8.1 and older for
iPhones or iPads that allows unlimited password guesses of four-digit personal
identification numbers (PIN) allowing hackers to bypass rate-limiters and
settings to gain personal data after a set of failed attempts. Source: http://www.theregister.co.uk/2015/03/16/hardware_bruteforce_passwords/
26. March 16,
Securityweek – (International) WPML WordPress plugin vulnerabilities expose
400,000 websites. WPML developers released an update to address security
flaws in its WordPress premium multilingual plugin, including a vulnerability
that allows an attacker to leverage an SQL injection exploit to read contents
on affected users’ databases, including password hashes and other user detail,
and another that allows the removal of content from Web sites due to lack of
access control in the “menu sync” functionality. More than 400,000 commercial
Web sites utilize the plugin. Source: http://www.securityweek.com/wpml-wordpress-plugin-vulnerabilities-expose-400000-websites
27. March 14,
Softpedia – (International) Over 5.3 million Upatre infections detected
in the US since January. Security researchers at Microsoft’s Malware
Protection Center discovered that the U.S. has recorded the largest number of
Upatre malware infections in the world at 5,326,970 since January, 7 times more
than the next country. Upatre is usually delivered through malicious emails and
via botnets, and is used by cybercriminals as a distribution platform for other
malware. Source: http://news.softpedia.com/news/Over-5-3-Million-Upatre-Infections-Detected-in-the-US-Since-January-475816.shtml
For another story, see item 20 below from the Government Facilities Sector
20. March
15, WLNE 6 New Bedford – (Rhode Island) A Providence high
school’s website hacked. Officials with Providence Public Schools reported
March 15 that Classical High School’s Web site was breached March 14 by a group
claiming to support the Islamic State (ISIS) group after every page on the site
was linked to a pagcontaining text in reference to the terror group. The site’s
private vendor disabled the Web site and the school assured the public that no
information was compromised. Source: http://www.abc6.com/story/28523467/a-providence-high-schools-website-hacked
Communications Sector
28. March 13, Cincinnati
Enquirer – (Ohio) Cincinnati Bell restores channels after outage.
Cincinnati Bell restored all channels 10 hours after customers began
experiencing issues with their Fioptics TV platform that resulted in the loss
of a number of channels for an unknown number of customers March 13. Source: http://www.cincinnati.com/story/news/2015/03/13/cincinnati-bell-fiopticsexperiencing-outages/70263584/