Monday, April 6, 2015



Complete DHS Report for  April 6, 2015

Daily Report

Top Stories

 · Four suspects were charged April 2 for their roles in a Uganda-based international scheme in which they allegedly manufactured, advertised, bought, and sold over $1.4 million in counterfeit U.S. Federal Reserve Notes worldwide. – U.S. Department of Justice See item 8 below in the Financial Services Sector

 · Firefighters battled multiple equipment fires at the Vita Line pet food processing plant in Hazle Township, Pennsylvania, for about 25 hours March 31-April 1. – Pottsville Republican & Herald

16. April 2, Pottsville Republican & Herald – (Pennsylvania) Crews contain silo fire after 25 hour fight. Firefighters battled multiple equipment fires at the Vita Line pet food processing plant in Hazle Township for about 25 hours March 31-April 1, including a fire in a silo and subsequent dust explosion that prompted the examination of 23 responders. Crews disposed of about 90 tons of powdered dog food that was held in the silo, while authorities continued to investigate the incident. Source: http://republicanherald.com/news/crews-contain-silo-fire-after-25-hour-fight-1.1856960

 · The North Carolina Board of Pharmacy ordered the closure of Fayetteville’s Prescription Center Pharmacy April 1 in addition to recalling all lots of non-sterile and sterile products compounded, repackaged, and distributed between September 10, 2014 and March 10, 2015. – U.S. Food and Drug Administration

21. April 3, U.S. Food and Drug Administration – (International) The North Carolina Board of Pharmacy has ordered a recall for all lots of non-sterile and sterile products compounded, repackaged and distributed by Prescription Center Pharmacy located at 915 Hay Street, Fayetteville, NC, between September 10, 2014, and March 10, 2015. The North Carolina Board of Pharmacy ordered the closure of Fayetteville’s Prescription Center Pharmacy April 1 in addition to recalling all lots of non-sterile and sterile products compounded, repackaged, and distributed by the company between September 10, 2014 and March 10, 2015 due to the pharmacy’s failure to ensure sterility, stability, and potency for the products. The compounded products were distributed to all 50 States as well as Canada. Source: http://www.fda.gov/Safety/Recalls/ucm441046.htm

 · Up to 136 residents were evacuated from the Guardian Court Apartments complex in Okolona, Kentucky, April 3 after more than 7 inches of rain fell and caused flash flooding. – WDRB 41 Louisville

31. April 3, WDRB 41 Louisville – (Kentucky) Dozens of residents forced to evacuate Okolona apartment complex. Up to 136 residents were evacuated from the Guardian Court Apartments complex in Okolona, Kentucky, April 3 after more than 7 inches of rain fell and caused flash flooding. Source: http://www.wdrb.com/story/28714170/dozens-of-residents-forced-to-evacuate-okolona-apartment-complex

Financial Services Sector

7. April 2, Associated Press – (Massachusetts) Auto loan company founders accused of $11M fraud. The two founders of now-defunct Iofin Inc., in Rockland were charged with mail fraud, wire fraud, and conspiracy April 2 for allegedly defrauding investors out of over $11 million by luring them to roll their retirement plans into investment accounts to fund company operations from 1998 – 2011, despite lacking government approval to oversee retirement funds. Almost all of the investors’ funds were lost when the company went bankrupt. Source: http://www.wggb.com/2015/04/02/auto-loan-company-founders-accused-of-11m-fraud/

8. April 2, U.S. Department of Justice – (International) Four charged in international Uganda-based cyber counterfeiting scheme. Four suspects were indicted April 2 on charges relating to their roles in a Uganda-based international conspiracy in which they allegedly manufactured, advertised, bought, and sold over $1.4 million in counterfeit U.S. Federal Reserve Notes worldwide via “dark Web” criminal online forums that they created from 2013 – 2014. Source: http://www.justice.gov/opa/pr/four-charged-international-uganda-based-cyber-counterfeiting-scheme

For another story, see item 29 below in the Information Technology Sector

Information Technology Sector

27. April 3, Help Net Security – (International) Mozilla revokes trust for CNNIC certificates. A spokesperson at Mozilla announced that the company will no longer allow its products to recognize digital certificates issued by the China Internet Network Information Center (CNNIC), following an incident during the week of March 23 in which an intermediate certificate authority (CA) operating under CNNIC issued a number of unauthorized digital certificates for Google domains. The company will alask CNNIC to provide a list of current valid certificates to make public. Source: http://www.net-security.org/secworld.php?id=18168

28. April 2, Securityweek – (International) DoS vulnerabilities patched in Cisco Unity Connection. Cisco patched several vulnerabilities in its Unity Connection in which attackers could have caused denial-of-service (DoS) conditions on systems configurewith Session Initiation Protocol (SIP) trunk integration by exploiting flaws in the Connection Conversation Manager (CuCsMgr), a flaw in the handling of abnormallyterminated SIP conversations, and a resource allocation flaw that can allow attackersblock all SIP connection lines. Source: http://www.securityweek.com/dos-vulnerabilities-patched-cisco-unity-connection

29. April 2, Reuters – (International) IBM uncovers new, sophisticated bank transfer cyber scam. Security researchers at IBM discovered a sophisticated fraud scheme dubbed “The Dyre Wolf” in which cybercriminals infect users’ systems with the Dyrmalware to trick individuals into initiating large wire transfers with criminals posing bank employees over the phone, before moving the funds from bank to bank and usidenial-of-service (DoS) attacks to avoid detection. The scheme has caused losses of over $1 million from multiple large- and medium-sized companies in the U.S. Source: http://www.reuters.com/article/2015/04/02/us-cyberattack-ibm-idUSKBN0MT28Z20150402

30. April 1, U.S. Department of Justice – (International) Fourth member of internationcomputer hacking ring pleads guilty to hacking and intellectual property theft conspiracy. An Indiana man pleaded guilty to charges surrounding his role in an international hacking ring that gained unauthorized access to computer networks of companies including Microsoft Corp., Epic Games Inc., Valve Corporation and ZomStudios, and stole unreleased software, source code, trade secrets, copyrighted worksand financial and other sensitive information. The hacker admitted to transmitting approximately 11,266 log-in credentials from one company, and total losses from thscheme were estimated to range from $100 – $200 million. Source: http://www.fbi.gov/baltimore/press-releases/2015/fourth-member-of-international-computer-hacking-ring-pleads-guilty-to-hacking-and-intellectual-property-theft-conspiracy

Communications Sector

See item 20 below from the Healthcare and Public Health Sector

20. April 3, Colorado Springs Gazette – (Denver) Denver VA blames TV station for data breach. The Department of Veterans Affairs (VA) in Denver notified 508 patients April 3 that their names and partial Social Security numbers were contained in a document leaked to a television station that listed veterans’ appointments with VA’s Denver health care facilities. The VA is investigating the unauthorized disclosure. Source: http://gazette.com/denver-va-blames-tv-station-for-data-breach/article/1549014