Monday, May 4, 2015



Complete DHS Report for May 4, 2015

Daily Report

Top Stories

 · The U.S. Department of Energy reported April 30 that the agency will pay New Mexico $73 million in projects for violations that led to a radiation leak in February 2014. – Reuters

1. May 1, Reuters – (New Mexico) U.S. Government to pay New Mexico $73 million over radiation leak. U.S. Department of Energy officials reported April 30 that the agency will pay New Mexico $73 million in projects in and around the Waste Isolation Pilot Plant in Carlsbad for violations at the plant and at the Los Alamos National Laboratory that led to a radiation leak in February 2014. Projects include road improvements, nuclear waste transportation routes, storm-water management upgrades, and the construction of an emergency operations center. Source: http://in.reuters.com/article/2015/05/01/us-usa-new-mexico-nuclear-idINKBN0NM2X020150501

 · The U.S. Department of Justice announced a $20 million pilot program May 1 to extend the use of police body cameras in order to help enhance transparency, advance public safety, and promote accountability. – NBC News

16. May 1, NBC News – (National) Police body cams: DOJ unveils $20M program to expand use. The U.S. Department of Justice announced a $20 million pilot program May 1 to extend the use of police body cameras in order to help enhance transparency, advance public safety, and promote accountability. Source: http://www.nbcnews.com/storyline/baltimore-unrest/body-worn-cameras-get-20m-federal-pilot-amid-baltimore-protests-n351721

 · Federal authorities announced April 29 that 13 current and former law enforcement officers from North Carolina and Virginia were charged in connection to allegedly protecting cocaine and heroin shipments along the East Coast. – WTVD 11 Durham

17. May 1, WTVD 11 Durham – (North Carolina; Virginia) 13 current and former North Carolina and Virginia law enforcement officers indicted. Federal authorities announced April 29 that 13 current and former law enforcement officers from North Carolina and Virginia, along with 2 civilians, were charged in connection to allegedly protecting cocaine and heroin shipments along the East Coast. The officers and civilians were charged with allegedly collaborating to distribute controlled substances and conspire to use firearms in relation to drug trafficking offenses. Source: http://abc11.com/news/13-current-and-former-law-enforcement-officers-indicted/688835/

 · AT&T and its former subsidiary, Southern New England Telephone agreed to pay a combined $10.9 million in penalties April 29 to resolve an investigation by the U.S. Federal Communications Commission for overbilling the FCC’s Lifeline program. – U.S. Federal Communications Commission See item 22 below in the Communications Sector

Financial Services Sector

4. April 30, KESQ 42 Palm Springs – (National) 2 men arrested with hundreds of fraudulent credit cards. Two individuals were arrested April 29 in Palm Desert for burglary, fraud, identity theft, and possession of stolen property after authorities discovered hundreds of manufactured credit cards, purchased gift cards, and stolen clothing and electronics from several local businesses in a rental car. Investigators allege the pair racked up tens of thousands of dollars in fraudulent charges in the area with stolen credit card numbers from victims across the U.S. Source: http://www.kesq.com/news/2-men-arrested-with-hundreds-of-fraudulent-credit-cards/32671160

For another story, see item 20 below in the Information Technology Sector

Information Technology Sector

18. May 1, Securityweek – (International) Security bug in ICANN portals exploited to access user data. The Internet Corporation for Assigned Names and Numbers (ICANN) released April 30 initial findings from an investigation revealing that a vulnerability in two of the organizations generic top-level domain (gTLD) portals had resulted in the exposure of 330 advanced search result records pertaining to 96 applicants and 21 registry operators since April 2013. The organization plans to contact both the affected users and those who exploited the vulnerability to access the records. Source: http://www.securityweek.com/security-bug-icann-portals-exploited-access-user-data

19. May 1, Help Net Security – (International) Unnoticed for years, malware turned Linux and BSD servers into spamming machines. Security researchers at ESET discovered that servers running BSD and Linux operating systems (OS) worldwide have been targeted for the past 5 years by a group that compromised systems via a backdoor trojan that would use a commercial automated e-mail distribution system to send out anonymous emails. Source: http://www.net-security.org/malware_news.php?id=3030

20. May 1, Threatpost – (International) Dyre banking trojan jumps out of sandbox. Security researchers at Seculert discovered a new strain of the Dyre banking trojan, called Dyreza, that evades detection by checking for the number of processor cores running on an infected machine, and terminating itself if there is only one. The researchers also noted that the new strain changed to a new user agent and included other minor updates to avoid signature-based detection products. Source: https://threatpost.com/dyre-banking-trojan-jumps-out-of-sandbox/1125

21. April 30, Threatpost – (International) MySQL bug can strip SSL protection from connections. Researchers at Duo Security identified a serious vulnerability in how versions of Oracle’s MySQL database product handle requests for secure connections, in which an attacker could use a man-in-the-middle (MitM) attack to force an unencrypted connection and intercept unencrypted queries from the client to the database. In this scenario, the attack could occur regardless of whether or not the server is toggled to require secure socket layer (SSL). Source: https://threatpost.com/mysql-bug-can-strip-ssl-protection-from-connections/112513

Communications Sector

22. April 29, U.S. Federal Communications Commission – (National) AT&T and SNET to pay $10.9 million for overbilling Lifeline program. AT&T and its former subsidiary Southern New England Telephone (SNET) agreed to pay a combined $10.9 million in penalties April 29 to resolve an investigation by the U.S. Federal Communications Commission (FCC) for overbilling the FCC’s Lifeline program by providing service to landline customers without recertifying eligibility within the time limit set. Source: https://www.fcc.gov/document/att-and-snet-pay-109-million-overbilling-lifeline-program