Complete DHS Report for
May 15, 2015
Daily Report
Top Stories
· An
estimated 198,000 gallons of household wastewater spilled into La Volla Creek
in Corpus Christi, Texas, May 13 from a flooded sewage line. – Corpus
Christi Caller-Times
18. May 14, Corpus Christi
Caller-Times – (Texas) 198,000 gallons of wastewater seep into creek. An
estimated 198,000 gallons of household wastewater spilled into La Volla Creek
in Corpus Christi May 13 from a flooded sewage line near the Greenwood
Wastewater Treatment Plant, prompting a precautionary boil advisory for area
residents until the water supply is tested. Source: http://www.caller.com/news/local-news/weather/198000-gallons-of-wastewater-seep-into-creek_10234019
·
The U.S. Attorney’s Office in Tampa announced May 13 that CVS Health Corp.,
will pay $22 million in a settlement to resolve allegations that 2 of its
pharmacies in Florida sold non-prescribed painkillers. – Reuters
19. May 13,
Reuters – (Florida) CVS pays $22 million to resolve Florida painkiller
probe. The U.S. Attorney’s Office in Tampa announced May 13 that CVS Health
Corp., will pay $22 million in a settlement to resolve allegations that 2 of
its pharmacies in central Florida sold painkillers that were not prescribed for
legitimate medical purposes. Federal agents discovered that the pharmacies
ordered about 3 million oxycodone pills in 2011 and ignored red flags that the
prescriptions were not legitimate. Source: http://www.reuters.com/article/2015/05/13/us-cvs-health-settlement-idUSKBN0NY2O920150513
· OSIsoft advised customers to mitigate
an incorrect default permissions vulnerability in its PI Asset Framework (PI
AF) that could potentially lead to information disclosure, data tampering,
privilege escalation, and/or denial-of-service (DoS) conditions. – Securityweek
26. May 13,
Securityweek – (International) Flaw found in OSIsoft product deployed in
critical infrastructure sectors. OSIsoft advised customers to mitigate an
incorrect default permissions vulnerability in its PI Asset Framework (PI AF)
in which an unauthorized remote attacker could leverage “Trusted Users” group
status in some product installations to execute arbitrary structured query
language (SQL) statements on the affected system, potentially leading to
information disclosure, data tampering, privilege escalation, and/or
denial-of-service (DoS) conditions. Source: http://www.securityweek.com/flaw-found-osisoft-product-deployed-critical-infrastructure-sectors
·
Downington, Pennsylvania police declared the North Park Plaza strip mall a
total loss May 14 after 10 businesses and both floors of the mall were severely
damaged in a May 12 fire. – Chester County Daily Local News
28. May 14, Chester
County Daily Local News – (Pennsylvania) Officials call fire a ‘total
loss.’ Downingtown Police declared the North Park Plaza strip mall a total
loss May 14 after 10 businesses and both floors of the mall were severely
damaged in a May 12 fire. Preliminary reports estimated that the total amount
of damage exceeded $4 million, and officials determined that the fire began in a
florist shop. Source: http://www.dailylocal.com/general-news/20150513/officials-call-fire-a-total-loss
Financial Services Sector
9. May 13, Reuters –
(Connecticut) Connecticut fund executive faces new SEC fraud charges. The
U.S. Securities and Exchange Commission charged and froze the assets of a
former Oak Investment Partners venture capital executive from Greenwich, May
13, alleging that the suspect transferred $27.5 million worth of investors’
funds to himself, induced his firm to overpay for investments into 2 Asian
e-commerce companies for which he pocketed $20 million, and induced the firm to
pay I-Cubed Domains LLC $7.5 million for its stake in an e-commerce company
without disclosing that he and his wife owned I-Cubed Domains and had purchased
the stake for $2 million. Source: http://www.reuters.com/article/2015/05/13/sec-ahmed-fraud-idUSL1N0Y42NC20150513
10. May 13, Philadelphia Business
Journal – (Pennsylvania) Delco mortgage lender charged with $9.7M fraud
scheme. A former co-owner of Folsom-based Capital Financial Mortgage Corporation
was charged May 13 for his role in a $9.7 million mortgage fraud scheme in
which he allegedly defrauded lenders including Wells Fargo & Co., and
Customers Bank into purchasing second mortgages that he represented as first
mortgages and defrauded other lenders that loaned money to the company on a
warehouse line of credit. Authorities claim he used the fraudulent profits to
pay for personal expenses. Source: http://www.bizjournals.com/philadelphia/morning_roundup/2015/05/delco-mortgage-lender-charged-with-9-7m-fraud.html
11. May 13, Lake View Patch –
(Illinois) FBI increases reward for serial ‘Bandage Bandit’ bank robbery
suspect. The FBI increased the reward for information leading to the arrest
of the bank robber dubbed the “Bandage Bandit” to $10,000, after a May 9
robbery at a Chase Bank in Chicago was attributed to him, bringing the total to
5 robberies since March. Source:
http://patch.com/illinois/lakeview/fbi-increases-reward-serial-bandage-bandit-bank-robber-suspect
Information Technology Sector
23. May 14, Softpedia –
(International) Cisco TelePresence vulnerable to unauthorized root access,
denial of service. Cisco reported two vulnerabilities in versions of its
TelePresence TC and TE video conference products in which an attacker could
exploit improper authentication protocols for internal services to bypass
authentication and obtain root access on the system, and a flaw in the network
drivers in which an attacker could use specially crafted internet protocol (IP)
packets sent at a high rate to cause a denial-of-service (DoS) condition.
Source: http://news.softpedia.com/news/Cisco-TelePresence-Vulnerable-to-Unauthorized-Root-Access-Denial-of-Service-481183.shtml
24. May 14, V3.co.uk –
(International) APT17 DeputyDog hackers are pushing Blackcoffee malware
using TechNet. Research by FireEye revealed that the APT17 threat group
used posts and profiles on the TechNet blog as a way to conceal their use of
the Blackcoffee backdoor by embedding strings that the malware would decode to
find and communicate with the malware’s true command-and-control (C&C)
server. The TechNet blog was not compromised and the operation was shut down,
but FireEye warned that other groups may mimic the tactic. Source: http://www.v3.co.uk/v3-uk/news/2408533/apt17-deputydog-hackers-are-pushing-blackcoffee-malware-using-technet
25. May 13, Threatpost –
(International) XSS, CSRF vulnerabilities identified in WSO2 Identity
Server. Researchers at SEC Consult discovered three cross-site scripting
(XSS), cross-site request forgery (CSRF), and extensible markup language (XML)
external injection vulnerabilities in version 5.0.0 of WSO2 Identity Server
that could allow an attacker to take over a victim’s session, add arbitrary
users to the server, or inject arbitrary XML entities. Source: https://threatpost.com/xss-csrf-vulnerabilities-identitified-in-wso2-identity-server/112789
26. May 13, Securityweek –
(International) Flaw found in OSIsoft product deployed in critical
infrastructure sectors. OSIsoft advised customers to mitigate an incorrect
default permissions vulnerability in its PI Asset Framework (PI AF) in which an
unauthorized remote attacker could leverage “Trusted Users” group status in
some product installations to execute arbitrary structured query language (SQL)
statements on the affected system, potentially leading to information
disclosure, data tampering, privilege escalation, and/or denial-of-service
(DoS) conditions. Source: http://www.securityweek.com/flaw-found-osisoft-product-deployed-critical-infrastructure-sectors
For another story, see item 1
from the Energy Sector
1. May 13, Dark Reading –
(International) Oil & gas firms hit by cyberattacks that forgo malware. Panda
Lab researchers discovered a unique targeted attack campaign dubbed Phantom
Menace that has infiltrated and stolen credentials from 10 international oil
and gas maritime transportation companies since August 2013, via a
spear-phishing email containing a fake Adobe PDF file utilizing a file transfer
protocol (FTP) server. The attackers contact oil brokers and request a fee in
exchange for fake barrels of oil sold at a discounted rate, which are never
delivered. Source:
http://www.darkreading.com/attacks-breaches/oil-and-gas-firms-hit-by-cyberattacks-that-forgo-malware/d/d-id/1320417
Communications Sector
27. May 13, Allentown Morning Call – (Pennsylvania) TV
service disrupted for 12,000 Service Electric customers. About 12,000
Service Electric Cable TV & Communications Inc., customers in Leigh County
lost television reception for approximately 2 hours May 13 after a satellite
time server failed during routine database maintenance. Source: http://www.mcall.com/news/local/mc-service-electric-tv-outage-20150513-story.html