Monday, August 31, 2015



Complete DHS Report for August 31, 2015

Daily Report                                            

Top Stories

  • Officials released August 27 that California residents cut their water usage by 31 percent in July, surpassing government-mandated targets for the second month in a row. – Sacramento Bee

15. August 27, Sacramento Bee – (California) California residents cut water use 31 percent in July. The California State Water Resources Control Board released August 27 that California residents cut their water usage by 31 percent in July, surpassing government-mandated targets for the second month in a row. Source: http://www.msn.com/en-us/news/us/california-residents-cut-water-use-31-percent-in-july/ar-BBmaXAm

• Thousands of firefighters and U.S. military personnel worked August 27 to contain over 60 wildfires that have burned nearly 1.7 million acres across western States. – Reuters

21. August 27, Reuters – (National) Senate hearing on wildfires urged to help bolster firefighting capabilities. Thousands of firefighters and U.S. military personnel worked August 27 to contain over 60 wildfires that have burned nearly 1.7 million acres across western States. Source: http://www.reuters.com/article/2015/08/28/us-usa-wildfires-idUSKCN0QV29Y20150828

• A California woman pleaded guilty August 27 for her role in an immigration fraud scheme that provided student visas to foreign nationals netting as much as $6 million from citizens of South Korea, China, and other nations. – Beverly Hills Patch

22. August 27, Beverly Hills Patch – (California) Beverly Hills man charged in $6 million ‘pay to stay’ immigration fraud. A Los Angeles woman pleaded guilty August 27 for her role in an immigration fraud scheme that provided student visas to foreign nationals, who never went to class, netting as much as $6 million from citizens of South Korea, China, and other nations. The woman worked with a Beverly Hills man who owns Koreatown schools Prodee University, Walter Jay M.D. Institute, and the American College of Forensic Studies, among others. Source: http://patch.com/california/beverlyhills/beverly-hills-man-charged-6-million-pay-stay-immigration-fraud

• An August 27 fire destroyed a Linn County Sheriff’s Office substation in Oregon, causing an estimated $900,000 in damage. – Portland Oregonian

27. August 27, Portland Oregonian – (Oregon) Fire destroys Linn County Sheriff’s Office substation in Mill City. An August 27 fire destroyed a Linn County Sheriff’s Office substation in Mill City, causing an estimated $900,000 in damage after the fire reportedly started when a city public works employee parked small equipment in the building. Employees evacuated the building after failing to extinguish the fire.

Financial Services Sector

4. August 27, U.S. Department of the Treasury – (International) Settlement agreement between the U.S. Department of the Treasury’s Office of Foreign Assets Control and UBS AG. The Office of Foreign Assets Control announced a $1.7 million settlement with UBS AG August 27 to resolve allegations that the bank violated Global Terrorism Sanctions regulations through 222 transactions related to securities held in custody in the U.S. for a client believed to have committed, threatened to commit, or supported terrorism. Source: http://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20150827_33.aspx

5. August 27, U.S. Department of Justice – (National) Business email compromise. The FBI’s Internet Crime Complaint Center (IC3) released an advisory warning corporations of Business Email Compromise (BEC) scams carried out through social engineering or various computer intrusion techniques to conduct unauthorized wire transfers, and cited a 270 percent increase in victims and exposed losses since January. BEC scams accounted for over $747 million in losses to 7,066 victims in all 50 States from October 2013 – August 2015. Source: http://www.ic3.gov/media/2015/150827-1.aspx#fn2

6. August 27, WCBS 2 New York City; Associated Press – (New York) $1.8 million burglary of armored car company on Long Island foiled by alert officer. Nassau County authorities were searching for 4 accomplices in an attempted August 16 robbery of $1.8 million from the Loomis Armored Inc., warehouse in Hicksville, after an officer arrested another suspect and found cash in his vehicle’s trunk on the night of the incident. The perpetrators reportedly used a sledgehammer and hydraulic jack to access a vault containing $20 million. Source: http://newyork.cbslocal.com/2015/08/27/long-island-armored-car-company-robbery/

For another story, see item 34 below in the Information Technology Sector

Information Technology Sector

29. August 28, Securityweek – (International) Moxa patches flaws in industrial ethernet switches. Security researchers from Applied Risk discovered serious privilege escalation, denial-of-service (DoS), and cross-site scripting (XSS) vulnerabilities affecting Moxa industrial ethernet switches that could allow an unauthenticated remote attacker to compromise the device and connected industrial assets. Moxa recently released an update addressing nine heap-based buffer overflow and classic buffer overflow vulnerabilities in its SoftCMS closed-circuit television (CCTV) central management software. Source: http://www.securityweek.com/moxa-patches-flaws-industrial-ethernet-switches

30. August 28, Securityweek – (International) Mozilla updates Firefox 40 to patch two serious flaws. Mozilla released Firefox version 40.0.3 addressing a use-after free vulnerability in which an attacker could crash Firefox or execute arbitrary code with user privileges, and an add-on notification bypass through data Uniform Resource Locator (URL) that an attacker could use to trick users into installing a malicious add-on. Source: http://www.securityweek.com/mozilla-updates-firefox-40-patch-two-serious-flaws

31. August 28, Securityweek – (International) Adobe releases hotfix to patch ColdFusion vulnerability. Adobe released a hotfix addressing a vulnerability in ColdFusion in which a security hole could be exploited to compromise data security, affecting LiveCycle Data Services and BlazeDS. Source: http://www.securityweek.com/adobe-releases-hotfix-patch-coldfusion-vulnerability

32. August 28, Softpedia – (International) Phishing costs an average company up to $3.7 million per year. A Wombat Security Technologies report carried out on 377 U.S. organizations revealed that an average-sized organization can lose up to $3.77 million per year in extrapolated costs due to phishing attacks, that 48% of the costs come from productivity losses in mitigating the attacks, and that uncontained malware attacks can cause industry losses up to $105 million, among other findings.

33. August 27, Threatpost – (International) BitTorrent patch throttles reflective DDoS attacks. BitTorrent released a patch addressing a libuTP protocol vulnerability that could allow attackers to carry out User Datagram Protocol (UDP) distributed reflection denial-of-service (DRDoS) attacks. Source: https://threatpost.com/bittorrent-patch-throttles-reflective-ddos-attacks/114446

34. August 27, SC Magazine – (International) DD4BC are DDoS attack driving force, new report claims. VeriSign released findings from its “Distributed Denial of Service (DDoS) Trends Report – 2nd Quarter 2015” revealing a period of increased activity from the DDoS for Bitcoin (DD4BC) threat group, and that 22 percent of the attacks analyzed targeted the financial and payment sector. Attacks by the group typically start with threats and demands for ransom, followed by increased demands and ramped up DDoS attacks. Source: http://www.scmagazineuk.com/dd4bc-are-ddos-attack-driving-force-new-report-claims/article/435234/

Communications Sector

Nothing to report