Tuesday, September 8, 2015



Complete DHS Report for September 8, 2015

Daily Report                                            

Top Stories


 • The U.S. Attorney’s office for the Eastern District of Pennsylvania announced charges against 3 individuals accused of allegedly orchestrating a $54.5 million Ponzi scheme for an alternative energy company September 3. – The Hill

3. September 3, The Hill – (Pennsylvania) Feds charge 3 in alleged green energy Ponzi scheme. The U.S. Attorney’s office for the Eastern District of Pennsylvania announced charges against 3 individuals accused of orchestrating a $54.5 million Ponzi scheme for an alternative energy company September 3. The suspects were charged with wire fraud, securities fraud and conspiracy to commit both in connection with Mantria Corp., a company which defrauded over 300 investors with false promises of sustainable and clean energy products. Source: http://thehill.com/policy/energy-environment/252658-feds-charge-3-in-alleged-green-energy-ponzi-scheme

 • A former Wellington man was convicted September 3 on 15 Federal mail fraud charges for allegedly soliciting dozens of investors for about $55 million that would purportedly be invested in oil in the Middle East. – South Florida Sun-Sentinel See item 8 below in the Financial Services Sector

 • Approximately 1,901 first responders in Fresno, California, reached 25-percent containment of the 81,549-acre Rough Fire September 3. – KFSN 30 Fresno

19. September 3, KFSN 30 Fresno – (California) Rough Fire crews work to protect trees, cabins, and historic monuments. Approximately 1,901 first responders in Fresno reached 25-percent containment of the 81,549-acre Rough Fire September 3, and were working to protect Converse Basin, the Buck Rock area, and Cedar Grove, along with their cabins, landmarks, and historical monuments. Source: http://abc30.com/news/rough-fire-crews-work-to-protect-trees-cabins-and-historic-monuments/968160/

 • Sacramento City College was placed on lockdown for two hours and classes were canceled for the remainder of the day September 3, after one person was killed and two others injured by a gunman who shot the victims following a verbal dispute. – Associated Press

21. September 4, Associated Press – (California) Gunman sought in Sacramento college shooting; 1 dead 2 injured. Sacramento City College was placed on lockdown for two hours and classes were canceled for the remainder of the day September 3 after one person was killed and two others injured by a gunman who shot the victims following a verbal dispute. Authorities continued to search for the suspect. Source: http://abc7chicago.com/news/gunman-sought-in-sacramento-college-shooting;-1-dead-2-injured/969225/

Financial Services Sector

7. September 3, Krebs on Security – (International) More ATM “Insert Skimmer” innovations. U.S. and European security researchers reported recent trends in ATM skimming, including devices being planted via a hidden “insert skimmer” placed through the ATM’s card reader, “wiretapping attacks” in which devices are installed via holes drilled near the card reader entry throat, and the use of solid explosives to blow open cash machines in 11 countries. Source: http://krebsonsecurity.com/2015/09/more-atm-insert-skimmer-innovations/

8. September 3, South Florida Sun-Sentinel – (National) Socialite found guilty of mail fraud got $55M from victims, Feds say. A former Wellington man was convicted September 3 on 15 Federal mail fraud charges for allegedly soliciting dozens of investors for about $55 million that would purportedly be invested in oil in the Middle East, which he instead used to finance his lifestyle. The suspect was previously ordered to pay $112 million in damages and civilian penalties for selling fake investments. Source: http://www.sun-sentinel.com/local/palm-beach/fl-joseph-zada-guilty-verdict-20150903-story.html

9. September 3, Orange County Register – (National) Counterfeit crimes in Seal Beach found to be part of nationwide scheme. U.S. Secret Service and California police authorities arrested 8 suspected gang members in Seal Beach September 3 in connection to a national counterfeiting scheme in which perpetrators allegedly used fake bills for over 4,200 transactions totaling $100,000 nationwide since 2013. The source of the counterfeiting is under investigation. Source: http://www.ocregister.com/articles/beach-680986-bills-seal.html

Information Technology Sector

26. September 4, Securityweek – (International) Cisco patches flaw in data center management products. Cisco released software updates addressing a remotely exploitable JavaServer Pages (JSP) vulnerability in the company’s UCS Director and Integrated Management Controller (IMC) Supervisor products which could allow an unauthenticated attacker to use specially crafted HyperText Transfer Protocol (HTTP) requests to overwrite arbitrary files, resulting in instability or a denial-of-service (DoS) condition. Source: http://www.securityweek.com/cisco-patches-flaw-data-center-management-products

27. September 4, Securityweek – (International) Flaws in OrientDB expose databases to remote attacks. The Computer Emergency Readiness Team (CERT) published an advisory warning of three vulnerabilities in OrientDB’s Community Edition, including a cross-site request forgery (CSRF) affecting the Web administration interface in which an attacker could perform actions with user privileges, an insufficient random value issue that could allow an attacker to gain administrative privileges to the database, and an improper input validation that could allow an attacker to create specially crafted pages to launch clickjacking attacks. Source: http://www.securityweek.com/flaws-orientdb-expose-databases-remote-attacks

28. September 4, Softpedia – (International) FortiClient antivirus fixes system-level privilege escalation bug. FortiClient antivirus client developers released an update addressing a privilege escalation bug in the software that could have allowed an attacker who had previously infected the system to gain unauthorized access to system-level privileges. Source: http://news.softpedia.com/news/forticlient-antivirus-fixes-system-level-privilege-escalation-bug-490935.shtml

For another story, see item 16 below from the Healthcare and Public Health Sector

16. September 4, SC Magazine – (National) Encrypted medical databases shown to leak information. Researchers from Microsoft reported findings revealing that databases used to storage electronic medical records are prone to information leakage despite being encrypted, and that they were able to find data such as sex, race, age and admission information from real patient records from 200 hospitals in the U.S via frequency analysis, Ip-optimization, and sorting and cumulative attacks Source: http://www.scmagazineuk.com/encrypted-medical-databases-shown-to-leak-information/article/436892/

Communications Sector

Nothing to report