Thursday, October 15, 2015



Complete DHS Report for October 15, 2015

Daily Report                                            

Top Stories

 • The former Chicago Public Schools chief executive officer pleaded guilty October 13 in connection to a scheme to steer more than $23 million in no-bid contracts to a former employer for $2.3 million bribes and kickbacks. – WBBM 2 Chicago

12. October 13, WBBM 2 Chicago – (Illinois) Ex-CPS chief pleads guilty to kickback scheme. The former Chicago Public Schools chief executive officer (CEO) pleaded guilty October 13 to charges in connection to a bribery scheme where the former CEO accepted $2.3 million in bribes and kickbacks in exchange for SUPES Academy and its owners to receive over $23 million in no-bid contract dating back to 2013. Source: http://chicago.cbslocal.com/2015/10/13/ex-cps-chief-barbara-byrd-bennett-pleads-guilty-to-kickback-scheme/

 • Officials released a report which found that the Internal Revenue Service was unable to locate 1,300 workstations during its attempt to update its Microsoft software from Windows XP to Windows 7. – Nextgov

13. October 13, Nextgov – (National) IRS can’t update woefully out-of-date Windows server because it can’t find some of them. The Treasury Inspector General for Tax Administration at the U.S. Department of the Treasury released a report which found that the Internal Revenue Service was unable to locate 1,300 workstations during its attempt to update its Microsoft software from Windows XP to Windows 7. The report also determined that the bureau had several thousand servers still running Windows Server 2003 and lacked proper oversight, among other security risks.Source: http://www.nextgov.com/cio-briefing/2015/10/irs-cant-update-woefully-out-date-windows-servers-because-it-cant-find-some-them/122770/

 • U.S. and European authorities worked with private cybersecurity organizations to disrupt the activities of the Dridex information-stealing botnet. – Securityweek See item 17 below in the Information Technology Sector

 • Approximately 100 children and staff were evacuated from the Boys and Girls club in Nevada October 13 after a construction crew hit a 1-inch gas line while digging out a post, causing a gas leak. – Reno Gazette-Journal

24. October 13, Reno Gazette-Journal – (Nevada) Boys & Girls club evacuated after gas leak. Approximately 100 children and staff were evacuated from the Boys and Girls club in Reno, Nevada, October 13 after a construction crew hit a 1-inch gas line while digging out a post, causing a gas leak. NV Energy crews shut off gas valves for about 4 to 5 buildings while crews took readings around and inside buildings. Source: http://www.rgj.com/story/news/2015/10/13/boys-girls-club-evacuated-after-gas-leak/73869036/
 
Financial Services Sector

3. October 14, Springfield Republican – (Massachusetts) ATM ‘skimmer’ admits ripping off $121,000 from TD Bank customers in 5 Western Massachusetts communities. A Washington resident pleaded guilty October 9 to charges that he and a co-conspirator used ATM skimming devices to steal over $121,000 from dozens of TD Bank customers in Chicopee, Ludlow, Springfield, Agawam, and East Longmeadow, Massachusetts, in August and September 2014.

4. October 13, Reuters – (International) UBS settles U.S. SEC case over structured notes for $19.5 mln. A U.S. Securities and Exchange Commission official announced October 13 that UBS AG will pay $19.5 million to resolve civil allegations that the bank misled U.S. retail investors in offering documents for structured notes tied to a proprietary foreign currency index by not revealing index reductions of about 5 percent through bank hedging trades. The bank neither admitted nor denied the charges. Source: http://www.reuters.com/article/2015/10/13/sec-ubs-group-idUSL1N12D1BR20151013

For another story, see item 17 below in the Information Technology Sector

Information Technology Sector

17. October 14, Securityweek – (International) Authorities seize servers to disrupt Dridex botnet. U.S. and European authorities worked with private cybersecurity organizations to disrupt the activities of the Dridex information-stealing botnet by poisoning the peer-to-peer (P2P) network of each sub-botnet, redirecting infected systems’ communications from the botnet to a sinkhole. The botnet resulted in estimated losses of $10 million in the U.S., and authorities are seeking to extradite one of its administrators who was arrested in Cyprus in August. Source: http://www.securityweek.com/authorities-seize-servers-disrupt-dridex-botnet

18. October 14, Securityweek – (International) Chrome 46 patches vulnerabilities, simplifies page security icon. Google announced the release of version 46 of its Chrome Web browser, which addresses 24 security vulnerabilities including a cross-origin bypass in the Blink rendering engine, a user-after-free in PDFium and ServiceWorker, and a bad cast issue in PDFium, among others. The update also changed the icon used for Hypertext Transfer Protocol Secure (HTTPS) connections. Source: http://www.securityweek.com/chrome-46-patches-vulnerabilities-simplifies-page-security-icon

19. October 14, Securityweek – (International) Microsoft patches critical flaws in Windows, Internet Explorer. Microsoft released 6 security bulletins addressing over 30 vulnerabilities, including 14 memory corruption, privilege escalation, information disclosure, VBScript and JavaScript address space layout randomization (ASLR) bypass, and remote code execution flaws in Internet Explorer, as well as other ASLR bypass and remote code execution vulnerabilities in Windows, among other fixes for Edge, Office, and the Windows kernel. Source: http://www.securityweek.com/microsoft-patches-critical-flaws-windows-internet-explorer

20. October 14, Softpedia – (International) Adobe Flash Player zero-days used by hackers linked to Russian government. Security researchers from Trend Micro warned that attackers in the Operation Pawn Storm cyber-espionage campaign are exploiting unpatched zero-day vulnerabilities in Adobe Flash Player in an effort to trick members of overseas government departments and ministries to access Web sites hosting malicious code. The group previously targeted high-profile government targets worldwide, as well as the North Atlantic Treaty Organization (NATO) and the U.S. White House. Source: http://news.softpedia.com/news/adobe-flash-player-zero-days-used-by-hackers-linked-to-russian-government-494509.shtml

21. October 13, Securityweek – (International) Adobe patches many flaws in Flash Player, Acrobat, Reader. Adobe released updates addressing 56 vulnerabilities in Adobe Acrobat Reader, many of which involve bypass restrictions on JavaScript Application Program Interface (API) execution and bypass vulnerabilities that could lead to information disclosure, memory leak issues, and memory corruption bugs, resulting in remote code execution, as well as 13 use-after-free, buffer overflow, memory corruption, and same-origin-policy (SOP) flaws in Flash Player, among others. Source: http://www.securityweek.com/adobe-patches-many-flaws-flash-player-acrobat-reader

22. October 13, Threatpost – (International) Netgear publishes patched firmware for routers under attack. Netgear published firmware updates addressing a remotely exploitable authentication bypass vulnerability that hackers had exploited to take over up to 10,000 routers, most of which were in the U.S. The flaw allowed an attacker to access the device’s administration interface without knowing the router password. Source: https://threatpost.com/netgear-publishes-patched-firmware-for-routers-under-attack/115006/

For another story, see item 13 above in Top Stories

Communications Sector

Nothing to report