Friday, November 6, 2015



Complete DHS Report for November 6, 2015

Daily Report                                            

Top Stories

 • U.S. Federal and State officials imposed penalties against Deutsche Bank AG, including a $258 million fine and the termination of 6 employees for their roles in knowingly conducting more than $10.86 billion in transactions with nations blacklisted by the U.S. government. – USA Today

5. November 4, USA Today – (International) Deutsche Bank hit with $258M penalty for sanctions violations. U.S. Federal and State officials imposed penalties against Deutsche Bank AG, including a $258 million fine and the termination of 6 employees for their roles in knowingly conducting more than $10.86 billion in transactions with nations blacklisted by the U.S. government, including Iran, Libya, Burma, and Syria between 1999 and 2006 after investigators uncovered email evidence of improper conduct. Source: http://www.usatoday.com/story/money/2015/11/04/deutsche-bank-sanctions-penalty/75164432/

 • Classes at the University of California, Merced were cancelled November 5 following a November 4 incident where an individual stabbed two students, a staff member, and a contract employee. – CNN

18. November 5, CNN – (California) Student fatally shot after stabbing 4 at UC Merced. Classes at the University of California, Merced were cancelled November 5 following a November 4 incident where an individual stabbed two students, a staff member, and a contract employee before fleeing the building from police and succumbing to injuries following an officer-involved shooting. Source: http://www.cnn.com/2015/11/04/us/university-california-merced-stabbings/index.html

 • Officials are investigating November 4 the cause of a norovirus outbreak that sickened over 100 students, teachers, and staff members at O’Hara Catholic School in Oregon following a pumpkin carving party. – Reuters

21. November 4, Reuters – (Oregon) Oregon school pumpkin carving party suspected in norovirus outbreak. Officials are investigating November 4 the cause of a norovirus outbreak that sickened over 100 students, teachers, and staff members at O’Hara Catholic School in Eugene following a pre-Halloween pumpkin carving party, which also forced the school to cancel classes for 3 days while workers disinfected the building. Source: http://www.reuters.com/article/2015/11/05/us-oregon-norovirus-idUSKCN0SU06Y20151105

 • Fire crews spent 8 hours battling a November 3 fire at the 60,000-square-foot Healthy Pet cat litter warehouse in Ferndale, Washington, which prompted an evacuation of the building and caused at least $1 million in damage. – Associated Press

27. November 5, Associated Press – (Washington) Firefighters battle blaze at cat litter plant in Ferndale. Fire crews spent 8 hours battling a November 3 fire at the 60,000-square-foot Healthy Pet cat litter warehouse in Ferndale, which prompted an evacuation of the building and caused at least $1 million in damage. Source: http://www.theolympian.com/news/state/washington/article43125525.html

Financial Services Sector

4. November 5, Reuters – (National) 2-ex-N.Y. fed employee pleads guilty over Goldman leaks. A former Federal Reserve of New York employee pleaded guilty November 4 to stealing confidential information and providing it to a colleague at Goldman Sachs Group Inc., who allegedly shared it with other Goldman employees. Source: http://in.reuters.com/article/2015/11/04/goldman-sachs-fed-crime-idINL1N12Z2LA20151104

5. November 4, USA Today – (International) Deutsche Bank hit with $258M penalty for sanctions violations. U.S. Federal and State officials imposed penalties against Deutsche Bank AG, including a $258 million fine and the termination of 6 employees for their roles in knowingly conducting more than $10.86 billion in transactions with nations blacklisted by the U.S. government, including Iran, Libya, Burma, and Syria between 1999 and 2006 after investigators uncovered email evidence of improper conduct. Source: http://www.usatoday.com/story/money/2015/11/04/deutsche-bank-sanctions-penalty/75164432/

6. November 3, Reuters – (National) Fenway Partners, four executives, to pay $10.2 million for disclosure lapses: SEC. U.S. securities regulators announced November 3 that New York-based Fenway Partners LLC and 4 of its executives will pay $10.2 million to settle allegations that the firm failed to notify clients and investors that a subsidiary private equity fund paid more than $20 million to its employees. The company did not admit any wrongdoing in the settlement. Source: http://www.reuters.com/article/2015/11/03/us-sec-fenway-idUSKCN0SS22620151103#TMYtEdPB8ytRrDY0.97

Information Technology Sector

22. November 5, Securityweek – (International) Cisco patches serious flaws in security, wireless appliances. Cisco released software updates patching several critical and high severity vulnerabilities including a command injection vulnerability, CVE-2015-6298 that affects the certificate generation process in the interface of the Cisco Web Security Appliance (WSA), denial-of-service (DoS) vulnerabilities that causes affected devices to run out of system memory, and vulnerabilities in the Mobility Service Engine that allows unauthenticated attackers to remotely log in to the platform via a user account protected by a default and static password, among other updates.Source: http://www.securityweek.com/cisco-patches-serious-flaws-security-wireless-appliances

23. November 5, Securityweek – (International) Multi-platform RAT OmniRAT used to hijack devices. Researchers from Avast reported that OmniRAT, a multi-platform remote administration tool (RAT) was being distributed and used by cybercriminals as a remote access trojan through social engineering in which victims would receive malicious short message service (SMS) with a shortened link, that if clicked, would load an icon labeled “MMS Retrieve,” allowing attackers to install the malware. Source: http://www.securityweek.com/multi-platform-rat-omnirat-used-hijack-devices

24. November 4, Softpedia – (International) Hackers cleverly hide backdoor inside the EXIF Data of a Joomla CMS logo. Security researchers from Sucuri, a company specializing in providing security solutions for Web site owners, discovered a backdoor encoded in the Joomla CMS logo image in its base64 that was added to the copyright field of image, inside its exchangeable image file format (EXIF) metadata header. The image was previously displayed via the application.php file, allowing hackers to modify the line of code to execute the backdoor on infected sites without distorting the final image. Source: http://news.softpedia.com/news/hackers-cleverly-hide-backdoor-inside-the-exif-data-of-a-joomla-cms-logo-495741.shtml

25. November 4, Securityweek – (International) Backdoored ad library found in thousands of iOS apps. Researchers at FireEye discovered 17 different versions of a backdoor malware similar to mobiSage software development kit (SDK), dubbed BackDoor, in applications of popular ad libraries including 2,846 Apple’s mobile operating system (iOS) that allows attackers to potentially carry out a range of tasks including manipulating files in the app’s data container, uploading encrypted data to a remote server, and monitoring device location, among other tasks. Source: http://www.securityweek.com/backdoored-ad-library-found-thousands-ios-apps

Communications Sector

See item 28 below from the Commercial Facilities Sector

28. November 4, KGTV 10 San Diego – (California) Residence Inn in downtown San Diego evacuates after underground electrical explosion. Officials reported November 4 that the Residence Inn in San Diego was evacuated after an underground electrical vault exploded following a faulty electrical wiring that caused an area power outage. SDG&E reported 889 customers were without power and nearby hotels were evacuated due to the incident. Source: http://www.10news.com/news/marriott-hotel-in-downtown-san-diego-evacuates-after-underground-electrical-explosion