Tuesday, December 1, 2015



Complete DHS Report for December 1, 2015

Daily Report                                            

Top Stories

• The governor of Oklahoma issued a state of emergency for all 77 counties following a severe storm November 28 that caused severe flooding, left 14 people dead, and knocked out electricity to more than 100,000 customers. – USA Today

1. November 30, USA Today – (National) Okla. declares state of emergency amid winter storm, flooding. A severe storm the weekend of November 28 that moved across Texas, Oklahoma, Arkansas, and Tennessee left 14 people dead, knocked out electricity to more than 100,000 customers, and forced the governor of Oklahoma to declare a state of emergency for all 77 counties due to flooding. Source: http://www.msn.com/en-us/news/weather/okla-declares-state-of-emergency-amid-winter-storm-flooding/ar-AAfNeGf

• The U.S. Air Force hired civilian defense contractors to fly MQ-9 Reaper drones in order to provide intelligence, surveillance, and reconnaissance (ISR) in global hot spots to help track suspected militants and other targets November 27. – Los Angeles Times

4. November 27, Los Angeles Times – (International) Air Force hires civilian drone pilots for combat patrols; critics question legality. The U.S. Air Force announced November 27 that it hired civilian defense contractors to fly MQ-9 Reaper drones to conduct combat air patrols, daily round-the-clock flights above areas of military operations, in order to provide intelligence, surveillance, and reconnaissance (ISR) in global hot spots to help track suspected militants and other targets. The civilians are not combatants and are not allowed to pinpoint targets or fire missiles. Source: http://www.latimes.com/nation/la-fg-drone-contractor-20151127-story.html

• At least 1 police officer and 2 civilians were killed and at least 4 other officers and 5 civilians were injured November 27 after a gunman opened fire for several hours at a Planned Parenthood clinic in Colorado Springs. – Washington Post

23. November 28, Washington Post – (Colorado) Gunman kills officer, two others at Planned Parenthood clinic in Colorado. At least 1 police officer and 2 civilians were killed and at least 4 other officers and 5 civilians were injured November 27 after a gunman entered a Planned Parenthood clinic in Colorado Springs and opened fire in an hours-long shooting standoff before surrendering to police. Several surrounding businesses were told to take cover and remain indoors during the incident. Source: https://www.washingtonpost.com/world/national-security/2015/11/27/ff579e40-9543-11e5-b5e4-279b4501e8a6_story.html

• Hong-Kong based VTech Holdings Ltd reported that 5 million customers’ accounts and related children’s profiles were compromised worldwide after a breach in its database exploited customers’ personal information. – Reuters

30. November 30, Reuters – (International) Data breach at Hong Kong toy maker VTech highlights broader problems. Hong-Kong based VTech Holdings Ltd, a company that sells electronic toys, reported that 5 million customers’ accounts and related children’s profiles were compromised worldwide after a breach in its database exploited customers’ names, email addresses, passwords, secret questions, and Internet Protocol (IP) addresses, among other information. VTech officials notified all account holders of the breach and reported that credit card information, ID card numbers, Social Security numbers, and drivers’ license numbers were unaffected. Source: http://www.reuters.com/article/2015/11/30/us-vtech-cyberattack-idUSKBN0TJ0B620151130#iBqELHme53sfTHDX.97

Financial Services Sector

6. November 29, Associated Press – (National) Man charged with $1.4 million MoneyGram embezzlement. Authorities in the U.S. Virgin Islands arrested a man November 29 for allegedly embezzling $1.4 million from his former employer, MoneyGram International Incorporated after failing to deposit a $1.4 million check into a company account and using the funds for personal use. Source: http://abcnews.go.com/International/wireStory/man-charged-14-million-moneygram-embezzlement-35477325

7. November 25, U.S. Department of the Treasury – (International) Treasury sanctions networks providing support to the Government of Syria, including for facilitating Syrian government oil purchases from ISIL. The U.S. Department of the Treasury designated 4 individuals and 6 entities November 25 for allegedly providing support to the Government of Syria as well as indirectly supporting the Islamic State of Iraq and the Levant (ISIL) through oil sales. The designation froze U.S. assets of the suspects, who have business operations in Belize, Russia, and Syria.

8. November 25, U.S. Department of Justice – (Texas) Federal Jury Convicts San Antonio Businessman in Estimated $3.9 Million Tax Fraud Scheme. A Federal jury convicted the former owner of San Antonio-based Gourmet Express LLC November 25 for conspiring with family members to defraud the U.S. Internal Revenue Service of approximately $3.9 million between 2001 and 2009 by using shell companies in Thailand to over-report prices paid abroad for goods, while siphoning off funds for personal use. Source: http://www.justice.gov/usao-wdtx/pr/federal-jury-convicts-san-antonio-businessman-estimated-39-million-tax-fraud-scheme

For another story, see item 5 below from the Defense Industrial Base Sector

5. November 27, Federal Times – (Florida) Florida contractor pleads guilty for tax fraud scheme. The U.S. Department of Justice reported that a Fort Lauderdale man pleaded guilty November 24 to a $1.7 million tax fraud scheme in which he underpaid corporate and individual income tax by hiding funds, and committed his activities through his company, Simplex Corporation, a company that provided aircraft parts to U.S. military deployed overseas. The contractor admitted to making illegal payments to a government contract and U.S. military personnel. Source: http://www.federaltimes.com/story/government/management/oversight/2015/11/27/florida-contractor-pleads-guilty-tax-fraud-scheme/76383472/


Information Technology Sector

26. November 30, Securityweek – (International) Microsoft unveils protection against potentially unwanted applications. Microsoft released a new feature for its Systems Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) systems that includes a new potentially unwanted application (PUA) protection program that automatically identifies unwanted software containing threat names, such as PUA:Win32/Creprote, that targets software bundling technologies, PUA applications, and PUA frameworks and decreases the amount of adware, toolbars, or other malicious applications that can be installed. Source: http://www.securityweek.com/microsoft-unveils-potentially-unwanted-application-protection-enterprises

27. November 30, Securityweek – (International) Insecure app exposed Billboard Lights to hacker attacks. A security researcher reported that the SmartLink Android App to remotely control highway billboard sign lights had several vulnerabilities, including authentication flaws that can allow attackers to bypass the authentication mechanism and gain access to SmartLink customers’ data, perform man-in-the middle (MitM) attacks, and access web directories including files containing the application programming interface (API) source code and log files containing user login information.

28. November 28, Softpedia – (International) DecryptorMax ransomware decrypted, no need to pay the ransom. A security researcher from Emisoft created a new tool dubbed DecryptInfinite that decodes files encrypted by the DecryptorMax ransomware, also known as CryptInfinite, which allows infected users to obtain encrypted information without paying the ransom by using at least one file in its unencrypted form to drag and drop over the tool’s main window. Source: http://news.softpedia.com/news/decryptormax-ransomware-decrypted-no-need-to-pay-the-ransom-496848.shtml

29. November 27, Securityweek – (International) Critical vulnerability patched in Zen Cart. Zen Cart, the open source shopping cart software, released patches for several of its vulnerabilities including several cross-site scripting (XSS) vulnerabilities in the “order-comments” fields and the administration edit fields; a PHP file inclusion vulnerability which allowed remote attackers to exploit the / ajax.php file to execute arbitrary PHP code and gain unlimited access to databases and files; as well as a low severity vulnerability that caused incorrect passwords to remain in the password field following a failed login attempt.

For another story, see item 30 above in Top Stories

Communications Sector

Nothing to report