Monday, December 7, 2015



Complete DHS Report for December 7, 2015

Daily Report                                            

Top Stories

• A December 3 explosion at the Ramsey Natural Gas Processing Plant near Orla prompted over 250 oil workers to evacuate, caused a 10-mile evacuation radius, and left 2 workers with injuries. – Carlsbad Current-Argus

2. December 3, Carlsbad Current-Argus – (Texas) Workers escape serious injury after plant explosion. A December 3 explosion at the Anadarko Petroleum Corporation-operated Ramsey Natural Gas Processing Plant near Orla, Texas, prompted over 250 oil workers to evacuate, caused a mandatory evacuation of people within a 10-mile radius, and left 2 workers with minor injuries. Operations at the plant were reduced and the cause of the explosion is under investigation. Source: http://www.currentargus.com/story/news/local/new-mexico/2015/12/03/major-explosion-texas-gas-plant/76723494/

• The U.S. Department of Justice unsealed a 92-count indictment December 3, charging numerous members of the International Federation of Association Football’s (FIFA) Executive Committee for their in role in a 24-year racketeering, wire fraud, and money laundering scheme. – U.S. Department of Justice See item 7 below in the Financial Services Sector

• Chipotle Mexican Grill, Inc. announced December 4 that it would overhaul its food-safety procedures and adapt all recommendations following a multi-State E. coli outbreak that sickened 45 people and forced restaurants closures in 2 States.– USA Today

12. December 4, USA Today – (National) Chipotle overhauls safety standards after E. coli outbreak. Chipotle Mexican Grill, Inc. officials announced December 4 that it would overhaul its food-safety procedures and adapt all recommendations sent by Seattle-based IEH Laboratories following a multi-State E. coli outbreak that sickened 45 people and forced restaurants in Oregon and Washington to close November 20. Source: http://www.usatoday.com/story/money/2015/12/04/chipotle-commits-new-standards-after-ecoli-outbreak/76774132/

• A carbon monoxide leak at Horace Mann Elementary School in Chicago caused 14 staff members and 139 students to be transported to area hospitals as a precaution December 3. – Chicago Sun-Times

24. December 3, Chicago Sun-Times – (Illinois) More than 100 hospitalized after CO incident at South Side school. A carbon monoxide leak December 3 at Horace Mann Elementary School in Chicago caused 14 staff members and 139 students to be transported to area hospitals as a precaution. The school was evacuated and classes will be held in an annex building until the school building is deemed safe for re-entry.  Source: http://chicago.suntimes.com/news/7/71/1149755/south-side-elementary-school-evacuated-high-co-levels

Financial Services Sector

5. December 4, Southern California City News Service – (California) Ex-Beverly Hills broker charged in $200 million stock scheme. A Los Angeles man was taken into custody December 3 amid Federal charges that he and a German hedge fund manager defrauded investors of more than $200 million from September 2004 to September 2007 by making illegal trades to boost the value of their co-owned company, Absolute Capital Management Holdings. The indictment also states that the suspect lied about $10 million in illicit profits in a secret bank account on the Cook Islands. Source: http://www.dailynews.com/general-news/20151203/ex-beverly-hills-broker-charged-in-200-million-stock-scheme

6. December 3, U.S. Department of Justice – (Georgia) Former bank teller pleads guilty to theft of public money. A Columbus woman pleaded guilty in Federal court December 3 to one-count of theft of public money while she worked at a Suntrust Bank branch from February 2013 to May 2014 in which she cashed approximately 361 fraudulent tax returns to the U.S. Internal Revenue Service worth $780,760.17 for numerous people in exchange for a fee. Source: http://www.justice.gov/opa/pr/former-bank-teller-pleads-guilty-theft-public-money

7. December 3, U.S. Department of Justice – (International) Sixteen additional FIFA officials indicted for racketeering conspiracy and corruption. Officials from the U.S. Department of Justice unsealed a 92-count indictment December 3 that charged numerous high-ranking members of the International Federation of Association Football’s (FIFA) Executive Committee, Confederation of North, Central American, and Caribbean Association of Football (CONCACAF), and other suspects with ties to global soccer organizations for their role in a 24-year racketeering, wire fraud, and money laundering scheme in which soccer officials accepted over $200 million in bribes to sell lucrative media rights for tournaments and matches. Source: http://www.justice.gov/opa/pr/sixteen-additional-fifa-officials-indicted-racketeering-conspiracy-and-corruption

Information Technology Sector

25. December 3, Securityweek – (International) Ponmocup botnet still actively used for financial gain. Researchers from Fox-IT released a report stating that the malware Ponmocup botnet has infected more than 15 million devices since 2009 and that its infrastructure consists of different components used to deliver, install, execute, and control the malware to prevent researchers from reengineering it. The botnet infects a device via encryption and stores its components in different locations to evade detection, while using different domains for installation, stealing file transfer protocol (FTP) and Facebook credentials to allow hackers to spread the malware. Source: http://www.securityweek.com/ponmocup-botnet-still-actively-used-financial-gain

26. December 3, Securityweek – (International) Heartbleed, other flaws found in Advantech ICS Gateways. Researchers from Rapid7 discovered that the newest firmware versions for Advantech Modbus gateway products including EKI-136X, EKI-132X, and EKI-122X were susceptible to Heartbleed attacks and Shellshock attacks which can be exploited via the Boa web server by administering any of the shell scripts in /www/sgi-bin. The vulnerabilities were tested with the genuine binaries in an emulator environment with a Metasploit module. Source: http://www.securityweek.com/heartbleed-other-flaws-found-advantech-ics-gateways

27. December 3, Securityweek – (International) OpenSSL patches moderate severity vulnerabilities. OpenSSL Project released updates to its cryptographic software library versions 1.0.2e, 1.0.1q, 1.0.0t, and 0.9zh, patching 3 vulnerabilities including the CVE-2015-3193 flaw that can produce incorrect results on x86_64 systems via exploitation against RSA algorithms, Digital Signature Algorithms (DSA), and Diffie-Hellman (DH) algorithms; the CVE-2015-3194 flaw that can administer denial-of-service (DoS) attacks; and the CVE-2015-3195 flaw that can leak system memory when presented with a malformed X509_ATTRIBUTE structure. Source: http://www.securityweek.com/openssl-patches-moderate-severity-vulnerabilities

28. December 3, Softpedia – (International) Linux users targeted by new Rekoobe trojan. Security researchers from Dr. Web reported that an updated version of the trojan, Linux.Rekoobe.1 can target Linux personal computers (PCs) running on Intel chips in 32-bit and 64-bit architectures by using the XOR algorithm to stop researchers from detecting the trojan. The malware includes the functionality to download files from its command-and-control (C&C) server, upload files to the C&C server, and execute commands on the local shell, allowing attackers to deliver powerful payloads on infected systems. Source: http://news.softpedia.com/news/linux-users-targeted-by-new-rekoobe-trojan-497085.shtml

For another story, see item 29 below in the Communications Sector

Communications Sector

29. December 3, Securityweek – (National) Popular mobile modems plagued by zero-day flaws. Security researchers with Positive Technologies tested mobile broadband modems and routers from Huawei, Gemtek, Quanta, and ZTE and found that the 3G/4G devices were vulnerable to remote code execution, had cross-site scripting (XSS) vulnerabilities, and lacked cross-site request forgery (CSRF) protection, among other issues, leaving the devices open to attackers for exploitation. Huawei was the only vendor that released firmware updates addressing the vulnerabilities, out of the four companies tested. Source: http://www.securityweek.com/popular-mobile-modems-plagued-zero-day-flaws