Complete DHS Report for March 8, 2016
Daily Report
Top Stories
• The Metro Gold Line in Pasadena, California, reopened March 7
after a semi-truck traveling westbound on the 210 Freeway lost control and
crashed on the tracks March 6, closing the tracks for about 24 hours. – San
Francisco Bay City News
7. March 7,
San Francisco Bay City News – (California) Metro Gold Line
service resumes after fiery crash is cleared. Both sides of the Metro Gold
Line in Pasadena, California, reopened March 7 after a semi-truck traveling
westbound on the 210 Freeway lost control, crashed, and caught fire on the
Metro’s tracks March 6, closing the tracks for about 24 hours. All lanes of the
210 Freeway reopened after closing for 12 hours and one person was sent to the
hospital with minor injuries.
• 21st Century Oncology Holdings Inc., announced March 4 that the
personal and medical information of 2.2 million patients may have been copied
and transferred following an October 2015 breach of its computer network. – Reuters
18. March 4,
Reuters – (National) 21st Century Oncology says investigating cyber
breach. 21st Century Oncology Holdings Inc., announced March 4 that the
personal and medical information of 2.2 million current and former patients may
have been copied and transferred after the FBI notified the company of a
potential October 2015 breach of its computer network. The investigation into
the potential breach remains ongoing. Source: http://www.reuters.com/article/us-21stcenturyoncology-breach-idUSKCN0W629M
• At least seven schools in northern Virginia, an entire school
district in Maine, and schools in New Jersey received bomb threats via
robocalls March 4, prompting evacuations or lockdowns. – Washington Post
19. March 4,
Washington Post – (Virginia; New Jersey; Maine) Telephone bomb threats prompt
numerous school evacuations and lockdowns in Va., N.J. At least seven
schools in northern Virginia, an entire school district in Augusta, Maine, and
schools in a dozen districts in New Jersey received bomb threats via robocalls
March 4, prompting evacuations or lockdowns. Police investigated and cleared
the scene after nothing suspicious was found at any of the campuses. Source: https://www.washingtonpost.com/news/education/wp/2016/03/04/telephone-bomb-threats-prompt-numerous-school-evacuations-and-lockdowns/
• Seagate Technology reported that its employees’ personal
information was compromised after a phishing email disguised as a legitimate
internal company request prompted an employee to disclose employee data to an
unauthorized third party. – CNBC See item 20 below in
the Information Technology Sector
Financial Services Sector
6. March 5,
Minneapolis Star Tribune – (Minnesota; Wisconsin) Stillwater
investment adviser admits cheating clients out of $2.6M. A former
investment adviser at Alternative Wealth Solutions pleaded guilty March 1 to
Federal charges after he bilked approximately 50 investors in Minnesota and
Wisconsin out of nearly $2.6 million and used the money to cover promised
returns to other investors and for personal expenses. The adviser also admitted
to creating counterfeit secured notes as proof of investment. Source: http://www.startribune.com/stillwater-investment-adviser-admits-cheating-clients-out-of-2-6m/370818241/#
Information Technology Sector
20. March 7,
CNBC – (National) Scam artists hit Seagate Technology. Cupertino-based
Seagate Technology reported that its current and former employees’ personal
information including tax information, Social Security numbers, and salaries
were compromised after a phishing email disguised as a legitimate internal
company request prompted an employee to disclose employee data to an
unauthorized third party. The company notified the U.S. Internal Revenue Service
and is offering an identify-theft protection service to those affected. Source: http://www.cnbc.com/2016/03/07/seagate-technology-discloses-key-tax-data-of-us-employees.html
21. March 6,
SecurityWeek – (International) Amazon changes stance on encryption for fire
tablets. Amazon.com, Inc., reported March 5 that it will be returning its
Kindle Fire devices to full disk encryption and will be releasing the security
feature with a Fire operating system (OS) update. The company previously
removed the enterprise features in 2015 due to low customer usage.
22. March 6,
Softpedia – (International) First fully functional Mac ransomware spread
via transmission BitTorrent client. Researchers from Palo Alto reported
that the official Transmission BitTorrent Web site used by Mac customers was
allegedly hacked after researchers found that the Transmission Web site was
replaced for Mac version 2.90, which came embedded with the KeRanger
ransomware. The ransomware targets over 300 file extension types, uses Advanced
Encryption Standard (AES) encryption to lock files, and demands a 1 Bitcoin
payment fee. Source: http://news.softpedia.com/news/first-fully-functional-mac-ransomware-spread-via-transmission-bittorrent-client-501411.shtml
23. March 5,
Softpedia – (International) Popular WordPress plugin comes with a
backdoor, steals site admin credentials. Security researchers from Sucuri
discovered that an unknown attacker named wooranker was able to control
WordPress user login, create and edit commands, and intercept user data before
encryption, among other actions, by using a popular WordPress plugin, Custom
Content Type Manager (CCTM). The attacker used the plugin to install an auto-update.php
backdoor, forcing the target’s side to download and install another file named
c.php, which would create wp-options.php to alter core WordPress files. Source:
http://news.softpedia.com/news/popular-wordpress-plugin-comes-with-a-backdoor-steals-site-admin-credentials-501383.shtml
Communications Sector
24.March 7,
Reuters – (National) Verizon Wireless to pay $1.35 million fine to
settleU.S. privacy probe. The U.S. Federal Communications Commission
announced March7 that Verizon Communications Inc., will pay a $1.35 million
fine after the commission found that the company’s wireless unit violated the
privacy of more than 100 million users by failing to disclosure that it sent
data about super cookies, unique, undeletable identifiers inserted into Web
traffic to deliver targeted ads, from late 2012 through2014. The company agreed
to a three-year consent decree which requires consumers to point in to allow
their information to be shared outside Verizon Wireless. Source: http://www.reuters.com/article/us-verizon-fcc-settlement-idUSKCN0W91W7
No comments:
Post a Comment