Friday, July 29, 2016



Complete DHS Report for July 29, 2016

Daily Report                                            

Top Stories

• A former registered broker pleaded guilty July 27 to defrauding ForceField Energy Inc., investors out of $131 million between January 2009 and April 2015 after he and co-conspirators manipulated the price and volume of traded ForceField shares. – U.S. Attorney’s Office, Eastern District of New York

4. July 27, U.S. Attorney’s Office, Eastern District of New York – (National) Registered broker pleads guilty to securities fraud for participating in a $131 million market manipulation scheme. A former registered broker pleaded guilty July 27 to defrauding ForceField Energy Inc., investors out of $131 million between January 2009 and April 2015 after he and co-conspirators manipulated the price and volume of traded ForceField shares by orchestrating the trading of ForceField stock to create the appearance of interest and trading volume in the stock, and concealing payments to stock promoters and broker dealers who claimed to be independent of the company, among other fraudulent means. The charges also state that a ForceField executive paid kickbacks to the broker in exchange for purchasing company stocks in his client’s brokerage accounts between October 2014 and April 2015. Source: https://www.justice.gov/usao-edny/pr/registered-broker-pleads-guilty-securities-fraud-particpating-131-million-market

• Good Food Concepts, LLC, doing business as Ranch Foods Direct, issued a recall July 26 for approximately 2,606 pounds of its non-intact beef products distributed in Colorado due to potential E.coli O157:H7 contamination. – U.S. Department of Agriculture

8. July 27, U.S. Department of Agriculture – (Colorado) Good Food Concepts, LLC D.B.A. Ranch Foods Direct recalls non-intact beef products due to possible E.coli O157:H7 contamination. Good Food Concepts, LLC, doing business as Ranch Foods Direct, issued a recall July 26 for approximately 2,606 pounds of its non-intact beef products sold in 25 variations due to potential E.coli O157:H7 contamination after Federal health officials discovered a potential link between the beef products and an E.coli O157:H7 illness outbreak in Colorado. The products were distributed to wholesale and retail locations in Colorado.  Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-064-2016-release

• Crews reached 10 percent containment July 27 of the Soberanes Fire which has burned over 23,500 acres, threatens 2,000 structures, and has destroyed 34 homes and 10 outbuildings in California. – Reuters

13. July 28, Reuters – (California) Central California wildfire destroys 34 homes, forces 350 to evacuate. Crews reached 10 percent containment of the Soberanes Fire July 27 which has burned over 23,500 acres, threatens 2,000 structures, and has destroyed 34 homes and 10 outbuildings between Big Sur and the town of Carmel-by-the-Sea. Approximately 3,000 firefighters in the State reached 40 percent containment of the 38,350-acre Sand Fire burning in the Angeles National Forest.

• The U.S. President’s administration released Presidential Policy Directive/PPD-41 July 26 detailing the U.S. Cyber Incident Coordination, setting forth principles that govern the Federal Government’s response to cyber incidents. – Whitehouse.gov See item 19 below in the Information Technology Sector

Financial Services Sector

3. July 27, SecurityWeek – (International) PayPal abused in banking trojan distribution campaign. Proofpoint security researchers discovered malicious actors were distributing the Chthonic banking trojan, a variant of the Zeus malware, via legitimate-looking PayPal emails to request money from users by sending money request messages claiming an illicit $100 transfer was made to the victim’s account which could be returned by clicking the malicious Goo.gl link that redirects the user to “katyaflash[.]com/pp.php,” where the malware is downloaded onto the device in the form of an obfuscated JavaScript file that connects to the command and control (C&C) server. Researchers discovered the malware was also downloading a previously undocumented second-stage payload dubbed AZORult.

4. July 27, U.S. Attorney’s Office, Eastern District of New York – (National) Registered broker pleads guilty to securities fraud for participating in a $131 million market manipulation scheme. A former registered broker pleaded guilty July 27 to defrauding ForceField Energy Inc., investors out of $131 million between January 2009 and April 2015 after he and co-conspirators manipulated the price and volume of traded ForceField shares by orchestrating the trading of ForceField stock to create the appearance of interest and trading volume in the stock, and concealing payments to stock promoters and broker dealers who claimed to be independent of the company, among other fraudulent means. The charges also state that a ForceField executive paid kickbacks to the broker in exchange for purchasing company stocks in his client’s brokerage accounts between October 2014 and April 2015. Source: https://www.justice.gov/usao-edny/pr/registered-broker-pleads-guilty-securities-fraud-particpating-131-million-market

Information Technology Sector

16. July 28, SecurityWeek – (International) Many web attacks come from United States: Sucuri. Researchers at Sucuri analyzed metadata from 30 days of Web traffic and blocked requests from its firewall product and found that the Structured Query Language (SQL) injection, brute force, and other exploit attempts had various browser user agents, more than one-third of the attacks came from the U.S. followed by Indonesia and China, and that when it came to operating systems (OS) 45 percent of attacks came from Microsoft Windows. Source: http://www.securityweek.com/many-web-attacks-come-united-states-sucuri

17. July 28, Help Net Security – (International) Media-stealing Android app targets developers. Google removed the “HTML Source Code Viewer” app from its Google Play distribution service after Symantec researchers discovered the malicious app stole photos and videos from victims’ mobile devices by requesting permissions to access the device’s external storage. The app targeted all versions of Android after and including Gingerbread.

18. July 28, Softpedia – (International) Chrome, Firefox vulnerable to crashes via search suggestions. Nightwatch Cybersecurity researchers found that Google Chromium, Android, and Mozilla Firefox do not protect browser built-in search suggestions via an encrypted Hypertext Transfer Protocol Secure (HTTPS) channel, which could allow an attacker on the local channel to intercept search suggestion inquiries and answer before the search provider. Firefox, Chrome, and Android are working to address the issue. Source: http://news.softpedia.com/news/chrome-firefox-vulnerable-to-crashes-via-search-suggestions-506722.shtml

19. July 26, Whitehouse.gov– (National) Presidential Policy Directive – United States Cyber Incident Coordination. The U.S. President’s administration released Presidential Policy Directive/PPD-41 July 26 detailing the U.S. Cyber Incident Coordination, which sets forth principles that govern the Federal Government’s response to cyber incidents and the designation of responsibility to certain Federal agencies, including the FBI and DHS. Source: https://www.whitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident

For another story, see item 3 above in the Financial Services Sector

Communications Sector

See item 15 below from the Emergency Services Sector

15. July 27, Associated Press – (Oklahoma) AT&T: Oklahoma’s 911 emergency telephone service restored. AT&T Inc., reported that emergency 9-1-1 service was restored after call routing was impacted for approximately 2 hours July 27 in portions of Oklahoma. The company is investigating the source of the outage, which involved a power issue at a facility in the Oklahoma City area.

Thursday, July 28, 2016



Complete DHS Report for July 28, 2016

Daily Report                                            

Top Stories

• Officials approved 200 water crossings and 3 Section 408 easements July 26, allowing the $3.8 billion, 1,168-mile Dakota Access pipeline to cross U.S. Army Corps of Engineers property along its route from the Bakken region of North Dakota through Iowa and into Illinois. – Bismarck Tribune; Cedar Rapids Gazette

2. July 26, Bismarck Tribune; Cedar Rapids Gazette – (National) U.S. Army Corps of Engineers approves Dakota Access river crossing permits. The U.S. Army Corps of Engineers approved 200 water crossings and 3 Section 408 easements July 26, allowing the $3.8 billion, 1,168-mile Dakota Access pipeline to cross U.S. Army Corps of Engineers property along its route from the Bakken region of North Dakota through Iowa and into Illinois. Energy Transfer Partners, the pipeline’s developer, still requires approval for an easement in Illinois and an easement in South Dakota.

• PSEG Nuclear officials reported July 25 that its Salem 2 nuclear reactor at Salem Nuclear Power Plant in Lower Alloways Creek Township, New Jersey, was shut down July 24 after an alert from a generator protection system indicated there was an electrical fault in the reactor’s main generator. – South Jersey Times

3. July 26, South Jersey Times – (New Jersey) N.J. nuclear plant shut down for 4th time in past month. PSEG Nuclear officials reported July 25 that its Salem 2 nuclear reactor at Salem Nuclear Power Plant in Lower Alloways Creek Township, New Jersey, was shut down July 24 after an alert from a generator protection system indicated there was an electrical fault in the reactor’s main generator. Officials stated that Salem 1 is also shutdown to replace damaged bolts in the reactor core, while Hope Creek continues to operate at full power. Source: http://www.nj.com/salem/index.ssf/2016/07/nj_nuclear_plant_shut_down_for_4th_time_in_past_mo.html

• A sewer line break caused more than 300,000 gallons of untreated sewage to spill into the Mohawk River in Amsterdam, New York, July 25. – WRGB 6 Schenectady

14. July 26, WRGB 6 Schenectady – (New York) Pipe break sends 300,000 gallons of sewage into Mohawk River. A sewer line break caused more than 300,000 gallons of untreated sewage to spill into the Mohawk River in Amsterdam, New York, July 25. State officials reported that a notice of violation was issued against the city of Amsterdam and plans to improve the infrastructure were underway. Source: http://cbs6albany.com/news/local/pipe-break-sends-300000-gallons-of-sewage-into-mohawk-river

• A state of emergency was declared July 26 for Los Angeles and Monterey counties due to the 37,701-acre Sand Fire and the more than 20,000-acre Soberanes Fire. – KABC 7 Los Angeles

16. July 27, KABC 7 Los Angeles – (California) State of emergency declared to help battle Sand Fire. The acting governor of California declared a state of emergency July 26 for Los Angeles and Monterey counties due to the 37,701-acre Sand Fire and the more than 20,000-acre Soberanes Fire, which have prompted mandatory evacuations and the response of more than 3,000 firefighters.

Financial Services Sector

5. July 26, KTLA 5 Los Angeles – (California) So-called ‘Cowboy Bandits’ convicted for robberies throughout L.A. County: FBI. Two Los Angeles residents dubbed the “Cowboy Bandits” were convicted July 26 for their roles in a series of armed robberies at gas stations and a Citibank branch in Los Angeles County during the fall of 2013. Source: http://ktla.com/2016/07/26/so-called-cowboy-bandits-convicted-for-robberies-throughout-l-a-county-fbi/

Information Technology Sector

19. July 27, Softpedia – (International) Two vulnerabilities affect LastPass, both allow full password compromise. Researchers with Google Project Zero and Detectify discovered a vulnerability affecting LastPass through its JavaScript code that parsed the Uniform Resource Locator (URL) of the page LastPass was working on, potentially allowing an attacker to gain a user’s credentials by tricking the user into accessing a URL in the form of “attacker-site.com/@twitter.com/@script.php.” The vulnerability was patched; however a second vulnerability that could lead to a complete LastPass compromise was reported and is currently being evaluated by the service. Source: http://news.softpedia.com/news/two-vulnerabilities-affect-lastpass-both-allow-full-password-compromise-506677.shtml

20. July 27, Help Net Security – (International) DDoS attacks increase 83%, Russia top victim. Nexusguard released a report showing that distributed denial-of-service (DDoS) attacks increased 83 percent to more than 182,900 attacks in the second quarter of 2016, with Russia as the top victim country. The U.S. and China were part of the top three targeted countries as the company also reported increases in routing information protocol (RIP) and multicast domain name service (mDNS) threats. Source: https://www.helpnetsecurity.com/2016/07/27/ddos-attacks-increase-russia-top-victim/

21. July 27, SecurityWeek – (International) Siemens patches flaws in industrial automation products. Siemens released software updates addressing several vulnerabilities found in SIMATIC and SINEMA products including a cross-site scripting (XSS) vulnerability in the integrated Web server of SINEMA Remote Connect Server which can be exploited by a remote attacker by tricking the user into clicking on a specially crafted link, as well as two high severity improper input validation bugs that were discovered in SIMATIC WinCC SCADA systems and PCS7 distributed control systems (DCS), among other vulnerabilities. Source: http://www.securityweek.com/siemens-patches-flaws-industrial-automation-products

For another story, see item 4 below from the Critical Manufacturing Sector

4. July 27, Help Net Security – (International) Osram’s intelligent home lighting system in riddled with flaws. A researcher from Rapid7 discovered nine vulnerabilities affecting the Home and Pro versions of Osram’s Lightify intelligent home lighting system running on Apple iOS7 or above and Android 4.1 or above that could allow attackers to discover the Wi-Fi Protected Access (WPA) pre-shared key of the user’s home Wi-Fi and the network’s password, to launch browser-based attacks against the user’s workstation, control the light installations, and access confidential data. The vendor addressed nearly all problems in its latest patch set, with the exception of Secure Sockets Layer (SSL) pinning and issues related to ZigBee rekeying. Source: https://www.helpnetsecurity.com/2016/07/27/osram-lightify-flaws/

Communications Sector

Nothing to report