Complete DHS Report for January 13, 2016
Daily Report
Top Stories
• The U.S. District Court for the Northern District of
Texas entered a consent decree for permanent injunction January 11 against
Downing Labs LLC, its two owners, and the pharmacist-in-charge to prevent them
from distributing adulterated drugs in interstate commerce. – U.S.
Department of Justice
12. January
11, U.S. Department of Justice – (Texas) District court enters
permanent injunction to prevent Dallas compounding pharmacy and three
individuals from distributing adulterated drugs. The U.S. District Court
for the Northern District of Texas entered a consent decree for permanent
injunction January 11 against Downing Labs LLC, its two owners, and the
pharmacist-in-charge to prevent them from distributing adulterated drugs in
interstate commerce at the McEwan Road Facility in Dallas, until their
processes are compliant with the law. The complaint stems from multiple U.S.
Food and Drug Administration investigations which found numerous deficiencies
regarding the firm’s sterile drug production. Source: http://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-prevent-dallas-compounding-pharmacy-and-three
• Authorities are investigating a series of bomb threats
made to at least 13 schools in Delaware, Maryland, and Virginia January 11
which prompted evacuations, some of which lasted for several hours. – Washington
Post
14. January
11, Washington Post – (National) Robo-calls delivered school bomb threats Monday,
causing evacuations. Authorities are investigating a series of bomb threats
made to at least 13 schools in Delaware, Maryland, and Virginia January 11
which prompted evacuations, some of which lasted for several hours. No injuries
were reported and no suspicious devices were found. Source: https://www.washingtonpost.com/local/public-safety/robo-calls-delivered-school-bomb-threats-monday-causing-evacuations/2016/01/11/d3e46dae-b8b3-11e5-b682-4bb4dd403c7d_story.html
• eBay released patches for a cross-site scripting (XSS)
vulnerability found on its official Web site after a researcher named MLT
discovered the flaw allowed attackers to steal users’ credentials and abuse the
stolen information. – Softpedia
24. January
12, Softpedia – (International) eBay bug allows hackers to steal user
passwords. eBay released patches for a cross-site scripting (XSS)
vulnerability found on its official Web site after a researcher named MLT
discovered the flaw allowed attackers to steal users’ credentials and abuse the
stolen information by creating an authentic-looking eBay login page using an
PHP script that allowed the submitted information to be sent to an attacker’s
server instead of eBay’s server. Source: http://news.softpedia.com/news/ebay-bug-allows-hackers-to-steal-user-passwords-498793.shtml
• A January 9 fire at a Harker Heights apartment complex
displaced about 25 residents, damaged 24 units, and caused approximately $1
million in damages. – KWTX 10 Waco
26. January
11, KWTX 10 Waco – (Texas) Local apartment fire causes estimated $1 million in
damage. A January 9 fire at a Harker Heights apartment complex displaced about
25 residents, damaged 24 units, and caused approximately $1 million in damages.
The cause of the fire is under investigation, but officials believe the
incident was accidental.
Financial Services Sector
See item 21 below in the Information Technology
Sector
Information Technology Sector
19. January
12, IDG News Service – (International) Mozilla Persona login system to shut down in
November. Mozilla reported that its login system, Persona (persona.org) and
related domains will be shut down November 30 due to limited resources and low
customer usage within the last two years. The company will continue to maintain
the system including providing security fixes and support, but will not
introduce new features or produce major enhancements. Source: http://www.computerworld.com/article/3021772/internet/mozilla-persona-login-system-to-shut-down-in-november.html#tk.rss_security
20. January
12, SecurityWeek – (International) Google researcher finds RCE flaws in Trend
Micro product. Trend Micro released updates for its Password Manager
product addressing a remote code execution (RCE) flaw, security feature flaws,
and several application program interface (API) flaws, among others, that
exposed nearly 70 APIs to the Internet, which could have enabled an attacker to
steal user passwords without the consent or knowledge of the user. Source: http://www.securityweek.com/google-researcher-finds-rce-flaws-trend-micro-product
21. January
11, Softpedia – (International) WhatsApp users targeted by sneaky spam
campaign. Researchers from Comodo discovered that the Nivdort malware has
been using WhatsApp users to steal information about a victim’s computer and
send the collected information to a command-and-control server (C&C) where
hackers can send additional malware, including banking trojans, complex
spyware, or point-of-sale (PoS) malware via spam email campaigns that contain
malicious file attachments disguised as WhatsApp messages, images, audio, or
video files. Source: http://news.softpedia.com/news/whatsapp-users-targeted-with-sneaky-spam-campaign-498729.shtml
22. January
11, Softpedia – (International) US DHS just spent $1.7 million to develop
better DDoS protection tech. DHS awarded a $1.7 million contract to Galois,
a U.S. Research and Development company to help develop a new technology
dubbed, DDoS Defense for Community of Peers (3DCoP) that will mitigate and stop
denial-of-service (DDoS) attacks by detecting, tracking, and preventing ongoing
attacks via a unique traffic flow monitoring capability that will find patterns
of interest. Source: http://news.softpedia.com/news/us-dhs-just-spent-1-7-million-to-develop-better-ddos-protection-tech-498752.shtml
23. January
11, Softpedia – (International) Smartwatches can be used to spy on your
card’s PIN code. A software engineer released a report titled, Deep-Spying:
Spying using Smartwatch and Deep Learning that introduces a new theoretical
attack that can allow attackers to extract sensitive information including
credit card information or phone access personal information number (PIN) codes
by interpreting data from a smartphone’s motion sensor and making an analogy to
each PIN pad’s keystrokes. Source: http://news.softpedia.com/news/smartwatches-can-be-used-to-spy-on-your-card-s-pin-code-498756.shtml
For additional stories, see
item 17 below from the Government
Facilities Sector and 24 above in Top Stories
Communications Sector
Nothing to report