Complete DHS Report for January 27, 2016
Daily Report
Top Stories
• At least 37 people were killed as a result of a severe
winter storm January 22 – January 24 while crews worked to clear roadways and
bring public and air transportation back into operation January 26. – CNN
6. January
26, CNN – (National) Blizzard cleanup keeps Northeast shut down. At
least 37 people were killed as a result of a severe winter storm January 22 –
January 24 while crews worked to clear roadways and bring public transportation
back into operation, including the Long Island Rail Road in New York and
Washington, D.C.’s Metrorail January 26. Airports in Maryland and Virginia
resumed limited flight schedules after airlines cancelled over 1,800 flights
due to residual snow and ice.
• The Food Safety and Inspection Service announced January
25 that Whole Foods Market Inc., recalled approximately 73,898 pounds of its
8-and 12-inch pepperoni pizza products after finding the products were
mislabeled. – U.S. Department of Agriculture
9. January
25, U.S. Department of Agriculture – (National) Whole Foods recalls
frozen pizza products due to misbranding. The Food Safety and Inspection
Service (FSIS) announced January 25 that Whole Foods Market Inc., recalled
approximately 73,898 pounds of its 8 and 12-inch pepperoni pizza products sold
in 10-ounce and 19-ounce packages after an FSIS review found the product label
incorrectly listed uncured beef pepperoni as an ingredient, instead of uncured
pork pepperoni. The products were shipped to retail locations in seven States. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-010-2016-release
• The Ohio Environmental Protection Agency placed three
Mahoning County communities under a water advisory after testing found high
levels of lead in a Sebring district school forcing class cancellations January
22 – January 26. – Associated Press
13. January
25, Associated Press – (Ohio) Agency seeks criminal probe into NE Ohio water plant
problems. The Ohio Environmental Protection Agency placed three Mahoning
County communities under a water advisory and issued an emergency order January
25 forbidding a Sebring village water treatment plant official from working at
the plant for allegedly submitting misleading, inaccurate, or false reports and
failing to notify the public of unsafe levels of lead in drinking water. The
Sebring school district cancelled classes January 22 – January 26 while it
awaited test results after previous testing found high levels of lead in one
drinking fountain at a district’s school building. Source: http://www.wlwt.com/news/ne-ohio-superintendent-classes-canceled-amid-more-water-tests/37621336
• The U.S. House Oversight and Government Reform Committee
sent out letters to dozens of government agencies asking that each department
provide information documenting their engagement with affected Juniper
products. – SecurityWeek See
item 17 below in the Information Technology Sector
Financial Services Sector
5. January
25, U.S. Attorney’s Office, Northern District of Georgia –
(National) Former CEO of Summit Wealth Management and business partner
indicted in a multi-million dollar fraud scheme. The former President and
Chief Operating Officer of Summit Wealth Management in Atlanta, Georgia and his
business partner were charged January 25 for orchestrating a $35 million
investment fraud scheme after they allegedly established fraudulent investment
funds and stole money from 300 investors for securities trading to pay personal
expenses, fund other business like Detroit Memorial Partners LLC, and pay
redemptions to earlier investors, among other actions, by selling fraudulent
promissory notes throughout the U.S. to acquire and manage Michigan-based
cemeteries. Source: http://www.justice.gov/usao-ndga/pr/former-ceo-summit-wealth-management-and-business-partner-indicted-multi-million-dollar
For another story, see item 17 below in the Information Technology Sector
Information Technology Sector
17. January
26, SecurityWeek – (International) US government agencies asked about Juniper
backdoor patching. The U.S. House Oversight and Government Reform Committee
sent out letters to dozens of government agencies asking that each department
provide documents and information on whether they used affected Juniper
products, how each entity discovered the vulnerability, and if measures were
taken before the Juniper patch was released following a December 2015 incident
where an unauthorized code was found in Juniper’s ScreenOS firewall operating
system (OS). Several Federal government agencies included were the U.S.
Securities and Exchange Commission, the U.S. Department of Health and Human
Services, the U.S. Nuclear Regulatory Commission, and the U.S. Department of
Transportation, among other agencies. Source: http://www.securityweek.com/us-government-agencies-asked-about-juniper-backdoor-patching
18. January
25, Softpedia – (International) Lenovo’s file sharing app included some
pretty irresponsible security bugs. Lenovo released new versions of its
SHAREit file app for Microsoft Windows, Google Android, and Apple iOS devices
after researchers from Core Security discovered three security flaws in the app
that allowed attackers to access a victim’s files and devices via a hard-coded
password embedded in the app’s source code that can be seen after the app
creates a WiFi hotspot, allowing attackers to connect to the hotspot and browse
files by sending specific Hypertext Transfer Protocol (HTTP) requests to a web
server. Source: http://news.softpedia.com/news/lenovo-s-file-sharing-app-included-some-pretty-iresponsible-security-bugs-499408.shtml
19. January
25, SecurityWeek – (International) Microsoft finally hides IP addresses by
default in Skype. Microsoft released updates to its Skype Voice-over-IP
(VoIP) application that included a privacy enhancement which enabled the
default setting to hide users’ Internet Protocol (IP) addresses after
researchers from Inria and Polytechnic Institute of New York University discovered
they could track thousands of users for several weeks November 2010, which
could have potentially led to attackers breaching business systems and stealing
sensitive information, or compromising an entire corporate network. Source: http://www.securityweek.com/microsoft-finally-hides-ip-addresses-default-skype
20. January
25, SecurityWeek – (International) It’s official, ransomware has gone corporate.
The FBI’s Internet Crime Complaint Center (IC3) released a report stating
that recent data shows ransomware such as CryptoWall and its variants, have
been increasing its attacks against U.S. victims and revealed three ways
companies can help mitigate ransomware attacks: Start employee training,
maintain up-to-date backups, and consider new endpoint protection approaches.
Communications Sector
See item 17 above in the Information Technology Sector