Wednesday, January 27, 2016



Complete DHS Report for January 27, 2016

Daily Report                                            

Top Stories

• At least 37 people were killed as a result of a severe winter storm January 22 – January 24 while crews worked to clear roadways and bring public and air transportation back into operation January 26. – CNN

6. January 26, CNN – (National) Blizzard cleanup keeps Northeast shut down. At least 37 people were killed as a result of a severe winter storm January 22 – January 24 while crews worked to clear roadways and bring public transportation back into operation, including the Long Island Rail Road in New York and Washington, D.C.’s Metrorail January 26. Airports in Maryland and Virginia resumed limited flight schedules after airlines cancelled over 1,800 flights due to residual snow and ice.

• The Food Safety and Inspection Service announced January 25 that Whole Foods Market Inc., recalled approximately 73,898 pounds of its 8-and 12-inch pepperoni pizza products after finding the products were mislabeled. – U.S. Department of Agriculture

9. January 25, U.S. Department of Agriculture – (National) Whole Foods recalls frozen pizza products due to misbranding. The Food Safety and Inspection Service (FSIS) announced January 25 that Whole Foods Market Inc., recalled approximately 73,898 pounds of its 8 and 12-inch pepperoni pizza products sold in 10-ounce and 19-ounce packages after an FSIS review found the product label incorrectly listed uncured beef pepperoni as an ingredient, instead of uncured pork pepperoni. The products were shipped to retail locations in seven States. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-010-2016-release

• The Ohio Environmental Protection Agency placed three Mahoning County communities under a water advisory after testing found high levels of lead in a Sebring district school forcing class cancellations January 22 – January 26. – Associated Press

13. January 25, Associated Press – (Ohio) Agency seeks criminal probe into NE Ohio water plant problems. The Ohio Environmental Protection Agency placed three Mahoning County communities under a water advisory and issued an emergency order January 25 forbidding a Sebring village water treatment plant official from working at the plant for allegedly submitting misleading, inaccurate, or false reports and failing to notify the public of unsafe levels of lead in drinking water. The Sebring school district cancelled classes January 22 – January 26 while it awaited test results after previous testing found high levels of lead in one drinking fountain at a district’s school building. Source: http://www.wlwt.com/news/ne-ohio-superintendent-classes-canceled-amid-more-water-tests/37621336

• The U.S. House Oversight and Government Reform Committee sent out letters to dozens of government agencies asking that each department provide information documenting their engagement with affected Juniper products. – SecurityWeek See item 17 below in the Information Technology Sector

Financial Services Sector

5. January 25, U.S. Attorney’s Office, Northern District of Georgia – (National) Former CEO of Summit Wealth Management and business partner indicted in a multi-million dollar fraud scheme. The former President and Chief Operating Officer of Summit Wealth Management in Atlanta, Georgia and his business partner were charged January 25 for orchestrating a $35 million investment fraud scheme after they allegedly established fraudulent investment funds and stole money from 300 investors for securities trading to pay personal expenses, fund other business like Detroit Memorial Partners LLC, and pay redemptions to earlier investors, among other actions, by selling fraudulent promissory notes throughout the U.S. to acquire and manage Michigan-based cemeteries. Source: http://www.justice.gov/usao-ndga/pr/former-ceo-summit-wealth-management-and-business-partner-indicted-multi-million-dollar

For another story, see item 17 below in the Information Technology Sector

Information Technology Sector

17. January 26, SecurityWeek – (International) US government agencies asked about Juniper backdoor patching. The U.S. House Oversight and Government Reform Committee sent out letters to dozens of government agencies asking that each department provide documents and information on whether they used affected Juniper products, how each entity discovered the vulnerability, and if measures were taken before the Juniper patch was released following a December 2015 incident where an unauthorized code was found in Juniper’s ScreenOS firewall operating system (OS). Several Federal government agencies included were the U.S. Securities and Exchange Commission, the U.S. Department of Health and Human Services, the U.S. Nuclear Regulatory Commission, and the U.S. Department of Transportation, among other agencies. Source: http://www.securityweek.com/us-government-agencies-asked-about-juniper-backdoor-patching

18. January 25, Softpedia – (International) Lenovo’s file sharing app included some pretty irresponsible security bugs. Lenovo released new versions of its SHAREit file app for Microsoft Windows, Google Android, and Apple iOS devices after researchers from Core Security discovered three security flaws in the app that allowed attackers to access a victim’s files and devices via a hard-coded password embedded in the app’s source code that can be seen after the app creates a WiFi hotspot, allowing attackers to connect to the hotspot and browse files by sending specific Hypertext Transfer Protocol (HTTP) requests to a web server. Source: http://news.softpedia.com/news/lenovo-s-file-sharing-app-included-some-pretty-iresponsible-security-bugs-499408.shtml

19. January 25, SecurityWeek – (International) Microsoft finally hides IP addresses by default in Skype. Microsoft released updates to its Skype Voice-over-IP (VoIP) application that included a privacy enhancement which enabled the default setting to hide users’ Internet Protocol (IP) addresses after researchers from Inria and Polytechnic Institute of New York University discovered they could track thousands of users for several weeks November 2010, which could have potentially led to attackers breaching business systems and stealing sensitive information, or compromising an entire  corporate network. Source: http://www.securityweek.com/microsoft-finally-hides-ip-addresses-default-skype

20. January 25, SecurityWeek – (International) It’s official, ransomware has gone corporate. The FBI’s Internet Crime Complaint Center (IC3) released a report stating that recent data shows ransomware such as CryptoWall and its variants, have been increasing its attacks against U.S. victims and revealed three ways companies can help mitigate ransomware attacks: Start employee training, maintain up-to-date backups, and consider new endpoint protection approaches.

Communications Sector

See item 17 above in the Information Technology Sector