Tuesday, February 9, 2016

Complete DHS Report for February 9, 2016

Daily Report                                            

Top Stories

• The California Department of Conservation announced emergency regulations and orders for enhanced inspections and testing of all gas wells in the State February 8, in response to a nonstop leak of a gas well in Porter Ranch. – San Jose Mercury News

1.     February 8, San Jose Mercury News – (California) State orders inspections, new rules for gas wells after SoCal gas leak. The California Department of Conservation announced emergency regulations and orders for enhanced inspections and testing of all gas wells in California effective immediately February 8, in response to a nonstop leak of a gas well at the Aliso Canyon gas storage complex in Porter Ranch. The agency also issued six new safety and reliability measures including daily inspections of gas storage well heads and ongoing measurement of gas pressure or flow within wells, among other requirements. Source: http://www.mercurynews.com/business/ci_29487761/state-orders-inspections-and-new-rules-gas-wells

• The New York health and environmental officials will be investigating the Indian Point nuclear power plant after finding the Buchanan facility spilled highly radioactive water. – Lower Hudson Valley Journal News

3. February 6, Lower Hudson Valley Journal News – (New York) NY to probe ‘radioactive’ water leak at Indian Point. The New York Health Department and the New York State Department of Environmental Conversation will be investigating Entergy Corp.-owned Indian Point nuclear power plant February 5 after the State governor found the Buchanan facility spilled highly radioactive water containing tritium into an underground monitoring well. The investigation will determine the duration, cause, and potential impacts to the environment and to public health. Source: http://www.lohud.com/story/news/politics/politics-on-the-hudson/2016/02/06/ny-probe-radioactive-water-leak-indian-point/79929984/

• The FBI announced the arrest of five top officials in Crystal City, Texas, February 4 under a Federal indictment accusing the group of taking tens of thousands of dollars in bribes. – Washington Post

25. February 8, Washington Post – (Texas) FBI arrests nearly all of the top officials of Crystal City, Tex. The FBI announced February 4 the arrest of five top officials in Crystal City, Texas, under a Federal indictment which accuses the group of taking tens of thousands of dollars in bribes and helping the leader of an illegal gambling operation in exchange for payments and other material goods. The officials also reportedly voted to award contracts in exchange for bribes and extorted payments from contractors, among other illegal actions. Source: https://www.washingtonpost.com/news/morning-mix/wp/2016/02/08/theres-only-one-person-left-on-this-texas-city-council-after-fbi-arrests-top-officials-on-corruption-charges/

• A Michigan man was arrested and accused of allegedly supporting the Islamic State and plotting to attack a Detroit church February 6 after an FBI investigation revealed that he made incriminating statements to an undercover agent. – Associated Press

34. February 6, Associated Press – (Michigan) Man accused of IS-inspired plot to attack Detroit church. The U.S. District Court in Detroit reported February 6 that a Michigan man was arrested and accused of allegedly supporting the Islamic State and plotting to attack a Detroit church after an FBI investigation revealed the man made incriminating statements to an undercover FBI agent to shoot a church and behead someone on behalf of the foreign terrorist group. Source: http://www.monroenews.com/article/20160206/NEWS/160209185

Financial Services Sector

5. February 8, Softpedia – (International) Loanbase hacked due to WordPress bug, loses customer Bitcoins. Loanbase released an advisory February 7 stating that a security hole in its WordPress blog allowed unknown hackers to breach its Structured Query Language (SQL) database, steal approximately $3,000 worth of Bitcoins from its users, and access sensitive user data like email addresses, phone numbers, and names of user accounts that did not have two-factor authentication (2FA) turned on. Loanbase took its Web site offline to reset passwords for all users, cancel all 2FA tokens, and reject all approved withdrawals to prevent further abuse. Source: http://news.softpedia.com/news/loanbase-hacked-due-to-wordpress-bug-loses-customer-bitcoins-500057.shtml

6. February 6, Minneapolis Star Tribune – (Minnesota) Ex-Viking found guilty in one bank fraud count. The former chairman of First Commercial Bank in Bloomington, Minnesota, and his business partner were found guilty in Federal court February 5 for bilking investors out of millions of dollars after the former chairman’s business partner used money invested in his Hennessey Financial LLC to pay off prior investors and other debts instead of financing real estate projects. The former executive also failed to disclose to the bank that his partner owed $12 million in debts while he applied for a line of credit. Source: http://www.startribune.com/ex-viking-stu-voigt-found-guilty-in-one-bank-fraud-count/367874771/

7. February 5, WPMT 43 York – (Pennsylvania) Former York Federal Credit Union manager charged with embezzlement and fraud. The former chief executive officer-manager of the HD York Federal Credit Union in York, Pennsylvania, reached a plea agreement February 5 for allegedly embezzling $252,106 from 2010 – 2013 and failing to report $70,983 in stolen income on her 2011 Federal income tax return. Source: http://fox43.com/2016/02/05/former-york-federal-credit-union-manager-charged-with-embezzlement-and-fraud/

Information Technology Sector

27. February 8, Help Net Security – (International) Twitter suspended 125,000 terrorism-related accounts. Twitter reported that they have suspended over 125,000 accounts since 2015 for threatening or promoting terrorist acts related to the Islamic State and have started using spam-fighting tools to discover potentially offending accounts to counter extremist content online. The company is working with law enforcement agencies around the world to stop terrorist organizations from using Twitter as a platform for communication. Source: http://www.net-security.org/secworld.php?id=19415

28. February 8, The Register – (International) Oracle issues emergency patch for Java on Windows. Oracle released an out-of-cycle emergency patch for its Java products to fix a during-installation flaw on Microsoft Windows platform that if exploited, can allow an attacker to trick users into visiting a compromised Web site and enable an attacker to compromise a user’s system. Oracle released Java versions 6, 7, and 8 installers to protect users from the vulnerability. Source: http://www.theregister.co.uk/2016/02/08/emergency_java_patch/

29. February 8, The Register – (International) Cisco recalls switches that could short power to the case. And kill you. Cisco recalled two series of its Industrial Ethernet 5000 switches due to electrical and fire safety hazards after a factory test found the power source wiring could potentially cause a short to the metal enclosure/barrier. Users were advised to check their serial numbers as not all devices in the series were affected. Source: http://www.theregister.co.uk/2016/02/08/cisco_recalls_ie_5000_switches/

30. February 7, Softpedia – (International) T9000 backdoor malware targets Skype users, records conversations. Researchers from Palo Alto Networks reported that the new backdoor trojan dubbed T9000 was sent inside spear phishing emails to U.S. entities to allow an attacker to create and delete files and directories, encrypt data, and copy the user’s clipboard via malicious Rich Text Format (RTF) files that uses the CVE-2012-1856 and CVE-2015-1641 flaws to control the users’ personal computers (PC). Researchers found that the trojan was versatile to be used against any target.

31. February 6, Softpedia – (International) Fake Flash Player update delivers scareware to Mac OS X users. A researcher from SANS Technology Institute discovered a new campaign that tricks users into installing malicious Flash Player update packages that are embedded with valid and authentic Adobe Flash update files, but were also seen containing malicious malware that executes popups with apocalyptic messages to inform users that their computers were infected. Attackers then send victims a phone number to trick users to call the number and have their systems reset by professionals. Source: http://news.softpedia.com/news/fake-flash-player-update-delivers-scareware-to-mac-os-x-users-500002.shtml

For additional stories, see item 5 above in the Financial Services Sector and item 33 below from the Commercial Facilities Sector

33. February 8, Help Net Security – (International) Sensitive data stolen in Gyft data breach. Gyft, a digital gift card platform that allows users to buy, send, and manage gift cards from hundreds of retailers, reported that from October 2015 – December 2015 an unknown unauthorized party accessed two cloud providers to view or download certain user information that could have been used to make unauthorized purchases. The information accessed reportedly included names, contact information, dates of birth, and gift card numbers, and prompted the company to advised users to change their online passwords. Source: http://www.net-security.org/secworld.php?id=19413
Communications Sector

Nothing to report