Monday, April 4, 2016



Complete DHS Report for April 4, 2016

Daily Report                                            

Top Stories

• Berkshire Power Company LLC, Power Plant Management Services, and the Wood Group agreed to pay about $8.5 million March 30 for improperly reporting data about emissions and tampering with equipment that monitors air pollution at a power plant in Agawam, Massachusetts. – WWLP 22 Springfield

2. March 30, WWLP 22 Springfield – (Massachusetts) Power plant owner, managers to pay $8.5M for falsely reporting on pollution. The U.S. Department of Justice and Massachusetts officials reported March 30 that Berkshire Power Company LLC, Power Plant Management Services, and the Wood Group will pay about $8.5 million in criminal and civil penalties for conspiring to violate the Clean Air Act at the Berkshire Power plant in Agawam by improperly reporting data about emissions and tampering with equipment that monitors air pollution. Prosecutors allege that Berkshire Power and Power Plant Management Services encouraged employees with the Wood Group, a company hired to run daily plant operations, to tamper with equipment while Berkshire Power and Power Plant Management Services submitted the skewed data to the U.S. Environmental Protection Agency and Massachusetts Department of Environmental Protection. Source: http://wwlp.com/2016/03/30/power-plant-owner-managers-to-pay-8-5m-for-falsely-reporting-on-pollution/

• Volkswagen AG issued a recall April 1 for approximately 91,000 of its model years 2012 – 2014 Passat vehicles due to improperly assembled wire seals which can allow water to contact the electrical terminals and short. – Associated Press

4. April 1, Associated Press – (National) VW recalls diesel Passats; wiring trouble can cause fires. Volkswagen AG issued a recall April 1 for approximately 91,000 of its model years 2012 – 2014 Passat vehicles equipped with diesel engines after Volkswagen factory workers reported underbody fires due to improperly assembled wire seals in an electrical connector which can allow water to contact the electrical terminals and short, thereby causing a fire to ignite under the vehicle. Source: http://www.startribune.com/vw-recalls-diesel-passats-wiring-trouble-can-cause-fires/374249701/

• A gunman was shot and killed by two Virginia State Police troopers after he shot and killed another trooper at a Greyhound bus station in Richmond March 31, prompting the bus station’s indefinite closure. – WVEC 13 Hampton; Associated Press

9. April 1, WVEC 13 Hampton; Associated Press – (Virginia) Trooper shot at Richmond, Va., bus station dies. A gunman was shot and killed by two Virginia State Police troopers after he shot and killed another trooper at a Greyhound bus station in Richmond, Virginia, March 31, prompting the bus station’s indefinite closure while authorities investigate the incident. Two civilians were also injured and officials reported that troopers were participating in drug interdiction training at the bus station during the shooting. Source: http://www.usatoday.com/story/news/2016/03/31/reports-active-shooter-richmond-bus-station/82477794/

• Terminix International Company LP and its U.S. Virgin Islands operation agreed to pay $10 million March 29 after the companies illegally applied fumigants with methyl bromide in multiple locations in the U.S. Virgin Islands. – U.S. Department of Justice

17. March 31, U.S. Department of Justice – (U.S. Virgin Islands) Terminix companies agree to pay $10 million for applying restricted-use pesticide to residences in the U.S. Virgin Islands. The U.S. Department of Justice and U.S. Environmental Protection Agency announced March 29 that Terminix International Company LP (Terrminix LP) and its U.S. Virgin Islands operation, Terminix International USVI LLC (Terrminix, USVI) were charged with violating the Federal Insecticide, Fungicide, and Rodenticide Act after the companies illegally applied fumigants with methyl bromide in multiple residential locations in the U.S. Virgin Islands from September 2012 – March 2015, causing four people to fall seriously ill in 2015. Terrminix LP and Terrminix, USVI will be required to pay a total of $10 million in criminal fines, community service, and restitution payments, and the companies will be required to cease its use of pesticides containing methyl bromide in the U.S. and its territories. Source: https://www.justice.gov/opa/pr/terminix-companies-agree-pay-10-million-applying-restricted-use-pesticide-residences-us

Financial Services Sector

6. April 1, WLNS 6 Lansing – (International) Four arrested in Calhoun County for allegedly possessing over 100 fraudulent credit cards. Authorities from the Calhoun County Sheriff’s Office in Michigan announced April 1 that 4 Chicago-area residents were arrested the week of March 28 after police found about 150 fraudulent credit cards from other countries in the group’s vehicle. Police were alerted to the suspects’ vehicle after a gas station attendant notified the police about possible credit card fraud. Source: http://wlns.com/2016/04/01/four-arrested-in-calhoun-county-for-allegedly-possessing-over-100-fraudulent-credit-cards/

7. April 1, DNAinfo.com – (Illinois) 200 fake credit cards set off bomb detector at Midway, prosecutors say. Officials at Chicago Midway International Airport discovered a total of 200 fraudulent gift cards and debit cards March 29 after the magnetic strips on the cards triggered a bomb detector in airport security. Authorities stated that the fraudulent cards were found wrapped in shoes and socks. Source: https://www.dnainfo.com/chicago/20160401/midway/200-fake-credit-cards-set-off-bomb-detector-at-midway-prosecutors-say

Information Technology Sector

20. April 1, SecurityWeek – (International) Code execution flaw found in Lhasa decompression library. Lhasa released version 0.3.1 for its open source tool and library product addressing an integer underflow vulnerability after Cisco TALOS researchers found hackers could exploit the flaw for arbitrary code execution by tricking victims into opening a specially crafted file, as well as through file scanning systems that leverage the vulnerable library to read the content of LZH and LHA files. Source: http://www.securityweek.com/code-execution-flaw-found-lhasa-decompression-library

21. March 31, Softpedia – (International) Rokku ransomware uses QR codes to help you pay for your files. Security researchers from Avira discovered a new ransomware named Rokku that encrypts victims’ files while attaching the “.rokku” extension via spam emails embedded with malicious email attachments that will execute the ransomware’s encryption process when opened. Source: http://news.softpedia.com/news/rokku-ransomware-uses-qr-codes-to-help-you-pay-for-your-files-502446.shtml

22. March 31, Softpedia – (International) SideStepper attack targets corporate iOS devices. Security researchers from Check Point discovered a new attack method dubbed SideStepper that targets Apple iOS devices used in enterprise environments and are enrolled in Mobile Device Management (MDM) setups, which could allow attackers to bypass iOS security protections and install malware on a device by sending a malicious configuration profile via email, instant messaging (IM), or short message service (SMS) to the device, through the use of a legitimate enterprise certificate to install malicious apps via a trivial Man-in-the-Middle (MitM) attack. Source: http://news.softpedia.com/news/sidestepper-attack-targets-corporate-ios-devices-502422.shtml

Communications Sector

Nothing to report