Complete DHS Report for April 14, 2016
Daily Report
Top Stories
• Southcross Energy Partners announced April 12 that 2 people were
killed and 1 other was injured after they were blown out of a manhole near
Woodsboro when about 800 pounds of pressure leaked following equipment failure.
– Corpus Christi Caller Times
2. April 12,
Corpus Christi Caller-Times – (Texas) 2 killed, 1 hurt in
gas pressure leak. Southcross Energy Partners announced April 12 that two
people were killed and a third person was injured after they were blown out of
a manhole near Woodsboro when about 800 pounds of pressure leaked following
equipment failure. The company is investigating the incident. Source: http://www.caller.com/news/local/2-killed-1-hurt-in-gas-pressure-leak-30517430-79c5-4a23-e053-0100007f5877-375479971.html
• A woman pleaded guilty April 12 for her role in a scheme
involving at least 4 co-conspirators where they offered caregiver services and
provided legal wills through Linwood-based A Better Choice, bilking over $2.7
million from 12 elderly clients between January 2003 and December 2012. – Press
of Atlantic City
11. April 12,
Press of Atlantic City – (New Jersey) Linwood woman admits to
bilking millions from elderly. A woman pleaded guilty April 12 for her role
in a scheme where she identified potential elderly clients and offered them
caregiver services through Linwood-based A Better Choice, bilking over $2.7
million from 12 clients from January 2003 through December 2012. The woman
worked with at least four other co-conspirators to provide caregiver services
and provide legal wills and powers of attorney for the clients.
• Symantec Corporation reported that in 2015 over half a billion
personal records were stolen or lost and that data breaches grew by 85 percent
from 2014. – Softpedia See item 19 below in
the Information Technology Sector
• BAE Systems researchers discovered an improved version of the
Qbot malware had affected more than 54,000 international machines with 85
percent of infections reported in the U.S. – SecurityWeek See item 20 below in
the Information Technology Sector
Financial Services Sector
Nothing
to report
Information Technology Sector
16. April 13,
SecurityWeek – (International) Adobe patches flaws in Creative Cloud,
RoboHelp. Adobe released Creative Cloud version 3.6.0.244, which patched an
important vulnerability in the sync process that affected Creative Cloud
Libraries version 3.5.1.209 and earlier versions, as well as a security hotfix
for RoboHelp Server version 9, which patched a critical vulnerability linked to
the Structured Query Language (SQL) queries that could lead to information
disclosure, among other patched vulnerabilities. Source: http://www.securityweek.com/adobe-patches-flaws-creative-cloud-robohelp
17. April 13,
SecurityWeek – (International) Another IBM Java patch bypassed by
researchers. Researchers from Security Explorations discovered that IBM’s
patch for Java’s “issue 70” was inefficient and could be easily bypassed and
exploited for a complete sandbox escape flaw against Java versions 7 and 8
after the patches did not address the root causes of the vulnerabilities or
introduce security checks into the code. Security Explorations published a
report advising how IBM’s patch can be bypassed and released a Proof-of-Concept
(PoC) code for the flaw.
18. April 12,
SecurityWeek – (International) Links found between different ransomware
families. Researchers from AlienVault released a report addressing several
similarities between PowerWare and PoshCoder ransomware including the use of
the RijndaelManaged
class and that both ransomware encrypt the same file types, which suggests that
the two threats are connected. In addition, the report stated several
similarities between Rokku and Chimera ransomware including the use of the
ReflectiveLoader function, which is used in both ransomware for reflective
dynamic link library (DLL) injection to load a library from memory into a host
process.
19. April 12,
Softpedia – (International) Over half a billion personal records were
stolen or lost in 2015. Symantec Corporation released a report which stated
that in 2015 many companies avoided disclosing the full details of their data
breaches after researchers found that over 429 million records were lost or
stolen and that data breaches grew by 85 percent compared to data breaches in
2014. In addition, the report stated that 75 percent of popular Web sites had
major vulnerabilities; of which, 15 percent were considered as critical flaws. Source:
http://news.softpedia.com/news/over-half-a-billion-personal-records-were-stolen-or-lost-in-2015as-502858.shtml
20. April 12,
SecurityWeek – (International) Improved Qbot worm targets public
institutions. Researchers from BAE Systems discovered that an improved
version of the Qbot malware was targeting public organizations such as police
departments, hospitals, and universities after finding that the malware’s
developers had made several improvements to avoid detection and that more than
54,000 international machines were part of the botnet, with 85 percent of
infections listed in the U.S. Researchers noted that cyber attackers
distributed the Qbot malware via compromised Web sites that lead to the RIG exploit
kit (EK). Source: http://www.securityweek.com/improved-qbot-worm-targets-public-institutions
Communications Sector
Nothing to report