Complete DHS Report for August 11, 2016
Daily Report
Top Stories
• Pacific Gas & Electric Co. was found guilty August 9 of
violating pipeline safety regulations and failing to identify a high risk gas
line prior to a fatal pipeline explosion in San Bruno, California, in 2010 that
killed eight people. – Associated Press
1. August 10,
Associated Press – (California) Pacific Gas & Electric guilty: Utility
convicted of obstruction in San Bruno blast probe. Pacific Gas &
Electric Co. (PG&E) was found guilty August 9 of violating pipeline safety
regulations and misleading investigators about how the utility identified
high-risk pipelines after the utility failed to gather information pertinent to
evaluating potential gas line threats and failed to classify a gas line as high
risk prior to a fatal natural gas pipeline explosion in 2010 that killed 8
people and destroyed 38 homes in San Bruno, California. The utility could be
fined up to $3 million for the violations. Source: http://www.smdailyjournal.com/articles/lnews/2016-08-10/pacific-gas-electric-guilty-utility-convicted-of-obstruction-in-san-bruno-blast-probe/1776425166449.html
• The former owner and operator of California-based Rodis Law
Group pleaded guilty August 9 for his role in a $9 million fraudulent mortgage
modification scheme where he and others convinced over 1,500 homeowners to pay
for fraudulent services from October 2008 – June 2009. – Orange County
Register See item 4 below in
the Financial Services Sector
• The U.S. Environmental Protection Agency fined the State of
Hawaii Department of Land and Natural Resources August 8 for violating a
Federal ban on large capacity cesspools on Maui and the Big Island. – U.S.
Environmental Protection Agency
14. August 8,
U.S. Environmental Protection Agency – (Hawaii) EPA enforces ban on
cesspools on Big Island and Maui. The U.S. Environmental Protection Agency
(EPA) announced three separate agreements with the County of Hawaii, the County
of Maui, and the State of Hawaii Department of Land and Natural Resources
(DLNR) August 8 to close cesspools on Maui and the Big Island after the EPA
discovered the counties were violating a Federal ban on large capacity
cesspools. Under the agreements, the County of Hawaii will pay a $105,000 fine
for its two cesspools, the County of Maui will pay $33,000 for their cesspool
at the Maui Raceway Track, and the DLNR will pay a $50,000 fine for their
cesspools at Waianapanapa State Park, as well as close or convert smaller
cesspools at 7 State parks and recreation areas. Source: https://www.epa.gov/newsreleases/epa-enforces-ban-cesspools-big-island-and-maui
• Eight Florida residents were charged August 9 for their roles in
a health care fraud scheme where the group allegedly submitted nearly $663
million in fraudulent reimbursement claims from October 2012 – December 2015. –
U.S. Department of Justice
15. August 9,
U.S. Department of Justice – (Florida) Eight individuals charged in
multimillion-dollar compounding pharmacy fraud scheme. Eight Florida
residents were charged in an indictment unsealed August 9 for their roles in a
multi-million dollar health care fraud scheme where the group allegedly used
the A to Z Pharmacy Inc., in New Port Richey and several Miami-area pharmacies to
submit nearly $663 million in fraudulent reimbursement claims for prescription
compounded medications to private insurance companies, Medicare and Tricare,
and received approximately $157 million in reimbursement claims from October
2012 – December 2015 that were based on prescriptions generated as a result of
kickbacks and bribes. The charges also allege that the group used shell
companies to transfer and distribute the money and conceal the fraudulent
activities. Source: https://www.justice.gov/opa/pr/eight-individuals-charged-multimillion-dollar-compounding-pharmacy-fraud-scheme
Financial Services Sector
4. August 9,
Orange County Register – (National) Brea man pleads guilty in $9
million mortgage modification scheme. The former owner and operator of
California-based Rodis Law Group pleaded guilty August 9 for his role in a $9
million fraudulent mortgage modification scheme where he and co-conspirators
convinced over 1,500 struggling homeowners to pay for fraudulent services from
the Rodis Law Group by falsely claiming the firm consisted of a team of
attorney’s experienced in negotiating lower principal balances and interest
rates on mortgage loans, among other misrepresentations from October 2008 –
June 2009. Two other co-conspirators have pleaded guilty for their roles in the
scheme. Source: http://www.ocregister.com/articles/antonio-725190-rodis-law.html
Information Technology Sector
19. August 10,
Softpedia – (International) Data of nearly 2 million users exposed in
Dota2 forum hack. Researchers from LeakedSource reported that the Dota2
official developers forum was breached after hackers stole the usernames, email
addresses, user identifiers, passwords, and IP addresses of nearly 2 million of
the forum’s users July 10 by hashing and salting the password with the MD5
algorithm. Forum administrators patched the vulnerability and reset all user
account passwords. Source: http://news.softpedia.com/news/data-of-nearly-2-million-users-exposed-in-dota2-forum-hack-507162.shtml
20. August 10,
SecurityWeek – (International) Microsoft patches flaws in Windows, Office,
browsers. Microsoft released 9 security bulletins patching a total of 27
important and critical vulnerabilities including 9 critical vulnerabilities in
Internet Explorer and 8 critical flaws in Edge that can be exploited for remote
code execution and information disclosure by tricking a targeted user into
visiting a malicious Website, remote code execution issues in Windows, Office,
Skype for Business and Lync caused by the way Windows font library handles
specially crafted embedded fonts, and critical flaws in Office that can be
leveraged for remote code execution if a victim opens a malicious file, among
other vulnerabilities.
21. August 10,
SecurityWeek – (International) Juniper starts fixing IPv6 processing
vulneraibility. Juniper Networks released hotfixes for its JUNOSe F3 and F2
products resolving a vulnerability in its JUNOSe and Junos routers after Cisco
researchers discovered the flaw can be exploited to cause a denial-of-service
(DoS) condition by sending a flood of specially crafted IPv6 Neighbor Disovery
(ND) packets from non-link-local sources to affected devices in order to fill
up the packet processing queue and cause legitimate IPv6 ND packets to drop.
The company was working to release patches for the issue. Source: http://www.securityweek.com/juniper-starts-fixing-ipv6-processing-vulnerability
22. August 9,
Softpedia – (International) Researchers hide malware inside digitally signed
files without breaking hashes. Security researchers from Deep Instinct
discovered attackers could inject malware inside a digitally signed binary
without affecting the overall file hash after finding that Microsoft Windows
does not include three fields from a file’s Portable Executable (PE) headers
during the file hash validation process and that modifying these fields does
not break the certificate’s validity, allowing the malicious files to avoid
detection by security and antivirus software. Researchers stated the technique
does not require attackers to hide the malicious code via packers and bypasses
any secondary checks of security software. Source: http://news.softpedia.com/news/researchers-hide-malware-inside-digitally-signed-files-without-breaking-hashes-507146.shtml
23. August 9,
SecurityWeek – (International) Go-based Linux trojan used for
cryptocurrency. Doctor Web researchers reported that a new Linux trojan,
dubbed Linus.Lady.1 allows hackers to earn a profit by exploiting infected
systems for cryptocurrency mining after finding that the trojan collects
information on an infected machine, including the operating system, central
processing unit (CPUs), and processes, and sends the harvested data back to a
command and control (C&C) server, which then provides a configuration file
for downloading a cryptocurrency mining application designed for Monero (XMR)
mining. Researchers also found the trojan is capable of spreading to other
Linux computers on an infected network by connecting to remote hosts over port
6379 without a password and downloading a script from a specified Uniform
Resource Locator (URL) which is responsible for downloading and installing a
copy of the trojan.
For another story, see item 24 below from the Commercial Facilities Sector
24. August 9,
Softpedia – (International) Criminal group uses LogMeIn to compromise PoS
systems with malware. Researchers from PandaLabs discovered a criminal
group was using compromised LogMeIn accounts belonging to systems running
point-of-sale (PoS) software and connected to PoS terminals to access over 200
devices and infect them with the PunkeyPOS, Multigrain, or PosCardStealer
malware. The researchers reported that the hackers exploited weak login
credentials or discovered the login credentials from other sources. Source: http://news.softpedia.com/news/criminal-group-uses-logmein-to-compromise-pos-systems-with-malware-507112.shtml
Communications Sector
Nothing to report