Complete DHS Report for September 23, 2016
Daily Report
Top Stories
• Nearly 1.5 million people in Puerto Rico lost power September 21
following a large fire at an Electric Power Authority electrical plant. – USA
Today; Associated Press
1. September
22, USA Today; Associated Press – (Puerto Rico) Most of Puerto
Rico still in the dark after power plant fire. Nearly 1.5 million people in
Puerto Rico lost power September 21 following a large fire at an Electric Power
Authority electrical plant that prompted officials to shut off power for the
entire island as a precaution and close all of the island’s schools September
22. Officials were working to restore power and the cause of the fire remains
under investigation. Source: http://www.usatoday.com/story/news/2016/09/22/puerto-rico-power-outage-electricity-plant/90823454/
• Colonial Pipeline officials restarted the flow of gasoline
through Line 1 in Shelby County, Alabama, September 21 after the pipeline was
shutdown September 9 when more than 300,000 gallons of gasoline leaked from the
pipe. – WBRC 6 Birmingham
2. September
21, WBRC 6 Birmingham – (Alabama) Colonial Pipeline restarts flow
of gasoline in Line 1. Colonial Pipeline officials restarted the flow of
gasoline through Line 1 in Shelby County, Alabama, September 21 after the
pipeline was shutdown September 9 when more than 300,000 gallons of gasoline
leaked from the pipe. Colonial Pipeline officials stated it may take several
days for the fuel supply to return to normal. Source: http://www.ksla.com/story/33153215/colonial-pipeline-restarts-flow-of-gasoline-in-line-1
• A Weston, Connecticut resident pleaded guilty September 21 to
concealing over $1.5 million in income from the U.S. Internal Revenue Service
after he and co-conspirators allegedly hid profits from alcohol and tobacco
sales in an undeclared bank account in Panama from 2006 – 2012. – U.S.
Attorney’s Office, District of New Jersey See item 4 below in
the Financial Services Sector
• Five people were indicted on Federal charges September 21 for
allegedly conspiring to steal more than $20 million from Eden Prairie,
Minnesota-based Starkey Laboratories, Inc. between 2006 and 2015. – U.S.
Attorney’s Office, District of Minnesota
13. September
22, U.S. Attorney’s Office, District of Minnesota –
(Minnesota) Five indicted for massive fraud perpetrated against Starkey
Laboratories. Five people were indicted on Federal charges September 21 for
allegedly conspiring to steal more than $20 million from Eden Prairie,
Minnesota-based Starkey Laboratories, Inc. and its principal owner after the
group misappropriated money and business opportunities belonging to Starkey and
Sonion, a supplier of hearing aid components to Starkey Laboratories by
controlling a network of fake companies, awarding themselves restricted stock
in Starkey’s retail affiliate, and embezzling money from the company between
2006 and 2015. Source: https://www.justice.gov/usao-mn/pr/five-indicted-massive-fraud-perpetrated-against-starkey-laboratories
Financial Services Sector
3. September
22, WTMJ 4 Milwaukee – (Wisconsin) Card skimmers found at 3 Kenosha ATMs. Wisconsin
authorities are searching September 21 for 2 men suspected of installing credit
card skimmers on ATMS at 3 banks in Kenosha, including a North Shore Bank
branch and 2 TruStone Financial Federal Credit Union locations. Officials
stated the duo also allegedly installed cameras on the ATMs in order to read
bank customers’ PIN numbers.
4. September
21, U.S. Attorney’s Office, District of New Jersey –
(International) Connecticut man admits conspiring to conceal income in undeclared
Panamanian bank account. A Weston, Connecticut resident pleaded guilty
September 21 to concealing over $1.5 million in income from the U.S. Internal
Revenue Service after he and co-conspirators allegedly hid profits from
duty-free alcohol and tobacco sales in an undeclared bank account in Panama
from 2006 – 2012. The charges allege that the defendant used a registered
Panamanian corporation, Centennial Group, to purchase and sell the duty-free
products, shipped the alcohol via a warehouse in Florida and the tobacco
products through a warehouse in New Jersey, and used the illicit proceeds for
personal expenses. Source: https://www.justice.gov/usao-nj/pr/connecticut-man-admits-conspiring-conceal-income-undeclared-panamanian-bank-account
Information Technology Sector
15. September
22, SecurityWeek – (International) Flaws in Cisco Cloud Services Platform allow
command execution. Cisco notified its customers that its Cloud Services
Platform (CSP) 2100 version 2.0 was plagued with two vulnerabilities, one of
which is a critical vulnerability caused by insufficient sanitization of user
input that could allow an unauthenticated attacker to remotely execute
arbitrary commands on the operating system with root privileges. Cisco reported
the second vulnerability could allow an unauthenticated attacker to execute
arbitrary code on a targeted system remotely by sending a malicious “dnslookup”
request. Source: http://www.securityweek.com/flaws-cisco-cloud-services-platform-allow-command-execution
16. September
22, SecurityWeek – (International) Restriction bypass, XSS flaws patched in
Drupal 8. The developers of the Drupal content management system (CMS)
released versions 8.1.10 and 8.2.0-rc2 patching three serious vulnerabilities,
including two restriction bypass issues and one cross-site scripting (XSS) flaw
after reserachers discovered an attacker could exploit the flaws to execute arbitrary
code in the victim’s browser if a targeted user accesses a maliciously crafted
Universal Resource Locator (URL) due to inadequate sanitization in Hypertext
Transfer Protocol (HTTP) exceptions. Drupal developers also patched a critical
vulnerability in the feature that allows Drupal users to export their site’s
configuration to a file, which could allow an attacker to download full
configuration exports without administrative privileges, among other
vulnerabilities.
17. September
21, SecurityWeek – (International) Firefox 49 patches critical, high severity
vulnerabilities. Mozilla released Firefox 49 resolving several critical
vulnerabilities, including multiple memory safety bugs that could be exploited
to execute arbitrary code, as well as a high severity certificate pinning flaw
caused by flaws in the process Mozilla uses to update Preloaded Public Key
Pinning, which could allow a Man in the Middle (MitM) attacker to replace
legitimate add-on updates with malicious versions and execute arbitrary code on
a targeted system, among other vulnerabilities. Source: http://www.securityweek.com/firefox-49-patches-critical-high-severity-vulnerabilities
Communications Sector
Nothing to report