Complete DHS Report for October 13, 2016
Daily Report
Top Stories
• Crews worked October 12 to restore power to roughly 35,000
Georgia Power customers in Georgia who remained without power after Hurricane
Matthew knocked out power to more than 440,000 customers. – Atlanta
Journal-Constitution
2. October 12, Atlanta
Journal-Constitution – (Georgia) Thousands still without power after
Hurricane Matthew. Crews worked October 12 to restore power to roughly
35,000 Georgia Power customers in Georgia who remained without power after
Hurricane Matthew knocked out power to more than 440,000 customers. Georgia
Power stated it expects to restore power to 90 percent of its customers by
October 12. Source: http://www.ajc.com/weather/40k-still-without-power-after-hurricane-matthew/tsjYDXA8TxLkJnxGxWkLPI/
• Crews worked October 11 to restore power to more than 290,000
South Carolina residents who remained without power following Hurricane
Matthew. – Columbia State
3. October 11, Columbia
State – (South Carolina) S.C. utilities battle hurricane’s after
effects; 290,000 still without power Tuesday. Crews worked October 11 to
restore electricity to more than 290,000 South Carolina residents who remained
without power following Hurricane Matthew. The utilities expect to have power
restored to most customers by October 16. Source: http://www.thestate.com/news/business/article107608232.html
• A Las Vegas resident and member of a drug trafficking
organization operating in 5 States pleaded guilty October 11 after she laundered
nearly $500,000 in drug proceeds for the organization since 2010. – U.S.
Attorney’s Office, District of Idaho See item 6 below in
the Financial Services Sector
• The U.S. Federal Communications Commission announced October 11
that Comcast Corporation will pay $2.3 million to resolve a Federal
investigation into allegations that the company wrongfully billed thousands of
cable TV customers for unauthorized services and equipment. – Reuters See
item 29 below in the Communications
Sector
Financial Services Sector
6. October 11, U.S.
Attorney’s Office, District of Idaho – (National) Member of north Idaho
drug trafficking organization pleads guilty to money laundering. A Las
Vegas resident and member of a drug trafficking organization operating in 5
States pleaded guilty October 11 after she laundered nearly $500,000 in drug
proceeds for the organization since 2010 by depositing the organization’s
earnings into her personal bank accounts and business accounts belonging to a
Las Vegas-based hair salon that she and her mother owned. The charges state the
woman used a portion of the profits to pay expenses related to the
organization. Source: https://www.justice.gov/usao-id/pr/member-north-idaho-drug-trafficking-organization
Information Technology Sector
25. October 12, Softpedia
– (International) Microsoft patches four zero-days used in live attacks.
Microsoft released a security bulletin addressing 4 zero-day
vulnerabilities in several of its products, including an information disclosure
bug in Internet Explorer, remote code execution (RCE) flaws in Edge’s scripting
engine and Windows graphics device interface (GDI), and a memory corruption
vulnerability in Office, among other vulnerabilities. Microsoft reported all
four zero-days have been exploited in the wild. Source: http://news.softpedia.com/news/microsoft-patches-four-zero-days-used-in-live-attacks-509222.shtml
26. October 12,
SecurityWeek – (International) SAP patches multiple implementation
flaws. SAP released security patches resolving 48 vulnerabilities affecting
its products, including a denial-of-service (DoS) flaw in SAP ASE that could be
exploited to terminate a process in a vulnerable component, a Structured Query
Language (SQL) injection issue in SAP ST-PI component that allows an attacker
to read and alter sensitive database information, and a cross-site scripting
(XSS) flaw in SAP Messaging System Service that enables a malicious actor to
inject script into a page to access all session tokens, cookies, and other
critical information, among other vulnerabilities.
Source:
http://www.securityweek.com/sap-patches-multiple-implementation-flaws
27. October 11,
SecurityWeek – (International) Adobe patches critical flaws in Flash
Player, PDF apps. Adobe released patches resolving 71 critical
vulnerabilities affecting its Acrobat, Reader, Flash Player, and Creative Cloud
desktop application products , including a security bypass vulnerability, an
unquoted search path vulnerability that could lead to local privilege escalation
in Creative Cloud for Microsoft Windows, and several memory flaws that could
allow arbitrary code execution, among other vulnerabilities. Source:
http://www.securityweek.com/adobe-patches-critical-flaws-flash-player-pdf-apps
28. October 11, SecurityWeek
– (International) DXXD ransomware encrypts files on unmapped network
shares. Security researchers from BleepingComputer reported a new
ransomware family, dubbed DXXD was spotted targeting and encrypting files on both
mapped and unmapped network shares, and was abusing Remote Desktop Services and
brute-forcing passwords on infected devices for distribution. DXXD changes a
Microsoft Windows Registry setting in order to display a notice when a victim
logs in to their infected device, ensuring that the user sees the ransom note. Source:
http://www.securityweek.com/dxxd-ransomware-encrypts-files-unmapped-network-shares
Communications Sector
29. October 11, Reuters –
(National) Comcast will pay $2.3 million to settle U.S. billing probe. The
U.S. Federal Communications Commission announced October 11 that Comcast
Corporation will pay $2.3 million to resolve a Federal investigation into
allegations that the company wrongfully billed thousands of cable TV customers
for unauthorized services and equipment, including premium channels, set-top
boxes, and digital video recorders. As part of the consent decree, Comcast must
implement a 5-year compliance plan, offer a detailed program for responding to
consumer complaints, send customers a separate order confirmation of new
services, and implement additional employee training for workers placing
excessive unauthorized charges on customer bills, among other requirements. Source:
http://www.reuters.com/article/us-fcc-comcast-idUSKCN12B1VO