Thursday, October 13, 2016



Complete DHS Report for October 13, 2016

Daily Report                                            

Top Stories

• Crews worked October 12 to restore power to roughly 35,000 Georgia Power customers in Georgia who remained without power after Hurricane Matthew knocked out power to more than 440,000 customers. – Atlanta Journal-Constitution

2. October 12, Atlanta Journal-Constitution – (Georgia) Thousands still without power after Hurricane Matthew. Crews worked October 12 to restore power to roughly 35,000 Georgia Power customers in Georgia who remained without power after Hurricane Matthew knocked out power to more than 440,000 customers. Georgia Power stated it expects to restore power to 90 percent of its customers by October 12. Source: http://www.ajc.com/weather/40k-still-without-power-after-hurricane-matthew/tsjYDXA8TxLkJnxGxWkLPI/

• Crews worked October 11 to restore power to more than 290,000 South Carolina residents who remained without power following Hurricane Matthew. – Columbia State

3. October 11, Columbia State – (South Carolina) S.C. utilities battle hurricane’s after effects; 290,000 still without power Tuesday. Crews worked October 11 to restore electricity to more than 290,000 South Carolina residents who remained without power following Hurricane Matthew. The utilities expect to have power restored to most customers by October 16. Source: http://www.thestate.com/news/business/article107608232.html

• A Las Vegas resident and member of a drug trafficking organization operating in 5 States pleaded guilty October 11 after she laundered nearly $500,000 in drug proceeds for the organization since 2010. – U.S. Attorney’s Office, District of Idaho See item 6 below in the Financial Services Sector

• The U.S. Federal Communications Commission announced October 11 that Comcast Corporation will pay $2.3 million to resolve a Federal investigation into allegations that the company wrongfully billed thousands of cable TV customers for unauthorized services and equipment. – Reuters See item 29 below in the Communications Sector

Financial Services Sector

6. October 11, U.S. Attorney’s Office, District of Idaho – (National) Member of north Idaho drug trafficking organization pleads guilty to money laundering. A Las Vegas resident and member of a drug trafficking organization operating in 5 States pleaded guilty October 11 after she laundered nearly $500,000 in drug proceeds for the organization since 2010 by depositing the organization’s earnings into her personal bank accounts and business accounts belonging to a Las Vegas-based hair salon that she and her mother owned. The charges state the woman used a portion of the profits to pay expenses related to the organization. Source: https://www.justice.gov/usao-id/pr/member-north-idaho-drug-trafficking-organization

Information Technology Sector

25. October 12, Softpedia – (International) Microsoft patches four zero-days used in live attacks. Microsoft released a security bulletin addressing 4 zero-day vulnerabilities in several of its products, including an information disclosure bug in Internet Explorer, remote code execution (RCE) flaws in Edge’s scripting engine and Windows graphics device interface (GDI), and a memory corruption vulnerability in Office, among other vulnerabilities. Microsoft reported all four zero-days have been exploited in the wild. Source: http://news.softpedia.com/news/microsoft-patches-four-zero-days-used-in-live-attacks-509222.shtml

26. October 12, SecurityWeek – (International) SAP patches multiple implementation flaws. SAP released security patches resolving 48 vulnerabilities affecting its products, including a denial-of-service (DoS) flaw in SAP ASE that could be exploited to terminate a process in a vulnerable component, a Structured Query Language (SQL) injection issue in SAP ST-PI component that allows an attacker to read and alter sensitive database information, and a cross-site scripting (XSS) flaw in SAP Messaging System Service that enables a malicious actor to inject script into a page to access all session tokens, cookies, and other critical information, among other vulnerabilities.
Source: http://www.securityweek.com/sap-patches-multiple-implementation-flaws

27. October 11, SecurityWeek – (International) Adobe patches critical flaws in Flash Player, PDF apps. Adobe released patches resolving 71 critical vulnerabilities affecting its Acrobat, Reader, Flash Player, and Creative Cloud desktop application products , including a security bypass vulnerability, an unquoted search path vulnerability that could lead to local privilege escalation in Creative Cloud for Microsoft Windows, and several memory flaws that could allow arbitrary code execution, among other vulnerabilities. Source: http://www.securityweek.com/adobe-patches-critical-flaws-flash-player-pdf-apps

28. October 11, SecurityWeek – (International) DXXD ransomware encrypts files on unmapped network shares. Security researchers from BleepingComputer reported a new ransomware family, dubbed DXXD was spotted targeting and encrypting files on both mapped and unmapped network shares, and was abusing Remote Desktop Services and brute-forcing passwords on infected devices for distribution. DXXD changes a Microsoft Windows Registry setting in order to display a notice when a victim logs in to their infected device, ensuring that the user sees the ransom note. Source: http://www.securityweek.com/dxxd-ransomware-encrypts-files-unmapped-network-shares

Communications Sector

29. October 11, Reuters – (National) Comcast will pay $2.3 million to settle U.S. billing probe. The U.S. Federal Communications Commission announced October 11 that Comcast Corporation will pay $2.3 million to resolve a Federal investigation into allegations that the company wrongfully billed thousands of cable TV customers for unauthorized services and equipment, including premium channels, set-top boxes, and digital video recorders. As part of the consent decree, Comcast must implement a 5-year compliance plan, offer a detailed program for responding to consumer complaints, send customers a separate order confirmation of new services, and implement additional employee training for workers placing excessive unauthorized charges on customer bills, among other requirements. Source: http://www.reuters.com/article/us-fcc-comcast-idUSKCN12B1VO