Monday, October 24, 2016



Complete DHS Report for October 24, 2016

Daily Report                                            

Top Stories

• A former executive at the Ohio County Public Schools Federal Credit Union in Wheeling, West Virginia, was charged October 20 for allegedly embezzling over $156,000 from the credit union between 2013 and 2016. – U.S. Attorney’s Office, Northern District of West Virginia See item 3 below in the Financial Services Sector

• Officials in Burleson, Texas, reported that blockage of a 12-inch wastewater collection line caused roughly 50,000 gallons of wastewater to spill in the North Creek area October 19. – Burleson Star

10. October 20, Burleson Star – (Texas) Line blockage caused 50,000 gallon wastewater spill. Officials in Burleson, Texas, reported that blockage of a 12-inch wastewater collection line reportedly caused approximately 50,000 gallons of wastewater to spill in the North Creek area October 19. Officials stated the public water supply was not affected by the spill.

• Martinsburg, West Virginia officials announced October 20 the completion of a $53.5 million renovation project to the city’s wastewater treatment plant. – Hagerstown Herald-Mail

11. October 20, Hagerstown Herald-Mail – (West Virginia) New wastewater treatment plant dedicated in Martinsburg. Martinsburg, West Virginia officials announced October 20 the completion of a $53.5 million renovation project to the city’s wastewater treatment plant, which was mandated in response to Federal requirements to decrease the plant's emissions of phosphorous and nitrogen into the Chesapeake Bay watershed. In addition to reducing pollution, the upgrades increased the combined sewer system plant's treatment capacity to 12 million gallons per day flow during storms. Source: http://www.heraldmailmedia.com/news/tri_state/west_virginia/new-wastewater-treatment-plant-dedicated-in-martinsburg/article_029f123c-9727-11e6-ae08-2b6383b6c83f.html

• Weebly confirmed that hackers stole the account information of over 43 million users, including usernames, Internet Protocol (IP) addresses, and password hashes after breaching the company’s systems in February 2016. – SecurityWeek See item 15 below in the Information Technology Sector

Financial Services Sector

2. October 20, U.S. Attorney’s Office, Northern District of Texas – (International) Federal jury convicts woman in Stolen Identity Refund scheme - some stolen identities belonged to incarcerated individuals. A Dallas woman was convicted October 20 for her participation in a Stolen Identity Refund Fraud scheme where she and co-conspirators filed fraudulent tax returns using the stolen identities of incarcerated individuals and others, and used shell company bank accounts to transfer the tax refunds from debit and Green Dot cards into cash and cashier’s checks, which the group used to buy nearly $1.2 million worth of used cars that they subsequently shipped to Nigeria from May 2012 – May 2014. Source: https://www.justice.gov/usao-ndtx/pr/federal-jury-convicts-woman-stolen-identity-refund-scheme-some-stolen-identities

3. October 20, U.S. Attorney’s Office, Northern District of West Virginia – (West Virginia) Former director of Ohio County Schools Credit Union charged with embezzlement. The former executive director of the Ohio County Public Schools Federal Credit Union in Wheeling, West Virginia, was charged October 20 for allegedly embezzling over $156,000 from the credit union between June 2013 and March 2016 after an employee detected the scheme in March during a routine credit union account reconciliation. The charges allege that the defendant used the stolen profits to cover personal debts. Source: https://www.justice.gov/usao-ndwv/pr/former-director-ohio-county-schools-credit-union-charged-embezzlement

Information Technology Sector

15. October 21, SecurityWeek – (International) Weebly breach affects over 43 million users. Weebly, a San Francisco-based Web hosting service, confirmed that hackers stole the account information of over 43 million users, including usernames, Internet Protocol (IP) addresses, and password hashes after breaching the company’s systems in February 2016. The company advised its user to reset their passwords and the cause of the breach remains under investigation. Source: http://www.securityweek.com/weebly-breach-affects-over-43-million-users

16. October 20, Softpedia – (International) Linux kernel zero-day CVE-2016-5195 patched after being deployed in live attacks. The Linux kernel team patched a zero-day security flaw named Dirty COW, as it is caused by a race condition in the way Linux kernel’s memory handles copy-on-write (COW) breakage of read-only memory mappings, which could allow an attacker to escalate their privileges, potentially to root level, on a targeted system. A security researcher notified Red Hat of attackers deploying an exploit that leverages this vulnerability in the wild. Source: http://news.softpedia.com/news/linux-kernel-zero-day-cve-2016-5195-patched-after-being-deployed-in-live-attacks-509494.shtml

17. October 20, Help Net Security – (International) Cisco plugs critical bug in ASA security devices. Cisco patched a critical vulnerability affecting the Identity Firewall feature of its Cisco Adaptive Security Appliance (ASA) Software, which could allow a remote attacker to take control of the system, cause a reload, and execute arbitrary code by sending a specially crafted NetBIOS packet in response to a NetBIOS probe sent by the software. Cisco reported the vulnerability is caused by a buffer overflow in the affected area code. Source: https://www.helpnetsecurity.com/2016/10/20/bug-asa-security-devices/

Communications Sector

Nothing to report