Tuesday, November 22, 2016



Complete DHS Report for November 22, 2016

Daily Report                                            

Top Stories

• JPMorgan Chase & Co. agreed November 17 to pay a total of more than $264 million to resolve charges stemming from alleged violations of the Foreign Corrupt Practices Act. – U.S. Securities and Exchange Commission See item 2 below in the Financial Services Sector

• Officials reported that more than 200,000 gallons of wastewater spilled into Rocky Creek in Tampa, Florida, November 18 after bypass piping failed during valve replacement work. – Tampa Bay Times

13. November 19, Tampa Bay Times – (Florida) Hillsborough utilities: More than 200,000 gallons of wastewater discharged into Rock Creek. Hillsborough County Public Utilities officials reported that more than 200,000 gallons of wastewater spilled into Rocky Creek in Tampa, Florida, November 18 after bypass piping failed during valve replacement work. Officials advised people not to fish, wade, or swim in Rocky Creek or in the vicinity of where the creek flows into Tampa Bay. Source: http://www.tampabay.com/news/publicsafety/hillsborough-utilities-more-than-200000-gallons-of-wastewater-discharged/2303468

• Michigan State University officials reported November 18 that an unauthorized party breached one of its servers November 13 and accessed a database containing 400,000 records containing the names, Social Security numbers, and birthdates of current and former students and employees. – SecurityWeek; WSYM 47 Lansing

14. November 21, SecurityWeek; WSYM 47 Lansing – (Michigan) 400,000 records exposed in Michigan State University breach. Michigan State University (MSU) officials reported November 18 that an unauthorized party breached one of its servers November 13 and accessed a database containing 400,000 records containing names, Social Security numbers, and birthdates of current and former students and employees, among other personal information. The hackers reportedly attempted to extort the university after accessing the database, and officials believe only a few hundred records were actually stolen. Source: http://www.securityweek.com/400000-records-exposed-michigan-state-university-breach

• More than 6,300 firefighters continued working November 20 to contain wildfires that have collectively burned more than 119,000 acres across 8 southeastern States. – Knoxville News Sentinel

15. November 20, Knoxville News Sentinel – (National) Forest fires burn 119,000 acres in 8 southeastern states. More than 6,300 firefighters continued working November 20 to contain wildfires that have collectively burned more than 119,000 acres across 8 southeastern States. Source: http://www.usatoday.com/story/news/nation-now/2016/11/20/forest-fires-burn-119000-acres-8-southeastern-states/94169774/

Financial Services Sector

1. November 18, Pocono Record – (Pennsylvania) Two charged with stealing credit card info in Monroe County. Two men were charged November 17 for allegedly stealing credit card account information and transferring the information onto fraudulent credit cards after authorities discovered 78 suspected fake credit cards, a credit card embossing machine, and 2 card skimming devices, among other illicit items, at one of the co-conspirator’s residence in Tobyhanna, Pennsylvania. Source: http://www.poconorecord.com/news/20161118/two-charged-with-stealing-credit-card-info-in-monroe-county

2. November 17, U.S. Securities and Exchange Commission – (International) JPMorgan Chase paying $264 million to settle FCPA charges. The U.S. Securities and Exchange Commission announced November 17 that JPMorgan Chase & Co. agreed to pay a total of more than $264 million to resolve charges stemming from alleged violations of the Foreign Corrupt Practices Act (FCPA) after the company reportedly won business from clients and corruptly influenced government officials in the Asia-Pacific region by providing their friends and family members with jobs and internships over the course of 7 years. According to the settlement, JPMorgan hired around 100 interns and full-time personnel at the request of foreign government officials, enabling the company to accumulate over $100 million in revenues from winning or retaining business.

Information Technology Sector

18. November 21, Help Net Security – (International) Malware masquerading as an image spreads via Facebook. A malware researcher discovered malware is spreading via Facebook in the form of Scalable Vector Graphics (SVG) image files that contain embedded content and are automatically sent from compromised user accounts in order to redirect users to a Website impersonating YouTube where a victim is required to install a specific codec extension before viewing the video, which gives the malware the capability to alter a user’s data on the Websites they visit. The researcher reported the SVG file also contains the Nemucod downloader; however it has not been spotted downloading the Locky ransomware or other malware.

19. November 21, SecurityWeek – (International) Palo Alto Networks patches flaws found by Google researcher. Palo Alto Networks, Inc. patched several vulnerabilities in its PAN-OS operating system after a Project Zero researcher found three security flaws affecting the products including an issue that could allow an attacker with network access to the Web management interface to execute arbitrary code or cause a denial-of-service (DoS) condition due to how the Web management server handles a buffer overflow. The patches also addressed two local privilege escalation bugs that could be exploited to obtain root permissions, an OpenSSH flaw, and a post-authentication flaw that could allow XPath manipulation. Source: http://www.securityweek.com/palo-alto-networks-patches-flaws-found-google-researcher

20. November 20, Softpedia – (International) Microsoft Xbox, PlayStation, other popular Twitter accounts hacked. Twitter Counter confirmed its service experienced a security breach and several high-profile Twitter accounts, including those owned by Microsoft Xbox, the U.S. National Transportation Safety Board, and the Minnesota governor, among others were hacked to post links to services that increase a user’s number of followers for other accounts. Twitter Counter stated an investigation into the breach is ongoing and the hackers can no longer post on another user’s behalf. Source: http://news.softpedia.com/news/microsoft-xbox-playstation-other-popular-twitter-accounts-hacked-510357.shtml

21. November 18, SecurityWeek – (International) Over-the-air update mechanism exposes millions of Android devices. Security researchers reported that over 2.8 million Android devices across 55 device models were vulnerable to Man-in-the-Middle (MitM) attacks and could allow a remote, unauthenticated attacker to replace server responses with their own and execute arbitrary commands as root on the device due to an insecure implementation of the over-the-air (OTA) update mechanism from Ragentek Group, which failed to use an encrypted channel for transactions from the binary to third-party endpoint.

22. November 18, SecurityWeek – (International) Moxa, Vanderbilt surveillance products affected by serious flaws. The Industrial Control Systems-Computer Emergency Readiness Team (ICS-CERT) released an advisory which reported that Moxa’s SoftCMS central management software was plagued with three serious vulnerabilities after security researchers discovered a Structured Query Language (SQL) injection flaw that could be remotely exploited to access the software with administrator privileges, a double free condition that could lead to a denial-of-service (DoS) condition, and an improper input validation flaw that could lead to a crash of the application. ICS-CERT and Siemens also informed customers that several Siemens-brand Vanderbilt IP cameras were affected by a flaw that could allow an attacker with network access to obtain administrative privileges using maliciously crafted requests. Source: http://www.securityweek.com/moxa-vanderbilt-surveillance-products-affected-serious-flaws

23. November 17, Help Net Security – (International) Ransoc browser locker/ransomware blackmails victims. Security researchers discovered the Ransoc ransomware is being distributed via malvertising to target and blackmail Microsoft Windows users who frequent adult Websites, and scans an infected device to collect information from the victim’s Facebook, LinkedIn, and Skype accounts, as well as scans local media filenames for strings associated with files downloaded via torrents in order to uncover illegal or illicit content. The ransomware then displays a ransom note, or “penalty notice” tailored to the information it finds, threatening to expose a victim’s illicit online activity to the user’s social and professional network connections if the fine is not paid. Source: https://www.helpnetsecurity.com/2016/11/17/ransoc-browser-lockerransomware-blackmails-victims/

Communications Sector

Nothing to report