Complete DHS Report for December 14, 2016
Daily Report
Top Stories
• Officials reported December 12 that about 176,000 gallons of oil
leaked from a 6-inch Belle Fourche Pipeline Co. pipeline into a tributary of
the Little Missouri River and a hillside near Belfield, North Dakota. – Duluth
News Tribune
2. December 12, Duluth
News Tribune – (North Dakota) North Dakota oil pipeline spill estimated
at 176,000 gallons. The North Dakota Department of Health announced
December 12 that an estimated 176,000 gallons of oil leaked from a 6-inch Belle
Fourche Pipeline Co. pipeline into a tributary of the Little Missouri River and
a hillside near Belfield. Cleanup crews have recovered 36,876 gallons of oil
since the leak was discovered by a landowner December 5. Source: http://www.duluthnewstribune.com/news/4178352-north-dakota-oil-pipeline-spill-estimated-176000-gallons
• Two New Jersey men were charged December 12 for allegedly
orchestrating a securities fraud scheme that netted over $26 million in illegal
proceeds. – Associated Press See item 6 below in the Financial Services Sector
• A Kansas couple pleaded guilty December 12 for their roles in a
trade based money laundering conspiracy where the duo deposited at least $1.6
million in undeclared cash and $5.2 million worth of undeclared third-party
checks into their joint account. – Garden City Telegram See item 7
below in the Financial Services Sector
• Quest Diagnostics Incorporated is investigating December 12
after a third-party accessed an Internet application on its network November 26
and obtained the protected health information of roughly 34,000 patients. – WPXI
11 Pittsburgh
24. December 12, WPXI 11
Pittsburgh – (National) Quest Diagnostics says hackers obtained
protected health information of 34,000 patients. Quest Diagnostics
Incorporated announced December 12 that it is investigating after a third-party
accessed the MyQuest by Care360 Internet application on the company’s network
November 26 and obtained the protected health information of roughly 34,000
patients. Company officials stated there is no evidence that the patient
information has been misused. Source: http://www.wpxi.com/news/quest-diagnostics-says-hackers-obtained-protected-health-information-of-34000-patients/475436855
Financial Services Sector
5. December 12, Boston
Globe – (Massachusetts) Chelsea man charged with series of bank
robberies. A man dubbed the “Spelling Bee Bandit” was charged December 12
for allegedly committing 4 bank robberies in the Greater Boston area between
October and November 2016. Source: http://www.boston.com/news/crime/2016/12/12/chelsea-man-charged-with-series-of-bank-robberies
6. December 12,
Associated Press – (National) 2 charged in securities fraud plot netting
$26M illegally. Two New Jersey men were charged December 12 for allegedly
orchestrating a securities fraud scheme that netted over $26 million in illegal
proceeds by using dozens of brokerage accounts, some of which were listed in
the names of family members or other individuals, to drive up the cost of $10
billion in securities, and subsequently sell the securities they owned at inflated
prices. The duo was barred from future trading in securities on others’
accounts. Source: http://www.nytimes.com/aponline/2016/12/12/us/ap-us-securities-fraud-charges.html?_r=0
7. December 12, Garden
City Telegram – (International) Meade couple pleads guilty to money
laundering. A Meade, Kansas couple pleaded guilty December 12 for their
roles in a trade based money laundering conspiracy where the duo deposited at
least $1.6 million in undeclared cash and $5.2 million worth of undeclared
third-party checks that the husband received from his trips to Mexico into a
joint account they kept at Plains State Bank in Plains, Kansas. The couple
would then transfer the funds in the account to buy genetically modified corn
seed that was transported to Mexico. Source: http://www.gctelegram.com/news/local/meade-couple-pleads-guilty-to-money-laundering/article_28fc9c0d-4c89-51bf-bbac-296ba1163e7f.html
8. December 12,
SecurityWeek – (International) Ostap backdoor installs banking trojans,
PoS malware. Proofpoint security researchers reported that a newly spotted
backdoor, dubbed Ostap was being leveraged by a threat group to install banking
trojans such as Dridex, Ursnif, and Tinba, as well as point-of-sale (PoS)
malware on devices belonging to financial services companies in several
countries. Proofpoint found that the threat group leveraged spam emails with
malicious Microsoft Word attachments for distribution, and the backdoor remains
active on a targeted device after the Word attachment has been closed, and
writes a copy of itself to the victim’s Startup folder for persistence,
among other malicious actions. Source: http://www.securityweek.com/ostap-backdoor-installs-banking-trojans-pos-malware
For another story, see item 27
below in the Information
Technology Sector
Information Technology Sector
27. December 13,
SecurityWeek – (International) Flaw in PwC security tool exposes SAP
systems to attacks. Security researchers at ESNC discovered
PricewaterhouseCoopers’ Automated Controls Evaluator (ACE) tool was plagued
with a remote code execution flaw that could be exploited to remotely inject
and execute malicious Advanced Business Application Programming (ABAP) code on
a targeted Systems, Applications and Products (SAP) system. The flaw could
allow a malicious actor to manipulate accounting documents and financial
results, bypass segregation of duties restrictions, and bypass change
management controls, potentially resulting in fraud, theft or manipulation of
sensitive data, and unauthorized payment transactions and transfer of money.
28. December 13,
SecurityWeek – (International) Serious vulnerabilities found in McAfee
Enterprise product. A security researcher discovered Intel Security’s
McAfee VirusScan Enterprise for Linux (VSEL) product versions 2.0.3 and earlier
are plagued by 10 vulnerabilities, including information disclosure flaws,
cross-site request forgery (CSRF) bugs, remote code execution flaws, and
privilege escalation issues, among others vulnerabilities, 4 of which can be
chained to achieve remote code execution with root privileges. Intel Security
advised users to upgrade to Endpoint Security for Linux (ENSL) 10.2 or later to
avoid the flaws. Source: http://www.securityweek.com/serious-vulnerabilities-found-mcafee-enterprise-product
29. December 12,
SecurityWeek – (International) Flaws allow remote hacking of Moxa MiiNePort
devices. Moxa released firmware updates for its MiiNePort embedded serial
device servers after a security researcher found the devices were plagued with
two vulnerabilities, one of which can be exploited to brute-force an active
session cookie and download a device’s configuration file containing sensitive
information such as the administrator password remotely from the Internet,
which could give a malicious actor unrestricted privileges and allow the
attacker access to the device. The second vulnerability relates to how the
configuration data is stored in a file without being encrypted. Source: http://www.securityweek.com/flaws-allow-remote-hacking-moxa-miineport-devices
30. December 12,
SecurityWeek – (International) Users warned of Zcash miner infections. Kaspersky
Lab reported that cybercriminals have covertly infected roughly 1,000 devices
with software that mine for Zcash (ZEC), a new cryptocurrency worth about $49
per ZEC, in order to make a significant profit. Kaspersky Lab stated
cybercriminals were disguising the miners as legitimate applications and
distributing them via torrent Websites, and reported that no attempts to
install the miners using Website vulnerabilities or email spam campaigns have
been spotted.
31. December 12,
SecurityWeek – (International) Alpha version of Sandboxed Tor Browser
available for Linux. The Tor developer known as Yawning Angel released
Sandboxed Tor Browser 0.0.2, a version of the browser designed to offer
additional security to users as it traps exploits and prevents them from
accessing files, real Internet Protocols (IPs) and media access control (MAC)
addresses from the host. The developer warned the new version has unresolved issues
affecting security and fingerprinting, and the application is only compatible
with Linux systems as it leverages bubblewrap, a sandboxing utility for Linux.
Communications Sector
Nothing to report