Monday, December 22, 2014



Complete DHS Report for December 22, 2014

Daily Report

Top Stories

 · A Slidell man and a Kenner doctor pleaded guilty in federal court in New Orleans, Louisiana, December 17 to directing a $56 million Medicare fraud scheme between 2007 and 2014. – Associated Press

14. December 18, Associated Press – (Louisiana) Mastermind of Medicare fraud scheme, doctor plead guilty in New Orleans. A Slidell man and a Kenner doctor pleaded guilty in federal court in New Orleans December 17 to directing a $56 million Medicare fraud scheme between 2007 and 2014. The scheme used multiple companies under their control and paid kickbacks to patient recruiters who provided Medicare beneficiary numbers that were then used to bill Medicare for unnecessary or unperformed procedures. Source: http://www.greenfieldreporter.com/view/story/b239991fa96d446194d0fa0fd68ce9c8/LA--Medicare-Fraud

 · The Office of Personnel Management alerted more than 40,000 federal employees nationwide that their personal information may have been exposed following a breach at federal contractor KeyPoint Government Solutions that was confirmed December 18. – CBS News; Associated Press

16. December 18, CBS News; Associated Press – (National) Files of more than 40,000 federal workers breached in cyberattack. The Office of Personnel Management alerted more than 40,000 federal employees nationwide that their personal information may have been exposed following a breach at federal contractor KeyPoint Government Solutions that was confirmed December 18. Source: http://www.cbsnews.com/news/files-of-more-than-40000-federal-workers-breached-in-cyberattack/

 · A December 19 fire at an under-construction condominium complex in Orem, Utah, caused an estimated $1 million in damage. Officials are investigating the blaze and reported that it appears to have been intentionally set. – Associated Press

27. December 19, Associated Press – (Utah) Orem fire caused $1M in damage, could be arson. A December 19 fire at an under-construction condominium complex in Orem caused an estimated $1 million in damage. Officials are investigating the blaze and reported that it appears to have been intentionally set. Source: http://www.cachevalleydaily.com/news/state/article_2839081b-d25f-5317-ae8e-5f4d5d47812c.html

 · Authorities reported December 18 that an investigation into a December 8 fire at an under-construction apartment complex in downtown Los Angeles found that the blaze was the result of an act of arson with an estimated $30 million in damages. – Reuters

29. December 18, Reuters – (California) Massive Los Angeles construction fire was arson, authorities say. Authorities reported December 18 that an investigation into a December 8 fire at an under-construction apartment complex in downtown Los Angeles found that the blaze was the result of an act of arson. The fire caused up to $30 million in damage as it engulfed an entire city block, damaged nearby buildings, and caused significant road closures in the area. Source: http://www.reuters.com/article/2014/12/19/us-usa-california-fire-idUSKBN0JX08C20141219

Financial Services Sector

3. December 19, Help Net Security – (International) New Zeus variant targets users of 150 banks. Researchers with Kaspersky Lab identified a new variant of the Zeus banking and information-stealing malware known as Chthonic that is targeting customers of 150 banks and 20 payment systems in the U.S. and 14 other countries. Chthonic shares several components with other forms of malware and is delivered by spam emails or though downloader malware already present on victims’ computers. Source: http://www.net-security.org/malware_news.php?id=2934

4. December 18, U.S. Securities and Exchange Commission – (International) SEC charges additional participant in penny stock manipulation ring. The U.S. Securities and Exchange Commission announced settled charges December 18 against a man in Nevada for setting up fake Panamanian companies and opening brokerage accounts that were used in an $11 million penny stock manipulation scheme involving the stock of now-defunct Rudy Nutrition. Thirteen other individuals were previously charged in the fraud scheme. Source: http://www.sec.gov/litigation/litreleases/2014/lr23162.htm

5. December 18, U.S. Securities and Exchange Commission – (National) SEC charges Staten Island-based firm with operating boiler room scheme targeting seniors. The U.S. Securities and Exchange Commission filed charges December 18 against New York-based Premier Links Inc., its former president, and two sales representatives for allegedly operating the firm as a boiler room scheme that defrauded over 300 investors from across the country of at least $9 million. The company and its members allegedly cold-called individuals and used pressure tactics and fraudulent claims and then redirected most investments to entities the defendants controlled. Source: http://www.sec.gov/news/pressrelease/2014-287.html

6. December 18, Easton Express-Times – (Pennsylvania) Bethlehem Township restaurant used in $160,000 credit card fraud, court records say. One person was arrested and arrest warrants were issued December 18 for three others, including the former owner of the Valley Family Restaurant, for allegedly using the business to run fraudulent transactions totaling $160,005. One of the defendants also allegedly provided a skimming device to be set up at the restaurant, though it had not yet been used. Source: http://www.lehighvalleylive.com/bethlehem/index.ssf/2014/12/bethlehem_township_restaurant.html

7. December 18, Whittier Daily News – (California) Whittier raid nets guns, drugs hundreds of fraudulent credit cards. Police in Whittier, California, arrested four individuals in a raid December 18 that uncovered hundreds of fraudulent payment cards, card manufacturing equipment, and stolen checks and IDs. Source: http://www.whittierdailynews.com/general-news/20141218/whittier-raid-nets-guns-drugs-hundreds-of-fraudulent-credit-cards

For another story, see item 25 below in the Information Technology Sector

Information Technology Sector

19. December 19, Help Net Security – (International) Critical flaw on over 12M routers allows device hijacking, network compromise. Check Point researchers identified a vulnerability in over 12 million routers dubbed “Fortune Cookie” caused by an error within the HTTP cookie management component that could be remotely exploited to cause the current session to be given administrative privileges by sending a packet to a user’s public IP address. The vulnerability was found in routers manufactured by TP-Link, Huawei, Zyxel, Netcomm, SmartAX, Edimax, and others. Source: http://www.net-security.org/secworld.php?id=17776

20. December 19, Securityweek – (International) Privilege escalation vulnerability found in Linux kernel. A researcher at AMA Capital Management identified a vulnerability in the Linux kernel that could be used to perform a denial of service (DoS) attack. The vulnerability is related to another recent Linux vulnerability (CVE-2014-9090) and is closed by the patch for the previous vulnerability. Source: http://www.securityweek.com/privilege-escalation-vulnerability-found-linux-kernel

21. December 19, Help Net Security – (International) Critical Git flaw allows attackers to compromise developers’ machines. GitHub released a patch for a vulnerability found in the Windows and OS X versions of its official Git client that could have allowed attackers to perform arbitrary command execution. Users were advised to apply the patch as soon as possible. Source: http://www.net-security.org/secworld.php?id=17774

22. December 18, Softpedia – (International) Exploits for Silverlight, Flash Player and Internet Explorer most used in 2014. Trend Micro released a report which found that most exploit kits analyzed in 2014 targeted four vulnerabilities for Internet Explorer, Flash Player, and Silverlight. The researchers found that most of the exploits were not the most recent but relied on victims not updating their software, among other findings. Source: http://news.softpedia.com/news/Exploits-for-Silverlight-Flash-and-IE-Most-Used-in-2014-467883.shtml

23. December 18, Securityweek – (International) SAP patches bugs in business apps. SAP released patches for two vulnerabilities in its BASIS and SAP BusinessObjects enterprise software discovered by researchers with Onapsis. The most serious vulnerability affected SAP BusinessObjects and could have been used to access and modify information stored on the software’s server. Source: http://www.securityweek.com/sap-patches-bugs-business-apps

For additional stories, see items 3 above in the Financial Services Sector and 25 below from the Commercial Facilities Sector

25. December 19, Softpedia – (International) AutoIt script loads new “Spark” point of sale malware into RAM. Trustwave researchers found that a recently-discovered point of sale (PoS) RAM scraper malware dubbed Spark has been distributed using AutoIt-compiled script as a loader to deliver the malware victims’ systems. Researchers found that Spark appears very similar to the Alina malware. Source: http://news.softpedia.com/news/AutoIt-Script-Loads-New-Spark-Point-of-Sale-Malware-Into-RAM-467972.shtml

Communications Sector

See item 18 below from the Emergency Services Sector

18. December 18, WSAU – (Wisconsin) 9-1-1 service interrupted by cut fiber optic line. Emergency 9-1-1 service and high speed internet service was disrupted in parts of Columbia, Juneau, Adams, and Marquette counties December 18 after a Frontier Communications fiber optic line was inadvertently cut by a third party contractor. Crews repaired the severed line and service was restored about 7 hours later. Source: http://wsau.com/news/articles/2014/dec/19/9-1-1-service-interrupted-by-cut-fiber-optic-line/

Friday, December 19, 2014



Complete DHS Report for December 19, 2014

Daily Report

Top Stories

 · About 25 families in eastern Ohio remained displaced December 17 following a natural gas leak from a fracking well that prompted houses within a 1.5-mile radius to evacuate December 13. – Columbus Dispatch

1. December 17, Columbus Dispatch – (Ohio) Families flee out-of-control natural gas leak at eastern Ohio fracking well. About 25 families in eastern Ohio remained displaced December 17 due to a natural gas leak after crews resumed operations at a temporarily plugged fracking well in Monroe County that began to flow uncontrollably, prompting the evacuation of houses within a 1.5-mile radius of the well December 13. Source: http://www.dispatch.com/content/stories/local/2014/12/17/families-flee-out-of-control-natural-gas-leak.html

· New York based cosmetics company, Avon Products Inc., agreed to pay $67 million to settle criminal and civil charges by the U.S. Securities and Exchange Commission after its China division pleaded guilty December 17 to violating the Foreign Corrupt Practices Act (FCPA). – U.S. Securities and Exchange Commission See item 5 below in the Financial Services Sector

· Ten passengers on board a New Jersey Transit bus were injured following a multi-vehicle accident involving 3 semi-trucks December 17 that shut down northbound lanes of the New Jersey Turnpike near Linden for nearly 5 hours. – NJ.com

7. December 17, NJ.com – (New Jersey) 10 injured in NJ Transit bus, tractor-trailer crash on Turnpike in Linden. A 4- vehicle collision closed several lanes of the New Jersey Turnpike outer roadway near Linden for approximately 5 hours December 17 after a semi-truck attempted to change lanes and struck the rear of a NJ Transit bus with 61 passengers on board. Ten bus passengers were transported to an area hospital with injuries. Source: http://www.nj.com/union/index.ssf/2014/12/4_seriously_injuried_in_nj_transit_bus_tractor-trailer_crash_on_turnpike_in_linden.html

· A Chicago, Illinois businessman and his wife were convicted December 17 on more than one dozen counts including conspiracy, mail fraud, and money laundering for stealing $3.4 million in grants through the Illinois Department of Public Health for personal expenses. – Associated Press

16. December 17, Associated Press – (Illinois) Couple convicted of stealing grants. A Chicago businessman and his wife were convicted December 17 on more than a dozen counts including conspiracy, mail fraud, and money laundering for stealing $3.4 million in grants through the Illinois Department of Public Health intended for AIDS awareness and other health campaigns that they instead used for personal expenses. Source: http://www.nwherald.com/2014/12/18/couple-convicted-of-stealing-grants/axewh6/

Financial Services Sector

5. December 17, U.S. Securities and Exchange Commission – (International) SEC charges Avon Products, Inc. with Fcpa violations. Avon Products Inc. agreed to pay $67 million in disgorgement and interest to settle charges filed December 17 by the U.S. Securities and Exchange Commission accusing the beauty products company of violating the Foreign Corrupt Practices Act (FCPA) by failing to put in place controls that could have detected and prevented $8 million in payments to Chinese government officials by employees and consultants at the company’s Chinese subsidiary between 2004 and 2008. Source: http://www.sec.gov/litigation/litreleases/2014/lr23159.htm

6. December 16, Richmond Times-Dispatch – (Virginia) Data compromised at Union First Market Bank. Richmond-based Union First Market Bank stated that they shut off all ATM capabilities for their customers’ debit cards after discovering skimming activities that affected over 3,000 customers’ cards. Affected customers were being contacted by the bank and issued new debit cards Source: http://www.roanoke.com/business/news/union-first-market-data-breach-affects-more-than-debit-cards/article_93a64ccc-855e-5448-8021-cd70803622f3.html

Information Technology Sector

24. December 18, Securityweek – (International) Serious vulnerabilities found in Schneider Electric’s ProClima solution. An advisory from the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) December 16 warned that five vulnerabilities in the Schneider Electrica ProClima thermal management software were identified and reported by researchers and could be remotely exploited. The software is used in industries such as manufacturing, energy, and commercial facilities and affects ProClima versions 6.0.1 and earlier. Source: http://www.securityweek.com/serious-vulnerabilities-found-schneider-electrics-proclima-solution

25. December 18, Securityweek – (International) “USBdriveby” emulates mouse and keyboard to hijack computers. A researcher demonstrated an attack method known as USBdriveby that can use a USB-based microcontroller to emulate a mouse and keyboard to run several tasks including disabling security measures, opening backdoors, and changing DNS settings due to many systems trusting USB devices by default. The researcher tested the method on an OS X device but believes that it can be used on Windows and Unix operating systems, and the source code and operations for the attack were made public. Source: http://www.securityweek.com/usbdriveby-emulates-mouse-and-keyboard-hijack-computers

26. December 18, Help Net Security – (International) ICANN systems breached via spear-phishing emails. The Internet Corporation for Assigned Names and Numbers (ICANN) stated December 16 that it was compromised via spearphishing emails during November and attackers were potentially able to access Centralized Zone Data System (CZDS) files and salted and hashed user information and credentials. ICANN deactivated all CZDS passwords as a precaution and notified all potentially affected users. Source: http://www.net-security.org/secworld.php?id=17769

27. December 18, Softpedia – (International) Syrian Electronic Army hacks website of International Business Times. Hacktivists claiming affiliation with the Syrian Electronic Army group claimed responsibility for defacing the Web site of the International Business Times December 17. Source: http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-International-Business-Times-467827.shtml

28. December 18, Help Net Security – (International) Researcher publishes JavaScript DoS tool. A researcher with WhiteHat Security published a prototype denial of service (DoS) attack script named FlashFlood written in JavaScript December 16. The code could be used by attackers in DoS attacks or to trick victims into executing the code. Source: http://www.net-security.org/secworld.php?id=17771

29. December 18, Help Net Security – (International) Ars Technica readers urged to change passwords in wake of hack. Ars Technica advised its registered readers to change their passwords as a precaution after an attacker briefly gained access to one of the site’s Web servers December 14. The site stated that the attacker may have been able to access hashed email addresses and passwords. Source: http://www.net-security.org/secworld.php?id=17768

30. December 17, Securityweek – (International) Backdoor found in Android phones manufactured by Coolpad: Research. Researchers with Palo Alto Networks reported that at least 24 models of Android devices manufactured by Coolpad contained a backdoor that could active applications, install unwanted applications, and upload device information and location data. Source: http://www.securityweek.com/backdoor-found-android-phones-manufactured-coolpad-research

31. December 17, Securityweek – (International) Xsser malware targeting iOS, Android devices. Researchers with Akamai identified a new mobile remote access trojan (mRAT) known as Xsser that is spread through phishing and man-in-the-middle (MitM) attacks and can steal credentials, execute code, and hijack browser sessions on Android and iOS devices. The researchers found that the mRAT is being used by an organized group currently targeting specific devices and software vendors, software-as-a-service (SaaS) providers, and Internet service providers mainly in Asia. Source: http://www.securityweek.com/xsser-malware-targeting-ios-android-devices

Communications Sector

32. December 18, The Register – (International) URL LOL: Delta splats web flight boarding pass snoop bug. Delta Airlines patched a security vulnerability in its paperless boarding pass system that allowed hackers to access information on unknown individuals’ flights by adjusting the URLs used to serve digital copies of boarding passes to smart phones that appear as QR codes which are scanned at the gate. Source: http://www.theregister.co.uk/2014/12/18/delta_fixes_flaw_that_allowed_hacker_pass_to_any_flight_anywhere_any_class/

33. December 17, WQAD 8 Quad Cities – (Illinois) Internet outage reported for some Mediacom Quad Cities-area customers. An equipment failure caused an Internet outage December 17 for Mediacom customers in four areas of Illinois. A Mediacom representative reported that a microchip was not functioning properly and was replaced to restore service. Source: http://wqad.com/2014/12/17/internet-outage-reported-for-some-mediacom-customers-in-milan-and-rock-island/

34. December 17, International Data Group – (National) US Agency sues Sprint for alleged unauthorized charges. The U.S. Consumer Financial Protection Bureau announced December 17 that it filed a lawsuit against Sprint for allegedly billing cellular phone customers for tens of millions of dollars in unauthorized services from third-parties. Related charges by the U.S. Federal Communications Commission are pending. Source: http://www.networkworld.com/article/2860774/us-agency-sues-sprint-for-alleged-unauthorized-charges.html

35. December 16, Scranton Times-Tribune – (Pennsylvania) WARM Radio back on the air, now with sports. WARM 590 AM Scranton returned to the air December 15 after going off air September 15 due to a failed transmitter caused by antiquated equipment. The equipment was updated and technical issues were resolved before operations were restored. Source: http://thetimes-tribune.com/news/warm-radio-back-on-the-air-now-with-sports-1.1803282