Complete DHS Daily Report for December 13, 2013
Daily Report
• An inspector general report revealed that
the U.S. Department of Energy failed to address suspected cyber-security
weaknesses before a July hacking incident that compromised the private
information of 104,000 employees. – Washington Post
1.
December
11, Washington Post – (National) DOE was aware of security issues that
exposed employees to hackers. The U.S. Department of Energy’s (DOE)
inspector general released a report December 11 stating that the DOE failed to
address suspected cyber-security weaknesses before a July hacking incident that
compromised the private information of 104,000 employees, their dependents, and
contractors. The report also found several other discrepancies with the
department’s security controls and safety standards. Source: http://www.washingtonpost.com/blogs/federal-eye/wp/2013/12/11/doe-was-aware-of-security-weaknesses-that-led-to-hacking-report-says/
• The Federal Motor Carrier Safety
Administration shut down 52 bus companies December in a nationwide crackdown on
unsafe motor coach companies. – Associated Press
10.
December 12, Associated Press – (National) Feds shut 52 unsafe bus
companies. The Federal Motor Carrier Safety Administration announced the
shutdown of 52 bus companies December 12 in a nationwide crackdown on motor
coach companies with poor safety records, including lines whose drivers had
suspended licenses or worked routes of more than 800 miles without rest.
Source: http://abcnews.go.com/US/wireStory/ap-exclusive-feds-shut-52-unsafe-bus-companies-21188061
• Nearly 840,000 Horizon Blue Cross Blue
Shield members’ personal identifiable information was compromised after two
laptops were stolen in New Jersey. – WCBS 2 New York City
26.
December 10, WCBS 2 New York City – (National) Personal information
at risk after laptops stolen from N.J. health insurance company. New
Jersey-based Horizon Blue Cross Blue Shield notified nearly 840,000 of its
members after two password-protected, but unencrypted laptops were stolen from
its Newark headquarters that potentially contained member’s personal
information, including Social Security numbers and clinical information.
Source: http://newyork.cbslocal.com/2013/12/10/personal-information-at-risk-after-laptops-stolen-from-n-j-health-insurance-company/?hpt=ju_bn4
• Yahoo Mail experienced an outage due to a
hardware problem the left some users unable to login for multiple days. – IDG
News Service
See
item 37 below in the Information
Technology Sector
Details
Financial Services Sector
5. December 12,
Softpedia – (International) Cybercriminals trick unsuspecting U.S. users
into delivering goods to Russia. Researchers at Trend Micro monitored a
cybercrime ring that recruits and uses individuals as mules in the U.S. to
launder stolen money by sending them items bought with stolen payment card
information and then having the mules ship the items on to Russia or Ukraine.
Some items sent in this way are subject to export restrictions. Source: http://news.softpedia.com/news/Cybercriminals-Trick-Unsuspecting-US-Users-into-Delivering-Goods-to-Russia-408711.shtml
6. December 12, U.S.
Securities and Exchange Commission – (International) SEC charges
London-based hedge fund advisor and U.S.-based holding company for internal
control failures. GLG Partners L.P. and its former holding company GLG
Partners Inc., agreed to pay the U.S. Securities and Exchange Commission almost
$9 million to settle charges that the company failed to have adequate internal
controls, resulting in the overvaluation of a fund’s assets and inflated
revenues from fees for the company. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370540491613
7. December 11, Inland
Valley Daily Bulletin – (California) Redlands police arrest man in
Button-Down Bandit bank robberies. Police in Redlands December 11 arrested
a man believed to be the “Button-Down Bandit”, a suspect linked to six bank
robberies in the area. Source: http://www.redlandsdailyfacts.com/general-news/20131211/redlands-police-arrest-man-in-button-down-bandit-bank-robberies
For
additional stories, see items 35, and 36 below in the Information Technology Sector
Information Technology Sector
34.
December 12, Help Net Security – (International) Facebook users hit
with phishing and malware combo attack. SANS ISC researchers reported a
phishing and malware delivery campaign targeting Facebook users. The campaign
uses a malicious Tumblr link contained in a phishing message that directs users
to a phishing page and then to a fake Youtube page that prompts the user to
install a trojan disguised as an update. Source: http://www.net-security.org/malware_news.php?id=2650
35.
December 12, Softpedia – (International) App that claims to notify
users of Bitcoin market changes hides RAT. A researcher at Arbor Networks
identified a malicious app named BitCoin Alarm that purports to offer users
market information on Bitcoins but in fact contains a remote access trojan
(RAT) called NetWiredRC designed to harvest login information. Source: http://news.softpedia.com/news/App-That-Claims-to-Notify-Users-of-Bitcoin-Market-Changes-Hides-RAT-408736.shtml
36.
December 11, Dark Reading – (International) Cybercriminals now
enlisting database cloud services. Researchers at Imperva discovered a new
botnet used for stealing online banking credentials that uses cloud-based MSSQL
databases for command and control functions and data storage. The malware
infected at least 370 systems in 5 days and could potentially be used to attack
databases directly. Source: http://www.darkreading.com/attacks-breaches/cybercriminals-now-elisting-database-clo/240164662
37.
December 11, IDG News Service – (International) Yahoo Mail still down
for some users, after an attempted fix. Yahoo Mail experienced an outage
beginning December 10 due to a hardware problem at one of Yahoo’s mail data
centers. Some users continued to be unable to login December 11. Source: http://www.networkworld.com/news/2013/121113-yahoo-mail-still-down-for-276846.html
38.
December 11, IDG News Service – (International) Nvidia exploit could
turn render farms into password crackers, Bitcoin miners, researchers claim. Researchers
at ReVuln identified a vulnerability in Nvidia’s Mental Ray 3D version 3.11.10
rendering software, which could allow an attacker to inject a malicious remote
library into a target system and gain control over rendering machines or render
farms. The compromised machines could then be used for GPU-intensive tasks such
as password cracking and Bitcoin mining. Source: http://www.networkworld.com/news/2013/121113-nvidia-exploit-could-turn-render-276830.html
Communications Sector
For
another story, see item 31 below:
31.
December 11, CTNews.com – (Connecticut) Fire puts radio station off
the air at UB. A December 11 roof fire at the University of Bridgeport’s
John J. Cox Student Center prompted the building’s evacuation and closure while
crews suppressed and investigated the blaze. A campus radio station, WPKN 89.5
FM Bridgeport, went off-air until December 12 due to the fire. Source: http://blog.ctnews.com/connecticutpostings/2013/12/11/fire-puts-radio-station-off-the-air-at-ub/#18818101=0
No comments:
Post a Comment