Complete DHS Daily Report for December 12, 2013
Daily Report
• The Depository Trust & Clearing
Corporation (DTCC) confirmed after an individual reported that the DTCC
mistakenly emailed him around 20,000 automated emails that contained sensitive
information for financial services customers. – The Register See item
6 below in the Financial Services
Sector
• Federal authorities arrested 23 Chinese
nationals living in New York City December 10 for allegedly running a $2
million payment card fraud scheme to obtain more than 1,000 account numbers
across several States. – New York Post See item 11 below in
the Financial Services Sector
• Officials notified 2.4 million current and
former Maricopa County Community College District students and employees that
their personal information was exposed after the Arizona district’s computer
system was hacked. – Arizona Daily Independent
25.
December 6, Arizona Daily Independent – (Arizona) 2.4 million
Maricopa County Community College employees, students exposed. Officials
notified 2.4 million current and former Maricopa County Community College
District students and employees that their personal information was exposed
after the district’s computer system was hacked. The FBI notified the district
after it found a Web site offering the data for sale which includes Social
Security numbers and bank account information. Source: http://www.arizonadailyindependent.com/2013/12/06/2-4-million-maricopa-county-community-college-employees-students-exposed/
• Federal authorities arrested 16 of the 18
current and former Los Angeles County sheriff’s deputies who were charged
December 9 with engaging in corruption and civil rights violations in the jail
system. – Associated Press
26.
December 10, Associated Press – (California) 18 LA sheriff’s deputies
face US charges. Federal authorities arrested 16 of the 18 current and
former Los Angeles County sheriff’s deputies who were charged December 9 with
engaging in corruption and civil rights violations including beating inmates
and visitors, falsifying reports, and attempting to block an FBI investigation
of the jail system. Source:
http://news.msn.com/crime-justice/18-la-sheriffs-deputies-face-us-charges
Details
Financial Services Sector
6. December 11, The
Register – (International) Quadrillion-dollar finance house spam Reg
reader with bankers’ private data. An individual reported that the
Depository Trust & Clearing Corporation (DTCC) mistakenly emailed him
around 20,000 automated emails that contained sensitive information including
session IDs, transfers, and account details for financial services customers.
DTCC confirmed that the issue was inadvertently caused by human error and
limited to the individual who reported it. Source: http://www.theregister.co.uk/2013/12/11/quadrillionaire_finance_house_spams_iregi_reader_with_clients_data/
7. December 11, Softpedia
– (International) Researchers spot 64-bit version of ZeuS malware. Researchers
at Kaspersky identified a 64-bit version of the Zeus banking trojan which now
includes the ability to communicate with command and control servers over The
Onion Router (TOR) network. Source: http://news.softpedia.com/news/Researchers-Spot-64-Bit-Version-of-ZeuS-Malware-408148.shtml
8. December 11, Boston
Globe – (National) Conventioneers’ credit card data stolen in Boston. Around
300 attendees at two conventions at the Boston Convention & Exhibition
Center in Massachusetts reported fraudulent or attempted fraudulent
transactions on their payment cards in several States and abroad. Local, State,
and federal authorities were notified, and it was unclear where or how the payment
card information was stolen. Source: http://www.bostonglobe.com/business/2013/12/11/data-breach-hits-city-convention-visitors/hkCpq5vW6w71gw6ewgHU2J/story.html
9. December
11, Softpedia – (California) LA Gay & Lesbian Center hacked, credit
cards and SSNs possibly compromised. The Los Angeles Gay & Lesbian
Center notified 59,000 individuals that a targeted attack compromised the
organization’s systems and may have exposed personal and financial information,
including payment card details, medical or health care information, Social
Security numbers, and contact information. Source: http://news.softpedia.com/news/LA-Gay-Lesbian-Center-Hacked-Credit-Cards-and-SSNs-Possibly-Compromised-408233.shtml
10. December
10, Associated Press – (New York) Feds: Former NY soccer official ran
Ponzi scheme. A Dix Hills man was charged and pleaded not guilty to
allegedly running a Ponzi scheme that defrauded investors of more than $5
million between 2006 and 2013 by purporting to invest funds in financing a
Shinnecock Indian tobacco shop and a credit card processing venture. Source: http://www.sfgate.com/news/crime/article/NY-soccer-club-official-accused-in-Ponzi-scheme-5051440.php
11. December
10, New York Post – (National) Chinese immigrants busted in $2M credit
fraud scheme. Federal authorities arrested 23 Chinese nationals living in
New York City December 10 for allegedly running a $2 million payment card fraud
scheme that used computer intrusions and underweb marketplaces to obtain more
than 1,000 account numbers. The suspects then allegedly recruited “shoppers” to
make fraudulent purchases in several States. Source: http://nypost.com/2013/12/10/chinese-immigrants-busted-in-2m-credit-fraud-scheme/
12. December
10, Maple Leaf Life – (Washington) Police seek “cyborg bandit” who
robbed Northgate bank, at least five others. The FBI announced a reward for
information relating to a suspect known as the “Cyborg Bandit,” responsible for
at least five bank robberies in the Seattle area. The most recent robbery tied
to the suspect occurred December 4 at a Sterling Bank branch in Seattle.
Source: http://www.mapleleaflife.com/2013/12/10/police-seek-cyborg-bandit-who-robbed-northgate-bank-at-least-five-others/
Information Technology Sector
28. December 11,
Softpedia – (International) Flash Player vulnerabilities patched by
Adobe. Adobe released patches for its Flash Player closing two security
vulnerabilities. Source: http://news.softpedia.com/news/Flash-Player-Vulnerabilities-Patched-by-Adobe-408035.shtml
29. December 11,
Softpedia – (International) Newly patched Office 365 vulnerability used
in “Ice Dagger” targeted attacks. Researchers at Adallom identified a
sophisticated targeted attack using a recently-patched vulnerability in
Microsoft Office 365 dubbed “Ice Dagger” that can allow an attacker to gain
access to a target’s private Office 365 authentication token and use it to
access the target organization’s SharePoint Online site and modify or download
content covertly. Source: http://news.softpedia.com/news/Newly-Patched-Office-365-Vulnerability-Used-in-Ice-Dagger-Targeted-Attacks-Video-408052.shtml
30. December 11,
Softpedia – (International) Hackers can launch MitM attacks on apps
bundled with Widdit advertising SDK. Bitdefender researchers analyzed an
Android advertising framework called Widdit and found that the advertising software
development kit (SDK) can leave users vulnerable to man in the middle (MitM)
attacks. Source: http://news.softpedia.com/news/Hackers-Can-Launch-MITM-Attacks-on-Apps-Bundled-with-Widdit-Advertising-SDK-408173.shtml
31. December 11,
Softpedia– (International) Experts identify 164 fraudulent domains
similar to the ones of antivirus vendors. A study by High-Tech Bridge found
946 domain names similar to those of antivirus companies, with 164 containing
phishing Web sites, advertising sites, or sites selling suspicious products and
services. Source: http://news.softpedia.com/news/Experts-Identify-164-Fraudulent-Domains-Similar-to-the-Ones-of-Antivirus-Vendors-407973.shtml
32. December 10, Help
Net Security – (International) Microsoft fixes 24 vulnerabilities. Microsoft
released its monthly Patch Tuesday round of updates December 10, addressing 24
vulnerabilities for a variety of products, including five advisories with
critical ratings. Source: http://www.net-security.org/secworld.php?id=16084
33. December 10,
Threatpost – (International) Firefox 26 makes Java plugins
click-to-play, fixes 14 security flaws. Mozilla released the newest version
of its Firefox browser, closing 14 security issues and adding new features.
Source: http://threatpost.com/firefox-26-makes-java-plugins-click-to-play-fixes-14-security-flaws/103146
34. December 10, IDG
News Service – (International) Disqus scrambles after leak fuels Swedish
tabloid expose. Disqus began updating its comments platform after a Swedish
tabloid was able to obtain the email addresses of several users by using the
Disqus API and the third-party service Gravatar. Source: http://www.computerworld.com/s/article/9244701/Disqus_scrambles_after_leak_fuels_Swedish_tabloid_expose
For another story, see item 7 above in the Financial Services Sector
Communications Sector
Nothing to
report
No comments:
Post a Comment