Monday, April 15, 2013
Complete DHS Daily Report for April 15, 2013
• Massachusetts police and the FBI formed a task force to find an armed serial bank robbery suspect known as the “Merrimack Valley Bandit” allegedly responsible for robbing at least seven banks since late February. – WCVB 5 Boston See item 5 below in the Banking and Finance Sector
• A 36-inch water main break in an Akron, Ohio, neighborhood April 11 flooded basements, submerged cars, caused a school to close, and threatened a commercial building, leaving stranded residents to be rescued by local firefighters. – Associated Press
19. April 12, Associated Press – (Ohio) Water main break swamps Ohio neighborhood. A 36-inch water main break in an Akron neighborhood April 11 flooded basements, submerged cars, caused a school to close, and threatened a commercial building, leaving stranded residents to be rescued by local firefighters. Source: http://www.chron.com/news/us/article/Water-main-break-swamps-Ohio-neighborhood-4429701.php
• A suburban Chicago water official pleaded guilty April 11 to engaging in a false-statement scheme that cut costs by mixing contaminated water with pricier lake water. – Associated Press
22. April 11, Associated Press – (Chicago) Official pleads guilty in Ill. tainted water case. A suburban Chicago water official, previously indicted on 23 counts of making false statements, pleaded guilty April 11 to one count of engaging in a false-statement scheme which saved his village nearly $400,000 annually by mixing contaminated water with pricier lake water. Source: http://www.bnd.com/2013/04/11/2572937/guilty-plea-expected-in-ill-tainted.html
• A cardiologist pleaded guilty April 10 to being part of a Medicare and Medicaid scheme that subjected thousands of his New York and New Jersey patients to unnecessary tests and treatments resulting in $19 million in fake bills.– Associated Press
23. April 11, Associated Press – (New York; New Jersey) NY, NJ cardiologist admits record $19M fraud. A cardiologist pleaded guilty April 10 to being part of a Medicare and Medicaid scheme that subjected thousands of his New York and New Jersey patients to unnecessary tests and treatments resulting in $19 million in fake bills. Authorities believe the scheme is the largest case of health care fraud by a practitioner in either State. Source: http://news.yahoo.com/ny-nj-area-cardiologist-admits-143038553.html
Banking and Finance Sector
4. April 11, Reuters – (California) Prosecutors, SEC charge ex-KPMG partner in insider trading scheme. Federal prosecutors and the Securities and Exchange Commission filed respective criminal and civil charges against a former senior auditor at KPMG for allegedly providing insider information to a friend who then traded stocks on the information, making over $1 million in illicit profits. Source: http://www.reuters.com/article/2013/04/11/kpmg-trading-complaint-idUSL2N0CY1CS20130411
5. April 11, WCVB 5 Boston – (Massachusetts) Manhunt on to find Merrimack Valley Bandit bank robber. Massachusetts police and the FBI formed a task force to find an armed serial bank robbery suspect known as the “Merrimack Valley Bandit” allegedly responsible for robbing at least seven banks since late February. Source: http://www.wcvb.com/news/local/boston-north/Manhunt-on-to-find-Merrimack-Valley-Bandit-bank-robber/-/11984708/19712110/-/lcvkm0/-/index.html
6. April 11, Denver Post – (Colorado) Third defendant in $12 million Colorado mortgage fraud pleads guilty. A third defendant in a $12 million mortgage fraud scheme pleaded guilty to making a false statement to a bank for his role in the fraud. Source: http://www.denverpost.com/breakingnews/ci_23005371/third-defendant-12-million-colorado-mortgage-fraud-pleads
7. April 11, IDG News Service – (International) Bitcoin exchange Mt. Gox suspends service following huge swing in trading price. Mt. Gox, the largest Bitcoin exchange service, shut down for several hours April 11 to allow the volume of trades in the virtual currency to decrease. Source: http://www.networkworld.com/news/2013/041113-bitcoin-exchange-mt-gox-suspends-268651.html
Information Technology Sector
35. April 12, SC Magazine – (International) Microsoft shelves patch, asks customers to uninstall, after error discovered. Microsoft advised users to uninstall a recent patch and ceased distribution of the update after users reported system errors caused by interaction with certain third-party software. Source: http://www.scmagazine.com/microsoft-shelves-patch-asks-customers-to-uninstall-after-error-discovered/article/288591/
36. April 11, IDG News Service – (International) Twitter OAuth feature can be abused to hijack accounts, researcher says. A researcher at Swissquote Bank presented a method where Twitter’s application programming interface (API) could potentially be misused to send Twitter access tokens to attackers for use in social engineering attacks. Source: http://www.networkworld.com/news/2013/041113-twitter-oauth-feature-can-be-268646.html
37. April 11, The Register – (International) Rotten spam causing more infections than ever - study. A report by AV-Test found that spam emails contain an increasing number and variety of malware attachments or links, among other findings. Source: http://www.theregister.co.uk/2013/04/11/spam_more_dangerous_than_ever/
38. April 11, The H – (International) Hole in Apache/NGINX mod_security firewall. The latest version of Apache/NGINX security module mod_security addresses a security vulnerability in the XML parser of past versions. Source: http://www.h-online.com/security/news/item/Hole-in-Apache-NGINX-mod-security-firewall-1840500.html
39. April 11, Threatpost – (International) Linksys Smart Wi-Fi safe from home routers flaws; Classic configuration vulnerable. Cisco issued a clarification stating that its EA2700 routers are safe from recently discovered vulnerabilities if they are running the Smart Wi-Fi firmware, but that EA2700 running on the classic configuration remain vulnerable. Source: http://threatpost.com/en_us/blogs/linksys-smart-wi-fi-safe-home-router-flaws-classic-configuration-vulnerable-041113
Nothing to report.
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.