Complete DHS Daily Report for November 15, 2013
Daily Report
Top Stories
• Some card readers at 60 Chicago Transit
Authority train stations failed for about 15 to 90 minutes due to a server
malfunction that resulted in 15,000 free rides for commuters before the problem
was fixed. – Chicago Tribune
10.
November 14, Chicago Tribune –
(Chicago) Ventra outage hits 60 CTA stations, results in 15,000 free rides. Some
Ventra card readers at 60 Chicago Transit Authority train stations failed for
about 15 to 90 minutes due to a back-office server malfunction that resulted in
15,000 free rides for commuters before the problem was fixed November 13.
Source: http://www.chicagotribune.com/news/local/breaking/chi-ventra-outage-hits-60-cta-stations-results-in-15000-20131113,0,1001325.story
• Four Marines were killed during a routine
sweep to make a range safe for future training exercises at California’s Camp
Pendleton while they were clearing unexploded ordnance. – Associated Press
20.
November 14, Associated Press –
(California) 4 Marines die during safety sweep at Calif. base. Four
Marines were killed during a routine sweep to make a range safe for future
training exercises at California’s Camp Pendleton while they were clearing
unexploded ordnance. Source: http://news.msn.com/us/4-marines-die-during-safety-sweep-at-calif-base
• A former student was arrested after he
ambushed, shot, and wounded three students outside the Brashear High School in
Pittsburgh. – Pittsburgh Tribune-Review
21.
November 14, Pittsburgh Tribune-Review –
(Pennsylvania) 3 students shot outside Brashear High School. A former
Brashear High School student was arrested November 13 after he ambushed, shot,
and wounded three students outside the Pittsburgh school in what officials
believe was a drug-related incident. Source: http://triblive.com/news/adminpage/5063971-74/brashear-police-avenue
• Two teams competing in the PacSec 2013
Pwn2Own competition demonstrated methods to compromise security and steal
personal information from popular smartphones. – The Register See item 30 below in the Information Technology Sector
Details
Financial Services Sector
5. November
14, Krebs on Security – (California) Feds charge Calif. brothers
in cyberheists. Federal authorities arrested and charged two brothers in
Fresno with allegedly stealing millions of dollars by stealing login
credentials of brokerage accounts with Fidelity Investments, setting up
fraudulent automated clearing house links between victim accounts and accounts
they controlled, and then using prepaid debit cards from those accounts to
purchase money orders that were deposited into other accounts for cash
withdrawals. Source: http://krebsonsecurity.com/2013/11/feds-charge-calif-brothers-in-cyberheists/
6. November
14, Tampa Bay Business Journal – (Florida) FDIC lawsuit
alleges ‘high-risk gamble’ by directors of failed Progress Bank. The
Federal Deposit Insurance Corporation (FDIC) filed a lawsuit against three
former directors of the failed Progress Bank of Florida seeking $6.3 million in
damages, accusing the directors of gross negligence and breach of fiduciary
duties. The bank’s 2010 failure cost the FDIC’s Deposit Insurance Fund $46.8
million. Source: http://www.bizjournals.com/tampabay/blog/morning-edition/2013/11/fdic-lawsuit-alleges-high-risk.html?page=all
7. November
13, Sioux City Journal – (National) Police: Storm Lake man had
350 fake credit, gift cards. Police arrested a Storm Lake, Iowa man
November 13 and charged him with allegedly running a nationwide credit card
fraud scheme. A search of the man’s residence yielded 350 fraudulent payment
cards, a card re-encoder, and retail information from around the country.
Source: http://siouxcityjournal.com/news/local/police-storm-lake-man-had-fake-credit-gift-cards/article_db705924-4d06-5584-90b0-e217632ffbdd.html
8. November
13, U.S. Attorney’s Office, Eastern District of New York –
(National) Two indicted in $15 million investment fraud scheme that
victimized National Hockey League players and Long Island investors. Two
men were arrested in Arizona and charged in New York City with allegedly
running a $15 million investment scheme involving fraudulent schemes in several
States that targeted National Hockey League players and investors in Long Island,
New York. Source: http://www.fbi.gov/newyork/press-releases/2013/two-indicted-in-15-million-investment-fraud-scheme-that-victimized-national-national-hockey-league-players-and-long-island-investors
9. November
13, Reuters – (New Jersey) High school pals plead guilty in NJ insider
trading scheme. Two men in New Jersey pleaded guilty to their roles in an
insider trading scheme that took place over 5 years and generated more than
$1.7 million in illegal profits based. The men were the last of six men charged
in November 2012 to plead guilty. Source: http://www.reuters.com/article/2013/11/13/crime-insidertrading-highschoolpals-plea-idUSL2N0IY1QW20131113
Information Technology Sector
28. November
14, Help Net Security – (International) Sinowal and Zbot trojan
collaborate in new attack. Researchers at Trend Micro observed a variant of
the ZeuS/Zbot trojan working in collaboration with a new Sinowal trojan to
attempt to make ZeuS’s job easier by disabling the Trusteer Rapport security
software. The two trojans are dropped by the Andromeda backdoor attached to
malicious emails. Source: http://www.net-security.org/malware_news.php?id=2626
29. November
14, Softpedia – (International) MacRumors hacker says he will not leak the
860,000 passwords he stole. The MacRumors forums were hacked and 860,000
users’ usernames, emails, and password hashes were compromised, MacRumors
confirmed November 12. However, the hacker who took credit for the breach
claimed that they would not reveal the information. Source: http://news.softpedia.com/news/MacRumors-Hacker-Says-He-Will-Not-Leak-the-860-000-Passwords-He-Stole-400064.shtml
30. November
14, The Register – (International) Pwn2Own crackers leave iOS and Samsung mobe
security IN RUINS. Two teams competing in the PacSec 2013 Pwn2Own
competition demonstrated methods to compromise security and steal personal
information from a Samsung Galaxy S4 running Android and an Apple device
running iOS version 7.0.3 and iOS 6.1.4. Source: http://www.theregister.co.uk/2013/11/14/pwn2own_crackers_leave_ios_and_samsung_handsets_wide_open/
31. November
14, Softpedia – (International) Cybercriminals use new Linux backdoor to
steal information from companies. Symantec researchers identified a
cybercriminal operation that carried out an attack against a large hosting
provider using a new Linux backdoor, dubbed Linux.Fokirtor that was able to
gain access to usernames, passwords, emails, and possibly financial
information. The backdoor hides inside server processes that could give the
attack away and prompt security reviews. Source: http://news.softpedia.com/news/Cybercriminals-Use-New-Linux-Backdoor-to-Steal-Information-from-Companies-400203.shtml
32. November
14, Softpedia – (International) Remote code execution vulnerability fixed in
BlackBerry Link. BlackBerry closed remote code execution and local
privilege elevation vulnerabilities in its BlackBerry Link for Windows and Mac
OS in a recent software update. Source: http://news.softpedia.com/news/Remote-Code-Execution-Vulnerability-Fixed-in-BlackBerry-Link-400167.shtml
33. November
14, Washington Post – (International) LivingSocial back online after Web site
outage. An unspecified internal error caused LivingSocial’s Web site and
mobile app to be inoperable for around 2 days starting November 12. The site
and app were returned to service November 14. Source: http://www.washingtonpost.com/business/capitalbusiness/livingsocial-outage-continues-into-second-day/2013/11/13/ac6266c2-4c78-11e3-be6b-d3d28122e6d4_story.html
34. November
13, Softpedia – (International) At least 100,000 Instagram users fall victim
to InstLike scam. Symantec researchers found that at least 100,000
Instagram users may have fallen victim for a scam service called InstLike that
promised ‘likes’ and followers in return for providing Instagram login
credentials and for buying virtual coins. The app was available in Google’s
Play store and Apple’s App Store for several months and was downloaded between
100,000 and 500,000 times in the former. Source: http://news.softpedia.com/news/At-Least-100-000-Instagram-Users-Fall-Victim-to-InstLike-Scam-399959.shtml
35. November
13, SC Magazine – (International) Popular humor site hosted Nuclear Pack
exploit kit. Barracuda Labs researchers found that popular humor site
Cracked.com was compromised as of November 10 in order to host the Nuclear Pack
exploit kit. Exploits were then served to visitors through a malicious
Javascript targeting vulnerable versions of Java and Adobe Flash and PDF
software. Source: http://www.scmagazine.com//popular-humor-site-hosted-nuclear-pack-exploit-kit/article/320833/
Communications Sector
36.
November 14, Kansas City Star –
(Kansas; Missouri; Oklahoma) Sprint: Service restored to disrupted markets. The
source of a Sprint service outage that knocked out service to the Internet,
text message exchanges, and the ability to make calls in Kansas City, St.
Louis, and Oklahoma City was identified and service restored after more than 5
hours November 14. Source: http://www.kansascity.com/2013/11/14/4620837/sprint-network-down-in-kansas.html
37.
November 12, U.S. Department of Labor –
(New York) US Labor Department reaches settlement agreement with Verizon New
York Inc. to increase training, safeguards for field technicians. The U.S.
Department of Labor’s Occupational Safety and Health Administration reached a
settlement with Verizon New York Inc., that included a fine of $147,000 and
requirements to provide enhanced electrical safety training and other
safeguards for field technicians, stemming from citations issued in March 2012
in connection with a fatal electrocution of an employee in September 2011 in
Brooklyn. Source: https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=NEWS_RELEASES&p_id=25071
For
additional stories, see items 30 and 33 above
in the Information Technology Sector