Thursday, December 12, 2013



Complete DHS Daily Report for December 12, 2013

Daily Report

 • The Depository Trust & Clearing Corporation (DTCC) confirmed after an individual reported that the DTCC mistakenly emailed him around 20,000 automated emails that contained sensitive information for financial services customers. – The Register See item 6 below in the Financial Services Sector

 • Federal authorities arrested 23 Chinese nationals living in New York City December 10 for allegedly running a $2 million payment card fraud scheme to obtain more than 1,000 account numbers across several States. – New York Post See item 11 below in the Financial Services Sector

 • Officials notified 2.4 million current and former Maricopa County Community College District students and employees that their personal information was exposed after the Arizona district’s computer system was hacked. – Arizona Daily Independent

25. December 6, Arizona Daily Independent – (Arizona) 2.4 million Maricopa County Community College employees, students exposed. Officials notified 2.4 million current and former Maricopa County Community College District students and employees that their personal information was exposed after the district’s computer system was hacked. The FBI notified the district after it found a Web site offering the data for sale which includes Social Security numbers and bank account information. Source: http://www.arizonadailyindependent.com/2013/12/06/2-4-million-maricopa-county-community-college-employees-students-exposed/

 • Federal authorities arrested 16 of the 18 current and former Los Angeles County sheriff’s deputies who were charged December 9 with engaging in corruption and civil rights violations in the jail system. – Associated Press

26. December 10, Associated Press – (California) 18 LA sheriff’s deputies face US charges. Federal authorities arrested 16 of the 18 current and former Los Angeles County sheriff’s deputies who were charged December 9 with engaging in corruption and civil rights violations including beating inmates and visitors, falsifying reports, and attempting to block an FBI investigation of the jail system. Source: http://news.msn.com/crime-justice/18-la-sheriffs-deputies-face-us-charges

Details

Financial Services Sector

6. December 11, The Register – (International) Quadrillion-dollar finance house spam Reg reader with bankers’ private data. An individual reported that the Depository Trust & Clearing Corporation (DTCC) mistakenly emailed him around 20,000 automated emails that contained sensitive information including session IDs, transfers, and account details for financial services customers. DTCC confirmed that the issue was inadvertently caused by human error and limited to the individual who reported it. Source: http://www.theregister.co.uk/2013/12/11/quadrillionaire_finance_house_spams_iregi_reader_with_clients_data/

7. December 11, Softpedia – (International) Researchers spot 64-bit version of ZeuS malware. Researchers at Kaspersky identified a 64-bit version of the Zeus banking trojan which now includes the ability to communicate with command and control servers over The Onion Router (TOR) network. Source: http://news.softpedia.com/news/Researchers-Spot-64-Bit-Version-of-ZeuS-Malware-408148.shtml

8. December 11, Boston Globe – (National) Conventioneers’ credit card data stolen in Boston. Around 300 attendees at two conventions at the Boston Convention & Exhibition Center in Massachusetts reported fraudulent or attempted fraudulent transactions on their payment cards in several States and abroad. Local, State, and federal authorities were notified, and it was unclear where or how the payment card information was stolen. Source: http://www.bostonglobe.com/business/2013/12/11/data-breach-hits-city-convention-visitors/hkCpq5vW6w71gw6ewgHU2J/story.html

9. December 11, Softpedia – (California) LA Gay & Lesbian Center hacked, credit cards and SSNs possibly compromised. The Los Angeles Gay & Lesbian Center notified 59,000 individuals that a targeted attack compromised the organization’s systems and may have exposed personal and financial information, including payment card details, medical or health care information, Social Security numbers, and contact information. Source: http://news.softpedia.com/news/LA-Gay-Lesbian-Center-Hacked-Credit-Cards-and-SSNs-Possibly-Compromised-408233.shtml

10. December 10, Associated Press – (New York) Feds: Former NY soccer official ran Ponzi scheme. A Dix Hills man was charged and pleaded not guilty to allegedly running a Ponzi scheme that defrauded investors of more than $5 million between 2006 and 2013 by purporting to invest funds in financing a Shinnecock Indian tobacco shop and a credit card processing venture. Source: http://www.sfgate.com/news/crime/article/NY-soccer-club-official-accused-in-Ponzi-scheme-5051440.php

11. December 10, New York Post – (National) Chinese immigrants busted in $2M credit fraud scheme. Federal authorities arrested 23 Chinese nationals living in New York City December 10 for allegedly running a $2 million payment card fraud scheme that used computer intrusions and underweb marketplaces to obtain more than 1,000 account numbers. The suspects then allegedly recruited “shoppers” to make fraudulent purchases in several States. Source: http://nypost.com/2013/12/10/chinese-immigrants-busted-in-2m-credit-fraud-scheme/

12. December 10, Maple Leaf Life – (Washington) Police seek “cyborg bandit” who robbed Northgate bank, at least five others. The FBI announced a reward for information relating to a suspect known as the “Cyborg Bandit,” responsible for at least five bank robberies in the Seattle area. The most recent robbery tied to the suspect occurred December 4 at a Sterling Bank branch in Seattle. Source: http://www.mapleleaflife.com/2013/12/10/police-seek-cyborg-bandit-who-robbed-northgate-bank-at-least-five-others/

Information Technology Sector

28. December 11, Softpedia – (International) Flash Player vulnerabilities patched by Adobe. Adobe released patches for its Flash Player closing two security vulnerabilities. Source: http://news.softpedia.com/news/Flash-Player-Vulnerabilities-Patched-by-Adobe-408035.shtml

29. December 11, Softpedia – (International) Newly patched Office 365 vulnerability used in “Ice Dagger” targeted attacks. Researchers at Adallom identified a sophisticated targeted attack using a recently-patched vulnerability in Microsoft Office 365 dubbed “Ice Dagger” that can allow an attacker to gain access to a target’s private Office 365 authentication token and use it to access the target organization’s SharePoint Online site and modify or download content covertly. Source: http://news.softpedia.com/news/Newly-Patched-Office-365-Vulnerability-Used-in-Ice-Dagger-Targeted-Attacks-Video-408052.shtml

30. December 11, Softpedia – (International) Hackers can launch MitM attacks on apps bundled with Widdit advertising SDK. Bitdefender researchers analyzed an Android advertising framework called Widdit and found that the advertising software development kit (SDK) can leave users vulnerable to man in the middle (MitM) attacks. Source: http://news.softpedia.com/news/Hackers-Can-Launch-MITM-Attacks-on-Apps-Bundled-with-Widdit-Advertising-SDK-408173.shtml

31. December 11, Softpedia– (International) Experts identify 164 fraudulent domains similar to the ones of antivirus vendors. A study by High-Tech Bridge found 946 domain names similar to those of antivirus companies, with 164 containing phishing Web sites, advertising sites, or sites selling suspicious products and services. Source: http://news.softpedia.com/news/Experts-Identify-164-Fraudulent-Domains-Similar-to-the-Ones-of-Antivirus-Vendors-407973.shtml

32. December 10, Help Net Security – (International) Microsoft fixes 24 vulnerabilities. Microsoft released its monthly Patch Tuesday round of updates December 10, addressing 24 vulnerabilities for a variety of products, including five advisories with critical ratings. Source: http://www.net-security.org/secworld.php?id=16084

33. December 10, Threatpost – (International) Firefox 26 makes Java plugins click-to-play, fixes 14 security flaws. Mozilla released the newest version of its Firefox browser, closing 14 security issues and adding new features. Source: http://threatpost.com/firefox-26-makes-java-plugins-click-to-play-fixes-14-security-flaws/103146

34. December 10, IDG News Service – (International) Disqus scrambles after leak fuels Swedish tabloid expose. Disqus began updating its comments platform after a Swedish tabloid was able to obtain the email addresses of several users by using the Disqus API and the third-party service Gravatar. Source: http://www.computerworld.com/s/article/9244701/Disqus_scrambles_after_leak_fuels_Swedish_tabloid_expose

For another story, see item 7 above in the Financial Services Sector

Communications Sector

Nothing to report