Complete DHS Report for April 16, 2014
Daily Report
Details
• The head of the Idaho-based DBSI Inc., real
estate investment firm and three others were found guilty April 14 on federal
wire and securities fraud charges over a scheme which cost investors at least
$169 million. – Minneapolis Star Tribune See item 6 below in the Financial Services Sector
• Police responded to several multi-vehicle
accidents on various highways in the Milwaukee area April 14 due to ice and
blowing snow, including one crash involving two semi-trucks and two school
buses. – WDJT 58 Milwaukee
8. April 15, WDJT 58
Milwaukee –
(Wisconsin) Multiple cars slide into semi near Miller Park, dozens of other
crashes Monday into Tuesday. Northbound lanes of U.S. 45 in Wauwatosa were
closed for 5 hours April 14 while police responded to several multi-vehicle accidents,
including an accident involving 2 semi-trucks and 2 school buses. All lanes of
Interstate 94 in Waukesha County were also closed for 2 hours due to blowing
snow and icy conditions that caused a crash involving 7 vehicles. Source: http://www.cbs58.com/news/local-news/Icy-roads-lead-to-several-multi-vehicle-crashes-on-area-highways-overnight-255290721.html
• A spill April 11 at a wastewater treatment
plant while crews were installing a lift station released an estimated 17,000
gallons of untreated sewage into the Mississippi River at LeClaire, Iowa. – WQAD
8 Moline
16.
April 14, WQAD 8 Moline – (Iowa) 17,000
gallons of raw sewage released at LeClaire. An April 11 spill that occurred
at a wastewater treatment plant while crews were installing a lift station
released an estimated 17,000 gallons of untreated sewage into the Mississippi
River at LeClaire, Iowa. Source: http://wqad.com/2014/04/14/17000-gallons-of-raw-sewage-released-at-leclaire/
• Five people were convicted in a scam in the
Bryan, Texas area that used individuals allegedly injured in car accidents to
submit $3 million worth of false billing claims, causing $1.2 million in
losses. – Bryan-College Station Eagle (See item 17)
17.
April 15, Bryan-College Station Eagle –
(Texas) Former chiropractor, co-defendant sentenced in insurance fraud
scheme. A former Bryan, Texas chiropractor and a co-defendant were among
five people convicted for their roles in a scheme to submit $3 million worth of
false billing claims, of which insurance companies paid at least $1.2 million.
Four chiropractic clinics and a law firm were used in the scam to recommend
patients who had allegedly been injured in auto accidents to receive
unnecessary treatment in order to falsely bill the auto insurance companies and
force them into settling claims. Source: http://www.theeagle.com/news/local/former-chiropractor-co-defendent-sentenced-in-insurance-fraud-scheme/article_581e53a5-9b0c-51ba-919e-a4b4f491d01c.html
Financial Services Sector
5. April
15, Softpedia – (International) RCE, information disclosure and
XSS flaws found in PayPal Partner Program. A security researcher identified
and reported a cross-site scripting (XSS) issue and an information disclosure
issue that could be leveraged for remote code execution in the PayPal Partner
Program’s payment processor Web site. The issues were later closed by PayPal.
Source: http://news.softpedia.com/news/RCE-Information-Disclosure-and-XSS-Flaws-Found-in-PayPal-Partner-Program-Video-437634.shtml
6. April
14, Minneapolis Star Tribune – (National) Idaho investment
executive convicted on 78 fraud counts. The head of the Idaho-based DBSI
Inc., real estate investment firm and three others were found guilty April 14
on federal wire and securities fraud charges for falsely advertising investments,
which cost 8,000 investors at least $169 million. Source: http://www.startribune.com/business/255261931.html
7. April
14, Glendale News-Press – (California) Man accused of bank fraud,
stealing 99 Cents Only store customer identities. A Glendale man and two
others face charges for allegedly obtaining and distributing payment card
skimming devices and placing them at several 99 Cents Only stores in southern
California, causing losses of over $2 million. Source: http://www.glendalenewspress.com/news/tn-gnp-man-accused-of-bank-fraud-stealing-99-cents-only-store-customer-identities-20140414,0,4613407.story
Information Technology Sector
24. April
15, Softpedia – (International) Expert finds SQL injection, RCE
vulnerabilities in Flickr Photo Books. A security researcher identified and
reported a SQL injection vulnerability and a remote code execution
vulnerability in Flickr’s Photo Books Web site that could allow an attacker to
gain access to Flickr’s databases. Yahoo closed the vulnerabilities after a
second report by the researcher. Source: http://news.softpedia.com/news/Expert-Finds-SQL-Injection-RCE-Vulnerabilities-in-Flickr-Photo-Books-Video-437724.shtml
25. April
15, Help Net Security – (International) Hardware manufacturer
LaCie suffered year-long data breach. Computer storage manufacturer LaCie
stated that the FBI informed the company of a data breach where malware was
used to gain access to customer transactions carried out on the company’s Web
site. LaCie temporarily disabled the e-commerce portion of its Web site and
will be resetting users’ passwords in response. Source: http://www.net-security.org/secworld.php?id=16693
26. April
15, Help Net Security – (International) Heartbleed: VMware starts
delivering patches. VMware announced that it began issuing patches for its
products affected by the Heartbleed OpenSSL vulnerability, with patches for all
affected products expected by April 19. Source: http://www.net-security.org/secworld.php?id=16692
27. April
14, Softpedia – (International) Flash SMS flaw in iOS can be
exploited to make the lock screen unresponsive. A security researcher
identified a Flash SMS flaw in iOS that can be used to make a device’s lock
screen unresponsive, which could be used for ransom attacks. The flaw was fixed
with the release of iOS 7.1 but devices running previous versions of the mobile
operating system are vulnerable. Source: http://news.softpedia.com/news/Flash-SMS-Flaw-in-iOS-Can-Be-Exploited-to-Make-the-Lock-Screen-Unresponsive-437566.shtml
Communications Sector
Nothing
to report