Complete DHS Report for April 23, 2014
Daily Report
Details
• Researchers found that the peer-to-peer
(P2P) Zeus banking trojan recently received an update that also installs a
rootkit driver, making the trojan difficult to remove from infected systems. – SC
Magazine See
item 9 below in the Financial Services Sector
• An accident on Highway 101 in Santa Barbara,
California, April 21 killed 3 people and led to a nearly 13 hour closure of all
southbound lanes. – Santa Barbara Noozhawk
15.
April 21, Santa Barbara Noozhawk –
(California) Three dead in crash on Highway 101 in Santa Barbara. A car
struck a guardrail, overturned, and stopped in the middle of Highway 101 in
Santa Barbara April 21, causing a second car to collide with it and leading to
a nearly 13 hour closure of all southbound lanes. Three people were killed, one
person was seriously injured, and another individual was arrested on suspicion
of driving under the influence. Source : http://www.noozhawk.com/article/three_dead_in_crash_on_highway_101_in_santa_barbara_20140421
• Oklahoma officials suspended Statewide
end-of-instruction exams April 21 due to computer problems that disrupted about
6,000 students’ ability to take the test. – KJRH 2 Tulsa (See item 20)
20.
April 22, KJRH 2 Tulsa – (Oklahoma) End-of-year
testing halted statewide after technical issues, outages reported on testing
site. Oklahoma officials suspended Statewide end-of-instruction exams April
21 due to computer problems that disrupted about 6,000 students’ ability to
take the test. Several districts reported faulty computers at the start of the
exams and authorities believe the failure is due to a CTB/McGraw Hill-related
issue. Source: http://www.kjrh.com/news/local-news/computer-problems-shut-down-end-of-year-standardized-tests-statewide
• Verizon published its 2014 Data Breach
Investigations Report, focusing on cyber and physical data breaches across
several industries. – Softpedia See item 26
below in the Information Technology
Sector
Financial Services Sector
7. April 22, WGCL 46 Atlanta – (Georgia) Husband of reality star back in federal
court on theft charges. An Atlanta man appeared before federal court April
21 on charges that he allegedly created fake collection companies in order to
obtain personal information from credit history databases and use the
information to commit identity theft, allegedly obtaining nearly $3 million in
loans in victims’ names. Source: http://www.cbs46.com/story/25301906/husband-of-reality-star-back-in-federal-court-on-theft-charges
8. April 22, Associated Press – (Kansas) Former employee of southeast Kansas bank
pleads guilty to embezzling more than $180,000. A former employee at a
branch of Exchange State Bank in St. Paul, Kansas, pleaded guilty April 21 to
embezzling over $180,000 from the bank by stealing interest due on certificates
of deposit and other funds between 2007 and 2013. Source: http://www.therepublic.com/view/story/74e1a672df354562a16b13cd101c9020/KS--Bank-Employee-Embezzlement
9. April 21, SC Magazine – (International) Critical update makes P2P Zeus trojan
even tougher to remove. Fortinet researchers found that the peer-to-peer
(P2P) Zeus banking trojan recently received an update that also installs a
rootkit driver, making the trojan difficult to remove from infected systems.
Source: http://www.scmagazine.com/critical-update-makes-p2p-zeus-trojan-even-tougher-to-remove/article/343551/
10. April 21, Reuters – (California) San Francisco man pleads guilty in Marvel
insider trading case. A San Francisco man pleaded guilty April 21 to
trading on inside information ahead of the Walt Disney Co. acquisition of
Marvel Entertainment, illegally making $192,000 from the trading. Source: http://money.msn.com/business-news/article.aspx?feed=OBR&date=20140421&id=17541559
11. April 21, U.S. Securities and
Exchange Commission – (New Jersey) SEC charges a
former biopharmaceutical company executive and two others with insider trading.
The U.S. Securities and Exchange Commission (SEC) charged a former Genta
Inc. executive and two others April 21 in U.S. District Court in New Jersey
with insider trading based on nonpublic information concerning an experimental
drug. The three individuals allegedly made around $139,000 in illegal gains
from the trading, and all three agreed to a settlement with the SEC which
includes civil penalties and the return of the alleged ill-gotten gains.
Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370541541673#.U1Z3dPldVKA
For another story, see item 26 below in the Information Technology
Sector
Information Technology Sector
25. April 22, Help Net Security – (International) Supposedly patched router backdoor was
simply hidden. A security researcher who discovered a backdoor
vulnerability in several popular home routers found that the firmware update
issued by manufacturer Sercomm does not close the vulnerability but instead
hides the backdoor. The backdoor can then be opened after sending a specific
network packet to the router from the local area network (LAN) or the Internet
service provider (ISP), allowing attackers reset the device’s configuration,
username, and password to default settings. Source: http://www.net-security.org/secworld.php?id=16721
26. April 22, Softpedia – (International) Verizon publishes 2014 Data Breach
Investigations Report. Verizon published its 2014 Data Breach
Investigations Report, focusing on cyber and physical data breaches across
several industries. The report found 198 point of sale (POS) intrusions during
2013, with retail, accommodation, and food services industries the most
targeted, among other findings. Source: http://news.softpedia.com/news/Verizon-Publishes-2014-Data-Breach-Investigations-Report-438708.shtml
27. April 22, Softpedia – (International) Django 1.6.3 released to address 3
security issues. The developers of the Django framework for Python released
new versions of the framework, closing three security vulnerabilities. Source: http://news.softpedia.com/news/Django-1-6-3-Released-to-Address-3-Security-Issues-438666.shtml
28. April 21, Threatpost– (International) Oracle gives Heartbleed update,
patches 14 products. Oracle released updates for five products April 21,
closing vulnerabilities related to the Heartbleed vulnerability in OpenSSL.
Source: http://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576
For another story, see item 9 above in the Financial Services Sector
Communications Sector
Nothing
to report