Wednesday, April 23, 2014




Complete DHS Report for April 23, 2014

Daily Report

Details

 • Researchers found that the peer-to-peer (P2P) Zeus banking trojan recently received an update that also installs a rootkit driver, making the trojan difficult to remove from infected systems. – SC Magazine See item 9 below in the Financial Services Sector

 • An accident on Highway 101 in Santa Barbara, California, April 21 killed 3 people and led to a nearly 13 hour closure of all southbound lanes. – Santa Barbara Noozhawk

15. April 21, Santa Barbara Noozhawk – (California) Three dead in crash on Highway 101 in Santa Barbara. A car struck a guardrail, overturned, and stopped in the middle of Highway 101 in Santa Barbara April 21, causing a second car to collide with it and leading to a nearly 13 hour closure of all southbound lanes. Three people were killed, one person was seriously injured, and another individual was arrested on suspicion of driving under the influence. Source : http://www.noozhawk.com/article/three_dead_in_crash_on_highway_101_in_santa_barbara_20140421

 • Oklahoma officials suspended Statewide end-of-instruction exams April 21 due to computer problems that disrupted about 6,000 students’ ability to take the test. – KJRH 2 Tulsa (See item 20)

20. April 22, KJRH 2 Tulsa – (Oklahoma) End-of-year testing halted statewide after technical issues, outages reported on testing site. Oklahoma officials suspended Statewide end-of-instruction exams April 21 due to computer problems that disrupted about 6,000 students’ ability to take the test. Several districts reported faulty computers at the start of the exams and authorities believe the failure is due to a CTB/McGraw Hill-related issue. Source: http://www.kjrh.com/news/local-news/computer-problems-shut-down-end-of-year-standardized-tests-statewide

 • Verizon published its 2014 Data Breach Investigations Report, focusing on cyber and physical data breaches across several industries. – Softpedia See item 26 below in the Information Technology Sector

Financial Services Sector

7. April 22, WGCL 46 Atlanta – (Georgia) Husband of reality star back in federal court on theft charges. An Atlanta man appeared before federal court April 21 on charges that he allegedly created fake collection companies in order to obtain personal information from credit history databases and use the information to commit identity theft, allegedly obtaining nearly $3 million in loans in victims’ names. Source: http://www.cbs46.com/story/25301906/husband-of-reality-star-back-in-federal-court-on-theft-charges
 
8. April 22, Associated Press – (Kansas) Former employee of southeast Kansas bank pleads guilty to embezzling more than $180,000. A former employee at a branch of Exchange State Bank in St. Paul, Kansas, pleaded guilty April 21 to embezzling over $180,000 from the bank by stealing interest due on certificates of deposit and other funds between 2007 and 2013. Source: http://www.therepublic.com/view/story/74e1a672df354562a16b13cd101c9020/KS--Bank-Employee-Embezzlement

9. April 21, SC Magazine – (International) Critical update makes P2P Zeus trojan even tougher to remove. Fortinet researchers found that the peer-to-peer (P2P) Zeus banking trojan recently received an update that also installs a rootkit driver, making the trojan difficult to remove from infected systems. Source: http://www.scmagazine.com/critical-update-makes-p2p-zeus-trojan-even-tougher-to-remove/article/343551/

10. April 21, Reuters – (California) San Francisco man pleads guilty in Marvel insider trading case. A San Francisco man pleaded guilty April 21 to trading on inside information ahead of the Walt Disney Co. acquisition of Marvel Entertainment, illegally making $192,000 from the trading. Source: http://money.msn.com/business-news/article.aspx?feed=OBR&date=20140421&id=17541559

11. April 21, U.S. Securities and Exchange Commission – (New Jersey) SEC charges a former biopharmaceutical company executive and two others with insider trading. The U.S. Securities and Exchange Commission (SEC) charged a former Genta Inc. executive and two others April 21 in U.S. District Court in New Jersey with insider trading based on nonpublic information concerning an experimental drug. The three individuals allegedly made around $139,000 in illegal gains from the trading, and all three agreed to a settlement with the SEC which includes civil penalties and the return of the alleged ill-gotten gains. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370541541673#.U1Z3dPldVKA

For another story, see item 26 below in the Information Technology Sector

Information Technology Sector

25. April 22, Help Net Security – (International) Supposedly patched router backdoor was simply hidden. A security researcher who discovered a backdoor vulnerability in several popular home routers found that the firmware update issued by manufacturer Sercomm does not close the vulnerability but instead hides the backdoor. The backdoor can then be opened after sending a specific network packet to the router from the local area network (LAN) or the Internet service provider (ISP), allowing attackers reset the device’s configuration, username, and password to default settings. Source: http://www.net-security.org/secworld.php?id=16721

26. April 22, Softpedia – (International) Verizon publishes 2014 Data Breach Investigations Report. Verizon published its 2014 Data Breach Investigations Report, focusing on cyber and physical data breaches across several industries. The report found 198 point of sale (POS) intrusions during 2013, with retail, accommodation, and food services industries the most targeted, among other findings. Source: http://news.softpedia.com/news/Verizon-Publishes-2014-Data-Breach-Investigations-Report-438708.shtml

27. April 22, Softpedia – (International) Django 1.6.3 released to address 3 security issues. The developers of the Django framework for Python released new versions of the framework, closing three security vulnerabilities. Source: http://news.softpedia.com/news/Django-1-6-3-Released-to-Address-3-Security-Issues-438666.shtml

28. April 21, Threatpost– (International) Oracle gives Heartbleed update, patches 14 products. Oracle released updates for five products April 21, closing vulnerabilities related to the Heartbleed vulnerability in OpenSSL. Source: http://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576

For another story, see item 9 above in the Financial Services Sector

Communications Sector

Nothing to report