Daily Report
Top Stories
· Community
Health Systems Inc., agreed to pay $98.15 million in a settlement with federal
officials August 4 to resolve several lawsuits alleging the company knowingly
billed government health care programs for inpatient services that should have
been billed as observation or outpatient services. – U.S. Department of Justice
18.
August 4, U.S. Department of Justice –
(National) Community Health Systems Inc. to pay $98.15 million to resolve
False Claims Act allegations. Tennessee-based Community Health Systems
Inc., agreed to pay $98.15 million in a settlement with the U.S. Department of
Justice August 4 to resolve several lawsuits alleging the company knowingly
billed government health care programs for inpatient services that should have
been billed as observation or outpatient services from 2005 to 2010. The
settlement also resolves allegations that Laredo Medical Center, an affiliated
hospital, improperly billed the Medicare program for certain inpatient
procedures and for services rendered to patients in violation of the Physician
Self-Referral Law. Source: http://www.justice.gov/opa/pr/2014/August/14-civ-822.html
· Researchers
with Hold Security found that a Russian cybercrime group was able to collect
1.2 billion unique credentials from the Web sites of a wide variety of large
and small businesses, as well as over 500 million email address credentials. – Softpedia
See item 22
below in the Information Technology
Sector
· Federal and
State authorities arrested and charged 16 individuals in connection with a
retail theft ring that allegedly stole millions of dollars’ worth of high-end
merchandise from 16 Evansville, Indiana retailers. – WRTV 6 Indianapolis
29.
August 6, WRTV 6 Indianapolis –
(Indiana) Prosecutor: ‘Millions' in merchandise stolen in theft ring. Federal
and State authorities arrested and charged 16 individuals in connection with a
retail theft ring that allegedly stole millions of dollars’ worth of high-end
merchandise from 16 Evansville, Indiana retailers, including several stores
located in the Eastland Mall. Source: http://www.theindychannel.com/news/crime/prosecutors-millions-in-merchandise-stolen-in-theft-ring_71159873
· The U.S. Army
Corps of Engineers announced August 4 that it will disclose the amount of
pollutants being released into waterways among 8 dams in Oregon and Washington
to settle claims that they violated the Clean Water Act. – Associated Press
35.
August 5, Associated Press – (Oregon;
Washington) Corps of Engineers agrees to disclose dams’ pollution. The
U.S. Army Corps of Engineers announced August 4 that it will disclose the
amount of pollutants being released into waterways among 8 dams on the Columbia
and Snake rivers in Oregon and Washington as well as apply to the U.S.
Environmental Protection Agency for pollution permits to settle Columbia
Riverkeeper claims that they violated the Clean Water Act. The Corps did not
admit any wrongdoing and will pay $143,000 in fees. Source: http://registerguard.com/rg/news/local/31967790-75/corps-of-engineers-agreesto-disclose-dams-pollution.html.csp
Financial Services Sector
5. August 6, Securityweek – (International) PayPal confirms new two-factor
authentication bypass issue. Researchers with Escalate Internet identified
a way to bypass PayPal’s two-factor authentication (2FA) mechanism with
companies that use Adaptive Payments, as the method Adaptive Payments uses to
connect PayPal accounts to the application only requires a login and password
with no 2FA. PayPal stated that they are aware of the issue and working on a
fix. Source: http://www.securityweek.com/paypal-confirms-new-two-factor-authentication-bypass-issue
6. August 6, Houston Business Journal
– (Texas) SEC charges Houston
energy company and CEO with fraud. The U.S. Securities and Exchange
Commission (SEC) issued a cease and desist order against Houston-based Houston
American Energy Corp., and its chief executive officer for allegedly making
fraudulent claims to investors in order to raise around $13 million in a public
offering between 2009 and 2010. The SEC also charged a stock promoter and his
firm, Undiscovered Equities Inc., with allegedly helping publicize the
misleading claims. Source: http://www.bizjournals.com/houston/morning_call/2014/08/sec-charges-houston-energy-company-and-ceo-with.html
7. August 5, New York Times – (National) Federal Reserve and F.D.I.C. fault big
banks’ ‘living wills’. The Federal Reserve and Federal Deposit Insurance
Corporation (FDIC) sent letters to 11 major banks August 5 stating that the
agencies had found required plans for winding down the major banks in the event
of a financial crisis were inadequate due to unrealistic assumptions and other
issues. The two agencies demanded that the plans submitted for 2015 contain
improvements to resolve the issues. Source: http://dealbook.nytimes.com/2014/08/05/federal-reserve-and-f-d-i-c-fault-big-banks-living-wills/
8. August 5,
U.S. Attorney’s Office, Eastern District of Virginia – (Maryland; Washington, D.C.) Baltimore man pleads
guilty in identity theft and credit card fraud ring. A Baltimore man
pleaded guilty August 5 to conspiracy to commit access device fraud for his role
in an identity theft and payment card fraud ring that operated in the Baltimore
and Washington, D.C. region that involved around 250 victims and the theft of
at least $200,000. Three others involved in the fraud ring previously pleaded
guilty for their roles in the conspiracy. Source: http://www.fbi.gov/washingtondc/press-releases/2014/baltimore-man-pleads-guilty-in-identity-theft-and-credit-card-fraud-ring
Information Technology Sector
22. August 6, Softpedia – (International) 1.2 billion unique credentials, 500
million email addresses stolen by Russian cyber gang. Researchers with Hold
Security found that a Russian cybercrime group dubbed “CyberVor” was able to
collect 1.2 billion unique credentials from the Web sites of a wide variety of
large and small businesses, as well as over 500 million email address
credentials. The researchers reported that the cybercriminals used SQL
injection attacks and later botnets that scanned sites on a large scale looking
for SQL vulnerabilities to obtain the information. Source: http://news.softpedia.com/news/1-2-Billion-Unique-Credentials-500-Million-Email-Addresses-Stolen-by-Russian-Cyber-Gang-453677.shtml
23. August 6, Securityweek – (International) Synology NAS devices hit in ransomware
attack, firm advises upgrade. Synology stated that it confirmed user
reports of infections by the SynoLocker ransomware on the company’s Diskstation
devices and found that Synology network-attached storage (NAS) servers running
DSM 4.3-3810 and earlier were compromised by exploiting a vulnerability that
was patched in December 2013. Users were advised to upgrade their DSM
installations to close the vulnerability. Source: http://www.securityweek.com/synology-nas-devices-hit-ransomware-attack-firm-advises-upgrade
24. August 6, Softpedia – (International) Magnitude Exploit Kit is a well-oiled
crimeware. Trustwave researchers analyzed the Magnitude Exploit Kit used to
infect several high-profile Web sites and found that the malware relied on one
Internet Explorer exploit and two Java exploits, and had a 20 percent infection
success rate within 1 month, among other findings. Source: http://news.softpedia.com/news/Magnitude-Exploit-Kit-Is-a-Well-Oiled-Crimeware-453744.shtml
25. August 5,
Securityweek – (International) Over 90% of
enterprises exposed to man-in-the-browser attacks: Cisco. Cisco released
its Midyear Security Report August 5, which found that around 94 percent of its
customers have issued domain name system (DNS) requests to hostnames with IP
addresses associated with the distribution of malware that contains
man-in-the-browser (MitB) capabilities. The report also found that aviation,
chemical, pharmaceutical, and media and publishing industries had the highest
rates of malware encounters, among other findings. Source: http://www.securityweek.com/over-90-enterprises-exposed-man-browser-attacks-cisco
26. August 5,
Softpedia – (International) Security flaw
in Spotify for Android may enable phishing. Trend Micro researchers
identified a vulnerability in the Spotify app for Android that could allow
attackers to take control of what is displayed in the app’s interface, which
could potentially be used for phishing or redirection to malicious pages.
Spotify stated that they released an update that closes the vulnerability after
being notified and advised all users to update to the latest version. Source: http://news.softpedia.com/news/Security-Flaw-in-Spotify-for-Android-May-Enable-Phishing-453633.shtml
Communications Sector
27.
August 5, Santa Rosa Press Democrat –
(California) After two-day outage, Internet service restored for Mendocino
Coast. Cellphone and Internet service on the Mendocino Coast was restored
August 5 after a reported vehicle accident on Comptche-Ukiah Road August 3 that
damaged about 400 feet of AT&T fiber optic cable causing the outage for
residents and businesses. Some recipients of government cash and food
assistance programs were also impacted as well as some 9-1-1 service for
residents in the area. Source: http://www.pressdemocrat.com/news/2479886-181/after-two-day-outage-internet-service
28.
August 5, WHO 13 Des Moines – (Iowa) Phone
outage costs some customers business. Crews fixing a water main break cut
phone lines August 1 causing a disruption of Internet and phone service for
Century Link businesses in Des Moines. The utility worked August 5 to restore
service. Source: http://whotv.com/2014/08/05/phone-outage-costs-some-customers-business/
For
another story, see item 25 above in the Information Technology
Sector