Thursday, September 25, 2014



Complete DHS Report for September 25, 2014

Daily Report

Top Stories

 · A former Liberty Reserve executive pleaded guilty in New York September 23 for his role in running an unlicensed Web-based company that laundered over $6 billion from more than a million individuals worldwide between 2006 and 2013. – SecurityWeek See item 7 below in the Financial Services Sector

 · Two employees were shot and killed by a recently-terminated UPS worker who opened fire at a facility in Inglenook, Alabama, September 23 prior to taking his own life. – CNN

12. September 23, CNN – (Alabama) 3 people dead in Alabama UPS shooting. Two employees were shot and killed by a recently-terminated UPS worker who opened fire at a facility in Inglenook, Alabama, September 23 prior to taking his own life. Authorities are investigating the incident. Source: http://www.cnn.com/2014/09/23/justice/alabama-ups-shooting-deaths/index.html

 · Fire crews reached 35 percent containment September 23 of the 89,574-acre King Fire burning in El Dorado and Placer counties in California, while 21,000 structures remained threatened and about 2,800 residents were still under evacuation orders. – KXTV 10 Sacramento

20. September 24, KXTV 10 Sacramento – (California) King Fire containment nearly doubles. Fire crews reached 35 percent containment September 23 of the 89,574-acre King Fire burning in El Dorado and Placer counties, while 21,000 structures remained threatened and about 2,800 residents were still under evacuation orders. Source: http://www.news10.net/story/news/local/eldorado-hills/2014/09/23/king-fire-containment-nearly-doubles/16093399

 · A September 24 restaurant fire in Apollo Beach, Florida, prompted the evacuation of nearby homes, a shelter-in-place order for an elementary school, and a 5-hour closure of U.S. Highway 41. – WTSP 10 St. Petersburg

31. September 24, WTSP 10 St. Petersburg – (Florida) U.S. 41 reopens after huge restaurant fire. Officials are investigating the cause of a September 24 fire that destroyed the Shenaniganz Grill and Chill restaurant in Apollo Beach and prompted the evacuation of area homes and a shelter-in-place order for a nearby elementary school. U.S. Highway 41 was closed for over 5 hours while firefighters battled the blaze. Source: http://www.wtsp.com/story/news/local/2014/09/24/fire-crews-battle-fire-at-shennanigaz-grill-and-chill-in-apollo-beach/16141031/

Financial Services Sector

6. September 24, Softpedia – (International) New Tinba banking trojan variant is stealthier, uses public key signing. Researchers from Trusteer analyzed an updated variant of the Tiny Banker (also known as Tinba) financial malware and discovered that the authors added a domain generation algorithm (DGA) and fitted it with user-mode rootkit capabilities and a verification process to make sure that messages are sent from an authentic bot master. Source: http://news.softpedia.com/news/New-Tinba-Banking-Trojan-Variant-Is-Stealthier-Uses-Public-Key-Signing-459834.shtml

7. September 23, SecurityWeek – (International) Digital currency tech chief pleads guilty in fraud. A former Liberty Reserve executive pleaded guilty in a New York federal court September 23 for his role in running an unlicensed online banking company that laundered over $6 billion from more than 1 million individuals from 17 countries, including more than 200,000 people in the U.S, between 2006 and 2013. The executive was one of seven individuals charged in what is believed to be the largest money laundering prosecution in history. Source: http://www.securityweek.com/digital-currency-tech-chief-pleads-guilty-fraud

8. September 23, National Journal – (International) Federal regulators force shutdown of fake bitcoin-mining operation. A federal court in Missouri ordered Kansas-based Butterfly Labs to temporarily cease operations after the Federal Trade Commission alleged that the company marketed its computers as able to generate the Bitcoin virtual currency, but failed to deliver the equipment, bilking more than 20,000 customers out of tens of millions of dollars. Source: http://www.nextgov.com/mobile/2014/09/federal-regulators-force-shutdown-fake-bitcoin-mining-operation/94871/

9. September 23, Bloomberg News – (International) Barclays fined twice in one day for compliance failures. Barclays Plc, agreed September 23 to pay $15 million in penalties to resolve charges by the U.S. Securities and Exchange Commission that the company failed to maintain an adequate internal compliance system related to the firm acquiring Lehman Brothers in 2008 and made trades and charged commissions without customer approval. Barclays also agreed September 23 to pay regulators in the U.K. about $62 million in fines to settle allegations that the company failed to protect 16.5 pounds of client assets between 2007 and 2012. Source: http://www.businessweek.com/news/2014-09-23/barclays-fined-twice-in-one-day-for-compliance-failures

Information Technology Sector

27. September 24, Threatpost – (International) Mozilla to part ways to SHA-1. Mozilla asked Certificate Authorities and Web sites to upgrade certificates to SHA-256, SHA-384, or SHA-512 after experts reported that SHA-1 will be practical for collision attacks by 2018. Mozilla will release warnings to update certificates on versions of Firefox in early 2015. Source: http://threatpost.com/mozilla-latest-to-part-ways-with-sha-1/108495

28. September 24, Computerworld – (International) Fiberlink wipes one smartphone or tablet every three minutes. Researchers at Fiberlink examined 130,000 devices managed by MaaS360 and found that one mobile device is wiped every 3 minutes. The study also determined that in 2013 businesses, on average, cleared 10 percent to 20 percent of their entire device populations yearly. Source: http://www.networkworld.com/article/2687065/mdm-mam/fiberlink-wipes-one-smartphone-or-tablet-every-three-minutes.html

29. September 24, Help Net Security – (International) Mitigations for Spike DDoS toolkit-powered attacks. Akamai Technologies released an advisory alerting enterprises of the Spike distributed denial of service (DDoS) toolkit that runs on a Windows system and can launch infrastructure-based and application-based DDoS payloads including SYN flood, UDP flood, GET flood, and Domain Name system (DNS) query floods. The toolkit can be mitigated be implementing access control lists (ACLs). Source: http://www.net-security.org/secworld.php?id=17406

30. September 23, The Register – (International) Apple’s new iPhone 6 vulnerable to last year’s TouchID fingerprint hack. Lookout researchers found that a vulnerability that could allow access into Apple’s iPhone 6 and 6 Plus models through their TouchID fingerprint sensors remained unpatched. Scammers can unlock the devices by creating a fake fingerprint, the same flaw that was found in the iPhone 5S model in 2013. Source: http://www.theregister.co.uk/2014/09/23/iphone_6_still_vulnerable_to_touchid_fingerprint_hack/

Communications Sector

See item 24 below from the Emergency Services Sector

24. September 23, Ruidoso News – (New Mexico) Lincoln, Otero county 911 system rerouted during outage. Crews worked to repair a damaged CenturyLink fiber optic cable September 23 after the line broke September 22 causing 9-1-1 service in Otero and Lincoln counties to go down. Emergency calls were temporarily being rerouted through Pecos Valley, Roswell. Source: http://www.ruidosonews.com/ruidoso-news/ci_26591670/lincoln-otero-county-911-system-rerouted-during-outage