Daily Report
Top Stories
· A security
researcher identified, and another researcher reported, that around 230 pages
of sensitive customer information from bond insurer MBIA was available online
and indexed by search engines due to a misconfigured server. – Softpedia See item 6 below in the Financial
Services Sector
· Researchers
identified and analyzed a new piece of ATM malware known as Tyupkin that is
installed on ATMs through a bootable CD and can allow attackers to withdraw
currency without a card. – Softpedia See item 7 below in the Financial Services Sector
· Hail-producing
storms that moved across Arkansas October 7-8 damaged between 60 percent and 90
percent of cotton crops in the Monette and Black Oak areas. – KAIT 8
Jonesboro
16.
October 8, KAIT 8 Jonesboro –
(Arkansas) Crops damaged by overnight thunderstorms. Hail-producing
storms that moved across Arkansas October 7-8 damaged between 60 percent and 90
percent of cotton crops in the Monette and Black Oak areas. Source: http://www.kait8.com/story/26727290/crops-damaged-by-overnight-thunderstorms
· Federal
authorities arrested and charged a King of Prussia, Pennsylvania podiatrist
October 3 with allegedly defrauding Medicare out of nearly $300,000 by charging
for procedures that were never performed. – Norristown Times Herald
23.
October 6, Norristown Times Herald –
(Pennsylvania) King of Prussia woman charged with health care fraud,
identity theft. Federal authorities arrested and charged a King of Prussia
podiatrist October 3 with allegedly defrauding Medicare out of nearly $300,000
by charging for procedures that were never performed at her Center City
Philadelphia office. The podiatrist allegedly submitted claims to Medicare in
excess of $480,000 between January 2009 and December 2013 using Current
Procedural Terminology medical codes for fraudulent services. Source: http://www.timesherald.com/general-news/20141006/king-of-prussia-woman-could-face-35-million-fine-if-convicted-of-health-care-fraud-identity-theft
Financial Services Sector
6. October 8, Softpedia – (International) Largest US bond insurer suffers major
data leak. A security researcher with Seely Security identified, and
another researcher reported, that around 230 pages of sensitive customer
information from bond insurer MBIA was available online and indexed by search
engines due to a misconfigured server. MBIA responded by taking the server
offline that caused the exposure of customer account numbers, balances,
dividends, and other information, including for accounts linked to government
institutions. Source: http://news.softpedia.com/news/Largest-US-Bond-Insurer-Suffers-Major-Data-Leak-461400.shtml
7. October 7, Softpedia – (International) Tyupkin is new ATM malware that allows
cash extraction without card. Researchers with Kaspersky Lab identified and
analyzed a new piece of ATM malware known as Tyupkin that is installed on ATMs
through a bootable CD and can allow attackers to withdraw currency without a
card. The malware includes several security features to prevent access and
analysis and was mostly found in Eastern Europe as well as some cases in the
U.S., Asia, and Western Europe. Source: http://news.softpedia.com/news/Tyupkin-Is-New-ATM-Malware-That-Allows-Cash-Extraction-Without-Card-461309.shtml
8. October 7, San Francisco Bay Area
News Group – (California) San Ramon bank
executive pleads guilty to conspiracy. A former executive at failed San
Francisco bank United Commercial Bank pleaded guilty to a conspiracy charge
October 7 for his role in deceiving investors, regulators, and depositors by
altering documentation to downplay the bank’s losses. The bank received $297
million from the Troubled Asset Relief Program during the period while the
former executive altered records, and the bank did not repay any of the funds
before it collapsed. Source: http://www.contracostatimes.com/san-ramon/ci_26683521/san-ramon-bank-executive-pleads-guilty-conspiracy
9. October 7, Birmingham News – (Alabama) Target fraud scheme: Plan to steal $500,000
in gift cards lands Brooklyn man in Alabama jail. A New York City man was
arrested in Hoover for allegedly using more than 39 fraudulent Regions Bank
payment cards to purchase $9,000 in gift cards at Target stores in Fultondale
and Homewood. Regions Bank’s Card Monitoring Group detected the alleged
fraudulent charges and alerted police, who stated that the cards could have
been used to make over half a million dollars of fraudulent purchases. Source: http://www.al.com/news/birmingham/index.ssf/2014/10/missed_target_scheme_to_steal.html
10. October 7, KMVT 11 Twin Falls – (Idaho) Boise police arrest dozen people accused of
using stolen credit accounts. Police in Boise arrested 12 individuals from
Georgia October 6 for allegedly using fraudulent payment cards to purchase over
$15,000 in gift cards. Police were alerted to the suspected fraud by local
retailers and the payment cards appeared to be linked to recent security
breaches from major corporations. Source: http://www.kmvt.com/news/latest/278450551.html
Information Technology Sector
28. October 8, Securityweek – (International) Google fixes 159 security bugs with
release of Chrome 38. Google released the latest version of its Chrome
browser for Windows, Linux, Mac, and iOS, closing 159 security vulnerabilities.
Source: http://www.securityweek.com/google-fixes-159-security-bugs-release-chrome-38
29. October 8, The Register – (International) Adobe spies on reading habits over
unencrypted web because your ‘privacy is important.’ Adobe confirmed
October 8 that its Digital Editions software collects information on users’
ebooks and sends it to Adobe servers as part of digital rights management (DRM)
practices after a researcher reported finding the traffic being sent from
Digital Editions. The company also confirmed that the information was sent in
an unencrypted format and would be corrected, and stated that it was
investigating the researcher’s claims that the program collected additional
information on ebooks files stored on users’ systems. Source: http://www.theregister.co.uk/2014/10/08/adobe_says_it_slurps_ebook_data_in_plain_text_because_privacy_is_important/
30. October 8, Securityweek – (International) SSDP reflection attacks spike in Q3:
Arbor Networks. Arbor Networks released its report on distributed denial of
service (DDoS) attacks during the third quarter (Q3) of 2014 and found that
Simple Service Discovery Protocol (SSDP) reflection attacks grew significantly
during Q3, with almost 30,000 such attacks during the quarter, among other
findings. Source: http://www.securityweek.com/ssdp-reflection-attacks-spike-q3-arbor-networks
31. October 7, Securityweek – (International) Siemens swats security bugs affecting
PCS 7. Siemens released an update for its PCS 7 supervisory control and
data acquisition (SCADA) product that addresses five issues with the WinCC
product, including a hard coded encryption key and another issue that could
lead to privilege escalation. Source: http://www.securityweek.com/siemens-swats-security-bugs-affecting-pcs-7
32. October 7, IDG News Service – (International) Belkin says router outages should be
resolved. Belkin stated October 7 that it fixed an issue in some older
wireless routers that caused the routers to experience problems around midnight
October 7 when pinging a Belkin-hosted service in order to check network
connectivity. Belkin advised users still experiencing issues to restart their
routers. Source: http://www.networkworld.com/article/2721154/wifi/belkin-says-router-outages-should-be-resolved.html
Communications Sector
33.
October 7, Dallas Business Journal –
(Texas) AT&T working to restore wireless, wireline service in DFW. AT&T
technicians worked to restore wireline and wireless services for customers
across the Dallas-Fort Worth area after a series of storms October 2 knocked
out service. Source: http://www.bizjournals.com/dallas/news/2014/10/06/at-t-working-to-restore-wireless-wireline-service.html