Daily Report
Top Stories
· The U.S.
Securities and Exchange Commission announced charges and asset freezes against
Calabasas, California-based Nationwide Automated Systems, its owner, and a company
officer for allegedly defrauding investors by running a $123 million Ponzi
scheme. – U.S. Securities and Exchange Commission See item 3 below in the Financial
Services Sector
· Five teachers
and 149 students were sent to area hospitals as a precaution while Yonkers
Middle School in New York was evacuated due to an unknown noxious substance
October 8. – Lower Hudson Valley Journal News
18.
October 9, Lower Hudson Valley Journal News –
(New York) 149 Yonkers students sent to hospitals; mystery substance cited. Five
teachers and 149 students were sent to area hospitals as a precaution while
Yonkers Middle School in New York was evacuated due to an unknown noxious
substance October 8. Authorities are investigating the incident that also sent
five firefighters to a local hospital with similar symptoms of mild nausea and
chest discomfort. Source: http://www.lohud.com/story/news/education/2014/10/08/yonkers-school-evacuated-noxious-substance/16918343/
· North Dakota
State College of Science officials reported that the personal information,
including Social Security numbers, of more than 15,000 current and former
students and employees may have been compromised in a data breach. – KVLY 11
Fargo
19.
October 9, KVLY 11 Fargo – (North
Dakota) Hackers breach NDSCS computers. North Dakota State College of
Science (NDSCS) officials reported that the personal information, including
Social Security numbers, of more than 15,000 current and former students and
employees may have been compromised after several NDSCS computers were breached.
The breach was discovered September 1 and authorities worked to secure the
system. Source: http://www.valleynewslive.com/story/26745237/hackers-breach-ndscs-computers
· AT&T
reached a $105 million settlement October 8 with federal and State authorities
to resolve complaints that it made millions of dollars through unauthorized
third-party charges on customers’ cellular-phone bills. – IDG News Service See item 30 below in the Communications
Sector
Financial Services Sector
2. October 9, Softpedia – (International) Flaw in PayPal authentication process
allows access to blocked accounts. A researcher with Vulnerability
Laboratory identified and reported a flaw in the mobile authentication process
for PayPal that can allow an attacker to attempt to input passwords an
unlimited number of times without causing the account to be locked. The issue
reported in March 2013 affects the iOS mobile app for PayPal and a fix is not
currently available. Source: http://news.softpedia.com/news/Flaw-in-PayPal-Authentication-Process-Allows-Access-To-Blocked-Accounts-461622.shtml
3. October 8, U.S. Securities and
Exchange Commission – (California) SEC shuts down
$123 million ATM Ponzi scheme in California. The U.S. Securities and
Exchange Commission announced charges and asset freezes against Calabasas-based
Nationwide Automated Systems, its owner, and a company officer for allegedly
defrauding investors by running a $123 million Ponzi scheme that purported to
offer investments in ATMs the company did not own. Source: http://www.sec.gov/litigation/litreleases/2014/lr23106.htm
4. October 8, Associated Press – (Virginia) Fredericksburg man charged with investment
fraud. A Fredericksburg man was charged October 8 for allegedly defrauding
investors of over $9 million invested in the development of the Quantico
Corporate Center in Stafford County. Source: http://www.wusa9.com/story/news/local/virginia/2014/10/08/investment-fraud-virginia-james-moncure/16925613/
5. October 8, Softpedia – (International) ATM programmer’s reference manual
leaked online. F-Secure researchers found a document online using the Baidu
search engine that contains API documentation for ATM cashpoints manufactured
by NCR Corporation during an investigation into ATM malware. The programming
reference materials could be used by attackers to inform their development of
ATM malware. Source: http://news.softpedia.com/news/ATM-Programmer-s-Reference-Manual-Leaked-Online-461483.shtml
Information Technology Sector
26. October 9, Help Net Security – (International) Aggressive Selfmite SMS worm variant
goes global. Researchers with AdaptiveMobile identified a new variant of
the Selfmite SMS worm for Android that spreads via malicious links in SMS
messages that lead to a trojanized Google Plus app. The worm uses compromised
devices to send the malicious SMS messages to every contact on the device
several times and redirect users to unsolicited subscription Web sites. Source:
http://www.net-security.org/malware_news.php?id=2881
27. October 9, Securityweek – (International) Multiple vulnerabilities found in SAP
enterprise software. Researchers at Onapsis published seven advisories for
flaws in SAP HANA, SAP BusinessObjects, and SAP NetWeaver Business Warehouse
enterprise software, including a remotely exploitable command injection
vulnerability in HANA that could allow an unauthenticated attacker to
completely compromise the SAP system and the information it handles and stores.
Source: http://www.securityweek.com/multiple-vulnerabilities-found-sap-enterprise-software
28. October 8, Securityweek – (International) Several Siemens industrial products affected
by ShellShock bug. Siemens released an advisory warning that variants of
the Shellshock vulnerability can be leveraged by attackers against several of
its products including some versions of Rugged Operating System on Linux (ROX)
1 and ROX 2 and APE Linux versions. The company is working on developing
patches for the affected products. Source: http://www.securityweek.com/several-siemens-industrial-products-affected-shellshock-bug
29. October 8, Softpedia – (International) There is anti-BadUSB protection, but
it’s a bit sticky. The researchers who revealed the details for infecting
USB devices via the BadUSB vulnerability released a patch and instructions for
preventing the reprogramming of USB devices by disabling the “boot mode” state
of the device. The researchers stated that a patched device could be tampered
with to reset it and remove the patch, and suggested physically securing the
device with glue or similar substances to prevent undetected access. Source: http://news.softpedia.com/news/There-Is-Anti-BadUSB-Protection-but-It-s-a-Bit-Sticky-461485.shtml
Communications Sector
30.
October 8, IDG News Service –
(National) AT&T to pay $105 million to settle mobile-phone cramming
charges. AT&T reached a $105 million settlement October 8 with federal
and State authorities to resolve complaints that it made millions of dollars
through unauthorized third-party charges on customers’ cellular-phone bills.
The settlement includes $80 million for consumer refunds and $25 million in
penalties. Source: http://www.networkworld.com/article/2823294/lan-wan/atandt-to-pay-105-million-to-settle-mobilephone-cramming-charges.html