Complete DHS Report for November 25, 2014
Daily Report
Top Stories
• XPLOR Energy
SPV-1, Inc., agreed to pay a $3.1 million fine and serve a 3-year probation
term after pleading guilty to knowingly violating the Clean Water Act by
discharging oily wastewater into the Breton Sound and the Gulf of Mexico off
Louisiana. – Associated Press
1.
November 21, Associated Press – (Louisiana) XPLOR
Energy pleads to Clean Water Act Violation. XPLOR Energy SPV-1, Inc., an
Oklahoma-based oil company agreed to pay a $3.1 million fine and serve a 3-year
probation term after pleading guilty for knowingly violating the federal Clean
Water Act by discharging oily wastewater into the Breton Sound and the Gulf of
Mexico from an offshore facility off Louisiana. Source: http://www.washingtontimes.com/news/2014/nov/21/xplor-energy-pleads-to-clean-water-act-violation/
• A tour bus
traveling from Los Angeles to Pasco, Washington, crashed in northern California
November 23 killing 1 passenger and injuring 28 others when the bus drifted off
Interstate 5 and overturned into an embankment. – Los Angeles Times
4. November 23, Los Angeles Times – (California) One
dead, dozens hurt in Northern California bus crash. A tour bus traveling
from Los Angeles to Pasco, Washington, crashed in northern California November
23 killing 1 passenger and injuring 28 others, with 11 in serious or critical
conditions when the bus drifted off Interstate 5 and overturned into an
embankment. The same bus was reportedly involved in an earlier minor crash at a
Denny’s restaurant in Red Bluff, California, but no injuries were reported.
Source: http://www.latimes.com/local/lanow/la-me-ln-bus-crash-story.html
• Symantec
researchers reported the discovery of a piece of sophisticated cyber espionage
malware that works as a backdoor to steal information from compromised systems
and appears to have been created by a nation-state actor. – Securityweek See item 21 below in the Information Technology Sector
• The former general
manager of the Sleep Inn hotel in Allendale, Michigan, was charged November 21
for allegedly stealing more than $872,929 by directing credit card payments to
personal accounts. – Grand Rapids Press
29. November 22, Grand Rapids Press – (Michigan) Hotel
general manager accused of stealing nearly $900,000 in credit card scheme. The
former general manager of the Sleep Inn hotel in Allendale was charged with
wire fraud and money laundering according to an indictment unsealed November 21
for allegedly stealing more than $872,929 by directing credit card payments to
personal accounts through the form of fraudulent customer refunds between
October 2006 and April 2013. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2014/11/hotel_general_manager_accused.html
Financial Services Sector
2. November
24, Securityweek – (International) Fraud service uses charity websites to
validate stolen credit card data. Researchers with PhishLabs reported
November 21 that it had found online fraudsters using a bot and an IRC channel
to conduct transactions on the Web sites of charity or non-profit organizations
in order to test the validity of stolen payment card information and related
personal information. Source: http://www.securityweek.com/fraud-service-uses-charity-websites-validate-stolen-credit-card-data
3.
November 21, U.S. Securities and Exchange
Commission – (New York) SEC charges CEO and close friend with insider
trading ahead of company sale. Two New York City men, including one who
served as CEO and a member of the board directors for GenTek Inc., agreed to
pay a total of $324,000 to resolve U.S. Securities and Exchange Commission
charges that the former CEO passed on nonpublic information to the second man,
who used it to engage in insider trading and make $164,260 in illicit profits
ahead of GenTek’s sale to American Securities. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543516329
For another story, see item 29 above in Top Stories
Information Technology Sector
21. November
24, Securityweek – (International) Symantec uncovers stealthy nation-state cyber
attack platform. Symantec researchers reported the discovery of a piece of
sophisticated cyber espionage malware dubbed Regin that works as a backdoor to
steal information from compromised systems and appears to have been created by
a nation-state actor. The malware is modular in design and has predominantly
targeted small businesses, individuals, and telecoms companies, as well as the
hospitality, energy, and airline industries and research organizations. Source:
http://www.securityweek.com/symantec-uncovers-stealthy-nation-state-cyber-attack-platform
22. November
24, The Register – (International) Sony quietly POODLE-proofs Playstations. Sony
released a patch for its Playstation 3 and Playstation 4 gaming consoles that
adds Transport Layer Security to the consoles’ apps and browsers and removes
the use of SSL 3.0 to protect against POODLE attacks. Source: http://www.theregister.co.uk/2014/11/24/sony_playstation_update_spells_death_knell_for_poodle/
23. November
21, Softpedia – (International) Facebook bug remains unpatched, risk is
partially mitigated. A researcher who reported a flaw in Facebook that
could allow posting to a user’s timeline without permission in 2013 reported
that the proof-of-concept for the attack still works in some cases where
certain third-party Facebook apps do not implement the new content share model
Facebook developed to address the issue. Source: http://news.softpedia.com/news/Facebook-Bug-Remains-Unpatched-Risk-Is-Partially-Mitigated-465611.shtml
Communications Sector
See item 21 above in the Information
Technology Sector