Complete DHS Report for December 10, 2014
Daily Report
Top Stories
• Officials are
investigating after 6 people were killed when an executive jet crashed into a
Gaithersburg, Maryland home December 8 and burst into flames, destroying 2
homes and damaging 3 others in the neighborhood. – Reuters: Chicago Tribune
7. December
9, Reuters; Chicago Tribune – (Maryland) Mom, children among
6 dead after jet crashes into Maryland home. Officials are investigating
after the pilot, 2 passengers, and 3 others were killed when an executive jet crashed
into a Gaithersburg, Maryland home December 8 and burst into flames. The fire
destroyed two homes and damaged three others in the neighborhood. Source: http://www.chicagotribune.com/news/nationworld/chi-maryland-plane-crash-20141208-story.html
• Repairs to a main
break in Annapolis, Maryland, took more than 12 hours after it failed due to
external corrosion December 6 and released an estimated 89,000 gallons of
wastewater. – WBAL 1090 AM Baltimore
13. December 7, WBAL 1090 AM Baltimore – (Maryland)
Wastewater overflow reaches Chesapeake Bay. Repairs to a 10-inch main
break in Annapolis, Maryland, took more than 12 hours after it failed due to
external corrosion December 6 and released an estimated 89,000 gallons of
wastewater. Crews recovered nearly 72,000 gallons of the overflow while approximately
17,000 gallons reached Chesapeake Bay. Source: http://www.wbal.com/article/111316/2/wastewater-overflow-reaches-chesapeake-bay
• Kaspersky Lab
researchers identified a piece of malware targeting Linux systems associated
with the Turla advanced persistent threat (APT) group (also known as Uroburos
or Snake) that is based on the cd00r proof-of-concept backdoor. – Securityweek
See
item 18 below in the Information Technology Sector
• The Association of
National Advertisers and researchers with White Ops found that around 25
percent of video ads and 11 percent of display ads online are viewed by
automated bots set up by cyber criminals to inflate Web site audiences. – Reuters
See
item 19 below in the Information Technology Sector
Financial Services Sector
3. December
9, Bloomberg News – (International) Deutsche Bank sued by U.S. over alleged tax
scheme. Federal charges were filed against Deutsche Bank December 8 seeking
$190 million in taxes, interest, and penalties for the bank’s alleged use of
three underfunded shell companies to evade U.S. taxes. Source: http://www.bloomberg.com/news/2014-12-08/deutsche-bank-sued-by-u-s-over-alleged-tax-scheme.html
4. December
8, Reuters – (Massachusetts) TD Bank settles Massachusetts data breach
probe, to pay $625,000. TD Bank agreed December 8 to a settlement with the
State of Massachusetts to pay $625,000 and improve security practices to
resolve a probe of a 2012 data breach that exposed the personal information of
more than 260,000 customers. The incident was caused by the loss of unencrypted
back-up tapes in March 2012 and Massachusetts officials stated that the bank
was too slow in reporting the breach to authorities in October. Source: http://www.reuters.com/article/2014/12/08/torontodominion-massachusetts-settlement-idUSL1N0TS1H320141208
5. December
8, Cleveland Plain Dealer – (Ohio) Federal fraud charges filed against
Copley man for $17 million Ponzi scheme with 70 victims. A Copley Township
man who was a co-owner and operator of KGTA Petroleum Ltd., was charged
December 8 for allegedly operating the company as a Ponzi scheme, defrauding 70
investors of around $17 million between 2010 and 2014. The man and others,
including three PrimeSolutions Securities Inc. representatives, also allegedly
failed to file appropriate documentation with the U.S. Securities and Exchange
Commission for the company. Source: http://www.cleveland.com/court-justice/index.ssf/2014/12/federal_fraud_charges_filed_ag.html
6. December
6, Tulsa World – (National) Former Arrow CEO indicted on 23 counts of bank,
tax fraud. The former CEO of nationwide trucking company Arrow Trucking
Co., pleaded guilty December 5 in federal court in Texas for allegedly
conspiring with others to defraud the Internal Revenue Service and a Utah bank
of $24 million in a fraud and tax evasion scheme that operated in 2009. The
former CFO of the company previously pleaded guilty December 4 to tax fraud and
bank fraud charges. Source: http://www.tulsaworld.com/news/investigations/former-arrow-ceo-doug-pielsticker-indicted-on-counts-of-bank/article_3ed83e3a-a1ff-5758-b080-e3b6e8928a03.html
For another story, see item 20 below in the Information
Technology Sector
Information Technology Sector
18. December
9, Securityweek – (International) Newly discovered ‘Turla’ malware targets
Linux systems. Kaspersky Lab researchers identified a piece of malware
targeting Linux systems associated with the Turla advanced persistent threat
(APT) group (also known as Uroburos or Snake) that is based on the cd00r
proof-of-concept backdoor and is capable of hidden network communications,
remote management, and arbitrary remote command execution. Previous versions of
Turla malware have targeted Windows systems in government agencies, military
groups, educational institutions, pharmaceutical companies, and other targets
in more than 45 countries. Source: http://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems
19. December
9, Reuters – (International) Fraud from bots represents a loss of $6 bln
in digital advertising. The Association of National Advertisers and
researchers with White Ops released a report December 9 which found that around
25 percent of video ads and 11 percent of display ads online are viewed by
automated bots set up by cyber criminals to inflate Web site audiences. The
researchers stated that such fraud could cost advertisers an estimated $6.3
billion in the next year. Source: http://www.reuters.com/article/2014/12/09/advertising-fraud-study-idUSL1N0TS19220141209
20. December
9, Softpedia – (International) POODLE attack also affects some TLS
implementations. A researcher with Google reported that certain
implementations of Transport Layer Security (TLS) with an SSL 3.0 decoding
function can be exploited through POODLE attacks to decrypt sensitive
information. The researcher identified the vulnerability in older versions of
Network Security Services (NSS) as well as in Web sites administered by Bank of
America with load balancing devices from A10 Networks and F5 Networks. Source: http://news.softpedia.com/news/POODLE-Attack-Also-Affects-Some-TLS-Implementations-466944.shtml
21. December
9, Help Net Security – (International) Info on millions of AliExpress customers
could have been harvested due to site flaw. A security researcher
identified and reported a flaw in the AliExpress online marketplace that could
have allowed a logged-in user to exploit an insecure direct object reference
vulnerability to view other users’ names, addresses, and phone numbers.
Alibaba, parent company of AliExpress, closed the vulnerability after the
researcher’s report. Source: http://www.net-security.org/secworld.php?id=17741
22. December
8, Softpedia – (International) Yik Yak flaw de-anonymizes user, allows control
over account. SilverSky researchers identified and reported a vulnerability
in the Yik Yak anonymous social media platform for iOS that could allow an
attacker to discover the identity of a user and take over their account due to
the Flurry advertising tool sending the app’s secure ID used by the app in the
place of a password without encryption. The researchers reported the issue to
Yik Yak and a patch was released in December. Source: http://news.softpedia.com/news/Yik-Yak-Flaw-De-anonymizes-User-Allows-Control-Over-Account-466877.shtml
Communications Sector
23. December 6, Las Vegas
Review-Journal – (Nevada) Channel 13 fined over so-called ‘special
reports’. Journal Broadcasting Corp., was ordered to pay a $115,000 penalty
by the U.S. Federal Communications Commission (FCC) December 6 in a settlement
after its television station KTNV 13 Las Vegas represented paid ads as “special
reports” in 2009 failing to disclose the reports were actually paid
advertisements, which violated the FCC’s sponsorship identification rule.
Source: http://www.reviewjournal.com/news/las-vegas/channel-13-fined-over-so-called-special-reports