Complete DHS Report for
July 31, 2015
Daily Report
Top Stories
· Authorities offered a $100,000 reward
for information leading to the arrest of a suspect dubbed the “AK-47 Bandit”,
who allegedly robbed a credit union in Mason City, Iowa July 28 and is linked
to 5 other robberies in multiple States. – ABC News See item 7 below in the Financial Services Sector
· A New York Clinton Correctional
Facility worker involved in a June 6 escape of two murder convicts pleaded guilty
July 28 to helping the prisoners escape. – Associated Press
20. July 29,
Associated Press – (New York) NY prison worker: I got ‘caught up’ in escape
plot. A New York Clinton Correctional Facility worker involved in a June 6
escape of two murder convicts pleaded guilty July 28 to helping the prisoners
escape, and admitted to performing sexual acts and taking nude photos of
herself for them. Source:
http://www.policeone.com/investigations/articles/8691870-NY-prison-worker-I-got-caught-up-in-escape-plot
· Security researchers from Trend Micro
discovered a vulnerability in the Android operating system’s mediaserver
component in which an attacker could use a malformed Matroska video container
file to crash and render a device unusable. – IDG News Service See item 27 below in the Information Technology Sector
· A July 29 brush fire dubbed the “Rocky
Fire” in Los Angeles spread to surrounding areas and damaged 3,000 acres
overnight, prompting 500 residents to evacuate. – Reuters
28. July 30,
Reuters – (California) California wildfire forces evacuation of 500
people. A July 29 brush fire dubbed “Rocky Fire” in Los Angeles spread to
surrounding areas and damaged 3,000 acres overnight, prompting 500 residents to
evacuate. Fire crews were working to contain the blaze.
Financial Services Sector
6. July 30,
U.S. Securities and Exchange Commission – (National) SEC charges
operators of fraud based in Upstate New York. The U.S. Securities and
Exchange Commission charged 2 men and 8 companies July 30 with allegedly
defrauding over 125 investors out of at least $8 million through misleading
statements about company prospects, and through the sale of purported
“charitable gift annuities” falsely claimed to have been backed by reputable
insurance companies.
7. July 30,
ABC News – (National) AK-47 Bandit strikes again, robs credit union in
Iowa. Authorities offered a $100,000 reward for information leading to the
arrest and conviction of a suspect dubbed the “AK-47 Bandit”, who allegedly
robbed a credit union in Mason City Iowa July 28, shot a police officer in a
robbery in California in 2012, and is linked to 4 other bank robberies in
multiple States. Source: http://abcnews.go.com/US/ak-47-bandit-strikes-robs-credit-union-iowa/story?id=32773494
8. July 29,
Associated Press – (National) Investment adviser pleads guilty in $1.2B Ponzi
scheme. A Florida investment adviser pleaded guilty July 29 to charges
surrounding his role in a $1.2 billion Ponzi scheme that collapsed in 2009, in
which he allegedly lured investors to the scheme’s mastermind through deception
and false assurances. Over two dozen other suspects have been convicted in
connection to the scam. Source: http://www.nbcmiami.com/news/local/Investment-Adviser-Pleads-Guilty-in-12B-Ponzi-Scheme-319552121.html
9. July 29,
Consumer Affairs – (Florida) “Thin green line” scam allegedly made millions for
scam artists. Authorities indicted 8 South Florida individuals who
allegedly solicited about $2.4 million from over 200 investors by claiming
their company, Thought Development Inc., had invented a device that generated a
green laser line on football fields for easier first-down measurement, as well
as a scheme in which the suspects fraudulently sold stock in a fee-based gaming
serviced called Virgin Gaming.
Source: http://www.consumeraffairs.com/news/thin-green-line-scam-allegedly-made-millions-for-scam-artists-072915.html
Information Technology Sector
23. July 30,
The Register – (International) Cisco IOS-XE update time: squash that DoS
bug. Cisco released a patch for a vulnerability In its IOS-XE operating
system (OS) in which an attacker could cause a denial-of-service (DoS)
condition by sending a series of Internet Protocol version 4 (IPv4) or IPv6
fragments designed to trigger an error message. Source: http://www.theregister.co.uk/2015/07/30/cisco_iosxe_update_time_squash_that_dos_bug/
24. July 30,
Help Net Security – (International) More than a third of employees would sell
company data. Loudhouse released results from a survey on enterprise
security practices polling over 500 Internet technology (IT) decision-makers
and 4,000 employees across the U.S., Europe, and Australia, revealing that 25
percent of employees polled would sell company data for less than $8,000,
citing the ready access most employees have access to valuable data, among
other findings.Source: http://www.net-security.org/secworld.php?id=18682
25. July 30,
Help Net Security – (International) Most malvertising attacks are hosted on news
and entertainment Web sites. Bromium Labs released an analysis of malware
evasion technology revealing that over 50 percent of malware is hosted on news
and entertainment Web sites, and reported an 80 percent increase in new
ransomware families
since 2014, among other findings.Source: http://www.net-security.org/malware_news.php?id=3081
26. July 29,
Securityweek – (International) Shellshock flaw still actively exploited:
Solutionary. Solutionary’s Security Engineering Research Team released
findings from a report revealing that the Shellshock bug discovered in 2014 has
been actively exploited by threat actors, identifying about 600,000
Shellshock-related events from over 25,000 Internet Protocol (IP) addresses,
mostly in the U.S. Researchers noted that education organizations were the most
targeted, among other findings.
27. July 29,
IDG News Service – (International) Maliciously crafted MKV video files can be
used to crash Android phones. Security researchers from Trend Micro
discovered a vulnerability in the Android operating system’s (OS) mediaserver
component in which an attacker could use a malformed Matroska video container
(MKV) file to crash and render a device unusable. Source: http://www.computerworld.com/article/2954358/security/maliciously-crafted-mkv-video-files-can-be-used-to-crash-android-phones.html#tk.rss_security
Communications Sector
See item 27 above in
the Information Technology Sector