Friday, July 31, 2015
Complete DHS Report for July 31, 2015
· Authorities offered a $100,000 reward for information leading to the arrest of a suspect dubbed the “AK-47 Bandit”, who allegedly robbed a credit union in Mason City, Iowa July 28 and is linked to 5 other robberies in multiple States. – ABC News See item 7 below in the Financial Services Sector
· A New York Clinton Correctional Facility worker involved in a June 6 escape of two murder convicts pleaded guilty July 28 to helping the prisoners escape. – Associated Press
20. July 29, Associated Press – (New York) NY prison worker: I got ‘caught up’ in escape plot. A New York Clinton Correctional Facility worker involved in a June 6 escape of two murder convicts pleaded guilty July 28 to helping the prisoners escape, and admitted to performing sexual acts and taking nude photos of herself for them. Source: http://www.policeone.com/investigations/articles/8691870-NY-prison-worker-I-got-caught-up-in-escape-plot
· Security researchers from Trend Micro discovered a vulnerability in the Android operating system’s mediaserver component in which an attacker could use a malformed Matroska video container file to crash and render a device unusable. – IDG News Service See item 27 below in the Information Technology Sector
· A July 29 brush fire dubbed the “Rocky Fire” in Los Angeles spread to surrounding areas and damaged 3,000 acres overnight, prompting 500 residents to evacuate. – Reuters
28. July 30, Reuters – (California) California wildfire forces evacuation of 500 people. A July 29 brush fire dubbed “Rocky Fire” in Los Angeles spread to surrounding areas and damaged 3,000 acres overnight, prompting 500 residents to evacuate. Fire crews were working to contain the blaze.
Financial Services Sector
6. July 30, U.S. Securities and Exchange Commission – (National) SEC charges operators of fraud based in Upstate New York. The U.S. Securities and Exchange Commission charged 2 men and 8 companies July 30 with allegedly defrauding over 125 investors out of at least $8 million through misleading statements about company prospects, and through the sale of purported “charitable gift annuities” falsely claimed to have been backed by reputable insurance companies.
7. July 30, ABC News – (National) AK-47 Bandit strikes again, robs credit union in Iowa. Authorities offered a $100,000 reward for information leading to the arrest and conviction of a suspect dubbed the “AK-47 Bandit”, who allegedly robbed a credit union in Mason City Iowa July 28, shot a police officer in a robbery in California in 2012, and is linked to 4 other bank robberies in multiple States. Source: http://abcnews.go.com/US/ak-47-bandit-strikes-robs-credit-union-iowa/story?id=32773494
8. July 29, Associated Press – (National) Investment adviser pleads guilty in $1.2B Ponzi scheme. A Florida investment adviser pleaded guilty July 29 to charges surrounding his role in a $1.2 billion Ponzi scheme that collapsed in 2009, in which he allegedly lured investors to the scheme’s mastermind through deception and false assurances. Over two dozen other suspects have been convicted in connection to the scam. Source: http://www.nbcmiami.com/news/local/Investment-Adviser-Pleads-Guilty-in-12B-Ponzi-Scheme-319552121.html
9. July 29, Consumer Affairs – (Florida) “Thin green line” scam allegedly made millions for scam artists. Authorities indicted 8 South Florida individuals who allegedly solicited about $2.4 million from over 200 investors by claiming their company, Thought Development Inc., had invented a device that generated a green laser line on football fields for easier first-down measurement, as well as a scheme in which the suspects fraudulently sold stock in a fee-based gaming serviced called Virgin Gaming. Source: http://www.consumeraffairs.com/news/thin-green-line-scam-allegedly-made-millions-for-scam-artists-072915.html
Information Technology Sector
23. July 30, The Register – (International) Cisco IOS-XE update time: squash that DoS bug. Cisco released a patch for a vulnerability In its IOS-XE operating system (OS) in which an attacker could cause a denial-of-service (DoS) condition by sending a series of Internet Protocol version 4 (IPv4) or IPv6 fragments designed to trigger an error message. Source: http://www.theregister.co.uk/2015/07/30/cisco_iosxe_update_time_squash_that_dos_bug/
24. July 30, Help Net Security – (International) More than a third of employees would sell company data. Loudhouse released results from a survey on enterprise security practices polling over 500 Internet technology (IT) decision-makers and 4,000 employees across the U.S., Europe, and Australia, revealing that 25 percent of employees polled would sell company data for less than $8,000, citing the ready access most employees have access to valuable data, among other findings.Source: http://www.net-security.org/secworld.php?id=18682
25. July 30, Help Net Security – (International) Most malvertising attacks are hosted on news and entertainment Web sites. Bromium Labs released an analysis of malware evasion technology revealing that over 50 percent of malware is hosted on news and entertainment Web sites, and reported an 80 percent increase in new ransomware families since 2014, among other findings.Source: http://www.net-security.org/malware_news.php?id=3081
26. July 29, Securityweek – (International) Shellshock flaw still actively exploited: Solutionary. Solutionary’s Security Engineering Research Team released findings from a report revealing that the Shellshock bug discovered in 2014 has been actively exploited by threat actors, identifying about 600,000 Shellshock-related events from over 25,000 Internet Protocol (IP) addresses, mostly in the U.S. Researchers noted that education organizations were the most targeted, among other findings.
27. July 29, IDG News Service – (International) Maliciously crafted MKV video files can be used to crash Android phones. Security researchers from Trend Micro discovered a vulnerability in the Android operating system’s (OS) mediaserver component in which an attacker could use a malformed Matroska video container (MKV) file to crash and render a device unusable. Source: http://www.computerworld.com/article/2954358/security/maliciously-crafted-mkv-video-files-can-be-used-to-crash-android-phones.html#tk.rss_security
See item 27 above in the Information Technology Sector