Complete DHS Report for
July 13, 2015
Daily Report
Top Stories
· General Motors announced a recall July
10 of about 690,000 model year 2007 – 2012 Saturn, GMC, and Buick SUVs in the
U.S. due to an issue with gas struts that could cause lift gates to close
unexpectedly. – CNBC
3. July 10,
CNBC – (National) General Motors recalling nearly 780K crossover
SUVs. General Motors announced a recall July 10 of about 690,000 model year
2007 – 2012 Saturn Outlook, GMC Acadia, Chevrolet Traverse, and Buick Enclave
vehicles in the U.S. due to an issue with gas struts in which dirt may cause
them to prematurely wear, causing the power lift gate to close unexpectedly.
Fifty-six injuries have been reported in connection with the issue.
· Federal officials announced July 9 that
the recent breach of the U.S. Office of Personnel Management’s computer systems
affected roughly 21.5 million people, up from previous estimates of 4.2
million. – CNN
19. July 10,
CNN – (National) OPM government data breach impacted 21.5 million. Federal
officials announced July 9 that the June breach of the U.S. Office of Personnel
Management’s computer systems affected roughly 21.5 million people, up from the
4.2 million estimate originally announced, including security clearance
application information from 19.7 million applicants and information regarding
1.8 million non-applicants comprised of spouses and partners.
· The alleged mastermind of an
Estonian-based international cyber fraud group pleaded guilty to his role in
operation “Ghost Click”, in which he and co-conspirators installed the
DNSChanger trojan on 4 million computers in over 100 countries and collected
$14 million through clickjacking and ad fraud. – Securityweek See item 24 below in the Information Technology Sector
· Service Systems Associates reported
point-of-sale malware installed on its credit and debit card processing systems
may have compromised payment information of zoo gift shop customers in over 12
cities nationwide. – Krebs on Security
28. July 9,
Krebs on Security – (National) Credit card breach at a zoo near you. Denver-based
Service Systems Associates reported that malware installed on point-of-sale
(PoS) credit and debit card processing systems at zoo gifts shops in at least
12 cities nationwide may have compromised the payment information of customers
who used the systems between March 23 – June 25.
Financial Services Sector
5. July 9,
KCRA 3 Sacramento – (California) ‘Dropout Bandit’ sought in 3 NorCal bank
robberies. The FBI is searching for a suspect dubbed the ‘Dropout Bandit’
who allegedly robbed at least 3 Schools Credit Union branches in Sacramento
since March.
6. July 9,
WXIX 19 Cincinnati – (Ohio; Kentucky; Indiana) ‘Sock Hat Bandit’ indicted for bank
robberies during two month period. A Dayton man dubbed the “Sock Hat
Bandit” was indicted July 9 for three robberies at the Hebron U.S. Bank,
Bellevue Fifth Third Bank, and Independence Fifth Third Bank in Kentucky
between May – June, while authorities continue to investigate his role in at
least six more robberies across Ohio and Indiana in the two-month span. Source:
http://www.fox19.com/story/29514988/sock-hat-bandit-indicted-for-bank-robberies-in-two-month-period
7. July 9,
Dow Jones Business News – (National) Adviser, racer convicted in
fraud case. A former financial adviser and a retired professional race car
driver were convicted July 9 of stealing over $30 million from investors over
10 years by falsely promising investments, including land development in Hawaii
and a credit card company in Arizona, and that the men used holding companies
to divert funds for personal expenses. Source: http://www.nasdaq.com/article/adviser-racer-convicted-in-fraud-case-20150709-01084
Information Technology Sector
22. July 10,
Securityweek – (International) Chinese APT group uses Hacking Team’s Flash
Player exploit. Security researchers from Volexity reported that the Wekby
advanced persistent threat group (APT), also known as APT 18, Dynamite Panda,
and TG-0416, was leveraging an Adobe Flash Player exploit revealed through the
July breach of the software company Hacking Team by sending spear-phishing
emails purporting to be from Adobe which directed users to download a
compromised Flash Player file containing malware.
Source: http://www.securityweek.com/chinese-apt-group-uses-hacking-team%E2%80%99s-flash-player-exploit
23. July 10,
Help Net Security – (International) VMware fixes host privilege escalation bug in
Workstation, Player, Horizon View. VMware issued patches addressing a
privilege escalation vulnerability in the company’s Workstation, Player, and
Horizon View Client for Microsoft Windows in which an attacker could leverage a
lack of a discretionary access control list (DACL) in a process to elevate
privileges and execute code. Source: http://www.net-security.org/secworld.php?id=18613
24. July 9,
Securityweek – (International) Estonian man pleads guilty to role in
DNSChanger botnet scheme. The alleged mastermind of an Estonian-based
international cyber fraud group pleaded guilty to his role in a 2007 – 2011
operation dubbed “Ghost Click” in which he and co-conspirators installed the
DNSChanger trojan on 4 million computers in over 100 countries and collected
over $14 million through clickjacking and ad fraud via the malware. Source: http://www.securityweek.com/estonian-man-pleads-guilty-role-dnschanger-botnet-scheme
25. July 9,
IDG News Service – (International) Hacking Team claims terrorists can now use
its tools. The Italian security company Hacking Team warned July 8 that the
release of 400 gigabytes (GB) of internal data in a July 5 breach of its
systems represented an “extremely dangerous” situation and that terrorists and
other threat actors could potentially leverage available code to deploy
software against any target.Source: http://www.computerworld.com/article/2946093/security0/hacking-team-claims-terrorists-can-now-use-its-tools.html#tk.rss_security
For another
story, see item 28 above in Top Stories
Communications Sector
26. July 9,
U.S. Federal Communications Commission – (National) TerraCom, YourTel
to pay $3.5M to resolve consumer privacy violations. The U.S. Federal
Communications Commission’s Enforcement Bureau entered into a $3.5 million
settlement with Terracom Inc., and YourTel America, to resolve violations after
an investigation revealed the companies failed to properly protect
confidentiality of personal information they received from more than 300,000
consumers.
No comments:
Post a Comment