Complete DHS Report for
August 19, 2015
Daily Report
Top Stories
· Recently published research from a 2013
report revealed that weaknesses in the Megamos Crypto system could be leveraged
via “close-range wireless communication” attacks to remotely unlock over 100
vehicle models. – The Guardian
2. August 18,
The Guardian – (International) Security flaw affecting more than 100 car models
exposed by scientists. Research published from a 2013 report by British and
Dutch academics revealed weaknesses in the Swiss-made Megamos Crypto system
used to prevent certain Audi, Citroën, Fiat, Honda, Volvo, and Volkswagen
vehicles’ engines from starting when a remote key is not present, in which a
third party could use “close-range wireless communication” attacks to disable
the system and steal the vehicle. Source: http://www.theguardian.com/technology/2015/aug/18/security-flaw-100-car-models-exposed-scientists-volkswagen-suppressed-paper
· A Romanian man pleaded guilty August 17
to his role in an international ATM skimming operation involving 4,583 stolen
bank card numbers, skimming devices, and about $15,000 in stolen funds. – U.S.
Attorney’s Office Eastern District of Pennsylvania See item 5 below in the Financial Services Sector
· The New York Metropolitan
Transportation Authority shut down Long Island Rail Road service in Bethpage
August 16 after a small plane crashed onto the tracks. – WNBC 4 New York
9. August 17,
WNBC 4 New York – (New York) 1 dead, 1 hurt in plane crash on Long Island Rail
Road tracks. The New York Metropolitan Transportation Authority shut down
service on the Long Island Rail Road at the site in Bethpage for most of the
day August 16 after a small plane crashed onto the railroad tracks, killing the
pilot and injuring a passenger. The plane took off from Gabreski Airport in
Westhampton Beach and was headed to Morristown, New Jersey.Source: http://www.nbcnewyork.com/news/local/NY-Long-Island-Plane-Crash-Casualties-LIRR-Service-Suspended-321986792.html
· The U.S. Internal Revenue Service
announced August 17 that an additional 220,000 taxpayers may have had their
account information breached in a May incident involving thefts targeting the
agency’s “Get Transcript” system. – Associated Press
16. August 18,
Associated Press – (National) IRS: Computer breach bigger than first thought;
334,000 victims. The U.S. Internal Revenue Service announced August 17 that
an additional 220,000 taxpayers may have had their account information breached
in an incident disclosed in May where thieves stole tax information after
accessing the agency’s “Get Transcript” system where taxpayers can get tax
returns and filings from previous years. The agency stated that it believes the
total number of potential victims rose to 334,000 while it continues to
investigate the breach.Source: http://www.tulsaworld.com/business/consumer/irs-computer-breach-bigger-than-first-thought-victims/article_51aba05f-b15e-5df4-acc3-387bdf675fb7.html
Financial Services Sector
5. August 17,
U.S. Attorney’s Office Eastern District of Pennsylvania –
(International) Romanian National admits to international ATM skimming
scheme. A Romanian citizen pleaded guilty in Philadelphia August 17 to his
role in an international scheme in which conspirators allegedly placed skimming
devices on ATMs in Europe and the U.S., and withdrew funds from compromised
accounts. Authorities arrested the man in South Carolina and found a total of
4,583 stolen bank card numbers, ATM skimming devices, and about $15,000 in
stolen funds.Source: https://www.fbi.gov/philadelphia/press-releases/2015/romanian-national-admits-to-international-atm-skimming-scheme
6. August 17,
Oak Lawn Patch – (Illinois) FBI intensifies search for serial bank robber
dubbed ‘Midday Bandit’. The FBI is offering $10,000 for information leading
to the capture and arrest of a suspect dubbed the “Midday Bandit”, who
allegedly robbed 8 Chicago-area banks and attempted to rob 2 others since June
2014, with the most recent incident occurring at a U.S. Bank branch in Oak Park
August 3. Source: http://patch.com/illinois/oaklawn/fbi-intensifies-search-serial-bank-robber-dubbed-midday-bandit
For another story, see item 16 above in Top Stories
Information Technology Sector
23. August 18,
Securityweek – (International) High severity flaw in Android allows
arbitrary code execution. Security researchers from Trend Micro discovered
a heap overflow vulnerability in the Android operating system’s (OS)
mediaserver Audio Policy Service, AudioEffect component, in which an app
requiring no permissions could be used to execute arbitrary code. The
vulnerability was patched in August security updates. Source: http://www.securityweek.com/high-severity-flaw-android-allows-arbitrary-code-execution
24. August 18,
Securityweek – (International) Darkode member admits selling access to spam
botnet. A New York member of the Darkode hacker forums pleaded guilty
August 17 for his involvement in a scheme in which computers of Facebook users
were infected with the Slenfbot worm and the “Facebook Spreader” malware, which
used victim
account information to spread. The suspect and co-conspirators allegedly
received $200 - $300 for every 10,000 active infections from 2011 – 2012. Source:
http://www.securityweek.com/darkode-member-admits-selling-access-spam-botnet
25. August 18,
Threatpost – (International) Reflection DDoS attacks abusing RPC
Portmapper. Officials from Level 3 Communications observed attackers
utilizing Remote Procedure Call (RPC) Portmapper services for reflection
distributed denial-of-service (DDoS) attacks between June and August, representing
a new and effective method for bandwidth saturation. Source: https://threatpost.com/reflection-ddos-attacks-abusing-rpc-portmapper/114318
For another story, see item 2 above in Top Stories
Communications Sector
Nothing to report
No comments:
Post a Comment