Wednesday, December 16, 2015



Complete DHS Report for December 16, 2015

Daily Report                                            

Top Stories

• The U.S. Navy announced December 14 that its littoral combat ship, the USS Milwaukee, broke down December 10 due to a loss of propulsion days after the ship’s crew discovered fine metal debris in the port combining gear filter system. – CNN

4. December 14, CNN – (National) New $360 million Navy ship breaks down. The U.S. Navy announced December 14 that its littoral combat ship, the USS Milwaukee, broke down December 10 due to a loss of propulsion days after the ship’s crew discovered fine metal debris in the port combining gear filter system. The ship needed to be towed more than forty miles to undergo a full inspection in Little Creek, Virginia.

• The U.S. Department of Justice announced that a U.S. Army National Guard soldier pleaded guilty December 14 to collaborating with a co-conspirator to provide material support to ISIL. – U.S. Department of Justice

22. December 14, U.S. Department of Justice – (International) U.S. Army National Guard soldier pleads guilty to attempting to provide material support to ISIL. The U.S. Department of Justice announced that a U.S. Army National Guard soldier pleaded guilty December 14 to collaborating with a co-conspirator to provide material support to a designated foreign terrorist organization in the Middle East. The soldier also admitted to planning an attack at the National Guard base in Joliet, Illinois. Source: https://www.fbi.gov/chicago/press-releases/2015/u.s.-army-national-guard-soldier-pleads-guilty-to-attempting-to-provide-material-support-to-isil

• MacKeeper, the utility software for Apple Mac products, reported that its database containing passwords and the personal information of 13 million users were exposed in a data breach. – Help Net Security See item 23 below in the Information Technology Sector

• The West Linn Police Department arrested 6 adults and 1 minor November 29 for allegations that the suspects were linked to a theft ring scheme in which they victimized 110 people across 7 States by using stolen credit cards to purchase thousands of gift cards. – The Oregonian

27. December 14, Portland Oregonian – (National) West Linn police arrest six in interstate ‘theft ring.’ The West Linn Police Department arrested 6 adults and 1 minor November 29 for alleged charges of first-degree aggravated theft, organized retail theft, aggravated identity theft, criminal possession of a forged instrument, and fraudulent use of a credit card after the suspects were linked to a theft ring scheme in which they victimized 110 people across 7 States by using stolen credit cards to buy more than $26,000 in gift cards. Source: http://www.oregonlive.com/west-linn/index.ssf/2015/12/west_linn_police_arrest_six_in.html#incart_river_home

Financial Services Sector

5. December 15, Softpedia – (National) Two mobile banking trojans used Facebook Parse as C&C server. Security researchers in Germany announced that the Android/OpFake and Android/Marry banking trojans targeting mobile devices stored their command and control (C&C) servers on 5 Facebook Parse databases, the company’s BaaS (Backend-as-a-Service) offering, and gathered nearly 170,000 short message service (SMS) messages from infected devices in addition to successfully executing over 20,000 commands primarily for financial fraud. Facebook closed all five accounts in August. Source: http://news.softpedia.com/news/two-mobile-banking-trojans-used-facebook-parse-as-c-c-server-497597.shtml

6. December 15, Newark Star-Ledger – (New Jersey) Woman pleads guilty to $1.1 million Securities and Annuities fraud scheme. New Jersey State officials announced December 14 that a former Morris County investor pleaded guilty December 11 to orchestrating a 10-year, $1.178 million Securities and Annuities fraud scheme by fabricating more than 100 financial statements to inflate her 14 clients’ accounts, stealing money from client accounts, fraudulently using the logos of at least 9 corporations, and collecting unlawful financial adviser fees after her license was revoked.

For additional stories, see item 1 below from the Energy Sector and item 27 above in Top Stories

1. December 14, Dayton Daily News – (Ohio) Identity theft devices found on gas pumps in 7th Ohio county. Authorities in Ohio found skimming devices on gas pumps in Warren County December 10, bringing the total number of State counties affected to seven. State and local authorities are investigating an organized Cuban crime ring believed to be tied to the installation of the devices in Ohio, Michigan, Illinois, Indiana, Wisconsin, and Kentucky. Source: http://www.mydaytondailynews.com/news/news/crime-law/identity-theft-devices-found-on-gas-pumps-in-7th-o/npjrH/

Information Technology Sector

23. December 15, Help Net Security – (International) 13 million MacKeeper users exposed in data breach. MacKeeper, the utility software for Apple Mac products, reported that its database containing passwords and the personal information of 13 million users were exposed in a data breach after a security researcher submitted a Shodan search and discovered four Internet Protocol (IP) addresses led to a MongoDB database belonging to Kromtech, the company that produces MacKeeper. MacKeeper patched the vulnerability and reported no data was shared or used inappropriately. Source: http://www.net-security.org/secworld.php?id=19232

24. December 15, SecurityWeek – (International) Joomla patches zero-day exploited in the wild. Joomla released its software version 3.4.6 and hotfixes patching a critical remote code execution flaw that was exploited in the wild for two days, enabling attackers to perform object injection via the Hypertext Transfer Protocol (HTTP) user agent which led to a full remote command execution attack from three different Internet Protocol (IP) addresses: 74.3.170.33, 146.0.72.83, and 194.28.174.106. The company advised users to check their logs for incoming requests from the three IP addresses and check if their Web sites were compromised by searching for “JDatabaseDriverMysqli” or “O:” in the User Agent. Source: http://www.securityweek.com/joomla-patches-zero-day-exploited-wild

25. December 15, Softpedia – (International) The return of macro malware and other malware trends. Security researchers from Intel Security released a report stating there were two types of malicious campaigns using macro-based malware to compromise a user’s personal computer (PC) via weaponized Word documents and another using fileless, in-memory malware to compromise a device by working in a PC’s random-access memory (RAM). The report stated the office-based macro threats were the highest last seen within six years. Source: http://news.softpedia.com/news/the-return-of-macro-malware-and-other-malware-trends-497590.shtml

26. December 14, SecurityWeek – (International) Polycom patches flaw in VVX Business Media phones. Polycom released software updates patching a path traversal vulnerability for several of its VVX Business Media phones after a security researcher from Depth Security found the request used by the interface displayed background images and ringtones in filename, which can allow attackers to use ‘../../’ to back out of the ring tones and background image files and access sensitive file content using ‘/etc/passwd.’ The company advised users to update its software to the latest version and disable the web servers on the affected devices. Source: http://www.securityweek.com/polycom-patches-flaw-vvx-business-media-phones

For another story, see item 5 above in the Financial Services Sector

Communications Sector

See item 26 above in the Information Technology Sector

No comments: