Complete DHS Report for
April 15, 2015
Daily Report
Top Stories
· Russia’s
Ministry of Internal Affairs reported April 11 that authorities arrested the
suspected developer of the Svpeng Android banking trojan along with four
co-conspirators who had allegedly targeted users in the U.S. and Europe. – Securityweek See item 8 below in the Financial Services Sector
· The New
York State Department of Financial Services released a report on cyber security
in the banking sector April 9 which revealed that one in three New York banks
are vulnerable to backdoors due to poor information security with third party
vendors, among other findings. – Threatpost See item 9 below in the Financial Services Sector
· Spokane
Public Schools in Washington removed 143 students from classrooms April 13 who
lacked vaccination documentation or failed to file a State-mandated waiver with
the district due to recent measles and whooping cough outbreaks. – Reuters
24. April
13, Reuters – (Washington) Washington state school district
removes 143 students over vaccine law. Spokane Public Schools in Washington
removed 143 students from classrooms April 13 who lacked documentation
confirming that they had received vaccinations or had filed a State-mandated
waiver with the district due to a recent measles epidemic that affected over
150 people across the U.S., and a whooping cough outbreak in the State’s
eastern city. Source: http://www.reuters.com/article/2015/04/14/us-usa-vaccine-washington-idUSKBN0N507020150414
· Dell’s
annual threat report found that attacks against supervisory control and data
acquisition systems (SCADA) doubled in 2014, tended to be political in nature,
and targeted operational capabilities within industrial facilities. – Securityweek
See
item 32 below in the Information Technology Sector
Financial Services Sector
7. April 14,
Associated Press – (National) Ex-Assembly speaker’s son-in-law charged in $7M
Ponzi scheme. A New York investment manager and co-owner of Allese Capital
was charged April 13 with defrauding investors out of $7 million in a Ponzi
scheme in which he allegedly solicited securities trading investments from 2009
– 2014, and only invested portions of the funds, while using the remainder for
his own benefit and to repay other investors. Source: http://www.omaha.com/news/nation/ex-assemblyman-s-son-in-law-facing-federal-fraud-charges/article_a6b21895-0b00-5df8-a07c-2d3b42cf6663.html
8. April 14,
Securityweek – (International) Alleged creator of Svpeng Android malware
arrested in Russia. Russia’s Ministry of Internal Affairs reported April 11
that the suspected developer of the Svpeng Android trojan along with 4
co-conspirators calling themselves “The Fascists” who had allegedly used the
trojan to steal money from bank accounts in the U.S. and Europe were arrested.
The malware employs a combination of short message service (SMS) hacking,
phishing Web pages, credential logging, and ransomware to access victims’
account and access funds. Source: http://www.securityweek.com/alleged-creator-svpeng-android-malware-arrested-russia
9. April 13,
Threatpost – (New York) Vulnerabilities identified in NY banking vendors. The
New York State Department of Financial Services released a report on cyber
security in the banking sector April 9 which revealed that one in three New
York banks are neglectful of information security relating to third-party
vendors and are vulnerable to backdoor access by those looking to steal data as
a result. One in three banks interviewed did not require vendors to notify them
in the event of a data breach, and only half had strategies prepared for breach
scenarios, among other findings. Source: https://threatpost.com/vulnerabilities-identified-in-ny-banking-vendors/112209
Information Technology Sector
28. April 14,
Softpedia – (International) Misconfigured DNS servers vulnerable to
domain info leak. The U.S. Computer Emergency Readiness Team (US-CERT)
released a security statement warning that misconfigured, public-facing domain
name system (DNS) servers utilizing Asynchronous Transfer Full Range (AXFR)
protocols are vulnerable to system takeovers, redirects to spoofed addresses,
and denial-of-service (DoS) attacks from unauthenticated users via DNS zone
transfer requests. Research from Alexa revealed that over 72,000 domains and
48,000 nameservers were affected by the issue. Source: http://news.softpedia.com/news/Misconfigured-DNS-Servers-Vulnerable-to-Domain-Info-Leak-478331.shtml
29. April 14,
Help Net Security – (International) 18-year-old bug can be exploited to steal
credentials of Windows users. A Cylance researcher identified a new
technique for exploiting an 18-year-old flaw in Windows Server Message Block
(SMB) in all versions of Windows operating systems (OS) which allows attackers
to intercept user credentials by hijacking communications with legitimate Web
servers via man-in-the-middle (MitM) attacks that send them to malicious server
message block (SMB) servers that reveal victims’ usernames, domains, and hashed
passwords. Source: http://www.net-security.org/secworld.php?id=18210
30. April 14,
Help Net Security – (International) Attackers use deceptive tactics to dominate
corporate networks. Symantec released research revealing that
spear-phishing attacks on corporations increased by 8 percent in 2014, and that
email and social media had remained significant attack vectors. Researchers
also found that software companies took an average of 59 days to release
patches and that 24 zero-day vulnerabilities were discovered in 2014, among
other findings. Source: http://www.net-security.org/secworld.php?id=18208
31. April 13,
Help Net Security – (International) Attackers can easily crack Belkin routers’
WPS PINs. A security researcher discovered that 80 percent of Belkin
routers tested generated Wi-Fi Protected Setup (WPS) PINs based on the device’s
own MAC addresses and serial numbers, leaving it vulnerable to discovery by
attackers using unencrypted request/response packets via Wi-Fi probes. Source: http://www.net-security.org/secworld.php?id=18204
32. April 13,
Securityweek – (International) Attacks against SCADA systems doubled in
2014: Dell. Dell revealed in its annual threat report that attacks against
supervisory control and data acquisition systems (SCADA) doubled in 2014,
including 51,258 attacks in the U.S., and that the attacks tended to be
political in nature and targeted operational capabilities within power plants,
factories, and refineries primarily in Finland, the U.K., and the U.S. The
report found that 25 percent of the attacks witnessed exploited buffer overflow
vulnerabilities followed by improper input validation and information exposure.
Source: http://www.securityweek.com/attacks-against-scada-systems-doubled-2014-dell
For additional stories, see
items 8 and 9 above in the Financial Services Sector
Communications Sector
Nothing to report