Thursday, April 16, 2015



Complete DHS Report for April 16, 2015

Daily Report

Top Stories

 • Court documents unsealed April 14 revealed that a man charged in the March 13 robbery of a Wells Fargo bank branch in Washington, D.C., confessed to 8 other robberies perpetrated by the “Black Hat Bandits” gang. – Washington Post See item 4 below in the Financial Services Sector

 • A Government Accountability Office report released April 14 warned that commercial flights with Internet-based technology are vulnerable to having their onboard systems hacked remotely through the plane’s Wi-Fi network. – Associated Press

5. April 15, Associated Press – (National) GAO reports warns hackers could bring down plane using passenger Wi-Fi. A Government Accountability Office report released April 14 warned that commercial flights that have been modernized with Internet-based technology are vulnerable to having their onboard systems hacked remotely through the plane’s passenger Wi-Fi network. The report states that airlines are currently relying on firewalls to create a barrier between the avionics in a cockpit and passenger Wi-Fi networks. Source: http://www.foxnews.com/tech/2015/04/15/gao-reports-warns-hackers-could-bring-down-plane-using-passenger-wi-fi/

 • A North Palm Beach-based ophthalmologist was charged April 14 in connection to a scheme to allegedly defraud Medicare and other healthcare programs out of over $105 million through the submission of fake claims. – Reuters

12. April 14, Reuters – (Florida; New Jersey) Florida doctor indicted on Medicare fraud: U.S. Attorney. A North Palm Beach-based ophthalmologist was charged April 14 in connection a scheme to allegedly defraud Medicare and other healthcare programs by billing Medicare for more than $190 million, and receiving over $105 million in reimbursements through the submission of fake claims and false diagnoses. The doctor was also charged with corruption along with a New Jersey senator after they allegedly traded up to $1 million worth of gifts in exchange for political favors. Source: http://www.reuters.com/article/2015/04/14/us-usa-florida-melgen-idUSKBN0N52JP20150414

 • Findings from Verizon’s recently released annual Data Breach Investigations Report revealed that the top industries affected by data breaches in the last year were public administration, financial services, manufacturing, accommodations, and retail, among other findings. – IDG News Service See item 26 below in the Information Technology Sector

Financial Services Sector

3. April 15, Softpedia – (National) Users in the U.S. targeted with ransomware via tax return-flavored emails. Security researchers at Kaspersky Lab identified a phishing scheme in which cybercriminals send emails purportedly from the U.S. Internal Revenue Service regarding tax refunds which contain rigged Microsoft Word files that download a trojan once macros are enabled. The trojan blocks access to the Internet and demands payment to a short message service (SMS) number via prepaid cards. Source: http://news.softpedia.com/news/Users-in-the-US-Targeted-with-Ransomware-Via-Tax-Return-Flavored-Emails-478465.shtml

4. April 14, Washington Post – (Washington, D.C.; Maryland; Virginia) Police link man arrested in D.C. bank robbery to Black Hat Bandits. Court documents unsealed April 14 revealed that a man charged in the March 13 robbery of a Wells Fargo bank branch in Washington, D.C., confessed to 8 other bank robberies perpetrated by the “Black Hat Bandits” gang throughout Virginia and Maryland since January. Authorities are seeking other suspects linked to the nine robberies. Source: http://www.washingtonpost.com/local/crime/police-link-man-arrested-in-dc-bank-robbery-to-black-hat-bandits/2015/04/14/9653db5c-e2ab-11e4-81ea-0649268f729e_story.html

For another story, see item 26 below in the Information Technology Sector

Information Technology Sector

21. April 15, Softpedia – (International) Victim of cyber-attack replies with own backdoor. Security researchers at Kaspersky Lab reported that it observed two cyberespionage advanced persistent threat (APT) groups called Hellsing and Naikon engage in deliberate APT-on-APT attacks through spear-phishing emails containing custom malware, signaling a potential new trend. Hellsing was previously linked to other APT groups and the group has targeted diplomatic organizations in the U.S. Source: http://news.softpedia.com/news/Victim-of-Cyber-Attack-Replies-with-Own-Backdoor-478425.shtml

22. April 15, Help Net Security – (International) Adobe fixes Flash Player zero-day exploited in the wild. Adobe released a new version of Flash Player for Windows, Macintosh, and Linux that addresses 22 critical vulnerabilities, including one that is exploited in the wild and could lead to code execution and an attacker taking control of the affected system. A security bypass vulnerability that could lead to information disclosure and memory leak flaws that could be leveraged to bypass address space layout randomization (ALSR) also received fixes. Source: http://www.net-security.org/secworld.php?id=18218

23. April 15, Computerworld – (International) With latest patches, Oracle signals no more free updates for Java 7. Oracle released patches addressing 14 vulnerabilities in Java as part of a 98 security-issue fix that covered multiple product lines and marked the end of free Java 7 updates. Three of the Java vulnerabilities were high severity and could be exploited over networks without authentication and could lead to a complete compromise of affected systems’ confidentiality and integrity, and 12 others could be exploited from the Web through the Java browser plug-in. Source: http://www.computerworld.com/article/2909908/with-latest-patches-oracle-signals-no-more-free-updates-for-java-7.html

24. April 15, Securityweek – (International) Google fixes 45 security flaws with release of Chrome 42. Google released Chrome 42 for Windows, Mac, and Linux, which included fixes for 45 security issues including a cross-origin bypass flaw in the HTML parser, a type confusion in V8, a use-after-free vulnerability in inter-process communication (IPC), and an out-of-bounds write bug in the Skia graphics engine, among others. The update also removed support for the Netscape Plugin Application Programming Interface (NPAPI). Source: http://www.securityweek.com/google-fixes-45-security-flaws-release-chrome-42

25. April 14, Network World – (International) Microsoft Patch Tuesday April 2015 closes 0-day holes: 4 of 11 patches rated critical. Microsoft released 11 security bulletins that address 26 vulnerabilities, including critical remote code execution (RCE) flaws in Microsoft Office, a critical RCE vulnerability in HTTP.sys that could allow an attacker to use a malicious HTTP request to Windows Server to gain full remote control of a system, and 9 critical security holes in Internet Explorer, among others. Source: http://www.networkworld.com/article/2909627/microsoft-subnet/patch-tuesday-april-2015-closes-0-day-holes-4-of-11-patches-rated-critical-by-microsoft.html

26. April 14, IDG News Service – (International) Web app attacks, PoS intrusions and cyberespionage leading causes of data breaches. Findings from Verizon’s recently released annual Data Breach Investigations Report revealed that the top industries affected by data breaches in the last year were public administration, financial services, manufacturing, accommodations, and retail, and that over two-thirds of cyberespionage incidents since 2013 involved phishing attacks. The report also determined that banking information and credentials were the most common records stolen, among other findings. Source: http://www.networkworld.com/article/2909953/web-app-attacks-pos-intrusions-and-cyberespionage-leading-causes-of-data-breaches.html

27. April 14, Threatpost – (International) Apple fixes cookie access vulnerability in safari on billions of devices. A recent Apple update patched a cookie cross-domain vulnerability in all versions of the Safari Web browser on iOS, OS X, and Windows, that affected up to 1 billion devices, and was a result of the way Safari handled its file transfer protocol (FTP) uniform resource locator (URL) scheme, which could allow attackers to call upon documents to access and modify cookies belonging to Apple.com via JavaScript (JS). The update also patched a proxy manipulation vulnerability in iOS and multiple kernel vulnerabilities in OS X. Source: https://threatpost.com/apple-fixes-cookie-access-vulnerability-in-safari-on-billions-of-devices/112246

Communications Sector

Nothing to report