· HSBC
Finance Corporation notified at least 1,000 mortgage account customers in New
Hampshire, California, Maine, Massachusetts, and Alabama, that their personal
data had been inadvertently compromised in a breach discovered March 27.– Softpedia
See
item 5 below in the Financial Services Sector
· Authorities
reopened the Greenbelt Metro station and Green Line service between College
Park and Greenbelt stations resumed April 16 after a 15-hour closure that
resulted when a pedestrian bridge fell onto Metro and MARC train tracks in
Prince George’s County, Maryland, April 15.– WTOP 103.5 FM Washington, D.C.
6. April 16, WTOP 103.5 FM
Washington, D.C. –
(Maryland) Bridge collapses onto Metro, MARC train tracks in Prince George’s
Co. The Washington Metropolitan Area Transit Authority’s Greenbelt Metro
station reopened and Green Line service was restored between College Park and
Greenbelt stations April 16 after being closed for approximately 15 hours while
crews worked to make repairs after a pedestrian bridge fell onto Metro and
Maryland Area Regional Commuter train tracks in Prince George’s County April
15. No injuries were reported. Source: http://wtop.com/prince-georges-county/2015/04/bridge-collapses-onto-metro-marc-train-tracks-in-prince-georges-co/slide/1/
· Two
U.S. Army National Guard members were arrested in San Diego, California, April
15 for allegedly attempting to sell guns, body armor, and military ammunition
to purported Mexican drug cartel members. – CNN
19. April 15, CNN – (International) Feds say National Guardsmen tried to sell
guns, ammo to cartel. Two U.S. Army National Guard members were arrested
in San Diego April 15 for allegedly attempting to sell guns, body armor, and
military ammunition to purported Mexican drug cartel members. The Guardsmen
were supposedly caught in a sting operation run by agents with the Bureau of
Alcohol, Tobacco, Firearms and Explosives (ATF) after making more than a dozen
sales of firearms and stolen military ammunition to informants working with the
ATF. Source: http://www.cnn.com/2015/04/15/politics/national-guardsmen-sell-guns-ammo-cartels/index.html
· An
investigation into a January breach at the Metropolitan State University in
Minnesota concluded the week of April 13 and found that a hacker likely exposed
the personal information of up to 160,000 students. – Minneapolis
Star-Tribune
20. April 15, Minneapolis Star-Tribune –
(Minnesota) Computer hacker likely exposed data of 160,000 at Metropolitan
State University. An investigation into a January breach at the St.
Paul-based Metropolitan State University concluded the week of April 13 and
found that a hacker broke into the university’s database and likely exposed the
personal information of as many as 160,000 current, former, and potential
students. The investigation also found that about 11,000 students had portions
of their Social Security numbers accessed. Source: http://www.startribune.com/local/299858391.html
Financial Services Sector
4. April
15, KDKA 2 Pittsburgh – (Pennsylvania) FBI offering reward for
info leading to capture of ‘North Hills Bandits’ bank robbery suspects. The
FBI is offering a $10,000 reward for information leading to the arrest of 2
robbery suspects, dubbed the “North Hills Bandits,” who carried out armed
robberies at 3 banks in the North Hills area of Pittsburgh since January. FBI
agents reported that the suspects appeared to have former firearms training and
used different vehicles in each robbery. Source: http://pittsburgh.cbslocal.com/2015/04/15/fbi-offering-reward-for-info-leading-to-capture-of-north-hills-bandit-bank-robbery-suspects/
5. April
15, Softpedia – (National) HSBC Finance Corporation exposes
mortgage account info. HSBC Finance Corporation notified at least 1,000
mortgage account customers in States including New Hampshire, California,
Maine, Massachusetts, and Alabama, that the company inadvertently published
names, Social Security numbers, account numbers, and other personal data in a
breach that was discovered March 27. The data was immediately secured following
the discovery, law enforcement was notified, and HSBC offered all impacted
customers a free one-year subscription to Identity Guard services. Source: http://news.softpedia.com/news/HSBC-Finance-Corporation-Exposes-Mortgage-Account-Info-478445.shtml
Information Technology Sector
23. April 16,
Softpedia – (International) Current threat prevention systems are not
enough protection for enterprises. Findings from a recent study in
automated breach detection carried out by security researchers at Seculert
revealed that gateway solutions at participating Fortune 2000 enterprises only
blocked 87 percent of communications from compromised devices within their
networks. The report also found that about 2 percent of devices in
organizations were compromised by malware while nearly 400,000 interactions
that were generated went undetected, among other findings. Source: http://news.softpedia.com/news/Current-Threat-Prevention-Systems-Are-Not-Enough-Protection-for-Enterprises-478567.shtml
24. April 16,
Softpedia – (International) Company employees not sufficiently trained to
avoid phishing, study finds. A survey commissioned by Intel Security of 700
respondents in businesses across multiple continents revealed that 38 percent
of information technology and security professionals believe vulnerability to
social engineering is a significant factor in the success of attacks and that
threat actors’ use of multiple attack vectors, exploits, and payloads makes
defending against attacks difficult, among other findings. Source: http://news.softpedia.com/news/Company-Employees-Not-Sufficiently-Trained-to-Avoid-Phishing-Study-Finds-478564.shtml
25. April 16,
Help Net Security – (International) TeslaCrypt ransomware pushed by several
exploit kits. Security researchers discovered that threat actors are
distributing a new ransomware called TeslaCrypt via the Angler, Sweet Orange,
and Nuclear exploit kits (EKs), which encrypts the typical assortment of file
types along with those related to video games and game-related software, and
iTunes-related files. Users have been targeted via redirects to compromised
WordPress Web sites and hosts running vulnerable out-of-date Adobe Flash plugins.
Source: http://www.net-security.org/malware_news.php?id=3019
26. April 15,
IDG News Service – (International) AirDroid app fixes severe authentication
vulnerability. AirDroid fixed a severe authentication software flaw in its
Web interface affecting versions 3.0.4 and earlier, that could have allowed
attackers to take over a device running the software by sending targets a
malicious link over short message service (SMS) which exploit the app’s use of
JavaScript Object Notation (JSONP) to request data from a server in a different
domain. Source: http://www.networkworld.com/article/2910753/airdroid-app-fixes-severe-authentication-vulnerability.html
Communications Sector
Nothing to report