Complete DHS Report for
April 23, 2015
Daily Report
Top Stories
· Oklahoma’s
energy and environment cabinet introduced a Web site April 21 detailing the evidence
behind expert studies of the likelihood that wastewater wells are causing the
majority of the State’s earthquakes. – New York Times
3. April
21, New York Times – (Oklahoma) Oklahoma recognizes role of
drilling in earthquakes. Oklahoma’s energy and environment cabinet
introduced a Web site April 21 detailing the evidence behind expert studies of
the likelihood that wastewater wells are causing the majority of the State’s
earthquakes. The site coincides with a statement by the State-run Oklahoma
Geological Survey endorsing that the relationship between oil and gas activity
and seismicity were connected over a large area of the State. Source: http://www.nytimes.com/2015/04/22/us/oklahoma-acknowledges-wastewater-from-oil-and-gas-wells-as-major-cause-of-quakes.html
· Two
former employees of New York-based Agape World Inc., were convicted of charges
April 21 for their roles in a Ponzi scheme that bilked around 3,800 investors
out of about $147 million from 2005 – 2009. – Reuters See item 7 below in the Financial Services Sector
· Authorities
in London arrested a high-frequency trader from Waddell & Reed Financial
Inc., and Nav Sarao Milking Markets Ltd., after the U.S. Department of Justice
announced criminal charges April 21 in connection to his role in the 2010
“flash crash” that wiped out almost $1 trillion in market value. – Reuters See item 9 below in the Financial Services Sector
· One
person died and at least 23 others were hospitalized by a botulism outbreak
connected to a dinner at the Cross Pointe Free Will Baptist Church in
Lancaster, Ohio, April 19. – WBNS 10 Columbus
31. April 22, WBNS 10 Columbus – (Ohio) One
dead, nearly two dozen hospitalized after botulism outbreak at Lancaster
potluck dinner. One person died and at least 23 others were hospitalized by
a suspected botulism outbreak connected to a potluck dinner at the Cross Pointe
Free Will Baptist Church in Lancaster, Ohio, April 19. Health officials
encouraged the approximately 50-60 people who attended the potluck to receive a
medical evaluation as a precaution. Source: http://www.10tv.com/content/stories/2015/04/21/lancaster-ohio-several-churchgoers-showing-signs-of-botulism-after-potluck-dinner-in-lancaster.html
Financial Services Sector
7. April 21,
Reuters – (New York) Two ex-New York investment firm employees
convicted in Ponzi fraud. Two former employees of Long Island-based Agape
World Inc., were convicted of charges including securities fraud, conspiracy,
and mail fraud April 21 for their roles in a Ponzi scheme that bilked around
3,800 investors out of about $147 million from 2005 – 2009. The pair pocketed
about $12.4 million by promising unrealistic returns on investments while
paying returns from other investors’ deposits. Source: http://www.reuters.com/article/2015/04/22/us-usa-ponzi-agape-idUSKBN0NC2PC20150422
8. April 21,
NorthJersey.com – (National) Romanian charged in ATM scheme extradited to NJ
from Spain. A Romanian citizen was arrested and extradited from Spain
during the week of April 13 and faced charges April 20 for his alleged role in
an ATM-skimming scheme that used card-reading devices and pinhole cameras to
steal over $5 million from thousands of Citibank, TD Bank, Wells Fargo, and
other financial institutions’ customers on the east coast from 2012 – 2013.
Thirteen suspects have been convicted in connection to the scheme. Source: http://www.northjersey.com/news/romanian-charged-in-atm-scheme-extradited-to-nj-from-spain-1.1313568
9. April 21,
Reuters – (International) UK speed trader arrested over role in 2010
‘flash crash’. Authorities in London arrested a high-frequency trader from
Waddell & Reed Financial Inc., and Nav Sarao Milking Markets Ltd., after
the U.S. Department of Justice (DOJ) announced criminal charges April 21 in
connection to his role in the 2010 “flash crash” that wiped out almost $1
trillion in market value, in which he allegedly used an automated program to
generate large sell orders that pushed down prices, canceled the orders, and
subsequently bought the contracts at lower prices. The DOJ plans to request
that the suspect be extradited to the U.S. Source: http://www.reuters.com/article/2015/04/21/us-usa-security-fraud-idUSKBN0NC21220150421
Information Technology Sector
27. April 22, Softpedia – (International) WordPress
4.1.2 fixes critical XSS flaw. WordPress developers announced that the
newest release of the blogging platform, 4.1.2, addresses critical security
vulnerabilities including a cross-site scripting (XSS) glitch affecting the
content management system (CMS) that could allow an attacker to compromise a
vulnerable Web site, as well as three other flaws. The release also included
increased protection for files that could present a security risk. Source: http://news.softpedia.com/news/WordPress-4-1-2-Fixes-Critical-XSS-Flaw-479043.shtml
28. April 22, Softpedia – (International) White
House, US State Department hit with Advanced CozyDuke threat. Security
researchers from Kaspersky Lab reported that 2014 cyber-attacks against the
White House and the U.S. Department of State were part of an advanced persistent
threat (APT) campaign dubbed CozyDuke, also known as CozyBear and CozyCar, and
could be connected with the MiniDuke campaign that used spear-phishing emails
and malicious attachments and Web sites to target the North Atlantic Treaty
Organization (NATO) and European government agencies. Source: http://news.softpedia.com/news/White-House-US-State-Department-Hit-with-Advanced-CozyDuke-Threat-479059.shtml
29. April 22, The Register – (International) ‘No
iOS Zone’ Wi-Fi zero-day bug forces iPhones, iPads to crash and burn. Security
researchers from Skycure discovered a zero-day denial-of-service (DoS) secure
sockets-layer (SSL) vulnerability in Apple’s iOS 8 called “No iOS Zone” that
attackers can exploit to create a malicious Wi-Fi hotspot that forces users to
connect, and manipulates traffic to cause apps and the operating system (OS) on
connected iOS devices to crash, even in offline mode. Source: http://www.theregister.co.uk/2015/04/22/apple_no_ios_zone_bug/
30. April 21, Dark Reading – (International) Zero-day
malvertising attack went undetected for two months. Security researchers at
Malwarebytes reported that cybercriminals had managed to exploit a zero-day
Adobe Flash Player vulnerability patched in February to target U.S. users with
the HanJuan exploit kit (EK) containing ransomware embedded in online ads for
nearly two months without detection. The attacks infected Web sites belonging
to Dailymotion, Huffington Post, and answers.com, among others, and reached
over 1 billion users in February alone. Source: http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092
Communications Sector
See item 25 below from the Emergency Services
Sector
25. April 21, KTVN 2 Reno –
(Nevada) Service restored to several counties after AT&T outage. An
outage at the emergency 9-1-1 dispatch centers in Pershing, White Pine, Elko,
Humboldt, and Lander counties lasted several hours April 21 when vandals
severed an AT&T fiber line that also knocked out landline, cell phone, and
Internet services. Source: http://www.ktvn.com/story/28859851/att-outage-affecting-several-nevada-counties-1