Friday, April 24, 201

Complete DHS Report for April 24, 2015

Daily Report

Top Stories

 · Deutsche Bank agreed April 23 to pay $2.5 billion to settle allegations that bank employees in London, New York City, Frankfurt, and Tokyo had knowingly manipulated benchmarks used to set interest rates on trillions of dollars in mortgages, student loans, credit cards, and other debt from 2005 – 2009. – New York Times See item 5 below in the Financial Services Sector

 · A 6-mile stretch of eastbound Interstate 16 in Bryan County, Georgia, was closed for at least 6 hours April 22 due to a multi-vehicle, chain-reaction crash that killed 5 individuals, injured 3 others, and damaged 7 vehicles. – Associated Press

8. April 22, Associated Press – (Georgia) 5 nursing students killed in Georgia interstate crash. A 6-mile stretch of eastbound Interstate 16 in Bryan County, Georgia, was closed for at least 6 hours April 22 due to a multi-vehicle, chain-reaction crash that killed 5 individuals, injured 3 others, and damaged 7 vehicles. Source: http://www.wsbtv.com/ap/ap/south-carolina/5-dead-3-injured-in-fiery-crash-on-georgia-interst/nkzpB/

 · The U.S. Department of Agriculture reported April 22 that H5N2 avian flu infections were confirmed on 13 additional Minnesota farms with over 430,000 turkeys. – Associated Press

10. April 22, Associated Press – (Minnesota) Bird flu hits 13 more Minnesota farms with over 430K turkeys. The U.S. Department of Agriculture reported April 22 that H5N2 avian flu infections were confirmed on 13 additional Minnesota farms with ove430,000 turkeys, increasing the total number of farms affected across the State to 44 and the total number of birds affected to 2.6 million. Source: http://minnesota.cbslocal.com/2015/04/22/bird-flu-hits-13-more-minnesota-farms-with-over-430k-turkeys/

 · Repair work was scheduled to begin April 23 on a collapsed sewer line in Davenport, Iowa, that discharged about 3,000 to 5,000 gallons of untreated wastewater per day into tributaries of the Mississippi River. – WQAD 8 Moline

13. April 23, WQAD 8 Moline – (Iowa) Collapsed sewer line sends untreated wastewater into local creeks. The Iowa Department of Natural Resources reported that repair work on a 10-inch sewer line in Davenport was scheduled to begin April 23 after erosion of a stream bank exposed the pipe and led to its collapse, causing the discharge of about 3,000 to 5,000 gallons of untreated wastewater per day into Goose and Duck creeks, which flow into the Mississippi River. Authorities reported that residents should stay away from an unnamed tributary as well as Goose and Duck creeks until 48 hours after the sewer line is repaired. Source: http://wqad.com/2015/04/22/collapsed-sewer-line-sends-untreated-wastewater-into-local-creeks/

Financial Services Sector

5. April 23, New York Times – (International) Deutsche Bank to pay $2.5 billion fine to settle rate-rigging case. U.S. and United Kingdom officials reported April 23 that Deutsche Bank will pay $2.5 billion to authorities to settle allegations that bank employees in London, New York City, Frankfurt, and Tokyo had knowingly manipulated benchmarks used to set interest rates on trillions of dollars in mortgages, student loans, credit cards, and other debt from 2005 – 2009. Other terms included the guilty plea by a British subsidiary, the firing of 7 managers suspected of involvement, and the installation of an independent monitor to confirm that the bank complies with New York laws. Source: http://www.nytimes.com/2015/04/24/business/dealbook/deutsche-bank-settlement-rates.html

For another story, see item 18 below in the Information Technology Sector

Information Technology Sector

16. April 23, Softpedia – (International) Improper parsing of SSID info exposes Wi-Fi client’s memory contents. Security researchers at Alibaba and Google discovered a vulnerability in the cross-platform “wpa_supplicant” Wi-Fi software that affects versions 1.0 – 2.4 with the Config_P2P option turned on and could allow an attacker to create a service set identifier (SSID) buffer overflow condition, potentially exposing sensitive information in the memory of the device and allowing for arbitrary code execution. Source: http://news.softpedia.com/news/Improper-Parsing-of-Wi-Fi-SSID-Info-Exposes-Memory-Contents-479155.shtml

17. April 23, Softpedia – (International) Net Nanny parental control software vulnerable to HTTPS spoofing. Researchers from Carnegie Mellon’s Computer Emergency Response Team (CERT) discovered security vulnerabilities in ContentWatch’s Net Nanny software resulting from its use of man-in-the-middle (MitM) proxies and the same root certificates and private key for all installations, the latter of which is included in plain text in the application. The researchers believe that an attacker could use the key to generate new certificates to spoof legitimate Web sites and avoid user alerts for malicious domains. Source: http://news.softpedia.com/news/Net-Nanny-Parental-Controls-Software-Vulnerable-to-HTTPS-Spoofing-479183.shtml

18. April 23, Help Net Security – (International) Banking botnets persist despite takedowns. Dell SecureWorks released analysis from its annual Top Banking Botnets report revealing that attackers targeted an array of Web sites in addition to traditional banking portals, including those related to corporate finance and payroll services, stock trading, employment portals, and email services in 2014, that over 90 percent of the 1,400 financial institutions targeted worldwide were in the U.S., and that attackers began avoiding countries where international transactions are more difficult, among other findings. Source: http://www.net-security.org/secworld.php?id=18287

19. April 22, Softpedia – (International) Malware uses invisible command line argument in shortcut file. Security researchers at F-Secure discovered that a variant of the Janicab trojan for Microsoft Windows delivered as a link (LNK) file includes invisible shell commands and uses the right-to-left override (RLO) technique to avoid detection. The malware has existed for two years, and uses Python and Visual Basic Scripts (VBScript) to infect machines. Source: http://news.softpedia.com/news/Malware-Uses-Invisible-Command-Line-Argument-in-Shortcut-File-479119.shtml

Communications Sector

20. April 23, WCTI 12 New Bern – (North Carolina) Phone lines back in service in Onslow County. Landline service for Century Link customers in the Jacksonville area of Onslow County was restored April 23 after a disruption due to a faulty piece of equipment that lasted over 24 hours beginning April 22. Source: http://www.wcti12.com/news/phone-lines-down-for-most-of-day-in-jacksonville/32512810