Complete DHS Report for
July 9, 2015
Daily Report
Top Stories
· U.S. Federal Trade
Commission officials announced July 7 that $54 million in settlements with 14
companies owned by 2 Johnson County, Missouri men will resolve charges that the
men allegedly used personal information to take out loans without permission,
among other charges. – Kansas City Star See item 5 below in the Financial Services Sector
· The Federal
Aviation Administration reported July 8 that about 3,500 United Airlines
flights were grounded and delayed nationwide throughout major airports after
its computer system experienced a network connectivity issue. – NBC News
7. June 8,
NBC News – (National) United Airlines flights no longer grounded, delays
remain. The Federal Aviation Administration reported July 8 that about
3,500 United Airlines flights were grounded and delayed nationwide throughout
major airports after its computer system experienced a network connectivity
issue. Crews were able to repair the computer system, but delays can affect up
to 373 flights.
· Amtrak train
headed to St. Louis from Chicago was delayed 9 hours total after a semi-truck
accident in Joliet, Illinois initially delayed the train and a derailment in
Dwight, Illinois caused a consecutive delay July 6. – Associated Press
8. July 7,
Associated Press – (Illinois) Freight train derailment causes ordeal for Amtrak
passengers. Amtrak train headed to St. Louis from Chicago was delayed 9
hours total after a semi-truck accident in Joliet, Illinois initially delayed
the train and a derailment in Dwight, Illinois caused a consecutive delay July
6. The train arrived to its destination 14 hours after leaving Chicago.
· Symantec reported
that a cybercriminal group dubbed Morpho that was known for hacking Apple,
Microsoft, Facebook, and Twitter, has extended its cyber-espionage to hit
research-and-development related computer systems. – Dark Reading See item 16 below in the Information Technology Sector
Financial Services Sector
4. July 8,
South Florida Sun-Sentinel – (Florida) FBI hunts suspected serial bank
robber dubbed ‘Filter Bandit’. The FBI announced a $5,000 reward for
information leading to the arrest of a suspect dubbed the “Filter Bandit,” who
allegedly stole over $60,000 from 7 banks in Broward County since August 2014,
ending with the robbery of
a BB&T Bank June 16 in Davie.
5. July 7,
Kansas City Star – (Missouri) Firms accused of faking loans, draining bank
accounts settle with Feds. U.S. Federal Trade Commission officials
announced $54 million in settlements July 7 with 14 companies owned by 2
Johnson County, Missouri men to resolve charges that the men allegedly used
personal data from short-term payday loan Web sites in conjunction with “lead
generators” to take out loans for people without their permission, and that
they produced phony loan documentation, misstated loan terms, and
misrepresented the transactions to banks.
6. July 7,
WKBW 7 Buffalo – (New York) Bank vice president stole $5.3M in scheme. A
former M&T Bank vice president from Williamsville, New York pleaded guilty
July 7 to a $5.3 million loan scheme in which he created at least 12 “funding
loans” in the name of credit-worthy entities, which he then distributed to
customers of his choosing. Source: http://www.wkbw.com/news/police-blotter/bank-vice-president-stole-53m-in-scheme
Information Technology Sector
16. July 8,
Dark Reading – (International) Cybercriminal group spying on U.S., European
businesses for profit. Symantec reported that a cybercriminal group dubbed
Morpho that was known for hacking Apple, Microsoft, Facebook, and Twitter, has
extended its cyber-espionage to hit research-and-development related computer
systems in 49 different multi-billion dollar pharmaceutical, software,
Internet, oil, and metal mining commodities organizations across 20 countries,
with the majority being in the U.S. Researchers believe the group has U.S. ties
and is run by an organized crime ring.
17. July 8,
Securityweek – (International) Hacker search engine becomes the new Internet
of Things search engine. The developer of the Shodan Internet device search
engine reported that the search engine exposes the systemic vulnerabilities
present in consumer-grade Internet of Things hubs due to a poor security posture,
where many hubs still use default passwords and have telnet enabled. Once
compromised attackers could leverage hubs to monitor sensor data or determine
if someone is home.
18. July 8,
Securityweek – (International) Adobe patches Hacking Team’s Flash Player
zero-day. Adobe released an emergency update for its Flash Player to
address a zero-day vulnerability in the ActionScript 3 ByteArray class, which
could allow a remote, unauthenticated attacker to execute arbitrary code. The
vulnerability was exposed after hackers breached and dumped corporate
information of the Hacking Team surveillance software company. Source: http://www.securityweek.com/adobe-patches-hacking-teams-flash-player-zero-day
19. July 7,
Securityweek – (International) ANTlabs patches vulnerabilities in gateway
products. ANTlabs released patches for several of its gateway products
addressing a Structured Query Language (SQL) injection flaw in the default
login page in which a remote
attacker could execute arbitrary queries, and a cross-site scripting (XSS)
vulnerability in the admin login page that could allow an attacker to obtain
login credentials from the administrator panel. Source: http://www.securityweek.com/antlabs-patches-vulnerabilities-gateway-products
20. July 7,
Securityweek – (International) Zero-day exploits leaked in Hacking Team
breach. Security researchers from Trend Micro and Symantec reported that
data from a recently confirmed Hacking Team breach contained several zero-day
vulnerabilities and exploits, including a use-after-free (UAF) flaw affecting
Adobe Flash Player versions 9 and later on Microsoft Internet Explorer, Google
Chrome, Mozilla Firefox, and Apple Safari, and a Microsoft Windows kernel
vulnerability.
21. July 7,
Network World – (International) Microsoft security tool fails malware
detection test. AV Test released results from a recent experiment revealing
that Microsoft Security Essentials performed the worst out of 11 tested
antivirus products, only detecting 87 percent of malware in real-time tests,
when the others were all at least 95 percent effective. Source: http://www.networkworld.com/article/2944810/microsoft-subnet/microsoft-windows-security-tool-fails-malware-detection-test.html#tk.rss_all
22. July 7,
Threatpost – (International) Crypto leaders: “exceptional access” will
undo security. Cryptography experts released a report warning of the long
term economic and security risks associated with “exceptional access,” a U.S.
government initiative to maintain access to cryptographic keys to secure
information over the Internet primarily for law enforcement use. Source: https://threatpost.com/crypto-leaders-exceptional-access-will-undo-security/113639
Communications Sector
For additional stories, see items 16 and 19 above in the Information Technology
Sector