Wednesday, August 12, 2015




Complete DHS Report for August 12, 2015

Daily Report                                            

Top Stories

 · Authorities announced indictments against 9 Ukrainian hackers and securities traders in the U.S. and Ukraine August 11, alleging that the suspects conspired and made up to $100 million by stealing confidential corporate press releases. – Reuters  See item 6 below in the Financial Services Sector

 · Crews worked to reopen a 34-mile stretch of Highway 89-A in Arizona after it was closed August 9 due to flood waters that washed mud and boulders across the highway. – St. George News

13. August 10, St. George News – (Arizona) ‘Boulders the size of houses’; 34-mile road closure continues on Highway 89-A. Crews worked to reopen a 34-mile stretch of Highway 89-A from milepost 545 to milepost 579 in Arizona after it was closed August 9 due to flood waters that washed mud and boulders across the highway. Source: http://www.stgeorgeutah.com/news/archive/2015/08/10/ccj-closure-89a

 · The city of St. Petersburg, Florida, released 5.5 million gallons of treated sewage into Tampa Bay for 8 hours August 9 after excess rainfall overwhelmed the Southwest Water Reclamation Facility. – Tampa Bay Times

16. August 11, Tampa Bay Times – (Florida) Swamped by rains, St. Pete dumps treated sewage into Tampa Bay. The city of St. Petersburg released 5.5 million gallons of treated sewage into Tampa Bay for 8 hours August 9 after excess rainfall overwhelmed the Southwest Water Reclamation Facility. Source: http://www.tampabay.com/news/overburdened-by-rains-st-pete-dumps-treated-sewage-into-tampa-bay/2240745

 · Security researchers from IBM discovered an Android operating system (OS) “serialization vulnerability” related to Android’s OpenSSLX509Certificate class framework that an attacker could exploit. – Securityweek

28. August 11, Securityweek – (International) Serialization vulnerabilities put many Android devices at risk. Security researchers from IBM discovered an Android operating system (OS) “serialization vulnerability” affecting versions 4.3 Jelly Bean through 5.1 Lollipop, related to Android’s OpenSSLX509Certificate class framework that an attacker could exploit for arbitrary code execution in applications and services, leading to privilege escalation, in which legitimate apps can be replaced with malicious apps that steal data, among other actions.Source: http://www.securityweek.com/serialization-vulnerabilities-put-many-android-devices-risk

Financial Services Sector

6. August 11, Reuters – (International) Nine charged in U.S. insider trading scheme involving hackers. Authorities announced indictments against 9 Ukrainian hackers and securities traders in the U.S. and Ukraine August 11, alleging that the suspects conspired and made up to $100 million by hacking into companies that publish news releases about publicly traded companies, and made trades using the information starting in February 2010. The U.S. Securities and Exchange Commission filed a related civil lawsuit alleging that the thefts generated over $100 million in illegal profits, and the case is the first example of prosecution alleging the use of hacked inside information for securities fraud. Source: http://www.reuters.com/article/2015/08/11/cybersecurity-hacking-stocks-idUSL1N10M05H20150811

7. August 10, Reuters – (National) Citigroup in US$13.5 mln settlement over defunct CSO hedge fund. Citigroup Inc., announced an agreement August 10 to pay $13.5 million to resolve allegations that the bank and its Alternative Investments affiliate deceived investors into staying in its Corporate Special Opportunities hedge fund, reporting that the fund’s portfolio was sound before liquidating it and losing most of the investment funds. Source: http://www.reuters.com/article/2015/08/10/citigroup-prosiebensat-1-settlement-idUSL1N10L2OR20150810

8. August 10, Orange County Register – (California) Grand jury indicts retired LAPD cop suspected as ‘Snowbird Bandit.’ A retired Los Angeles Police Department detective believed to be the robbery suspect dubbed the “Snowbird Bandit” was indicted the week of August 4, facing charges that he allegedly held up banks in Dana Point, Rancho Santa Margarita, Mission Viejo, and Ladera Ranch. Source: http://www.ocregister.com/articles/adair-676867-bank-santa.html

9. August 10, Reuters – (National) Guggenheim settles for $20 mln over not disclosing loan -SEC. The U.S. Securities and Exchange Commissioned (SEC) announced August 10 that Guggenheim Partners Investment Management LLC agreed to pay $20 million to resolve allegations that company senior officials failed to disclose a $50 million loan by a client to a senior executive to finance his personal investment in a corporate acquisition led by Guggenheim Partners LLC. The SEC also alleged that the company failed to enforce its code of ethics and improperly charged a client $6.5 million in asset management fees it did not earn. Source: http://www.reuters.com/article/2015/08/10/sec-guggenheim-idUSL1N10L1GD20150810

Information Technology Sector

25. August 11, Securityweek – (International) Darkhotel APT uses Hacking Team exploit to target specific systems. Security researchers from Kaspersky Lab reported that the Darkhotel advanced persistent threat (APT) group recently started leveraging a Flash zero-day vulnerability revealed in the July Hacking Team Breach to target specific systems, and that the group has been using a variety of techniques to attack defense industrial bases, energy policy makers, militaries, governments, electronics, pharmaceutical organizations, and medical providers in countries across Europe and Asia. Source: http://www.securityweek.com/darkhotel-apt-uses-hacking-team-exploit-target-specific-systems

26. August 11, Help Net Security – (International) Angler EK exploits recently patched IE bug to deliver ransomware. Security researchers from FireEye discovered that the Angler exploit kit (EK) is exploiting a Microsoft Internet Explorer vulnerability uncovered in the July Hacking Team breach to deliver Cryptowall ransomware to affected systems. Source: http://www.net-security.org/malware_news.php?id=3087

27. August 11, IDG News Service – (International) Asprox botnet, a long-running nuisance, disappears. Officials from Palo Alto networks found that the Asprox botnet was apparently shut down, after observers reported last seeing the botnet distributing the Kuluoz malware in 2014. Source: http://www.computerworld.com/article/2969338/security/asprox-botnet-a-longrunning-nuisance-disappears.html

28. August 11, Securityweek – (International) Serialization vulnerabilities put many Android devices at risk. Security researchers from IBM discovered an Android operating system (OS) “serialization vulnerability” affecting versions 4.3 Jelly Bean through 5.1 Lollipop, related to Android’s OpenSSLX509Certificate class framework that an attacker could exploit for arbitrary code execution in applications and services, leading to privilege escalation, in which legitimate apps can be replaced with malicious apps that steal data, among other actions. Source: http://www.securityweek.com/serialization-vulnerabilities-put-many-android-devices-risk

For additional stories, see item 4, below from the Chemical Industry Sector, item 6, above in the Financial Services Sector and item 32 below in the Communications Sector

4. August 10, Network World – (International) Cyber-physical attacks: Hacking a chemical plant. Researchers with the European Network for Cyber Security and IOActive released their Damn Vulnerable Chemical Plant Process framework at Def Con 23 that stated ways in which a hacker could infiltrate a chemical plant, and taught defenders how to spot cyber-physical attacks. The report is the first open source framework based on two simulated chemical plants.Source: http://www.networkworld.com/article/2968432/microsoft-subnet/cyber-physical-attacks-hacking-a-chemical-plant.html

Communications Sector

29. August 10, Okanogan Valley Gazette-Tribune – (Washington) CenturyLink customers experiencing internet, phone and 9-1-1 outage. CenturyLink officials reported that about 3,000 customers were without 9-1-1, phone, and Internet services in Omak, Oroville, Pateros, Twisp, Winthrop, and surrounding areas in Washington August 10. Emergency 9-1-1 calls were rerouted while technicians worked to restore services. Source: http://www.gazette-tribune.com/news/centurylink-customers-experiencing-internet-phone-and-911-outage/70562/

30. August 10, WROC 8 Rochester – (New York) Frontier outage frustrates customers. Frontier officials reported that about 6,000 Rochester, New York, customers were without phone service from August 10 – 11 due to a faulty circuit board. Source: http://www.rochesterhomepage.net/story/d/story/frontier-outage-frustrates-customers/20865/AocgmX3i2U2jdAfHyMsw6A

For another story, see item 28 above in the Information Technology Sector