Complete DHS Report for October 5, 2015
• A Romanian citizen in Florida pleaded guilty October 1 in connection to an ATM scheme where criminals installed skimming devices and made multiple illegal withdrawals at SunTrust bank branches from 2013 – 2015. – South Florida Sun Sentinel See item 5 below in the Financial Services Sector
• A California resident was accused October 1 of operating a worldwide pyramid scheme that raised over $32 million by misleading investors about a non-existent initial public offering for USFIA Inc. – U.S. Securities and Exchange Commission See item 6 below in the Financial Services Sector
• An alleged shooter was killed by police after the suspect killed 9 students and injured at least 10 others at Umpqua Community College in Oregon October 1. – Washington Post
12. October 2, Washington Post – (Oregon) Oregon shooter said to have singled out Christians for killing in ‘horrific act of cowardice.’ An alleged shooter was killed by police following an exchange of gunfire after the shooter armed with 4 guns, killed 9 students and injured at least 10 others after entering classrooms of Umpqua Community College in Oregon October 1. The school was evacuated and authorities continue to investigate the incident. Source: http://www.washingtonpost.com/news/morning-mix/wp/2015/10/02/oregon-shooter-said-to-have-singled-out-christians-for-killing-in-horrific-act-of-cowardice/
• T-Mobile announced October 1 that the personal information of 15 million customers was compromised after a third-party vendor was hacked between September 2013 and September 2015. – Softpedia See item 20 below in the Communications Sector
Financial Services Sector
5. October 1, South Florida Sun Sentinel – (National) South Florida ATM skimmer pleads guilty, apologizes. A Romanian citizen living in south Florida who was arrested June 1 in North Carolina pleaded guilty October 1 in connection to an ATM-skimming scheme in which criminals installed skimming devices and made multiple illegal withdrawals at SunTrust bank branches in Broward, Palm Beach, and Miami-Dade counties as well as banks in Tennessee, Georgia, North and South Carolina, Virginia, and Maryland from 2013 – 2015.
6. October 1, U.S. Securities and Exchange Commission – (International) SEC halts $32 million scheme that promised riches from amber mining. The U.S. Securities and Exchange Commission announced October 1 charges and asset freezes against a California resident accused of operating a worldwide pyramid scheme via 13 California-based entities which raised over $32 million by misleading investors about a non-existent initial public offering for USFIA Inc., and claims that the company owned several large, valuable amber mines in Argentina and the Dominican Republic.
For another story, see item 20 below in the Communications Sector
Information Technology Sector
16. October 2, Help Net Security – (International) Unexpectedly benevolent malware improves security of routers, IoT devices. Security researchers from Symantec discovered an apparently benevolent botnet scheme targeting Internet of things (IoT)-connected devices utilizing code dubbed Wifatch that aims to protect devices from attacks via threat updates and removal of known malware families, among other features. Source: http://www.net-security.org/malware_news.php?id=3120
17. October 2, Softpedia – (International) Latest Upatre trojan version targets Windows XP users. Researchers from AppRiver reported a new spam-scareware campaign targeting Microsoft Windows XP users with ZIP archives containing the Upatre trojan, which primarily acts as an entry point for other infections including Dryeza, Rovnix, Crilock, and Zeus, and shuts down when executed on a non-Windows XP platform. Source: http://news.softpedia.com/news/latest-upatre-trojan-version-targets-windows-xp-users-493401.shtml
18. October 2, Softpedia – (International) Stored XSS in Jetpack plugin allows attackers to run code in the WordPress backend. Security researchers from Sucuri discovered a persistent cross-site scripting (XSS) vulnerability in Automattic’s Jetpack WordPress plugin versions 3.7 and lower in which an attacker could run malicious code that would execute whenever a WordPress administrator access the Feedback section of the admin panel, by crafting a malicious email string that would end up in the WordPress database. The development team released version 3.7.1 patching the XSS bug.
19. October 1, Softpedia – (International) HTTP denial of service vulnerability found in Node.js 4.x and io.js 3.x. Node reported the existence of a hypertext transfer protocol (HTTP) denial-of-service (DoS) vulnerability affecting recent Node.js and io.js platforms, and urged users to migrate back to a previous version until a fix is released. Source: http://news.softpedia.com/news/http-denial-of-service-vulnerability-found-in-node-js-4-x-and-io-js-3-x-493363.shtml
20. October 1, Softpedia – (National) Experian hacked, data for 15 million T-Mobile customers lost. T-Mobile announced October 1 that the names, addresses, Social Security numbers, and birthdates of 15 million customers was compromised after Experian, a third-party vendor that processes the company’s credit applications, was hacked between September 2013 and September 2015. Source: http://news.softpedia.com/news/experian-hacked-data-for-15-million-t-mobile-customers-lost-493377.shtml