Thursday, October 8, 2015



Complete DHS Report for October 8, 2015

Daily Report                                            

Top Stories

 • Cincinnati-based Fifth Third Bank will pay $85 million October 6 to settle civil fraud allegations that they improperly certified 1,439 defective Federal Housing Administration mortgage loans, resulting in millions of dollars of losses. – Cincinnati Enquirer See item 4 below in the Financial Services Sector

 • The U.S. Centers for Disease Control and Prevention reported October 5 an Oklahoma resident was the fourth death tied to a 35-State Salmonella outbreak, increasing the total number of illness to 732 people. – Associated Press

11. October 6, Associated Press – (Oklahoma) 1 dead in Oklahoma from multistate salmonella outbreak. The U.S. Centers for Disease Control and Prevention reported that an Oklahoma resident was the fourth death tied to a 35-State Salmonella outbreak, increasing the total number of illness to 732 people after each person consumed tainted cucumbers gown in Mexico. Source: http://www.kjrh.com/news/state/1-dead-in-oklahoma-from-multistate-salmonella-outbreak

 • Researchers from Cisco shut down a massive ransomware campaign accounting for 50 percent of all ransomware deployments via the Angler exploit kit (EK) that would have allowed the campaign’s operators to collect over $34 million. – Softpedia See item 19 below in the Information Technology Sector

 • The South Carolina Emergency Management Division reported that at least 11 dams have failed in the State while another 35 are being monitored October 7 due to heavy storms that led to 17 deaths, water outages for tens of thousands, road closures, and building evacuations. – CNN  

25. October 7, CNN – (South Carolina) South Carolina flooding: Dams breached, more trouble. The South Carolina Emergency Management Division reported that at least 11 dams have failed in the State while another 35 are being monitored October 7 due to heavy rain storms that have led to 17 deaths, water outages for tens of thousands, road closures, and building evacuations. Source: http://foxct.com/2015/10/07/south-carolina-flooding-dams-breached-more-trouble-ahead/

Financial Services Sector

3. October 6, WTVR 6 Richmond – (Virginia) Sheriff: Three men arrested in cigarette, illegal credit card bust in Caroline County. Caroline County authorities arrested a New Yorker and two Jamaican citizens October 6 after finding over 100 fraudulent credit cards, electronics, and skimming devices in their vehicle in Caramel Church, Virginia. Source: http://wtvr.com/2015/10/06/sheriff-three-men-arrested-in-cigarette-illegal-credit-card-bust-in-caroline-county/

4. October 6, Cincinnati Enquirer – (National) Fifth Third pays $85M to settle mortgage fraud. Federal officials announced October 6 that Cincinnati-based Fifth Third Bank will pay $85 million to settle civil fraud allegations that the company knowingly improperly certified 1,439 defective Federal Housing Administration mortgage loans, resulting in millions of dollars of losses to the agency from 2003 – 2013. Source: http://www.usatoday.com/story/money/nation-now/2015/10/06/fifth-third-pays-85m-settle-mortgage-fraud/73492444/

5. October 6, WBRZ 2 Baton Rouge – (National) Third arrest made in BR-based national financial fraud scheme. Louisiana officials announced October 6 the arrest of the third suspect in a national financial fraud scheme in which conspirators allegedly stole over 300 identities and committed over $5 million in fraud. The suspect reportedly provided bogus credit repair services for free and helped issue stolen Social Security numbers and used the numbers for fraudulent loan applications. Source: http://www.wbrz.com/news/third-arrest-made-in-br-based-national-financial-fraud-scheme/

Information Technology Sector

17. October 7, Securityweek – (International) Malicious Android adware infects devices in 20 countries. Security researchers from FireEye were monitoring a new malicious adware campaign dubbed Kemoge that has affected Android devices in 20 countries, in which the malware serves ads to an infected device, extracts exploits to root phones, and employs multiple persistence mechanisms. The malware is packaged with popular Android apps uploaded to third-party stores. Source: http://www.securityweek.com/malicious-android-adware-infects-devices-20-countries

18. October 7, Softpedia – (International) Zero-day exploit found in Avast antivirus. Security researchers from Google’s Project Zero discovered a zero-day exploit in Avast antivirus software in which an attacker could leverage a faulty method used for parsing X.509 certificates in secure connections to execute code on an affected system. Avast has since patched the vulnerability. Source: http://news.softpedia.com/news/zero-day-exploit-found-in-avast-antivirus-493958.shtml

19. October 7, Softpedia – (International) Major ransomware campaign disrupted, attackers lose potential revenues of $34M. Researchers from Cisco shut down a massive ransomware campaign accounting for 50 percent of all ransomware deployments via the Angler exploit kit (EK) that would have allowed the campaign’s operators to collect over $34 million. The cyber-criminals used a network of 147 proxy servers bought from Limestone Networks via stolen credit cards to deliver the largest ransomware delivery platform ever noticed in the wild. Source: http://news.softpedia.com/news/major-ransomware-campaign-disrupted-attackers-lose-potential-revenues-of-34m-493924.shtml

20. October 7, Help Net Security – (International) Previously unknown Moker RAT is the latest APT threat. Security researchers from enSilo discovered a new Remote Access Trojan (RAT) dubbed Moker that takes over targeted systems by creating a new user account before opening a RDP channel to gain remote control, and tampers with sensitive system and security files and settings. The malware comes with a complete feature set and, achieves system privileges, and may also be controlled locally. Source: http://www.net-security.org/malware_news.php?id=3124

21. October 7, The Register – (International) Remote code exec hijack hole found in Huawei 4G USB modems. Security researchers from Positive Technologies discovered cross-site scripting (XSS) and stack overflow vulnerabilities in Huawei E3272 USB 4G modem that could allow attackers to conduct remote execution and denial-of-service (DoS) attacks and hijack connected computers. Huawei released patches addressing the vulnerabilities. Source: http://www.theregister.co.uk/2015/10/07/remote_code_exec_hijack_hole_found_in_huawei_4g_usb_modems/

22. October 6, Securityweek – (International) Winnti spies use bootkit for persistence, distributing backdoors. Security researchers from Kaspersky Lab discovered that the advanced persistent threat (APT) group Winnti has been using an attack platform dubbed “HDRoot” as a bootkit disguised to look like Microsoft’s Net.exe utility while protected by VMProtect software, delivering two backdoors. The group previously targeted gaming companies in the U.S. and worldwide. Source: http://www.securityweek.com/winnti-spies-use-bootkit-persistence-distributing-backdoors

Communications Sector

Nothing to report