Complete DHS Report for February 12, 2016
Daily Report
Top Stories
• Entergy Corp. officials in New York reported February 10
that samples from monitoring wells revealed that tritium levels were 740 times
over the U.S. Environmental Protection Agency limit in water following a
February 5 incident. – Associated Press
1. February
11, Associated Press – (New York) Critics decry radioactive leak at Indian Point
nuclear plant. Authorities are investigating after Entergy Corp. officials
reported February 10 that samples from its monitoring wells revealed tritium
levels were 740 times over the U.S. Environmental Protection Agency limit in
drinking water following a February 5 incident at the Buchanan facility that
spilled radioactive water containing tritium into an underground monitoring
well. Officials reportedly believe that the high levels of tritium do not pose
a public health risk. Source: http://www.dailyfreeman.com/general-news/20160211/critics-decry-radioactive-leak-at-indian-point-nuclear-plant
• Federal and State officials announced February 10 that
two men were arrested in Kansas for operating a $2 billion Internet lending
enterprise that charged millions of people with inflated interest rates. – U.S.
Attorney’s Office, Southern District of New York See item 6 below in the Financial Services Sector
• A heavy snow storm in Ohio shut down Interstate 90 for
more than 2 hours February 10, while officials investigated a crash involving
more than 15 semi-trucks and several other vehicles. – Weather.com
11. February
10, Weather.com – (Ohio) Multi-vehicle collision on snowy I-90 in Lake County,
Ohio: Fatalities, injuries reported. A heavy snow storm in Lake County shut
down Interstate 90 for more than 2 hours February 10, after a crash involving
more than 15 semi-trucks and several other vehicles injured 17 people and sent
3 others to the hospital for critical injuries. Source: https://weather.com/news/news/lake-county-ohio-multi-vehicle-crash-collision
• Security researchers from Trend Micro discovered over
1,163 malicious trojanized Android application packages (APK) in the Google
Play store through third party apps that allowed attackers to remotely access
private information. – Help Net Security See item 23 below in the Information Technology Sector
Financial Services Sector
5. February
10, Newark Star-Ledger – (New Jersey) Central figure in alleged $3M
credit card scam arrested. A New York man was arrested February 10 for his
role in a $3 million credit card fraud scheme based in Hudson County, New
Jersey, where he allegedly provided stolen Social Security numbers to a group
of 12 co-conspirators in order for them to create fake identities as part of a
bust-out scheme to open bank accounts and obtain credit cards, deposit bad
checks to make payments on the cards and inflate lines of credit, and use shell
companies to increase credit limits through fake transactions. The
co-conspirators are also facing Federal charges for their roles in the scheme. Source:
http://www.nj.com/news/index.ssf/2016/02/central_figure_in_3m_credit_card_scam_arrested.html
6. February
10, U.S. Attorney’s Office, Southern District of New York –
(National) Manhattan U.S. Attorney announces charges against owner of, and
attorney for, $2 billion unlawful internet payday lending enterprise. Federal
and New York State officials announced February 10 that 2 men were arrested in
Kansas for violating the Racketeer Influenced and Corrupt Organizations Act
(RICO) and the Truth in Lending Act (TILA) after the pair operated a $2 billion
nationwide Internet lending enterprise which charged more than 4.5 million
people with interest rates between 400 – 700 percent for payday loans from 1997
– 2013. The pair attempted to evade liability and claim sovereign immunity by
entering into an agreement with several Native American tribal corporations to
fraudulently claim that they owned and operated parts of the payday lending
enterprise while receiving kickbacks from the scheme. Source: http://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-owner-and-attorney-2-billion-unlawful
7. February
10, SecurityWeek – (International) Dyre Trojan attacks inactive since
mid-November sources say. Security researchers discovered that the Dyre
trojan, previously seen targeting international banking companies, has been
inactive since November 2015 and researchers allegedly believe the Dridex
banking trojan might be using the same key developers or management to
replicate attack scheme concepts as the Dyre trojan. Researchers advised users
to install an email security solution to protect against malicious emails and
to avoid opening emails from unknown sources. Source: http://www.securityweek.com/dyre-trojan-attacks-inactive-mid-november-sources-say
Information Technology Sector
21. February
11, Softpedia – (International) Severe vulnerability affects Cisco ASA VPN
server equipment. Cisco released patches for a buffer overflow
vulnerability in its firewall equipment embedded in several versions of its Adaptive
Security Appliance (ASA) software for corporate networks and data centers after
a researcher found an issue in the InternetKey Exchange (IKE) protocol that
could allow attackers to craft malicious User Datagram Protocol (UDP) packets
and send it to an ASA device, exploiting the vulnerability. Source: http://news.softpedia.com/news/severe-vulnerability-affects-cisco-asa-vpn-server-equipment-500265.shtml
22. February
11, SecurityWeek – (International) Hackers invited to target VMware at Pwn2Own
2016. Hewlett Packard Enterprise, Trend Micro, and the Zero Day Initiative
will be hosting a Pwn2Own 2016 competition that will allow white-hat hackers to
hack Google Chrome, Microsoft Edge, Adobe Flash, Apple Safari, and VMware
Workstation in exchange for monetary goods and to show potential
vulnerabilities within each software. Source: http://www.securityweek.com/hackers-invited-target-vmware-pwn2own-2016
23. February
11, Help Net Security – (International) Rooting malware lurking in
third party Android app stores. Security researchers from Trend Micro
discovered over 1,163 malicious trojanized Android application packages (APK)
were found in the Google Play store through third party apps that allowed
attackers to root the phone, download and install additional malicious apps,
and collect and send user device data to a remote server controlled by hackers.
Researchers advised app users to check the reputation of any app before
downloading. Source: http://www.net-security.org/malware_news.php?id=3204
24. February
10, SecurityWeek – (International) SAP patches flaws in xMII, other products. SAP
released patches addressing several flaws in its products including a
cross-site scripting (XSS) flaw, authentication check flaw, and implementation
flaws after security researchers found that the vulnerabilities can be
exploited to give malicious actors control over plant devices and manufacturing
systems in the Manufacturing sector, Energy sector, Oil and Natural gas sector,
and the Communications sector. Source: http://www.securityweek.com/sap-patches-flaws-xmii-other-products
Communications Sector
See item 24 above in the Information Technology
Sector
No comments:
Post a Comment