Complete DHS Report for June 17, 2016
Daily Report
Top Stories
• The former chief executive officer of Valor Federal Credit Union
was charged June 15 after he allegedly embezzled over $700,000 from the bank
and used the money for personal use. – WNEP 16 Scranton See item 5 below in
the Financial Services Sector
• Federal officials charged June 15 two hedge fund managers and a
former U.S. Food and Drug Administration (FDA) official for their roles in a
$32 million insider trading scheme where the hedge fund managers received
insider tips from the FDA official on anticipated FDA approvals. – U.S. Securities
and Exchange Commission
16. June 15,
U.S. Securities and Exchange Commission – (National) Hedge fund managers
and former government official charged in $32 million insider trading scheme. The
U.S. Securities and Exchange Commission announced charges June 15 against two
hedge fund managers and a former U.S. Food and Drug Administration (FDA)
official for their roles in a $32 million insider trading scheme where the
hedge fund managers received insider tips from the FDA official on anticipated
FDA approvals for companies to produce a generic drug ahead of public
announcements. One of the hedge fund managers was charged in a separate
complaint for insider trading on the FDA’s nonpublic information and for
trading on other confidential material obtained from a former Centers for
Medicare and Medicaid Services official.
• Crews worked to contain the 12,000-acre Dog Head Fire burning in
the Manzano Mountains in New Mexico after the governor issued a state of
emergency, evacuated up to 200 residents, and closed Highway 377 June 15. – KOAT
7 Albuquerque
18. June 16,
KOAT 7 Albuquerque – (New Mexico) Dog Head Fire more than doubles in size, grows
to more than 12,000 acres. Crews worked to contain the 12,000-acre Dog Head
Fire burning in the Manzano Mountains in New Mexico after the governor issued a
state of emergency, evacuated up to 200 residents, and closed northbound lanes
of Highway 377 June 15. Source: http://www.koat.com/news/crews-respond-to-east-mountain-fire/40050956
• Security researchers from Kaspersky Lab investigated the xDedic
marketplace and found that 70,624 hacked remote desktop protocol (RDP) servers
used to host or provide access to popular consumer Web sites were for sale. – Help
Net Security See item 26 below in
the Information Technology Sector
Financial Services Sector
5. June 15,
WNEP 16 Scranton – (Pennsylvania) Former credit union CEO accused of bank fraud.
Pennsylvania officials charged the former chief executive officer of Valor
Federal Credit Union, formerly known as Tobyhanna Federal Credit Union, June 15
after he allegedly embezzled over $700,000 from the bank and used the money for
personal use. Authorities stated that the former executive also attempted to
rig the elections for the bank’s board of directors and established a
fraudulent severance deal where he would be paid over $1 million if he was
terminated.
6. June 15,
KSWB 69 San Diego – (California) Man uses fake ID to get debit card, steals $90K.
Authorities are searching June 15 for a man who used a fraudulent ID and
documents to steal $90,000 from a victim’s bank accounts at 5 Chase Bank
branches in San Diego County since March. Authorities stated that the man is
suspected of committing similar thefts in Los Angeles and Orange counties. Source:
http://fox5sandiego.com/2016/06/15/man-uses-fake-id-to-get-debit-card-steals-90k/
7. June 15,
Newark Star-Ledger – (International) 24 charged in ‘intricate’ international bank
fraud ring. Twenty-four people were charged June 14 for their roles in an
international bank fraud ring where the group stole $1 million from banks and
corporations by creating phony companies to defraud individuals and companies
into wiring over $8 million to the group’s fraudulent corporate bank accounts.
Authorities stated that the indictments were part of an ongoing investigation
that was initiated following a routine traffic stop. Source: http://www.nj.com/middlesex/index.ssf/2016/06/24_charged_in_intricate_international_bank_fraud_r.html
For another story, see item 16 above in Top Stories
Information Technology Sector
24. June 16,
Softpedia – (International) Microsoft OLE abused to embed malicious code
in Office docs, similarly to macros. Security researchers discovered a
macro malware infection method was abusing Microsoft’s Object Linking and
Embedding (OLE) system by tricking users into embedding a JavaScript or a
VBScript file that downloads an encrypted binary and bypasses network-based
protections that identify malicious data formats. Once the scripts save the
encrypted binary, a Vibrio or the Donvibs trojan is installed and the final
payload, Cerber ransomware can infect the victim’s system. Source: http://news.softpedia.com/news/microsoft-ole-abused-to-embed-malicious-code-in-office-docs-similarly-to-macros-505301.shtml
25. June 15,
SecurityWeek – (International) Flaw allowed hackers to steal emails from
Verizon users. A security researcher discovered several vulnerabilities in
Verizon’s Webmail portal that could be exploited by hackers, who possess a
Verizon email account, to substitute the value of the userID in their own
request with the victim’s userID in order to forward all the victim’s emails to
an arbitrary email address. Victims would be unaware of the email forwarding as
the transactions are not shown in the Verizon inbox. Source: http://www.securityweek.com/flaw-allowed-hackers-steal-emails-verizon-users
26. June 15,
Help Net Security – (International) 70,000 hacked servers for sale on xDedic
underground market. Security researchers from Kaspersky Lab investigated
the xDedic marketplace, a global forum where cybercriminals can buy and sell
access to compromised servers, and found that 70,624 hacked remote desktop
protocol (RDP) servers used to host or provide access to popular consumer Web
sites were for sale. The illegal data can be used to target government
entities, corporations, and universities without the institute’s knowledge. Source:
https://www.helpnetsecurity.com/2016/06/15/xdedic-underground-market/
27. June 15,
SecurityWeek – (International) Schneider patches severe flaw in video
management system. Schneider Electric released version 7.13.84 for its
Pelco Digital Sentry (DS) product after the company found the tool contained
hardcoded credentials that could be leveraged by an attacker to elevate their
privileges and gain access to sensitive information or execute arbitrary code
on the affected system. Source: http://www.securityweek.com/schneider-patches-severe-flaw-video-management-system
Communications Sector
28. June 16,
SecurityWeek – (International) No patch for critical RCE flaw in Cisco
routers. Cisco reported that it is working to patch several vulnerabilities
for its RV series routers after a security researcher found a cross-site
scripting flaw, several denial-of-service (DoS) flaws, and another critical
flaw, which was caused by insufficient sanitization of Hypertext Transfer
Protocol (HTTP) user input in the device’s Web interface, allowing a remote,
unauthenticated attack to execute arbitrary code with root privileges on the
victim’s system. Source: http://www.securityweek.com/no-patch-critical-rce-flaw-cisco-routers
29. June 14,
WTSP 10 St. Petersburg – (Florida) Verizon cell service restored in
Florida. Hundreds of customers from Pensacola to Miami experienced Verizon
cellphone service outages for more than 2 hours June 14. Source: http://www.wtsp.com/news/verizon-cell-service-restored-in-florida/244164468
No comments:
Post a Comment