Complete DHS Report for March 10, 2016
Daily Report
Top Stories
• A Virginia man plead guilty March 7 for his role in a $42
million identity theft scheme involving over 12,000 fraudulent tax returns and
19 co-conspirators in Virginia, Maryland, and Washington, D.C. from 2008 to
2015. – U.S. Department of Justice See item 5 below in
the Financial Services Sector
• The U.S. Department of Homeland Security and the U.S. Secret
Service reported that more than 1,000 U.S. cybersecurity professionals
participated in a mock cyberattack exercise March 8 – March 10 to test human
response to a real cyberattack. – Associated Press See item 23 below in
the Information Technology Sector
• Nine firefighters were hurt and two businesses were destroyed as
a result of a March 9 explosion in Seattle. – King 5 Seattle
25. March 9,
KING 5 Seattle – (Washington) 9 firefighters hurt, 2 businesses destroyed in
Seattle explosion. A Seattle Fire Department spokeswoman reported that a
natural gas explosion in Seattle’s Greenwood neighborhood caused heavy damage
to several businesses and area apartment complexes including Mr. Gyro’s restaurant
and Quik Shop convenience store March 9. Puget Sound Energy officials shut off
five of the six gas control valves for the area and officials reported nine
firefighters were injured in the incident. Source: http://www.king5.com/story/news/2016/03/09/massive-explosion-rocks-greenwood-several-firefighters-hurt/81518136/
• The Home Depot agreed March 7 to pay $19.5 million to compensate
U.S. consumers after a 2014 data breach compromised more than 50 million
customers’ payment card data and email addresses. – Reuters
26. March 8,
Reuters – (National) Home Depot settles consumer lawsuit over big 2014
data breach. The Home Depot agreed March 7 to pay $19.5 million to U.S.
consumers and agreed to improve its data security over a 2-year period after a
2014 data breach compromised more than 50 million customers’ payment card data
and email addresses.
Financial Services Sector
3. March 8,
Grand Rapids Press – (Michigan) Man spent $100K with stolen credit cards, fraud
cases cracked police say. A Detroit man was arrested March 4 after he
allegedly used stolen credit card information to purchase $100,000 worth of
gift cards, iPads, electronic games, among other products at a minimum of 4
Kent County businesses. A subsequent search of the suspect’s home revealed
hundreds of credit cards, credit-card numbers, Social Security numbers,
personal information, and equipment to encode credit cards with stolen account
information. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2016/03/man_spent_100k_with_stolen_cre.html
4. March 8,
U.S. Securities and Exchange Commission – (National) SEC announces
charges against
unregistered fund manager accused of hiding criminal past. The U.S. Securities and
Exchange Commission charged EquityStar Capital Management and an unregistered
fund manager March 8 for deceiving investors after the fund manager and company
offered and sold at least $5.6 million of interests in two unregistered
investment funds, Global Partners Fund and Momentum Growth Fund, and withdrew
more than $1 million without the authorization or knowledge of investors. The
fund manager hid felony fraud convictions and other money judgments from
investors, hired a firm to manipulate Internet search results on his name to
cover up negative information, and used at least three false identities to
make-up the existence of bogus employees when communicating with investors,
among other actions. Source: https://www.sec.gov/news/pressrelease/2016-40.html
5. March 7,
U.S. Department of Justice – (Washington D.C.; Maryland; Virginia) Virginia
man pleads guilty to Federal charges for role in massive identity theft and tax
fraud scheme. A Virginia man pleaded guilty March 7 for his role in a $42
million Federal income tax refund fraud scheme involving over 12,000 fraudulent
tax returns and 19 co-conspirators who stole the identities of individuals and
filed returns to addresses in Virginia, Maryland, and Washington, D.C. from
2008 to 2015. The suspect was responsible for filing approximately 444
fraudulent income tax returns that sought more than $1.5 million in tax refunds
and caused a loss of $493,436 to the U.S. Department of the Treasury. Source: https://www.justice.gov/opa/pr/virginia-man-pleads-guilty-federal-charges-role-massive-identity-theft-and-tax-fraud-scheme
Information Technology Sector
20. March 9,
Softpedia – (International) KeRanger ransomware is actually Linux.Encoder
ported for Macs. Security researchers from Bitdefender reported that the
KeRanger ransomware that targets Mac OS X systems is a rewrite of the
Linux.Encoder ransomware after finding that the encryption functions of each
ransomware were identical to each other and that both ransomwares share the
same names: encrypt_file, recursive_task, currentTimestamp, and creatDaemon. Source:
http://news.softpedia.com/news/keranger-ransomware-is-actually-linux-encoder-ported-for-macs-501507.shtml
21. March 8,
SecurityWeek – (International) Microsoft updates Windows, browsers to patch
critical flaws. Microsoft released 13 security bulletins addressing several
vulnerabilities in Windows, Internet Explorer, Edge browser, Office, Server
Software, and the .NET Framework including 13 Internet Explorer vulnerabilities
that could allow a remote attacker to execute arbitrary code by tricking a
victim into visiting a specially crafted Web site; 11 Microsoft Edge
vulnerabilities; and critical vulnerabilities in how the Windows Adobe Type
Manager Library handles specially crafted Type fonts which can be exploited for
denial-of-service (DoS) attacks and remote code execution (RCE) attacks, among
other vulnerabilities. Source: http://www.securityweek.com/microsoft-updates-windows-browsers-patch-critical-flaws
22. March 8,
SecurityWeek – (International) Adobe patches flaw in Acrobat, Reader,
Digital Editions. Adobe Systems released updates for its Acrobat, Reader,
and Digital Editions products to patch several critical vulnerabilities
including multiple memory corruption flaws and a directory search path flaw
that can be exploited to execute arbitrary code in several of the products.
23. March 8,
Associated Press – (International) Mock cyberattack tests response. The U.S.
Department of Homeland Security and the U.S. Secret Service reported that more
than 1,000 U.S. cybersecurity professionals from the Federal government,
healthcare firms,
Internet service providers, retail businesses, and phone companies were
participating in a mock cyberattack exercise March 8 – March 10 to test human
response and coordination in the event of a real-life cyberattack. The exercise
will also look for areas of improvement to help the public and private sector
become more resilient against cyber threats. Source: http://www.pressherald.com/2016/03/08/mock-cyberattack-tests-response/
Communications Sector
24. March 8, Across
America Patch – (National) DirecTV Outage: ‘Multiple’ channels out Tuesday,
March 8. DirecTV officials reported that their satellite provider was
experiencing outages for multiple national channels for more than three hours
March 8. The company is working to restore service. Source: http://patch.com/us/across-america/directv-outages-multiple-channels-out-tuesday-march-8-0
For another
story, see item 23 above in the Information Technology Sector