Complete DHS Report for March 28, 2016
Daily Report
Top Stories
• A collision between a Canadian Pacific Railway train and a
semi-truck transporting propane in Callaway, Minnesota, March 24 injured 2
railroad employees, prompted the evacuation of about 200 residents, and closed
a stretch of Highway 59. – Forum of Fargo-Moorhead
5. March 25,
Forum of Fargo-Moorhead – (Minnesota) Explosion shakes western Minn.
town after tanker truck-train collision. A collision between a Canadian
Pacific Railway train and a semi-truck transporting propane in Callaway,
Minnesota, March 24 set off an explosion that caused 7 railcars and 1
locomotive to derail, injured 2 railroad employees, prompted the evacuation of
about 200 residents, and closed a stretch of Highway 59 for several hours. Fire
crews extinguished the blaze and residents were allowed to return home March
25. Source: http://www.inforum.com/news/accidents/3994161-video-explosion-shakes-western-minn-town-after-tanker-truck-train-collision
• Seven Iranian computer specialists were charged March 24 for
conducting several coordinated distributed denial-of-service (DDoS) attacks
against 46 major companies from 2011 – 2013. – Help Net Security See item 16 below in
the Information Technology Sector
• Fox-IT warned users that
EC Council was unknowingly distributing the Angler exploit kit (EK) after
discovering that malicious code was embedded at the bottom of EC Council’s
iClass Web site for Certified Ethical Hacker certification. – SecurityWeek See
item 18 below in the Information
Technology Sector
• Verizon Enterprise Solutions stated March 24 that it discovered
and remediated a security vulnerability in its client portal that allowed an
attacker to obtain basic contact information on an undisclosed number of
enterprise customers. – Krebs on Security See item 19 below in
the Communications Sector
Financial Services Sector
3. March 25,
U.S. Department of Justice – (Louisiana) Louisiana check cashers plead
guilty to conspiracy, tax charges and agree to forfeit $4.12 million. The
two owners of VJ Discount Inc., in Kenner, Louisiana, pleaded guilty March 24
to Federal charges after the pair acted with co-conspirators to defraud the
U.S. government and impair the Internal Revenue Service (IRS) by cashing
fraudulently obtained tax refund checks at elevated rates, filing false reports
with the government to conceal the illicit activity, and filing false tax
returns that underreported business and individual income to the IRS, despite
third-party check deposits totaling more than $172 million from 2011 – 2013. As
part of the guilty pleas, the duo agreed to forfeit $4.12 million dollars.Source: https://www.justice.gov/opa/pr/louisiana-check-cashers-plead-guilty-conspiracy-tax-charges-and-agree-forfeit-412-million-0
4. March 23,
U.S. Attorney’s Office, District of New Jersey – (New
York) New York man indicted in $17 million Microcap stock manipulation
scheme. The founder of a New York-based registered broker-dealer was
indicted on Federal charges March 23 after he allegedly orchestrated a $17.2
million pump-and-dump stock market manipulation scheme where he and
co-conspirators artificially inflated the stock prices of Raven Gold
Corporation and Kentucky USA Energy Inc., by pumping the price of the two
companies’ shares through manipulative trading, dumping the stocks, and selling
large amounts of the shares to investors at inflated rates, causing the
companies’ stock prices to drop and investors to suffer losses. Officials
stated that two Canadian stock promoters have pleaded guilty for their
involvement in the scheme. Source: https://www.justice.gov/usao-nj/pr/new-york-man-indicted-17-million-microcap-stock-manipulation-scheme
For another story, see item 16 below in the Information Technology Sectory
Information Technology Sector
16. March 24,
Help Net Security – (International) 7 Iranians indicted for cyber attacks on US
banks and a dam. The U.S. Department of Justice reported March 24 that 7
Iranian computer specialists, allegedly sponsored by Iran’s Islamic
Revolutionary Guard Corps, were charged for conducting several coordinated
distributed denial-of-service (DDoS) attacks against 46 major companies which
primarily targeted the U.S. financial sector from 2011 – 2013. The attacks
disabled victims’ bank Web sites, prevented customers from accessing online
accounts and cost banks tens of millions of dollars in remediation.
17. March 24,
SecurityWeek – (International) Cisco patches serious DoS flaws in IOS
software. Cisco released patches for six high severity denial-of-service
(DoS) flaws in its IOS, IOS XE, and Unified Communications Manager (UCM)
software including a flaw that can allow an unauthenticated attacker to cause a
memory leak, eventually causing the infected device to reload, and a
vulnerability affecting the DHCP version 6 relay feature of which can cause the
affected device to reload by sending specially crafted DHCPv6 relay messages. Source:
http://www.securityweek.com/cisco-patches-serious-dos-flaws-ios-software
18. March 24,
SecurityWeek – (International) EC Council website hacked to serve Angler
Exploit Kit. Security researchers from Fox-IT warned users that the
security certification provider, EC Council was unknowingly distributing the
Angler exploit kit (EK) after discovering that malicious code was embedded at
the bottom of EC Council’s iClass Web site for Certified Ethical Hacker (CEH)
certification, which redirected users to a Web page with the Angler EK.
Researchers suspected a security flaw in the Web site and notified the company
of the exploit.
For another story, see item 19 below in the Communications Sector
Communications Sector
19. March 24,
Krebs on Security – (International) Crooks steal, sell Verizon Enterprise
customer data. Verizon Enterprise Solutions stated March 24 that it
recently discovered and remediated a security vulnerability in its enterprise
client portal that allowed an attacker to obtain basic contact information on
an undisclosed number of customers. The company asserted that no customer
proprietary network information or other data was accessed.