Complete DHS Report for May 9, 2016
• Two men were arrested and charged May 5 after detectives caught them using counterfeit credit cards to make fraudulent purchases at the Dadeland Mall and stores throughout Miami-Dade County. – WTVJ 6 Miami See item 4 below in the Financial Services Sector
• Service on the Washington Metropolitan Area Transit Authority’s Orange and Blue lines was restored May 6 after service was suspended at four stations in Washington, D.C. May 5 following two track fires. – WRC 4 Washington, D.C.
7. May 6, WRC 4 Washington, D.C. – (Washington, D.C.) Metro service restored after fire closes 2 stations. Service on the Washington Metropolitan Area Transit Authority’s Orange and Blue lines between Eastern Market and L’Enfant Plaza and between Capitol South and Federal Center SW was restored May 6 after service was suspended May 5 when two separate fires shut down a section of the track, prompting the closures. Officials stated that one fire was sparked by a porcelain insulator which will be replaced with fiberglass parts, while the other was due to debris on the track. Source: http://www.nbcwashington.com/traffic/transit/Metro-Trains-on-3-Lines-Delayed-by-Track-Problem-378320681.html
• A painter at Hartwood Farm in Willistown Township, Pennsylvania, was charged May 5 for allegedly embezzling $927,100 from the farm by depositing stolen checks into various personal accounts. – WPVI 6 Philadelphia
11. May 5, WPVI 6 Philadelphia – (Pennsylvania) Bryn Mawr painter accused of stealing $900K from Chester County farm. A painter at Hartwood Farm in Willistown Township, Pennsylvania, was charged May 5 for allegedly embezzling $927,100 from the farm after he stole 148 blank checks, forged the property owner’s signature, and deposited the fraudulent checks into various personal accounts from May 2014-February 2016. Officials stated the man used the money for personal expenses. Source: http://6abc.com/news/painter-accused-of-stealing-$900k-from-pa-farm/1325168/
• A 4-alarm warehouse fire May 5 at Custom Packaging and Filling Company in west Houston prompted a shelter-in-place for residents and the evacuation of 730 people from Spring Branch Elementary School. – Houston Chronicle
26. May 6, Houston Chronicle – (Texas) Four-alarm sends plumes of smoke across Houston, runoff into creeks. A 4-alarm warehouse fire May 5 at Custom Packaging and Filling Company in west Houston prompted a shelter-in-place for residents, evacuated 730 people from the Spring Branch Elementary School and surrounding businesses, and prompted more than 170 firefighters to remain on site containing the incident after the fire began in a garage area of a nearby home. Officials warned residents to avoid the Spring Branch Creek and nearby ditches and culverts after chemical additives from firefighters’ efforts flowed into the creek. Source: http://www.chron.com/news/houston-texas/houston/article/Three-alarm-fire-burns-at-business-in-NW-Houston-7395178.php
Financial Services Sector
3. May 6, SecurityWeek – (International) New trojan targets banks in US, Mexico. Researchers from Zscaler discovered that a new information stealer trojan which leverages legitimate tools to target online banking users in the U.S. and Mexico is delivered via the “curp.pdf.exe” installer served on several compromised Web sites which downloads a main payload file, a Fiddler dynamic link library (DLL) file, and a Json.Net DLL file on a victim’s device to collect system information and send it back to the command and control (C&C) server, to parse the server’s response and save the information in an extensible markup language (XML) file, and to intercept Hypertext Transfer Protocol (HTTP) and Secure Hypertext Transfer Protocol (HTTPS) connections and redirect users to a malicious Web site masked as a bank’s legitimate domain.
4. May 5, WTVJ 6 Miami – (Florida) Pair arrested in counterfeit credit card scheme: MDPD. Two men were arrested and charged May 5 after detectives witnessed the duo using counterfeit credit cards to make fraudulent purchases at the Dadeland Mall and stores throughout Miami-Dade County. Authorities stated a subsequent search of one of the suspects’ vehicles revealed 192 counterfeit credit cards. Source: http://www.nbcmiami.com/news/local/Pair-Arrested-in-Counterfeit-Credit-Card-Scheme-MDPD-378339951.html
5. May 5, Chicago Sun Times – (Illinois) Chicago financial adviser pleads guilty to $4.2M fraud. The operator of a Chicago-based investment firm, D.J. Mosier and Associates pleaded guilty May 5 to defrauding 9 clients out of more than $4.2 million by persuading them to invest in phony “Chicago Anticipatory Notes” debt securities. The financial adviser cashed the investors’ checks into her personal bank account and used the money for personal expenses, and to make bogus interest payments to previous clients.
Information Technology Sector
20. May 6, Help Net Security – (International) Android trojan pesters victims, won’t take no for an answer. Avast researchers determined that an information-stealing Android trojan that is inadvertently downloaded by users, begins its infection after an icon is installed in the launcher in the name of a fake app which launches a dialog box that asks the user to grant it admin rights and blocks further access. Users can remove the trojan by powering down the phone and restoring it to factory settings or uninstalling the app. Source: https://www.helpnetsecurity.com/2016/05/06/android-trojan-pesters-victims/
21. May 6, Threatpost – (International) New security flaw found in Lenovo Solution Center software. Trustwave SpiderLabs reported a new vulnerability in Lenovo’s Solution Center software which is tied to the software’s backend and can allow an attacker with local network access to a PC to execute arbitrary code and elevate privileges. The company updated a previous security advisory disclosing the additional vulnerability and released a fix addressing the vulnerability. Source: https://threatpost.com/new-security-flaw-found-in-lenovo-solution-center-software/117896/
22. May 5, Softpedia – (International) Ransomware infections grew 14 percent in early 2016, April the worst month. Kaspersky, Enigma Software Group, and the FBI issued a warning to companies about the increase in ransomware infections following reports of at least 2,900 new ransomware variants, representing a 14 percent increase in Quarter 1 of 2016. Researchers also found a significant increase in the number of attacks during April. Source: http://news.softpedia.com/news/ransomware-infections-grew-14-percent-in-early-2016-april-the-worst-month-503743.shtml
23. May 5, Softpedia – (International) New Attack on WordPress sites redirects traffic to malicious URLs. Security researchers from Sucuri reported that hackers were continuously leveraging vulnerabilities in older WordPress versions or WordPress plugins by altering the Web sites’ main theme’s header.php file via 12 lines of obfuscated code to redirect users to malicious Web sites. In addition, Joomla Web sites were seen with a similar malicious code in the administrator/includes/help.php file. Source: http://news.softpedia.com/news/new-attack-on-wordpress-sites-redirects-traffic-to-malicious-urls-503740.shtml
24. May 5, SecurityWeek – (International) Qualcomm software flaw exposes Android user data. Security researchers from FireEye discovered Qualcomm Technologies, Inc., open source software package and devices running Android 5.0 Lollipop and earlier versions were plagued with an information disclosure vulnerability that could allow a malicious application to access user information as long as the application has the “ACCESS_NETWORK_STATE” permission. Qualcomm issued security updates patching the vulnerability.
25. May 5, SecurityWeek – (International) Adobe issues pre-patch advisory for Reader, Acrobat. Adobe issued a pre-patch advisory stating that it will release patches for its PDF Reader and Acrobat software products May 10, which will address critical vulnerabilities on the Microsoft Windows and Apple Mac operating system (OS) X platforms.
For another story, see item 3 above in the Financial Services Sector
Nothing to report