Tuesday, May 17, 2016



Complete DHS Report for May 17, 2016

Daily Report                                            

Top Stories

• M&T Bank Corporation agreed May 13 to pay the Federal government $64 million to settle charges after a former underwriter at M&T filed a whistleblower lawsuit against the bank in 2013 alleging she witnessed fraud in the bank’s Federal Housing Administration underwriting practices. – Rochester Democrat and Chronicle See item 6 below in the Financial Services Sector

• Southbound lanes of Moreno Boulevard in San Diego were closed for 13 hours May 13 – May 14 while northbound lanes remained closed for at least 24 hours after a semi-truck carrying fuel overturned and spilled diesel. – KNSD 39 San Diego

11. May 14, KNSD 39 San Diego – (California) Tanker truck overturns near Interstate 8, spills fuel. The southbound lanes of Moreno Boulevard in San Diego were closed for 13 hours May 13 – May 14, while the northbound lanes remained closed for at least 24 hours after a semi-truck carrying fuel overturned, spilling an unknown amount of diesel onto the roadway. HAZMAT crews were working to clean up the spill and the cause of the crash remains under investigation. Source: http://www.nbcsandiego.com/news/local/Fuel-Truck-Overturns-Near-Insterstate-8-HAZMAT-Responding-SDPD-379473051.html

• Risk Based Security reported that the popular forum, Nulled.io was compromised after hackers leaked a 1.3Gb archive containing data for more than 536,000 user accounts. – SecurityWeek See item 21 below in the Information Technology Sector

• A May 15 fire displaced 20 residents and caused $1 million in damages to a 16-unit apartment complex in Janesville, Wisconsin, after the blaze began when smoking material was improperly disposed. – WIFR 23 Freeport

28. May 15, WIFR 23 Freeport – (Wisconsin) 20 displaced in Janesville apartment fire. A May 15 fire displaced 20 residents and caused $1 million in damages to a 16-unit apartment complex in Janesville, Wisconsin, after the blaze began when smoking material was improperly disposed. One person was treated for smoke inhalation and the incident was contained. Source: http://www.wifr.com/content/news/20-Displaced-in-Janesville-Apartment-Fire-379584471.html

Financial Services Sector

5. May 13, SecurityWeek – (International) Upgraded Android banking trojan targets users in 200 countries. Security researches from Doctor Web reported that an Android banking trojan dubbed Android.SmsSpy.88. origin, initially discovered in 2014, was updated with new ransomware capabilities including a credit card information stealing capability that targets around 100 banking applications by using WebView to display a phishing window on top of the legitimate banking app, and by utilizing a fake Google Play payment phishing page to intercept and send short message service (SMS) and multimedia messaging service (MMS) messages, send unstructured supplementary service data (USSD) requests, and transmit all saved messages to the server, among other malicious actions. Security researchers stated the trojan has infected over 40,000 devices in over 200 countries. Source: http://www.securityweek.com/upgraded-android-banking-trojan-targets-users-200-countries

6. May 13, Rochester Democrat and Chronicle – (National) M&T Bank settles ederal fraud case for $64 million. M&T Bank Corporation agreed May 13 to pay the Federal government $64 million to settle charges after a former underwriter at M&T filed a whistleblower lawsuit against the bank in 2013 alleging she witnessed fraud in the bank’s Federal Housing Administration underwriting practices, prompting a Federal investigation which revealed that the bank awarded housing loans that did not meet Federal requirements. Source: http://www.democratandchronicle.com/story/money/business/2016/05/13/mt-bank-settles-federal-fraud-case-64-million/84330828/

7. May 13, U.S. Securities and Exchange Commission – (National) SEC charges two attorneys with defrauding escrow clients. The U.S. Securities and Exchange Commission announced May 13 fraud charges against two attorneys acting as escrow agents after the duo allegedly made undisclosed risky investments and stole $13.8 million they obtained in escrow amounts from small business owners by making misrepresentations to clients about a purported loan company, Atlantic Rim Funding, siphoning clients’ investment funds to pay themselves and others, and gambling on risky securities derivatives. Officials stated the pair concealed their illicit actions by claiming the money used for the securities trades was their own and did not belong to clients. Source: https://www.sec.gov/news/pressrelease/2016-87.html

Information Technology Sector

21. May 16, SecurityWeek – (International) Data leaked from hacker forum Nulled.io. Risk Based Security reported that the popular forum, Nulled.io was compromised after hackers leaked a 1.3Gb archive containing more than 536,000 user account information including usernames, email addresses, hashed passwords, application program interface (API) credentials for payment gateways, authentication logs, and Internet Protocol (IP) addresses, among other data. Researchers are unsure how the Nulled.io database was compromised and the forum was taken offline due to the attack.

22. May 16, Softpedia – (International) New Simple attack on Squid proxies leverages malicious flash ads. Squid released versions 4.0.10 and 3.5.18 addressing a vulnerability in its products after a graduate from Tsinghua University discovered a vulnerability dubbed Squison in Squid 3.5.12 to 3.5.17 and all 4.x versions up to 4.0.9 that could allow hackers to poison a Squid proxy server’s cache with malicious content by using simple attacks including a malicious Flash ad or through a Web site controlled by an attacker. Source: http://news.softpedia.com/news/new-simple-attack-on-squid-proxies-leverages-malicious-flash-ads-504103.shtml

23. May 16, IDG News Service – (International) Researchers crack new version of CryptXXX ransomware. Researchers from Kaspersky Lab created a new tool titled, RannohDecryptor that will help victims decrypt files and recover lost information affected by the CryptXXX 2.0 malware. Researchers advised users to install software program updates to mitigate ransomware attacks. Source: http://www.networkworld.com/article/3070477/researchers-crack-new-version-of-cryptxxx-ransomware.html

24. May 15, Softpedia – (International) Silk Road 3.0 pops up on the Dark Web, once again. A Reddit online thread reported that a new Silk Road marketplace dubbed, Silk Road 3.0, was active after its predecessor site was shut down following an FBI raid that arrested the Web site’s users, moderators, and administer. The marketplace was seen actively compiling stolen data, exploits, botnets, drugs, and weapons, among other illegal items, for attackers to purchase. Source: http://news.softpedia.com/news/silk-road-3-0-pops-up-on-the-dark-web-once-again-504089.shtml

25. May 13, Softpedia – (International) Five-year-old SAP vulnerability affects over 500 companies, not 36. The U.S. Computer Emergency Response Team (US-CERT) issued a public alert to all U.S. companies after ERPScan discovered at least 533 companies were affected by an SAP vulnerability largely due to the companies’ failure in installing a SAP security patch issued in 2010. The vulnerability can allow attackers to gain complete control of SAP business platforms via a bug in Invoker Servlet, a component in SAP’s Java platforms. Source: http://news.softpedia.com/news/five-year-old-sap-vulnerability-affects-over-500-companies-not-36-504043.shtml

26. May 13, SecurityWeek – (International) Meteocontrol patches flaws in Photovoltaic Data logger. Meteocontrol released an update for all versions of its WEB’log Basic 100, Light, Pro, and Pro unlimited products used in the energy, water, critical manufacturing, and commercial facilities sectors after a security researcher discovered that the products were plagued by critical authentication flaws, information exposure flaws, and a cross-site request forgery (CSRF) flaw that could allow attackers to perform actions on behalf of the user without authentication and access an administrator password in clear text. Source: http://www.securityweek.com/meteocontrol-patches-flaws-photovoltaic-data-logger

For another story, see item 5 above in the Financial Services Sector

Communications Sector

See item 5 above in the Financial Services Sector