Thursday, December 15, 2016



Complete DHS Report for December 15, 2016

Daily Report                                            

Top Stories

• Thirty-five individuals connected to the Brooklyn, New York-based Hoodstarz street gang and associated crews were charged December 13 for allegedly buying more than 750 credit card numbers from the Dark Web and using the numbers to create fraudulent credit cards. – WNBC 4 New York See item 5 below in the Financial Services Sector

• A Nigerian national pleaded guilty December 12 for his role in a roughly $4.7 million scheme to file thousands of fraudulent Federal and Oregon State tax returns from 2012 –2015. – Medford Mail Tribune See item 6 below in the Financial Services Sector

• The Stamford Water Pollution Control Authority in Connecticut reported that 84,000 gallons of raw sewage leaked into the East Branch of Stamford Harbor December 13. – Stamford Advocate

15. December 14, Stamford Advocate – (Connecticut) Broken pipe leaks 84,000 gallons of sewage into Stamford Harbor. The Stamford Water Pollution Control Authority in Connecticut reported that 84,000 gallons of raw sewage leaked into the East Branch of Stamford Harbor December 13 after a force main pipe broke at the city’s water pollution control plant. Officials stated that the spill has been contained and the pipe is being repaired. Source: http://www.stamfordadvocate.com/local/article/Broken-pipe-leaks-84-000-gallons-of-sewage-into-10795509.php

• Frederick County Public Schools officials in Maryland announced December 13 that the personal information of about 1,000 former students was stolen and offered for sale online following a data breach that occurred before 2010. – Frederick News-Post

17. December 13, Frederick News-Post – (Maryland) Personal details of about 1,000 former Frederick County students stolen, was for sale. A spokesperson for Frederick County Public Schools in Maryland announced December 13 that the personal information of about 1,000 former students who attended the district’s schools between November 2005 and November 2006 was stolen and offered for sale online following a data breach that occurred before 2010. The breach was discovered in September when a former student found the information online. Source: http://www.fredericknewspost.com/news/education/schools/personal-details-of-about-former-frederick-county-students-stolen-was/article_147339b1-de16-513b-8288-0e0ba62bf506.html

Financial Services Sector

5. December 14, WNBC 4 New York – (New York) Brooklyn gang members used fake credit cards to buy American Girl dolls, guns: Officials. Thirty-five individuals connected to the Brooklyn, New York-based Hoodstarz street gang and associated crews were charged December 13 for allegedly buying more than 750 credit card numbers from the Dark Web and using the numbers to create fraudulent credit cards, which the group used to buy dolls, concert tickets, and weapons, as well as to fund violent crimes. The charges allege that the group tested the fraudulent credit cards by charging $1 at parking meters. Source: http://www.nbcnewyork.com/news/local/Fake-Credit-Card-Brooklyn-Gang-Indictment-Violence-American-Girl-Dolls-Hoodstarz-406312075.html

6. December 14, Medford Mail Tribune – (International) Stolen PINs net nearly $5 million in tax fraud. A Nigerian national pleaded guilty December 12 for his role in a roughly $4.7 million scheme to file thousands of fraudulent Federal and Oregon State tax returns from 2012 – May 2015 where he and 5 co-conspirators obtained the personal information of more than 250,000 people from an overseas hacker, and used the information to get PIN numbers used by the victims to electronically file U.S. Internal Revenue Service (IRS) returns. The IRS paid refunds directly to prepaid debit cards or third-party bank accounts the group opened, and the co-conspirators subsequently wired some of the refunds to Nigeria via the Western Union Company. Source: http://www.mailtribune.com/news/20161213/stolen-pins-net-nearly-5-million-in-tax-fraud

For another story, see item 4 below from the Critical Manufacturing Sector

4. December 12, Washington Post – (California) A Calif. man steals $5 million, spends $1 million on a cellphone game. A California man pleaded guilty December 8 after he defrauded his employer, Holt Manufacturing Company, out of nearly $5 million from May 2008 – March 2015 by conducting hundreds of unauthorized credit card transactions on the firm’s commercial account, falsifying records regarding the account, and misleading the bank that held the credit account when it made inquiries about suspicious transactions. The former employee used the stolen funds for personal expenses. Source: https://www.washingtonpost.com/news/morning-mix/wp/2016/12/12/a-calif-man-stole-nearly-5-million-from-his-company-then-spent-1-million-on-a-cellphone-game/?utm_term=.1eab2b6b5a60

Information Technology Sector

18. December 14, SecurityWeek – (International) Apple patches 72 vulnerabilities in macOS Sierra. Apple released version 10.12.2 of its Sierra operating system (OS) patching a total of 72 vulnerabilities in Apache, Audio, Bluetooth, security, the kernel, and Disk Images, among other components, after security researchers discovered that the flaws could be exploited to cause an application to enter a denial-of-service (DoS) condition, execute arbitrary code with elevated privileges, leak memory data, and overwrite existing files, among other nefarious actions. Apple also released security updates for iCloud for Microsoft Windows, iTunes for Windows, and Safari 10.0.2, which resolved two dozen flaws.

19. December 14, SecurityWeek – (International) Microsoft patches several publicly disclosed flaws. Microsoft released its December 2016 security updates which include a total of 12 critical and important security bulletins that resolve flaws in Windows, Office, Edge, and Internet Explorer, including 11 flaws in Edge, an information disclosure and 2 remote code execution bugs in Windows graphics component, and 16 privilege escalation, information disclosure, and arbitrary code execution flaws, among other flaws, in Office and Office for Apple Mac. One of the critical bulletins also includes patches for Adobe Flash Player, in which Adobe resolved a total of 17 vulnerabilities, including a zero-day flaw that was being exploited in targeted attacks.

20. December 14, Help Net Security – (International) Corporate Office 365 users hit with clever phishing attack. Security researchers reported that phishers are targeting users of Microsoft’s Corporate Office 365 service to bypass its email filters and default security protections using a trick that makes the user see one Uniform Resource Locator (URL) in the link and anti-phishing filters another link, while the actual link leads the victim to a third, phishing URL. The malicious actors exploit the way that Office 365 anti-phishing and URL-reputation security layers translate Punycode, the method for encoding domain names with Unicode characters.
Source: https://www.helpnetsecurity.com/2016/12/14/corporate-office-365-phishing/

21. December 13, Help Net Security – (International) More Android-powered devices found with trojans in their firmware. Doctor Web security researchers discovered two types of downloader trojans incorporated in the firmware of several Android-powered devices that are used to deliver ad-showing apps that push users to download additional apps, and are capable of updating themselves, contacting their command and control (C&C) servers, receiving instructions on which apps to covertly download and run, and start running each time the device is turned on. One of the trojans, dubbed Android.Sprovider.7 was found inserted into the firmware of Lenovo smartphones and can open specified links in a browser, as well as show ads on top of apps and in the status bar, among other malicious actions. Source: https://www.helpnetsecurity.com/2016/12/13/android-devices-trojans-firmware/

22. December 13, Help Net Security – (International) 93% of SOC managers unable to triage all potential threats. Intel Security released a report after interviewing 400 Security Operations Center (SOC) managers across several countries, industries, and company sizes, which revealed that on average, organizations are unable to adequately investigate 25 percent of security alerts, as many as 93 percent of SOCs are unable to triage all potential threats, and that the most common threat detection signals for 64 percent of companies come from traditional security control points, including firewall and intrusion prevention systems, among other findings.
Source: https://www.helpnetsecurity.com/2016/12/13/soc-managers-triage-threats/

23. December 13, SecurityWeek – (International) Apple patches 12 vulnerabilities in iOS, tvOS, and watchOS. Apple released version 10.2 of its mobile operating system (iOS) resolving 12 vulnerabilities affecting several components in iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation and later, including a memory corruption issue in the Profiles component, which was also found to impact 4th generation Apple TV and all Apple Watch models, that could allow an attacker to achieve arbitrary code execution if the victim opened a specially crafted certificate on a vulnerable device.

Communications Sector
 
24. December 14, Help Net Security – (International) Netgear pushes out beta firmware for vulnerable router models. Netgear released a beta firmware to temporarily resolve a vulnerability affecting at least 12 of its router models after confirming the flaw could allow remote, unauthenticated attackers to execute Linux commands with root privileges on the routers if the commands are appended to the Uniform Resource Locator (URL) of a page that the user is tricked into visiting. Netgear is reviewing its router portfolio to determine if the flaw affects other router models. Source: https://www.helpnetsecurity.com/2016/12/13/netgear-firmware-vulnerable-routers/