Complete DHS Report for January 6, 2017
• Deutsche Bank AG agreed January 4 to pay $95 million to settle a tax fraud lawsuit after the bank allegedly used shell companies to avoid paying tens of millions of dollars in Federal taxes in 2000. – MarketWatch See item 3 below in the Financial Services Sector
• About 104 people were injured after a Long Island Rail Road train arriving from Far Rockaway derailed at the Atlantic Terminal in Brooklyn, New York, January 4. – Reuters
5. January 5, Reuters – (New York) New York train crash injures more than 100 commuters. About 104 people were injured after a Long Island Rail Road train arriving from Far Rockaway derailed at the Atlantic Terminal in Brooklyn, New York, January 4 after striking a bumping block when the train failed to stop on time. The incident remains under investigation.
• Baltimore County public works officials reported that around 57,000 gallons of sewage spilled in Reisterstown, Maryland, January 4 after a 10-inch sewer line broke. – Baltimore Sun
12. January 4, Baltimore Sun – (Maryland) 57,000 gallons of sewage spills in Reisterstown. Baltimore County public works officials reported that around 57,000 gallons of sewage spilled in Reisterstown, Maryland, January 4 after a 10-inch sewer line broke due to its proximity to an eroding stream bed. Health officials will monitor bacteria levels in the water for possible contamination. Source: http://www.baltimoresun.com/news/maryland/baltimore-county/bs-md-co-sewage-spill-reisterstown-20170104-story.html
• The Northside Independent School District in San Antonio notified January 4 approximately 23,000 former and current students and employees that their personal information may have been compromised after hackers accessed the email accounts of some employees. – KSAT 12 San Antonio
16. January 4, KSAT 12 San Antonio – (Texas) Letter notifies NISD employees, students of email breach. The Northside Independent School District in San Antonio notified January 4 approximately 23,000 former and current students and employees that their personal information may have been compromised after it was discovered in August 2016 that hackers accessed some employees’ email accounts. Officials stated there is no evidence that any of the information has been abused.
Financial Services Sector
3. January 5, MarketWatch – (International) Deutsche Bank settles tax fraud suit for $95 million. Deutsche Bank AG agreed January 4 to pay the U.S. Government $95 million to settle a tax fraud lawsuit filed in 2014 after the bank allegedly used shell companies to avoid paying tens of millions of dollars in Federal taxes in 2000, including as much as $190 million in taxes, penalties, and interest.
4. January 4, Lafayette Journal & Courier – (Indiana; Illinois) Ex-fast food employee admits to card skimming. A West Lafayette, Indiana woman pleaded guilty January 4 to skimming 100 customer credit cards through the cash register and another handheld device while employed at a West Lafayette McDonald’s restaurant in December 2015. The woman and two co-conspirators reportedly used the stolen card information to create counterfeit credit cards and make fraudulent purchases at stores in Lafayette and Chicago. Source: http://www.jconline.com/story/news/crime/2017/01/04/mcdonalds-employee-pleads-credit-card-skimming/96159498/
Information Technology Sector
24. January 5, SecurityWeek – (International) FireCrypt ransomware packs DDoS code. The MalwareHunterTeam discovered that the FireCrypt ransomware is able to encrypt victims’ files, as well as launch a distributed denial-of-service (DDoS) attack against a Uniform Resource Locator (URL) hardcoded in the source code. The researchers found the URL FireCrypt targets cannot be modified using the ransomware’s builder, and reported that in order for the malware’s DDoS attack to cause significant damage, FireCrypt would have to infect thousands of devices simultaneously.
25. January 4, SecurityWeek – (International) Google patches 22 critical Android vulnerabilities. Google released its January 2017 Android Security Bulletin addressing a total of 95 vulnerabilities, including 23 flaws that impact various Android components and 72 bugs that affect drivers and other original design manufacturer (ODM) software, as well as Nexus and Pixel devices. The patches resolve a total of 22 critical vulnerabilities, including 21 elevation of privilege flaws in the Qualcomm bootloader, kernel file system, and Qualcomm video driver, among other components.
26. January 4, SecurityWeek – (International) MongoDB databases actively hijacked for extortion. A security researcher and co-founder of GDI Foundation found that a hacker, known as Harak1r1, is searching for vulnerable MongoDB databases exposed to the Internet and subsequently hijacks them to steal and replace the databases content with one called “Warning” before demanding a ransom in exchange for the data. The researcher reported that the malicious actor targets only those databases that contain important data, as companies are more likely to pay a high ransom to regain access to the content. Source: http://www.securityweek.com/mongodb-databases-actively-hijacked-extortion
Nothing to report