Thursday, November 14, 2013



Complete DHS Daily Report for November 14, 2013

Daily Report

Top Stories

 • Three individuals pleaded guilty in New York to taking part in a $45 million international cybercrime group that used stolen card payment information to make fraudulent ATM withdrawals in several countries. – Softpedia See item 6 below in the Financial Services Sector

 • Microsoft released its November Patch Tuesday round of patches, closing a total of 19 vulnerabilities in Windows and Office products, including three marked as critical. – The Register See item 32 below in the Information Technology Sector

 • Jackson Plaza in Sylva, North Carolina, was evacuated for 6 hours after officials closed the plaza when a teenager committed suicide in his car in the parking lot using poison gas. – Sylva Herald

41. November 13, Sylva Herald – (North Carolina) Shopping center is evacuated after teen’s poison gas suicide. Jackson Plaza in Sylva, North Carolina, was evacuated for 6 hours November 10 after officials closed the plaza when a teenager committed suicide in his car in the parking lot using poison gas. Source: http://www.thesylvaherald.com/top_stories/article_87cc543e-4bcf-11e3-a864-0019bb30f31a.html

 • Eleven people were injured in a four-alarm fire at the Kew Gardens residential building in New York City that caused hundreds of residents to evacuate and severely damaged 4 apartments. – WCBS 2 New York City; Associated Press

44. November 12, WCBS 2 New York City; Associated Press – (New York) 11 injured in Kew Gardens fire. Eleven people, including 8 firefighters, were injured November 12 in a four-alarm fire at the Kew Gardens residential building in New York City that caused hundreds of residents to evacuate and severely damaged 4 apartments. Source: http://newyork.cbslocal.com/2013/11/12/11-injured-in-kew-gardens-fire/

Details

Financial Services Sector

6. November 13, Softpedia – (International) 3 members of cybercriminal ring plead guilty to taking part in card fraud scheme. A total of three individuals pleaded guilty in New York, one November 12 and two others in October, to taking part in a $45 million international cybercrime group known as “Unlimited Operations” that used stolen card payment information to make fraudulent ATM withdrawals in several countries. Source: http://news.softpedia.com/news/3-Members-of-Cybercriminals-Ring-Plead-Guilty-to-Taking-Part-in-Card-Fraud-Scheme-399686.shtml

7. November 13, Savannah Morning News – (Georgia) Former bank president pleads guilty in fraud scheme. The former president and CEO of First National Bank in Savannah pleaded guilty November 12 for his part in a scheme to defraud the now-defunct bank of millions of dollars by manipulating loans. The bank’s failure cost the Federal Deposit Insurance Corporation more than $90 million. Source: http://savannahnow.com/news/2013-11-13/former-bank-president-pleads-guilty-fraud-scheme

8. November 13, Associated Press – (Missouri) Mo. businessman pleads guilty to federal charges. A Lanexa business owner pleaded guilty November 12 to mail fraud and money laundering for defrauding the Missouri Petroleum Storage Tank Insurance Fund of more than $1.3 million by creating inflated invoices sent to the fund. Source: http://www.mysanantonio.com/news/crime/article/Mo-businessman-pleads-guilty-to-federal-charges-4979761.php

9. November 12, Gothamist – (New York) Police find plenty of crack cocaine, fake credit cards, stun guns in Bed-Stuy apartment raid. Three men were arrested in New York City November 11 after police found 2 credit card skimmers, around 400 fraudulent credit cards, drugs, and weapons during a raid on an apartment in the Bed-Stuy area of the city. Source: http://gothamist.com/2013/11/12/cops_find_crack_cocaine_fake_credit.php

10. November 12, U-T San Diego – (California) Toothless man suspected of robbery series arrested. A man suspected of being the “Toothless Bandit” responsible for seven bank robberies in the San Diego area was arrested November 9. Source: http://www.utsandiego.com/news/2013/nov/12/toothless-man-arrested/

Information Technology Sector

32. November 13, The Register – (International) IE 0-day plugged up by TIFF terror continues in November Patch Tuesday. Microsoft released its November Patch Tuesday round of patches, closing a total of 19 vulnerabilities in Windows and Office products, including three marked as critical. A TIFF image handling vulnerability remained unaddressed but a workaround is available. Source: http://www.theregister.co.uk/2013/11/13/november_patch_tuesday/

33. November 13, Softpedia – (International) Second version of Hlux/Kelihos botnet getting smaller, Kaspersky says. Researchers at Kaspersky reported progress in their attempts to disrupt the second version of the Hlux/Kelihos botnet, and found that most of the remaining bots in the botnet are running Windows XP, among other findings. Source: http://news.softpedia.com/news/Second-Version-of-Hlux-Kelihos-Botnet-Getting-Smaller-Kaspersky-Says-399824.shtml

34. November 13, The Register – (International) Facebook makes Adobe fans change their horrible, horrible passwords. Facebook scanned millions of email addresses and passwords released as part of a major breach of Adobe customer emails and passwords, identified Facebook users with the same passwords, and alerted users to the need to change their passwords to prevent account hijacking. Source: http://www.theregister.co.uk/2013/11/12/facebook_forces_adobe_users_to_change_their_horrible_passwords/

35. November 13, Softpedia – (International) Adobe Flash Player 11.9.900.152 addresses critical vulnerabilities. Adobe released a new update for Flash Player, closing two critical memory corruption vulnerabilities. Users were advised to install the updates as soon as possible. Source: http://news.softpedia.com/news/Adobe-Flash-Player-11-9-900-152-Addresses-Critical-Vulnerabilities-399642.shtml

36. November 12, Sophos – (International) Smartphone PINs skimmed with microphone and camera. Researchers at the University of Cambridge created a program called PIN Skimmer which can utilize a smartphone’s camera and microphone to guess a high proportion of PINs, demonstrating how a malicious program could harvest device PINs and passwords. Source: http://nakedsecurity.sophos.com/2013/11/12/smartphone-pins-cracked-with-microphone-and-camera-a-game-changer-for-phone-security/

37. November 12, Softpedia – (International) Google Chrome 31.0.1650.48 Stable fixes 25 vulnerabilities. Google released a new major version of its Chrome browser, fixing a total of 25 issues. Source: http://news.softpedia.com/news/Google-Chrome-31-0-1650-48-Stable-Fixes-25-Vulnerabilities-399565.shtml

38. November 12, Softpedia – (International) Vulnerabilities in RunKeeper allowed cybercriminals to run XSS worm. A security researcher found and reported a cross-site scripting (XSS) and a cross-site reference forgery (CSRF) vulnerability in the RunKeeper app that could have allowed cybercriminals to develop a worm capable of stealing user cookies, collecting private data, or distributing malware. RunKeeper fixed the vulnerabilities after being notified. Source: http://news.softpedia.com/news/Vulnerabilities-in-RunKeeper-Allowed-Cybercriminals-to-Run-XSS-Worm-399517.shtml

Communications Sector

39. November 12, Stars and Stripes – (International) Signal issues continue to plague AFN Radio in Bahrain. The American Forces Network radio station that serves an audience of 7,200 U.S. personnel in Bahrain experienced transmitter problems including static and occasional dead air in the past couple of weeks. Upgrades to the radio studio equipment, as well as approved increases to the signal from 250 watts to 400 watts, are in the works. Source: http://www.stripes.com/news/signal-issues-continue-to-plague-afn-radio-in-bahrain-1.252433