Daily Report
Top Stories
• Federal prosecutors charged four employees
at Arch Coal’s Mountain Laurel mining complex in Logan County, West Virginia,
for allegedly taking almost $2 million in bribes by requiring vendors to pay
kickbacks to the employees in order to do business with the coal company. – Associated
Press
3.
May 30, Associated Press – (West Virginia) Feds: Arch Coal workers at
West Virginia mine accused of taking $2M in kickbacks from vendors. Federal
prosecutors charged four employees at Arch Coal’s Mountain Laurel mining
complex in Logan County, West Virginia, for allegedly taking almost $2 million
in bribes from 2007 to 2012 by requiring vendors to pay kickbacks to the
employees in order to do business with the coal company. A total of 10
individuals, including vendors and contractors, were charged in the scheme.
Source: http://www.570news.com/2014/05/30/feds-arch-coal-workers-at-west-virginia-mine-accused-of-taking-2m-in-kickbacks-from-vendors/
• U.S. and European law enforcement
authorities and several companies cooperatively seized servers and disrupted
the operations of the GameOver Zeus financial fraud botnet May 30. – Threatpost
See item 6 below in the Financial
Services Sector
• The U.S. Centers for Disease Control and
Prevention reported an additional 66 cases related to an ongoing Salmonella
outbreak linked to live poultry from Mt. Healthy Hatcheries in Springfield
Township, Ohio, bringing the case count to 126 across 26 States. – Food
Safety News
16.
May 31, Food Safety News – (National) 126 sickened by Salmonella in
live poultry outbreak. The U.S. Centers for Disease Control and Prevention
reported an additional 66 cases related to an ongoing Salmonella outbreak
linked to live poultry from Mt. Healthy Hatcheries in Springfield Township,
Ohio, bringing the case count to 126 since the illnesses were first announced
May 8. Sicknesses related to the outbreak began between February 4 and May 15
and span across 26 States. Source: http://www.foodsafetynews.com/2014/05/126-sick-with-salmonella-in-live-poultry-outbreak
• A database used by the Arkansas State
University was breached, potentially exposing the personal information of about
50,000 individuals. – Arkansas Business
27.
May 30, Arkansas Business – (Arkansas) Arkansas State notified of
data breach; up to 50,000 could be affected. Arkansas State University was
notified by the Arkansas Department of Human Services May 28 that a database
used by the College of Education and Behavioral Science’s Department of
Childhood Services was breached, potentially exposing the personal information
of about 50,000 individuals. The third-party site was taken offline and
authorities are investigating the incident. Source: http://www.arkansasbusiness.com/article/99018/arkansas-state-notified-of-data-breach-up-to-50000-could-be-affected
Financial Services Sector
6. June 2, Threatpost – (International) FBI, European
authorities go after GameOver Zeus botnet. U.S. and European law
enforcement authorities and several companies cooperatively seized servers and
disrupted the operations of the GameOver Zeus botnet May 30, and are seeking a
Russian citizen allegedly connected to the operation of the peer-to-peer (P2P)
botnet. The botnet is used to perform wire fraud by stealing financial
credentials and then transferring money to accounts controlled by its
operators. Source: http://threatpost.com/fbi-european-authorities-go-after-gameover-zeus-botnet
7. June 2, Security Week – (International) Middle East
hackers target government departments, U.S. financial institution. FireEye
researchers identified an attack campaign targeting an undisclosed U.S.
financial institution as well as government agencies in several countries that
attempts to drop remote access trojans (RATs) on targets’ systems. The
researchers attributed the campaign to a Middle Eastern group known as
“Operation Molerats” due to the location of the attack infrastructure and the
variants of the Poison Ivy and Xtreme RATs used. Source: http://www.securityweek.com/middle-east-hackers-target-government-departments-us-financial-institution
8. May 30, SC Magazine – (International) Card Recon tool
repurposed by attackers to sniff out payment card data. Researchers at
Arbor Networks and Trend Micro reported finding the legitimate Card Recon
compliance software being used by attackers to seek out payment card data in
point-of-sale (PoS) infrastructure. The legitimate software seen was cracked
for use by attackers and included in attack toolkits along with PoS malware.
Source: http://www.scmagazine.com/card-recon-tool-repurposed-by-attackers-to-sniff-out-payment-card-data/article/349265/
9. May 30, U.S. Securities and Exchange Commission –
(Texas) SEC charges accomplice in forex trading scheme. The U.S.
Securities and Exchange Commission (SEC) filed charges in federal court in
Texas against a man who allegedly provided substantial assistance to KGW
Capital Management and its owner as part of a fraud scheme that raised around
$7.4 million from investors between 2011 and 2013 through Revelation Forex, a
foreign currency exchange trading entity. Source: http://www.sec.gov/litigation/litreleases/2014/lr23010.htm
Information Technology Sector
31. June 2, Security Week – (International) New
Heartbleed attack vectors impact enterprise wireless, Android devices. A
security researcher detailed new attack methods for using the Heartbleed
vulnerability in OpenSSL which could allow attacks over the Extensible
Authentication Protocol (EAP) used in wireless networks and peer-to-peer (P2P)
connections. The new vectors can threaten enterprise wireless networks, Android
devices, and other connections. Source: http://www.securityweek.com/new-heartbleed-attack-vectors-impact-enterprise-wireless-android-devices
32. June 2, The Register – (International) Flaws open
gates to WordPress en-masse SEO beat-down. A patch was released June 1 for
the popular All in One SEO Pack plugin for WordPress, closing vulnerabilities
which could allow attackers to launch privilege escalation and cross-site
scripting (XSS) attacks in sites using older versions of the plugin. Users were
advised to update their installations. Source: http://www.theregister.co.uk/2014/06/02/flaws_open_gates_to_wordpress_enmasse_seo_beatdown/
33. May 30, Threatpost – (International) Apache patches
DoS, information disclosure bugs in Tomcat. The Apache Software Foundation
released a patch for Tomcat, closing three information disclosure
vulnerabilities and one denial of service issue. Users were advised to apply
the patches to their installations. Source: http://threatpost.com/apache-patches-dos-information-disclosure-bugs-in-tomcat
For another story, see item 6 above in the Financial Services Sector
Communications Sector
Nothing
to report
No comments:
Post a Comment