Friday, August 22, 2014




Complete DHS Report for August 22, 2014

Daily Report

Top Stories

 · Bank of America agreed August 21 to pay $16.65 billion in a settlement with the U.S. Department of Justice over the bank’s misrepresentation of risky mortgage-backed securities to clients prior to the 2008 financial crisis. – Associated Press See item 4 below in the Financial Services Sector

 · The United Parcel Service (UPS) announced August 20 that a security breach at 51 of its UPS Stores in 24 States may have exposed the personal information, including addresses and payment card information, of customers who completed transactions between January 20 and August 11. – Computerworld

9. August 20, Computerworld – (National) UPS now the third company in a week to disclose data breach. The United Parcel Service (UPS) announced August 20 that a security breach at 51 of its UPS Stores in 24 States may have exposed the personal information, including addresses and payment card information, of customers who completed transactions between January 20 and August 11. An investigation found previously unknown malware was installed on individual stores’ systems but did not affect wider UPS networks. Source: http://www.computerworld.com/s/article/9250545/UPS_now_the_third_company_in_a_week_to_disclose_data_breach

 · Incapsula reported that a client experienced a distributed denial of service (DDoS) attack that lasted 38 days between June 21 and July 28, used several attack vectors, and peaked at over 110 Gbps.– Softpedia See item 24 below in the Information Technology Sector

 · One person was killed, 9 others were injured, and at least 2 dozen people were potentially displaced after an August 20 fire that begin on the main level of a 3-story Brighton apartment building in Boston, Massachusetts, spread to an adjacent home. – Boston Globe

28. August 21, Boston Globe – (Massachusetts) Man killed in 4-alarm Brighton blaze. One person was killed, 9 others were injured, and at least 2 dozen people were potentially displaced after an August 20 fire that begin on the main level of a 3-story Brighton apartment building in Boston and spread to an adjacent home. The total amount of damaged was estimated at more than $700,000. Source: http://www.bostonglobe.com/metro/2014/08/21/four-alarm-fire-brighton-heavily-damages-apartment-building/OxiwLRyFJrCTKSWMDsrVBO/story.html

Financial Services Sector

4. August 21, Associated Press – (National) Bank of America agrees to nearly $17B settlement. Bank of America agreed to pay $16.65 billion August 21 as part of an agreement to settle U.S. Department of Justice charges that the bank and its subsidiaries misrepresented risky mortgage-backed securities to clients prior to the 2008 financial crisis. The total includes a $5 billion penalty, $4.6 billion in remediation, and around $7 billion in relief to homeowners harmed by the bank’s practices. Source: http://abcnews.go.com/Politics/wireStory/apnewsbreak-bofa-reaches-17b-settlement-us-25055433

5. August 21, WOIO 19 Shaker Heights – (National) Two men indicted for $6.5 million investment fraud. The co-founders of Integrity Financial AZ LLC were indicted for allegedly operating the company as an investment fraud scheme that defrauded around 60 investors out of more than $6.5 million. The alleged scheme advertised investment opportunities in a purported real estate development plan in Arizona and had regional offices in Cleveland, Chicago, and Sacramento, California, and used investors’ money for the personal enrichment of the co-founders. Source: http://www.19actionnews.com/story/26335022/two-men-indicted-for-65-millon-investment-fraud

6. August 20, U.S. Department of Justice – (Florida; Illinois) Former Hillsborough County resident pleads guilty to conspiracy to commit bank, wire and mail fraud. A Chicago man pleaded guilty August 20 to using his company, Capital Management Guarantee LLC, to participate in a conspiracy to commit wire, bank, and mail fraud connected to the purchase of The Arbors apartment complex in Hillsborough County, Florida, and the sale of condominium units. The man admitted to helping to induce buyers by offering kickbacks to buyers, concealing the facts and violating the terms of a loan from Corus Bank. Source: http://www.justice.gov/usao/flm/press/2014/Aug/20140820_Bolger.html

For additional stories, see items 9 above in Top Stories and 26 below in the Information Technology Sector

Information Technology Sector

24. August 21, Softpedia – (International) 38-day long DDoS siege amounts to over 50 petabits in bad traffic. Incapsula reported that a video game company client experienced a distributed denial of service (DDoS) attack that lasted 38 days between June 21 and July 28, used several attack vectors, and peaked at over 110 Gbps. The attack used techniques separately or at the same time and was mitigated by Incapsula using a scrubbing server. Source: http://news.softpedia.com/news/38-Day-Long-DDoS-Siege-Amounts-to-Over-50-Petabits-in-Bad-Traffic-455722.shtml

25. August 21, Help Net Security – (International) Most popular Android apps open users to MITM attacks. FireEye researchers conducted an analysis of the 1,000 most popular free Android apps in the Google Play store and found that many contain one or more vulnerabilities that could leave users vulnerable to man-in-the-middle (MitM) attacks. Source: http://www.net-security.org/secworld.php?id=17279

26. August 20, Securityweek – (International) Graphic library flaw exposes apps created with Delphi, C++ Builder. Researchers with Core Security reported identifying a security vulnerability that can affect software with a specific version of Embarcadero C++ Builder XE6, Embarcadero Delphi XE6, and possibly other versions. Embarcadero products are used by organizations and companies in industries including healthcare, financial services, and other industries to develop in-house applications. Source: http://www.securityweek.com/graphic-library-flaw-exposes-apps-created-delphi-c-builder

Communications Sector

27. August 20, Journal of The San Juan Islands – (Washington) CenturyLink faces $173K in fines for November outage. The Washington State Utilities and Transportation Commission cited CenturyLink with 15,935 violations and proposed $173,000 in fines for failing to communicate with the commission and its customers during a 10-day outage that left a majority of the San Juan Islands without telephone, Internet, and cell phone services during November 2013. Source: http://www.sanjuanjournal.com/news/272083591.html