Thursday, September 18, 2014



Complete DHS Report for September 18, 2014

Daily Report

Top Stories

 · Latour Trading LLC agreed to pay $16 million in penalties to resolve U.S. Securities and Exchange Commission charges that the high-frequency trading firm violated net capital rules during a 2-year period. – U.S. Securities and Exchange Commission See item 6 below in the Financial Services Sector

 · Metropolitan St. Louis Sewer District officials announced September 17 that no public threat was found after a water main break dumped 11 million gallons of sewage in the Chesterfield area, some of which reached the Missouri River September 8. – Associated Press

17. September 17, Associated Press – (Missouri) Main break dumps 11 million gallons of sewage. Metropolitan St. Louis Sewer District officials announced September 17 that no public threat was found after a water main break dumped 11 million gallons of sewage in the Chesterfield area, some of which reached the Missouri River September 8. Authorities concluded that most of the sewage went upstream away from drinking water intakes. Source: http://www.wral.com/main-break-dumps-11-million-gallons-of-sewage/13990290/

 · The attorney general of Virginia announced a lawsuit September 16 seeking $1.15 billion in damages from 13 banks for their alleged roles in fraudulently misleading the Virginia Retirement System from 2004 to 2010. – Washington Business Journal

20. September 16, Washington Business Journal – (Virginia) Virginia attorney general sues 13 banks for fraud. The attorney general of Virginia announced a lawsuit September 16 seeking $1.15 billion in damages from 13 banks for their alleged roles in fraudulently misleading the Virginia Retirement System from 2004 to 2010, forcing the State to sell most of the securities built on junk mortgages causing a loss of $383 million. Source: http://www.bizjournals.com/washington/news/2014/09/16/virginia-attorney-general-sues-13-banks-for-fraud.html

 · Orange County, California-based Corinthian Colleges Inc. was sued by the U.S. Consumer Financial Protection Bureau September 16 for allegedly deceiving tens of thousands of students by operating an illegal lending scheme. – Los Angeles Times

21. September 16, Los Angeles Times – (National) Feds sue Corinthian Colleges, alleging predatory lending. Orange County-based Corinthian Colleges Inc. was sued by the U.S. Consumer Financial Protection Bureau September 16 for allegedly deceiving tens of thousands of students by operating an illegal lending scheme. The for-profit college operator’s plan forced students to take out private loans costing more than $500 million since July 2011 after raising tuition above federal aid limits. Source: http://www.latimes.com/la-fi-corinthian-colleges-sued-by-consumer-financial-protection-bureau-20140916-story.html

Financial Services Sector

6. September 17, U.S. Securities and Exchange Commission – (New York) SEC charges N.Y.-based high frequency trading firm with violating net capital rule for broker-dealers. Latour Trading LLC agreed to pay $16 million in penalties September 17 to resolve U.S. Securities and Exchange Commission charges that the high-frequency trading firm violated net capital rules on 19 of 24 reporting dates during a 2-year period. The chief operating officer when the violations occurred also agreed to pay $150,000 in the settlement. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542972403

7. September 16, KrebsOnSecurity – (National) Breach at Goodwill vendor lasted 18 months. Payment vendor C&K Systems stated that its hosted managed services systems were found by investigators to be compromised between February 10, 2013 and August 14, 2014, allowing the installation of the infostealer.rawpos point of sale (PoS) malware that led to payment card breaches from over 330 Goodwill retail locations. The malware infection was not detected by the company’s systems until September 5 and affected Goodwill and two other customers. Source: http://krebsonsecurity.com/2014/09/breach-at-goodwill-vendor-lasted-18-months/

8. September 16, Middletown Press – (Connecticut) Man admits role in mortgage fraud in Middlesex, area counties. A Newington man pleaded guilty September 15 to his role in a mortgage fraud scheme that used straw buyers and fraudulent documents to obtain mortgages for around 50 properties in Hartford, New Haven, and Middlesex counties, causing around $5.6 million in losses to lenders. Source: http://www.middletownpress.com/general-news/20140916/man-admits-role-in-mortgage-fraud-in-middlesex-area-counties

9. September 16, U.S. Securities and Exchange Commission – (International) SEC charges IT employee at law firm with insider trading ahead of merger announcements. The U.S. Securities and Exchange Commission September 16 charged a senior information technology professional at law firm Wilson Sonsini Goodrich & Rosati with allegedly engaging in insider trading using information from client-related databases to make over $300,000 in illicit profits using a brokerage account held in the name of a relative in Russia. The U.S. Attorney’s Office for the Southern District of New York also filed criminal charges against the man in a parallel action. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542965393

For additional stories, see items 20 and 21 below from the Government Facilities Sector

20. September 16, Washington Business Journal – (Virginia) Virginia attorney general sues 13 banks for fraud. The attorney general of Virginia announced a lawsuit September 16 seeking $1.15 billion in damages from 13 banks for their alleged roles in fraudulently misleading the Virginia Retirement System from 2004 to 2010, forcing the State to sell most of the securities built on junk mortgages causing a loss of $383 million. Source: http://www.bizjournals.com/washington/news/2014/09/16/virginia-attorney-general-sues-13-banks-for-fraud.html

21. September 16, Los Angeles Times – (National) Feds sue Corinthian Colleges, alleging predatory lending. Orange County-based Corinthian Colleges Inc. was sued by the U.S. Consumer Financial Protection Bureau September 16 for allegedly deceiving tens of thousands of students by operating an illegal lending scheme. The for-profit college operator’s plan forced students to take out private loans costing more than $500 million since July 2011 after raising tuition above federal aid limits. Source: http://www.latimes.com/la-fi-corinthian-colleges-sued-by-consumer-financial-protection-bureau-20140916-story.html

Information Technology Sector

26. September 17, Securityweek – (International) Twitter fixes vulnerability potentially impacting company’s ad revenue. A security researcher identified and reported a vulnerability in a Twitter subdomain that could be used to delete the payment card information used by advertisers to pay for ads on the social media network. Twitter addressed the vulnerability and awarded a $2,800 bounty to the researcher. Source: http://www.securityweek.com/twitter-fixes-vulnerability-potentially-impacting-companys-ad-revenue

27. September 17, Securityweek – (International) Amazon fixes persistent XSS vulnerability affecting Kindle library. Amazon addressed a cross-site scripting (XSS) vulnerability on the Amazon Web page used to manage users’ Kindle libraries that could be used by an attacker to inject malicious code through eBook metadata. Source: http://www.securityweek.com/amazon-fixes-persistent-xss-vulnerability-affecting-kindle-library

28. September 17, Help Net Security – (International) Macro based malware is on the rise. Researchers with Sophos found that macro-based malware created in Visual Basic rose from around 6 percent of document malware to 28 percent in July, among other findings. Source: http://www.net-security.org/malware_news.php?id=2867

29. September 16, Threatpost – (International) Adobe gets delayed Reader update out the door. Adobe released new versions of Adobe Reader and Acrobat September 16 that were delayed during Adobe’s scheduled patch release the week of September 8. The updates close eight vulnerabilities including two memory corruption issues and a cross-site scripting (XSS) vulnerability affecting Macintosh users. Source: http://threatpost.com/adobe-gets-delayed-reader-update-out-the-door

30. September 16, Threatpost – (International) Archie exploit kit targets Adobe, Silverlight vulnerabilities. Researchers at AlienVault Labs analyzed a new exploit kit first identified by EmergingThreats researchers and found that the Archie exploit kit attempts to exploit older versions of Adobe Flash, Reader, and Microsoft Silverlight and Internet Explorer. Source: http://threatpost.com/archie-exploit-kit-targets-adobe-silverlight-vulnerabilities

Communications Sector

Nothing to report