Daily Report
Top Stories
· Athena Capital Research
in New York agreed to pay $1 million in penalties to resolve U.S. Securities
and Exchange Commission charges that the firm engaged in the manipulation of
NASDAQ-listed stocks by placing large numbers of rapid, aggressive trades 2 seconds
before the end of trading. – U.S. Securities and Exchange Commission See item 4 below in the Financial
Services Sector
· Six crew
members and 38 passengers aboard an Arkansas and Missouri Railroad passenger
train were injured after a freight train crashed into it while it was stalled
on a small grade in northwest Arkansas October 16. – CNN
6. October
17, CNN – (Arkansas) Train collision injures 44 on fall foliage
ride in northwest Arkansas. Six crew members and 38 passengers aboard an
Arkansas and Missouri Railroad passenger train touring fall foliage were
injured after a freight train crashed into it while it was stalled on a small
grade in northwest Arkansas October 16. Authorities are investigating the
incident. Source: http://www.cnn.com/2014/10/16/us/arkansas-train-collison/index.html
· The Baltimore
County Department of Public Works announced October 16 that an estimated 17,553
gallons of sewage was discharged into Gwynns Falls in Maryland, beginning
September 24 through October 2. – Baltimore Sun
13. October
16, Baltimore Sun – (Maryland) Sewage leak at Gwynns Falls takes
eight days to repair. The Baltimore County Department of Public Works
announced October 16 that an estimated 17,553 gallons of sewage was discharged
into Gwynns Falls beginning September 24, and lasted through October 2 before
crews were able to repair a broken sewer pipe. Workers made several attempts to
plug the leak after determining a tree had fallen on the pipe. Source: http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-sewage-overflow-20141016-story.html
·
Firefighters responded to the Beech Grove Firearms gun store in Indiana October
17 after a fire that broke out October 16 reignited causing a collective $2
million in damage. – WRTV 6 Indianapolis (See item 27)
27. October
17, WRTV 6 Indianapolis – (Indiana) Fire reignites at Beech Grove
gun store after Thursday blaze. Firefighters responded to the Beech Grove
Firearms gun store in Indiana October 17 after a fire that broke out October 16
reignited, causing a collective $2 million in damage. The initial blaze is
believed to have started when a patron used the wrong type of bullet on a firing
range at the facility, prompting an evacuation of 20 customers and 7 employees.
Source: http://www.theindychannel.com/news/local-news/crews-respond-to-fire-at-beech-grove-gun-store
Financial Services Sector
4. October
16, U.S. Securities and Exchange Commission – (New York) SEC
charges New York-based high frequency trading firm with fraudulent trading to
manipulate closing prices. New York City-based high frequency trading firm
Athena Capital Research agreed to pay $1 million in penalties to resolve U.S.
Securities and Exchange Commission charges that the firm engaged in the
manipulation of NASDAQ-listed stocks by placing large numbers of rapid,
aggressive trades 2 seconds before the end of trading over a 6 month period.
The case was the first high frequency trading stock manipulation case. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543184457
5. October
16, South Florida Sun Sentinel – (Florida) Broker admits guilt in
Ponzi fraud. A Miami broker pleaded guilty October 16 to his role in the
$1.4 billion Ponzi scheme run out of the Rothstein Rosenfeldt Adler law firm in
Fort Lauderdale. The broker was charged for assisting in several fraudulent
deals that were part of the larger Ponzi scheme. Source: http://www.sun-sentinel.com/local/broward/fl-rothstein-david-pearson-brf-20141016-story.html
Information Technology Sector
21. October 17, Threatpost – (International) SAP patches DoS flaw in Netweaver. SAP
released a patch for its Netweaver platform that closes a remotely exploitable
denial of service (DoS) vulnerability reported by Core Security researchers in
June. The vulnerability could allow an unauthenticated attacker to use a
specially crafted SAP Enqueue Server packet to create the DoS condition.
Source: http://threatpost.com/sap-patches-dos-flaw-in-netweaver/108896
22. October 17, IDG News Service – (International) New technique allows attackers to hide
stealthy Android malware in images. Two researchers presenting at the Black
Hat Europe conference October 16 revealed a technique dubbed AngeCryption that
could allow an attacker to hide malicious Android applications inside image
files in order to avoid detection by antivirus programs and potentially the
Google Play store’s malware scanner. Source: http://www.networkworld.com/article/2835433/new-technique-allows-attackers-to-hide-stealthy-android-malware-in-images.html
23. October 16, Softpedia – (International) XSS risk found in links to New York
Times articles prior to 2013. A student reported and published a proof of
concept for a vulnerability in articles on the New York Times Web site
published before 2013 that could allow attackers to hijack browser sessions,
direct users to phishing sites, or steal cookies by exploiting a cross-site
scripting (XSS) flaw. The vulnerability exists on pages containing certain
buttons and does not affect the most recent versions of popular Web browsers.
Source: http://news.softpedia.com/news/XSS-Risk-Found-In-Links-to-New-York-Times-Articles-Prior-to-2013-462334.shtml
24. October 16, The Register – (International) Bad news, fandroids: He who controls
the IPC tool, controls the DROID. Researchers with Check Point presenting
at the Black Hat Europe conference October 16 detailed a flaw in the Android
inter-process communication (IPC) tool Binder that could allow attackers to
override in-app security features to tamper with apps and steal passwords and
other information. Source: http://www.theregister.co.uk/2014/10/16/android_messaging_mechanism_security_flawed/
25. October 16, IDG News Service – (International) All-in-one printers can be used to
control infected air-gapped systems from far away. A cryptographer and two
researchers from Ben-Gurion University presenting at the Black Hat Europe
conference October 16 demonstrated how an all-in-one printer could be used to
issue commands to infected systems on an air-gapped network by shining infrared
or visible light at the scanner lid when open, issuing commands to malware
already planted on the system via USB drive or other method. The researchers
were able to successfully test the method at a target printer inside a building
at 200, 900, and 1,200 meters and stated that a more powerful laser could
produce reliable results from up to 5 kilometers. Source: http://www.networkworld.com/article/2834973/allinone-printers-can-be-used-to-control-infected-airgapped-systems-from-far-away.html
Communications Sector
26.
October 15, TV Technology – (Texas) FCC
fines Texas TV Group $86,400 for unauthorized BAS. The U.S. Federal
Communications Commission (FCC) issued an $86,400 fine against Texas-based
Midessa Television for allegedly operating several unauthorized broadcast
auxiliary services for a number of years in violation of FCC rules. Source: http://www.tvtechnology.com/news/0086/fcc-fines-texas-tv-group--for-unauthorized-bas/272865