Complete DHS Report for
June 29, 2015
Daily Report
Top Stories
• The Boise
Police Department’s Organized Retail Crime Unit in Idaho arrested 2 suspects June
24 and seized 424 counterfeit credit and gift cards along with merchandise that
they had bought with the fraudulent cards. – Boise Weekly See item 8 below in the Financial Services Sector
• Interstate 75 in Chattanooga, Tennessee,
reopened June 26 after being closed for about 12 hours due to a 9-vehicle
accident that killed 6 people June 25. – Associated Press
9. June
26, Associated Press – (Tennessee) I-75 reopens after 6 killed in
wreck outside Chattanooga. Interstate 75 in Chattanooga reopened June 26
after being closed for about 12 hours while crews cleared the scene of a
9-vehicle accident that killed 6 people June 25. The cause of the crash remains
under investigation. Source: http://www.msn.com/en-us/news/us/i-75-reopens-after-6-killed-in-wreck-outside-chattanooga/ar-AAc9l1w
• The California Assembly passed a bill June
25 restricting exemptions for mandatory vaccination schedules, negating the
State’s personal belief exemption allowing only children with serious health
problems to opt out. – Washington Post
13. June 26,
Washington Post – (California) The California Assembly just approved one of
nation’s strictest mandatory vaccine laws. The California Assembly passed a
bill June 25 restricting exemptions for mandatory vaccination schedules,
negating the State’s personal belief exemption allowing only children with
serious health problems to opt out. Source: http://www.washingtonpost.com/news/morning-mix/wp/2015/06/26/the-california-assembly-just-approved-one-of-nations-strictest-mandatory-vaccine-laws/
• Security researchers from Trend Micro
discovered a security flaw in the Android operating system’s debugging
component in which an attacker could create a special Executable and Linkable
Format file to crash the debugger and view dumps and log files stored in
memory, or to create a denial-of-service condition. – Softpedia See item 21 below in the Information Technology Sector
Financial Services Sector
6. June
25, Cleveland Plain Dealer – (Ohio) Three accused of Akron-based
Ponzi scheme that cost investors $17 million. Three Northeast Ohio men were
indicted June 25 on charges alleging that they defrauded 70 investors out of
$17 million from 2010 – 2014 by convincing them to give money to KGTA Petroleum
Ltd., a company partially owned by one of the suspects, and spent the proceeds
on luxury items and mortgage payments. Source: http://www.cleveland.com/court-justice/index.ssf/2015/06/three_accused_of_akron-based_p.html
7. June
25, Associated Press – (Maryland) Md. man charged with stealing
from ATMs with skimming device. A Riverdale, Maryland man was arrested June
24 on charges that he allegedly stole $300,000 from ATMs using skimming devices
at a Sandy Spring Bank in Maryland. Source: http://baltimore.cbslocal.com/2015/06/25/md-man-charged-with-stealing-from-atms-with-skimming-device/
8. June
25, Boise Weekly – (Idaho) Hundreds of fraudulent credit cards
seized, two suspects behind bars. The Boise Police Department’s Organized
Retail Crime Unit arrested 2 suspects June 24 and seized 424 counterfeit credit
and gift cards along with merchandise that they had bought with the fraudulent
cards. Source: http://www.boiseweekly.com/boise/hundreds-of-fraudulent-credit-cards-seized-two-suspects-behind-bars/Content?oid=3515991
Information Technology Sector
19. June 26,
Softpedia – (International) Click-fraud attack morphs into ransomware
risk in a couple of hours. Security researchers at Damballa discovered that
a threat actor dubbed RuthlessTreeMafia is distributing exploit kits along with
the Rerdom malware in a click-fraud campaign in which they sell other threat
actors access to infected users’ systems. Researchers observed an infection
result in the delivery of the CryptoWall ransomware. Source: http://news.softpedia.com/news/click-fraud-attack-morphs-into-ransomware-risk-in-a-couple-of-hours-485395.shtml
20. June 26,
Securityweek – (International) Default SSH keys expose Cisco’s virtual
security appliances. Cisco reported that customers using its Web Security,
Email Security, and Security Management Virtual Appliances were vulnerable due
to the products’ use of default secure shell (SSH) keys, which could allow an
unauthenticated, remote attacker to connect to a system with root user
privileges. The company released a patch addressing the issue. Source: http://www.securityweek.com/default-ssh-keys-expose-ciscos-virtual-security-appliances
21. June 26,
Softpedia – (International) 94% of Android devices vulnerable to bug
exposing memory content. Security researchers from Trend Micro discovered
security flaw in the Android operating system’s (OS) debugging component in
which an attacker could create a special Executable and Linkable Format (ELF)
file to crash the debugger and view dumps and log files stored in memory, or to
create a denial-of-service (DoS) condition. The issue affects all Android versions
after 4.0, Ice Cream Sandwich. Source: http://news.softpedia.com/news/94-of-android-devices-vulnerable-to-bug-exposing-memory-content-485382.shtml
22. June 25,
Threatpost – (International) Stored XSS flaw patched in Thycotic secret
server. Thycotic patched a stored cross-site scripting (XSS) vulnerability
in its Secret Server product in which an attacker could use JavaScript code in
the browser of a valid user to toggle the password mask and steal a victim’s
stored passwords. Source: https://threatpost.com/stored-xss-flaw-patched-in-thycotic-secret-server/113473
For another
story, see item 15 below from the Healthcare and Public Health
Sector
15. June 25, Securityweek – (National) U.S.
healthcare companies hardest hit by ‘Stegoloader’ malware. Security
researchers from Trend Micro reported that North American healthcare
organizations are the primary victims of the Stegoloader Trojan, a malware
identified as TROJ_GATAK which embeds malicious code in image files to avoid
detection and has anti-virtual machine and anti-emulation capabilities to
prevent analysis. Source: http://www.securityweek.com/us-healthcare-companies-hardest-hit-stegoloader-malware
Communications Sector
23. June 25, Victorville
Daily Press – (California) Verizon offering reward for copper
theft information. Verizon officials announced June 25 that the company is
offering a reward of up to $10,000 for information leading to the arrest and
prosecution of the suspect, or suspects, responsible for the theft of roughly
16,000 feet of copper communication cables throughout Southern California. The
company has implemented “additional security measures” to prevent future thefts
and is working with State and local law enforcement authorities. Source: http://www.vvdailypress.com/article/20150625/NEWS/150629826
24. June 25, Columbia Daily
Herald – (Tennessee) Internet outages reported in area. About
1,000 customers of Columbia Power and Water Systems (CPWS) and other Internet
providers in Columbia, Tennessee experienced outages June 24 – June 25 after a
laser in CPWS’ data center was damaged and due to a fiber optic cable cut.
Source: http://columbiadailyherald.com/news/local-news/internet-outages-reported-area
25. June 25, WBTA 1490 AM
Batavia – (New York) WBTA to be temporarily off-air Friday
morning. WBTA Radio temporarily suspended AM and FM transmission June 26 in
order to repair antenna damage caused by severe thunderstorms. While the
stations are off-air, programming will continue on-line and via mobile devices.
Source: http://www.wbta1490.com/LocalNews/tabid/115/articleType/ArticleView/articleId/6322/WBTA-to-be-Temporarily-Off-Air-Friday-Morning.aspx
No comments:
Post a Comment