Complete DHS Report for
August 11, 2015
Daily Report
Top Stories
· The Alliance Pipeline from Canada to the
U.S. was shut down August 7 for an indeterminate amount of time after hydrogen
sulphide gas was found in the system. – Canadian Press
1. August 7,
Canadian Press – (International) Pipeline shuts down a major natural gas line
due to hydrogen sulphide gas in the system. The Alliance Pipeline, which
carries 1.6 billion cubic feet of natural gas daily from Canada to the U.S.,
was shut down August 7 for an indeterminate amount of time after hydrogen
sulphide gas was found in the system.
· A St. George, Utah businessman and 4
others were charged August 7 in connection to a $300 million scheme in which
the suspects allegedly used straw companies to charge customers’ credit and
debit cards. – Deseret News
See item 5 below in the Financial Services Sector
· The owner of Irvine, California-based
Pacific Property Assets was convicted August 7 for his role in a Ponzi scheme
in which his company cost investors and banks over $193 million. – Orange
County Register See
item 7 below in the Financial Services Sector
· Delta Air Lines flight 1889 from Boston
to Salt Lake City, Utah was diverted August 7 after hail and lightning cracked
the plane’s windshield, struck an engine housing, and damaged its weather and
navigational equipment radome. – CBS News
8. August 10,
CBS News – (National) Questions after Delta flight caught in damaging
storm. Delta Air Lines Flight 1889 from Boston to Salt Lake City, Utah was
diverted to Denver International Airport after their Airbus A320 experienced
severe turbulence, hail, and lightning, which cracked the aircraft’s
windshield, struck the engine, and damaged the radome that houses weather radar
and navigational equipment. The U.S. Federal Aviation Administration is
investigating the incident. Source: http://www.cbsnews.com/news/delta-flight-hit-hail-lightning-storm-boston-salt-lake-city-lands-safely/
Financial Services Sector
4. August 7,
Krebs on Security – (California) Tech firm Ubiquiti suffers $46M cyberheist. Ubiquiti
Networks Inc., reported in the week of August 3 that cybercriminals stole
$46.7 million from the company via a CEO fraud attack involving employee
impersonation and fraudulent requests from an outside entity that targeted the
company’s finance department. The company discovered the fraud on June 5 and
has been working to recover the funds. Source: http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
5. August 7,
Deseret News – (Utah) St. George businessman, others charged in new Federal
fraud indictment. A St. George, Utah businessman and 4 others were charged
August 7 in connection to a $300 million scheme in which the suspects allegedly
set up a series of straw companies to charge customers’ credit and debit cards
after firms started to fine the now-defunct iWorks online marketing enterprise
for excessive chargebacks to customers. Source: http://www.deseretnews.com/article/865634093/Jeremy-Johnson-others-charged-in-new-federal-fraud-indictment.html?pg=all
6. August 7,
Reuters – (California) Zynga in $23 mln settlement over alleged fraud
tied to IPO. Zynga Inc., announced August 7 a settlement of $23 million to
resolve allegations that the company defrauded shareholders about business
prospects in the time surrounding its 2011 initial public offering by
concealing declining user activity, failing to address upcoming changes in
demand, and inflating its 2012 revenue forecast. Source: http://www.reuters.com/article/2015/08/07/zynga-settlement-idUSL1N10I2NL20150807
7. August 7,
Orange County Register – (California) O.C. real estate executive
found guilty on 11 counts in $170 million investor fraud. The owner of
Irvine-based Pacific Property Assets was convicted August 7 for his role in a
Ponzi scheme in which his company cost investors and banks over $193 million by
soliciting investments while misleading investors and lenders as the real
estate firm continued to lose up to $2 million a month. Source: http://www.ocregister.com/articles/estate-676565-stewart-real.html
Information Technology Sector
22. August 10,
Softpedia – (International) First vulnerability found in Microsoft Edge,
affects other software as well. Security researchers discovered a
vulnerability in Microsoft’s Server Message Block (SMB) protocol used for
local-network file-sharing impacting all versions of Windows, in which a faulty
dynamic link library (DLL) could allow an attacker to extract user credentials
from a closed Window domain via a man-in-the-middle (MitM) for SMB technique.
The vulnerability affects Microsoft’s new Edge Web browser, as well as various
software from other developers. Source: http://news.softpedia.com/news/first-vulnerability-found-in-microsoft-edge-affects-other-software-as-well-488913.shtml
23. August 10,
Securityweek – (International) HTC phone stores fingerprints in easily
accessible plaintext. Security researchers from FireEye discovered that
several Android devices’ fingerprint scanner authorization frameworks are
vulnerable to exploitation, while others store fingerprints in plaintext and
fail to secure the device’s sensor. Source: http://www.net-security.org/secworld.php?id=18742
24. August 10,
Securityweek – (International) Default WSUS configuration puts organizations
at risk: researchers. Security researchers from Context Information
Security revealed that configuration issues in Microsoft Windows Update and
Windows Server Update Services could be exploited in a situation in which
secure sockets layer (SSL) communication is not enabled and a man-in-the-middle
(MitM) attacker could modify metadata to create fake updates and execute
arbitrary commands. Source: http://www.securityweek.com/default-wsus-configuration-puts-organizations-risk-researchers
25. August 9,
IDG News Service – (International) Internal LTE/3G modems can be hacked to help
malware survive OS reinstalls. Security researchers from Intel reported
that an unsecure Huawei LTE/3G modem firmware update process could allow an
attacker to create a malicious firmware image that could be flashed by a
malicious program to re-infect the main operating system (OS) even if it is
reinstalled, or
could be modified to ignore future firmware updates.Source: http://www.computerworld.com/article/2968274/security/internal-lte3g-modems-can-be-hacked-to-help-malware-survive-os-reinstalls.html#tk.rss_security
26. August 9,
IDG News Service – (International) SDN switches aren’t hard to compromise,
researcher says. Security researchers from Hellfire Security revealed that
software-defined network (SDN) switches running on the Open Network Install
Environment (Onie) lacked authentication, encryption, access controls and
permissions, potentially enabling an attacker to install persistent malware and
monitor all network traffic running through a switch. Source: http://www.computerworld.com/article/2959541/security/sdn-switches-arent-hard-to-compromise-researcher-says.html#tk.rss_security
27. August 8,
Securityweek – (International) Rush to put death records online lets anyone
be ‘killed’. Security researchers at Def Con 2015 in Las Vegas revealed
that flaws in online portals for submitting death and birth records could
easily be exploited to create fake death and birth certificates due to a lack
of authentication and credential protocols. Source: http://www.securityweek.com/rush-put-death-records-online-lets-anyone-be-killed
28. August 7,
Securityweek – (International) Google disables inline installation of Chrome
extensions for deceptive developers. Google disabled inline installations
for certain Chrome Web browser extension developers that the company has
decided abused the feature to distribute the extensions via deceptive Web sites
and advertisements, forcing redirects to extension product details on Chrome’s
Web store to provide users with information before installing. Source: http://www.securityweek.com/google-disables-inline-installation-chrome-extensions-deceptive-developers
For another story, see item 4 above in the Financial Services Sector
Communications Sector
See item 23 above in the Information Technology
Sector
No comments:
Post a Comment