Complete DHS Report for March
11, 2015
Daily Report
Top Stories
· Six
suspects were charged in Salt Lake City March 5 for their alleged roles in a
loan modification scheme that defrauded over 10,000 individuals nationwide out
of more than $33 million. – National Mortgage News See item 4 below in the Financial Services Sector
· An
Amtrak train crashed into a semi-truck on the tracks at the intersection of
Highway 301 and North Carolina Highway 903 (N.C. 103) in Halifax March 9,
derailing the train and leaving 55 passengers injured. – WRAL 5 Raleigh
5. March
10, WRAL 5 Raleigh – (North Carolina) US 301 reopened after
Amtrak crash in Halifax. An Amtrak train crashed into a semi-truck stuck on
the tracks at the intersection of Highway 301 and North Carolina Highway 903
(N.C. 103) in Halifax March 9, derailing the train and leaving 55 passengers
injured. Highway 301 reopened March 10, 18 hours after closing due to the
accident while N.C. 903 remained closed as crews worked to clear the debris and
remove the electrical building being transported by the semi-truck. Source: http://www.wral.com/us-301-reopened-after-amtrak-crash-in-halifax/14503875/
· Two
ships collided in the Houston Ship Channel near Morgan’s Point in La Porte,
Texas, and spilled an unknown amount of MTBE into the water prompting the
closure of the channel in both directions March 9. – KHOU 11 Houston
8. March
9, KHOU 11 Houston – (Texas) Leak contained after 2 vessels
collide in Houston Ship Channel. Two ships, a bulk carrier and a chemical
tanker hauling 216,000 barrels of the gasoline additive MTBE, collided in the
Houston Ship Channel near Morgan’s Point in La Porte, Texas, and began spilling
an unknown amount of MTBE into the water prompting the closure of the channel
in both directions March 9. Authorities reported that the spill was contained
while a shelter-in-place order remained in effect for about 300 residents.
Source: http://www.kvue.com/story/news/state/2015/03/09/leak-contained-after-2-vessels-collide-in-houston-ship-channel/24678733/
· The
Florida Department of Education Commissioner reported March 9 that the State’s
new online standardized test was the target of a cyber-attack March 5, causing
issues with log-ins and prompting computer screens to turn white. – Associated
Press
14. March 9, Associated Press – (Florida) Florida’s
top law agency investigating cyberattack on school standardized testing program.
The Florida Department of Education Commissioner reported March 9 that the
State’s new online standardized test was the target of a cyber-attack March 5,
causing issues with log-ins and prompting computer screens to turn white. The
vendor providing the test notified officials of the attack and authorities are
continuing to investigate. Source: http://www.greenfieldreporter.com/view/story/185bca9f8e144d37a57f2aac2365594b/FL--School-Testing
Financial Services Sector
3. March
10, Hudson County Jersey Journal – (New Jersey) Former Kearny
councilman pleads guilty in $13M mortgage fraud scheme. A former Kearny,
New Jersey councilman pleaded guilty March 9 to his role in a $13 million
mortgage fraud scheme in which he and co-conspirators recruited straw buyers
from 2006-2011 to purchase condominiums and creating $4.7 million worth of
mortgages based on false and fraudulent loan applications and closing
documents. Source: http://www.nj.com/jjournal-news/index.ssf/2015/03/ex-kearny_councilman_pleads_gu.html
4. March
9, National Mortgage News – (National) Six charged in loan
modification scheme. Six suspects were charged in Salt Lake City March 5
for their supposed roles in a loan modification scheme that defrauded over
10,000 individuals nationwide out of more than $33 million. Authorities allege
the suspects created CC Brown Law LLC in 2009 to execute a largely
telemarketing-based scheme to sell fake home loan modification services to
distressed homeowners then kept the customers’ money without performing the
services. Source: http://www.nationalmortgagenews.com/news/distressed/six-charged-in-loan-modification-scheme-1046193-1.html
For another story, see item 21 below
in the Information Technology Sector
Information Technology Sector
18. March 10,
Softpedia – (International) Exploit code published for Elasticsearch
remote code execution flaw. Security researchers at Xiphos Research created
an exploit for a glitch in Elasticsearch versions earlier than 1.3.8 and 1.4.3
that allows server-side code execution by passing Groovy code in a search query
and executing it in the sandbox. The glitch was patched in updates released
February 11. Source: http://news.softpedia.com/news/Exploit-Code-Published-for-Elasticsearch-Remote-Code-Execution-Flaw-475361.shtml
19. March 10,
Threatpost – (International) Yahoo patches critical eCommerce, small
business vulnerabilities. Yahoo recently patched vulnerabilities discovered
by security researchers that could have allowed attackers to gain complete
access to any user-run eCommerce Web site hosted on Yahoo’s eCommerce platform,
Yahoo Small Business, including all site administration privileges, access to
personally identifiable information, and control over prices of items in any
Yahoo store. Source: https://threatpost.com/yahoo-patches-critical-ecommerce-small-business-vulnerabilities/111519
20. March 9,
Softpedia – (International) Row Hammer DRAM bug exploited, unlocks access
to physical memory. Security researchers from Google’s Project Zero
leveraged a known vulnerability, dubbed Row Hammer, in some dynamic random-access memory (DRAM)
chips to identify one exploit that runs as a Native Client program and
escalates privilege to call the host system SYSCALLs directly, and another that
runs as a normal process on Linux and escalates privilege and allows access to
data in the entire physical memory. Source: http://news.softpedia.com/news/Row-Hammer-DRAM-Bug-Exploited-Unlocks-Access-to-Physical-Memory-475303.shtml
21. March 9,
NBC News – (International) FBI investigates possible ISIS supporters’
hack of Western sites. The FBI is investigating after hackers claiming to
be affiliated with the Islamic State of Iraq and Syria (ISIS) placed black
flags attributed with the group, the words “hacked by ISIS, we are everywhere,”
an invalid Facebook address, and an Adobe Flash audio plugin that played a song
in Arabic on several U.S. Web sites over the weekend of March 7. Some of the
businesses targeted during the attack include a speedway in Ohio, a Goodwill
store and digital agency in Missouri, a historic condominium complex in New
York, a zoo in California, and restaurants in Minnesota, Massachusetts, and
Ohio. Source: http://www.nbcnews.com/news/us-news/hackers-claiming-be-isis-hit-montana-credit-union-n319696
Communications Sector
Nothing to report