Wednesday, April 15, 2015



Complete DHS Report for April 15, 2015

Daily Report

Top Stories

 · Russia’s Ministry of Internal Affairs reported April 11 that authorities arrested the suspected developer of the Svpeng Android banking trojan along with four co-conspirators who had allegedly targeted users in the U.S. and Europe. – Securityweek See item 8 below in the Financial Services Sector

 · The New York State Department of Financial Services released a report on cyber security in the banking sector April 9 which revealed that one in three New York banks are vulnerable to backdoors due to poor information security with third party vendors, among other findings. – Threatpost See item 9 below in the Financial Services Sector

 · Spokane Public Schools in Washington removed 143 students from classrooms April 13 who lacked vaccination documentation or failed to file a State-mandated waiver with the district due to recent measles and whooping cough outbreaks. – Reuters

24. April 13, Reuters – (Washington) Washington state school district removes 143 students over vaccine law. Spokane Public Schools in Washington removed 143 students from classrooms April 13 who lacked documentation confirming that they had received vaccinations or had filed a State-mandated waiver with the district due to a recent measles epidemic that affected over 150 people across the U.S., and a whooping cough outbreak in the State’s eastern city. Source: http://www.reuters.com/article/2015/04/14/us-usa-vaccine-washington-idUSKBN0N507020150414

 · Dell’s annual threat report found that attacks against supervisory control and data acquisition systems (SCADA) doubled in 2014, tended to be political in nature, and targeted operational capabilities within industrial facilities. – Securityweek See item 32 below in the Information Technology Sector

Financial Services Sector

7. April 14, Associated Press – (National) Ex-Assembly speaker’s son-in-law charged in $7M Ponzi scheme. A New York investment manager and co-owner of Allese Capital was charged April 13 with defrauding investors out of $7 million in a Ponzi scheme in which he allegedly solicited securities trading investments from 2009 – 2014, and only invested portions of the funds, while using the remainder for his own benefit and to repay other investors. Source: http://www.omaha.com/news/nation/ex-assemblyman-s-son-in-law-facing-federal-fraud-charges/article_a6b21895-0b00-5df8-a07c-2d3b42cf6663.html

8. April 14, Securityweek – (International) Alleged creator of Svpeng Android malware arrested in Russia. Russia’s Ministry of Internal Affairs reported April 11 that the suspected developer of the Svpeng Android trojan along with 4 co-conspirators calling themselves “The Fascists” who had allegedly used the trojan to steal money from bank accounts in the U.S. and Europe were arrested. The malware employs a combination of short message service (SMS) hacking, phishing Web pages, credential logging, and ransomware to access victims’ account and access funds. Source: http://www.securityweek.com/alleged-creator-svpeng-android-malware-arrested-russia

9. April 13, Threatpost – (New York) Vulnerabilities identified in NY banking vendors. The New York State Department of Financial Services released a report on cyber security in the banking sector April 9 which revealed that one in three New York banks are neglectful of information security relating to third-party vendors and are vulnerable to backdoor access by those looking to steal data as a result. One in three banks interviewed did not require vendors to notify them in the event of a data breach, and only half had strategies prepared for breach scenarios, among other findings. Source: https://threatpost.com/vulnerabilities-identified-in-ny-banking-vendors/112209

Information Technology Sector

28. April 14, Softpedia – (International) Misconfigured DNS servers vulnerable to domain info leak. The U.S. Computer Emergency Readiness Team (US-CERT) released a security statement warning that misconfigured, public-facing domain name system (DNS) servers utilizing Asynchronous Transfer Full Range (AXFR) protocols are vulnerable to system takeovers, redirects to spoofed addresses, and denial-of-service (DoS) attacks from unauthenticated users via DNS zone transfer requests. Research from Alexa revealed that over 72,000 domains and 48,000 nameservers were affected by the issue. Source: http://news.softpedia.com/news/Misconfigured-DNS-Servers-Vulnerable-to-Domain-Info-Leak-478331.shtml

29. April 14, Help Net Security – (International) 18-year-old bug can be exploited to steal credentials of Windows users. A Cylance researcher identified a new technique for exploiting an 18-year-old flaw in Windows Server Message Block (SMB) in all versions of Windows operating systems (OS) which allows attackers to intercept user credentials by hijacking communications with legitimate Web servers via man-in-the-middle (MitM) attacks that send them to malicious server message block (SMB) servers that reveal victims’ usernames, domains, and hashed passwords. Source: http://www.net-security.org/secworld.php?id=18210

30. April 14, Help Net Security – (International) Attackers use deceptive tactics to dominate corporate networks. Symantec released research revealing that spear-phishing attacks on corporations increased by 8 percent in 2014, and that email and social media had remained significant attack vectors. Researchers also found that software companies took an average of 59 days to release patches and that 24 zero-day vulnerabilities were discovered in 2014, among other findings. Source: http://www.net-security.org/secworld.php?id=18208

31. April 13, Help Net Security – (International) Attackers can easily crack Belkin routers’ WPS PINs. A security researcher discovered that 80 percent of Belkin routers tested generated Wi-Fi Protected Setup (WPS) PINs based on the device’s own MAC addresses and serial numbers, leaving it vulnerable to discovery by attackers using unencrypted request/response packets via Wi-Fi probes. Source: http://www.net-security.org/secworld.php?id=18204

32. April 13, Securityweek – (International) Attacks against SCADA systems doubled in 2014: Dell. Dell revealed in its annual threat report that attacks against supervisory control and data acquisition systems (SCADA) doubled in 2014, including 51,258 attacks in the U.S., and that the attacks tended to be political in nature and targeted operational capabilities within power plants, factories, and refineries primarily in Finland, the U.K., and the U.S. The report found that 25 percent of the attacks witnessed exploited buffer overflow vulnerabilities followed by improper input validation and information exposure. Source: http://www.securityweek.com/attacks-against-scada-systems-doubled-2014-dell

For additional stories, see items 8 and 9 above in the Financial Services Sector

Communications Sector

Nothing to report