Thursday, April 23, 2015



Complete DHS Report for April 23, 2015

Daily Report

Top Stories

 · Oklahoma’s energy and environment cabinet introduced a Web site April 21 detailing the evidence behind expert studies of the likelihood that wastewater wells are causing the majority of the State’s earthquakes. – New York Times

3. April 21, New York Times – (Oklahoma) Oklahoma recognizes role of drilling in earthquakes. Oklahoma’s energy and environment cabinet introduced a Web site April 21 detailing the evidence behind expert studies of the likelihood that wastewater wells are causing the majority of the State’s earthquakes. The site coincides with a statement by the State-run Oklahoma Geological Survey endorsing that the relationship between oil and gas activity and seismicity were connected over a large area of the State. Source: http://www.nytimes.com/2015/04/22/us/oklahoma-acknowledges-wastewater-from-oil-and-gas-wells-as-major-cause-of-quakes.html

 · Two former employees of New York-based Agape World Inc., were convicted of charges April 21 for their roles in a Ponzi scheme that bilked around 3,800 investors out of about $147 million from 2005 – 2009. – Reuters See item 7 below in the Financial Services Sector

 · Authorities in London arrested a high-frequency trader from Waddell & Reed Financial Inc., and Nav Sarao Milking Markets Ltd., after the U.S. Department of Justice announced criminal charges April 21 in connection to his role in the 2010 “flash crash” that wiped out almost $1 trillion in market value. – Reuters See item 9 below in the Financial Services Sector

 · One person died and at least 23 others were hospitalized by a botulism outbreak connected to a dinner at the Cross Pointe Free Will Baptist Church in Lancaster, Ohio, April 19. – WBNS 10 Columbus

31. April 22, WBNS 10 Columbus – (Ohio) One dead, nearly two dozen hospitalized after botulism outbreak at Lancaster potluck dinner. One person died and at least 23 others were hospitalized by a suspected botulism outbreak connected to a potluck dinner at the Cross Pointe Free Will Baptist Church in Lancaster, Ohio, April 19. Health officials encouraged the approximately 50-60 people who attended the potluck to receive a medical evaluation as a precaution. Source: http://www.10tv.com/content/stories/2015/04/21/lancaster-ohio-several-churchgoers-showing-signs-of-botulism-after-potluck-dinner-in-lancaster.html

Financial Services Sector

7. April 21, Reuters – (New York) Two ex-New York investment firm employees convicted in Ponzi fraud. Two former employees of Long Island-based Agape World Inc., were convicted of charges including securities fraud, conspiracy, and mail fraud April 21 for their roles in a Ponzi scheme that bilked around 3,800 investors out of about $147 million from 2005 – 2009. The pair pocketed about $12.4 million by promising unrealistic returns on investments while paying returns from other investors’ deposits. Source: http://www.reuters.com/article/2015/04/22/us-usa-ponzi-agape-idUSKBN0NC2PC20150422

8. April 21, NorthJersey.com – (National) Romanian charged in ATM scheme extradited to NJ from Spain. A Romanian citizen was arrested and extradited from Spain during the week of April 13 and faced charges April 20 for his alleged role in an ATM-skimming scheme that used card-reading devices and pinhole cameras to steal over $5 million from thousands of Citibank, TD Bank, Wells Fargo, and other financial institutions’ customers on the east coast from 2012 – 2013. Thirteen suspects have been convicted in connection to the scheme. Source: http://www.northjersey.com/news/romanian-charged-in-atm-scheme-extradited-to-nj-from-spain-1.1313568

9. April 21, Reuters – (International) UK speed trader arrested over role in 2010 ‘flash crash’. Authorities in London arrested a high-frequency trader from Waddell & Reed Financial Inc., and Nav Sarao Milking Markets Ltd., after the U.S. Department of Justice (DOJ) announced criminal charges April 21 in connection to his role in the 2010 “flash crash” that wiped out almost $1 trillion in market value, in which he allegedly used an automated program to generate large sell orders that pushed down prices, canceled the orders, and subsequently bought the contracts at lower prices. The DOJ plans to request that the suspect be extradited to the U.S. Source: http://www.reuters.com/article/2015/04/21/us-usa-security-fraud-idUSKBN0NC21220150421

Information Technology Sector

27. April 22, Softpedia – (International) WordPress 4.1.2 fixes critical XSS flaw. WordPress developers announced that the newest release of the blogging platform, 4.1.2, addresses critical security vulnerabilities including a cross-site scripting (XSS) glitch affecting the content management system (CMS) that could allow an attacker to compromise a vulnerable Web site, as well as three other flaws. The release also included increased protection for files that could present a security risk. Source: http://news.softpedia.com/news/WordPress-4-1-2-Fixes-Critical-XSS-Flaw-479043.shtml

28. April 22, Softpedia – (International) White House, US State Department hit with Advanced CozyDuke threat. Security researchers from Kaspersky Lab reported that 2014 cyber-attacks against the White House and the U.S. Department of State were part of an advanced persistent threat (APT) campaign dubbed CozyDuke, also known as CozyBear and CozyCar, and could be connected with the MiniDuke campaign that used spear-phishing emails and malicious attachments and Web sites to target the North Atlantic Treaty Organization (NATO) and European government agencies. Source: http://news.softpedia.com/news/White-House-US-State-Department-Hit-with-Advanced-CozyDuke-Threat-479059.shtml

29. April 22, The Register – (International) ‘No iOS Zone’ Wi-Fi zero-day bug forces iPhones, iPads to crash and burn. Security researchers from Skycure discovered a zero-day denial-of-service (DoS) secure sockets-layer (SSL) vulnerability in Apple’s iOS 8 called “No iOS Zone” that attackers can exploit to create a malicious Wi-Fi hotspot that forces users to connect, and manipulates traffic to cause apps and the operating system (OS) on connected iOS devices to crash, even in offline mode. Source: http://www.theregister.co.uk/2015/04/22/apple_no_ios_zone_bug/

30. April 21, Dark Reading – (International) Zero-day malvertising attack went undetected for two months. Security researchers at Malwarebytes reported that cybercriminals had managed to exploit a zero-day Adobe Flash Player vulnerability patched in February to target U.S. users with the HanJuan exploit kit (EK) containing ransomware embedded in online ads for nearly two months without detection. The attacks infected Web sites belonging to Dailymotion, Huffington Post, and answers.com, among others, and reached over 1 billion users in February alone. Source: http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092

Communications Sector

See item 25 below from the Emergency Services Sector

25. April 21, KTVN 2 Reno – (Nevada) Service restored to several counties after AT&T outage. An outage at the emergency 9-1-1 dispatch centers in Pershing, White Pine, Elko, Humboldt, and Lander counties lasted several hours April 21 when vandals severed an AT&T fiber line that also knocked out landline, cell phone, and Internet services. Source: http://www.ktvn.com/story/28859851/att-outage-affecting-several-nevada-counties-1