Friday, April 24, 2015
Complete DHS Report for
April 24, 2015
Daily Report
Top Stories
· Deutsche Bank agreed April 23 to pay
$2.5 billion to settle allegations that bank employees in London, New York
City, Frankfurt, and Tokyo had knowingly manipulated benchmarks used to set
interest rates on trillions of dollars in mortgages, student loans, credit
cards, and other debt from 2005 – 2009. – New York Times See item 5 below in the Financial Services Sector
· A 6-mile
stretch of eastbound Interstate 16 in Bryan County, Georgia, was closed for at
least 6 hours April 22 due to a multi-vehicle, chain-reaction crash that killed
5 individuals, injured 3 others, and damaged 7 vehicles. – Associated Press
8. April
22, Associated Press – (Georgia) 5 nursing students killed in
Georgia interstate crash. A 6-mile stretch of eastbound Interstate 16 in
Bryan County, Georgia, was closed for at least 6 hours April 22 due to a
multi-vehicle, chain-reaction crash that killed 5 individuals, injured 3
others, and damaged 7 vehicles. Source: http://www.wsbtv.com/ap/ap/south-carolina/5-dead-3-injured-in-fiery-crash-on-georgia-interst/nkzpB/
· The U.S.
Department of Agriculture reported April 22 that H5N2 avian flu infections were
confirmed on 13 additional Minnesota farms with over 430,000 turkeys. – Associated
Press
10. April
22, Associated Press – (Minnesota) Bird flu hits 13 more
Minnesota farms with over 430K turkeys. The U.S. Department of Agriculture
reported April 22 that H5N2 avian flu infections were confirmed on 13
additional Minnesota farms with ove430,000 turkeys, increasing the total number
of farms affected across the State to 44 and the total number of birds affected
to 2.6 million. Source: http://minnesota.cbslocal.com/2015/04/22/bird-flu-hits-13-more-minnesota-farms-with-over-430k-turkeys/
· Repair
work was scheduled to begin April 23 on a collapsed sewer line in Davenport,
Iowa, that discharged about 3,000 to 5,000 gallons of untreated wastewater per
day into tributaries of the Mississippi River. – WQAD 8 Moline
13. April 23, WQAD 8 Moline – (Iowa) Collapsed
sewer line sends untreated wastewater into local creeks. The Iowa
Department of Natural Resources reported that repair work on a 10-inch sewer
line in Davenport was scheduled to begin April 23 after erosion of a stream
bank exposed the pipe and led to its collapse, causing the discharge of about
3,000 to 5,000 gallons of untreated wastewater per day into Goose and Duck
creeks, which flow into the Mississippi River. Authorities reported that
residents should stay away from an unnamed tributary as well as Goose and Duck
creeks until 48 hours after the sewer line is repaired. Source: http://wqad.com/2015/04/22/collapsed-sewer-line-sends-untreated-wastewater-into-local-creeks/
Financial Services Sector
5. April
23, New York Times – (International) Deutsche Bank to pay $2.5
billion fine to settle rate-rigging case. U.S. and United Kingdom officials
reported April 23 that Deutsche Bank will pay $2.5 billion to authorities to
settle allegations that bank employees in London, New York City, Frankfurt, and
Tokyo had knowingly manipulated benchmarks used to set interest rates on
trillions of dollars in mortgages, student loans, credit cards, and other debt
from 2005 – 2009. Other terms included the guilty plea by a British subsidiary,
the firing of 7 managers suspected of involvement, and the installation of an
independent monitor to confirm that the bank complies with New York laws.
Source: http://www.nytimes.com/2015/04/24/business/dealbook/deutsche-bank-settlement-rates.html
For another story, see item 18 below
in the Information Technology Sector
Information Technology Sector
16. April 23,
Softpedia – (International) Improper parsing of SSID info exposes Wi-Fi
client’s memory contents. Security researchers at Alibaba and Google
discovered a vulnerability in the cross-platform “wpa_supplicant” Wi-Fi
software that affects versions 1.0 – 2.4 with the Config_P2P option turned on
and could allow an attacker to create a service set identifier (SSID) buffer
overflow condition, potentially exposing sensitive information in the memory of
the device and allowing for arbitrary code execution. Source: http://news.softpedia.com/news/Improper-Parsing-of-Wi-Fi-SSID-Info-Exposes-Memory-Contents-479155.shtml
17. April 23,
Softpedia – (International) Net Nanny parental control software
vulnerable to HTTPS spoofing. Researchers from Carnegie Mellon’s Computer
Emergency Response Team (CERT) discovered security vulnerabilities in
ContentWatch’s Net Nanny software resulting from its use of man-in-the-middle
(MitM) proxies and the same root certificates and private key for all
installations, the latter of which is included in plain text in the
application. The researchers believe that an attacker could use the key to
generate new certificates to spoof legitimate Web sites and avoid user alerts
for malicious domains. Source: http://news.softpedia.com/news/Net-Nanny-Parental-Controls-Software-Vulnerable-to-HTTPS-Spoofing-479183.shtml
18. April 23,
Help Net Security – (International) Banking botnets persist despite takedowns. Dell
SecureWorks released analysis from its annual Top Banking Botnets report
revealing that attackers targeted an array of Web sites in addition to
traditional banking portals, including those related to corporate finance and
payroll services, stock trading, employment portals, and email services in
2014, that over 90 percent of the 1,400 financial institutions targeted
worldwide were in the U.S., and that attackers began avoiding countries where
international transactions are more difficult, among other findings. Source: http://www.net-security.org/secworld.php?id=18287
19. April 22,
Softpedia – (International) Malware uses invisible command line argument
in shortcut file. Security researchers at F-Secure discovered that a
variant of the Janicab trojan for Microsoft Windows delivered as a link (LNK)
file includes invisible shell commands and uses the right-to-left override
(RLO) technique to avoid detection. The malware has existed for two years, and
uses Python and Visual Basic Scripts (VBScript) to infect machines. Source: http://news.softpedia.com/news/Malware-Uses-Invisible-Command-Line-Argument-in-Shortcut-File-479119.shtml
Communications Sector
20. April 23, WCTI 12 New
Bern – (North Carolina) Phone lines back in service in Onslow
County. Landline service for Century Link customers in the Jacksonville
area of Onslow County was restored April 23 after a disruption due to a faulty
piece of equipment that lasted over 24 hours beginning April 22. Source: http://www.wcti12.com/news/phone-lines-down-for-most-of-day-in-jacksonville/32512810