Wednesday, July 8, 2015




Complete DHS Report for July 8, 2015

Daily Report                                            

Top Stories

 · The U.S. Securities and Exchange Commission charged San Francisco-based Luca International Group and its chief executive officer with running a $68 million Ponzi-like scheme targeting Chinese-American investors, July 6. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector

 · The Huntsville Madison County 9-1-1 Center reported July 7 that its main phone system and back-up system were down July 4 after a car wreck severed power lines. – WAAY 31 Huntsville

12. July 7, WAAY 31 Huntsville – (Alabama) 9-1-1 center phone system fails again. The Huntsville Madison County 9-1-1 Center reported July 7 that its main phone system and back-up system were down July 4, after a car wreck severed power lines and an uninterruptible power source malfunctioned. Officials are working to resolve future outages. Source: http://www.waaytv.com/appnews/center-phone-system-fails-again/article_ec0592a0-2411-11e5-8ca1-efcb395ebdfb.html

 · Iowa City officials reported July 6 that a convicted armed robber escaped from the Iowa State Penitentiary in Fort Madison after climbing to the roof and using a makeshift rope to reach the ground. – Associated Press

14. July 6, Associated Press – (Iowa) Inmate escapes maximum-security prison through pipes. Iowa City officials reported July 6 that a convicted armed robber escaped from the Iowa State Penitentiary in Fort Madison after climbing to the roof through the facilities’ piping, and used a makeshift rope to reach the ground. The prisoner was captured several hours later, about 100 miles from the prison. Source: http://nypost.com/2015/07/06/inmate-escapes-maximum-security-prison-through-pipes/

 · A 4-alarm fire at an Upper Darby, Pennsylvania Payless Shoe Store prompted the evacuation of several businesses and about 200 first responders to contain the incident. – WPVI 6 Philadelphia

20. July 7, WPVI 6 Philadelphia – (Pennsylvania) Homes, businesses evacuated due to 4-alarm Upper Darby fire. Surrounding homes and businesses were evacuated July 6 after a 4-alarm fire began at a Payless Shoe Store in Upper Darby, Pennsylvania, prompting 200 firefighters and emergency workers to respond to the incident. The cause of the incident is under investigation. Source: http://6abc.com/news/homes-businesses-evacuated-due-to-4-alarm-upper- darby-fire/831984/

Financial Services Sector

3. July 7, Help Net Security – (International) Hackers targeting users of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander. Security researchers from Bitdefender warned of a malicious phishing scheme targeting financial users of banks worldwide, including Bank of America, Citibank, Wells Fargo, JP Morgan Chase, and PayPal in the U.S., in which spam servers are distributing emails directing users to download an archive containing a downloader for the Dyreza banking trojan. The three-day campaign has so far distributed 19,000 emails worldwide. Source: http://www.net-security.org/malware_news.php?id=3070

4. July 6, U.S. Securities and Exchange Commission – (International) SEC charges oil company and CEO in scheme targeting Chinese-Americans and EB-5 investors. The U.S. Securities and Exchange Commission charged San Francisco-based Luca International Group July 6 and its chief executive officer with running a $68 million Ponzi-like scheme in which the company allegedly falsely portrayed itself to targeted Chinese-American investors in California as well as Chinese citizens through the EB-5 Immigrant Investor Program, and diverted investor funds to personal uses and profit repayments. Source: http://www.sec.gov/news/pressrelease/2015-141.html

Information Technology Sector

15. July 7, Help Net Security – (International) Flaw allows hijacking of professional surveillance AirLive cameras. Engineers from Core Security discovered vulnerabilities in AirLive’s surveillance cameras in which an attacker could invoke computer-generated imagery (CGI) files without authentication or utilize backdoor accounts to execute arbitrary operating system commands, possibly allowing the attacker to see camera’s transmission stream and compromise network devices. Source: http://www.net-security.org/secworld.php?id=18597

16. July 6, Threatpost – (International) Fraudulent BatteryBot Pro app yanked from Google Play. Google pulled a malicious spoof of the Android BatteryBot Pro app from its Play service after Zscaler researchers discovered that the app requested excessive permissions from users in an attempt to gain full control of affected devices, supposedly to download and install other malicious Android packages and profit from click fraud, ad fraud, and SMS fraud. Once the app is granted admin privileges, it is impossible to uninstall. Source: http://threatpost.com/fraudulent-batterybot-pro-app-yanked-from-google-play/113630

17. July 6, Help Net Security – (International) Old MS Office feature can be exploited to deliver, execute malware. A researcher reported a vulnerability in Microsoft Office in which its Object Linking and Embedding (OLE) Packager could be leveraged to deliver malicious executable files embedded in Office documents without triggering security software. Source: http://www.net-security.org/secworld.php?id=18596

For another story, see item 3 above in the Financial Services Sector

Communications Sector

For another story, see item 16 above in the Information Technology Sector