Complete DHS Report for July 9, 2015
· U.S. Federal Trade Commission officials announced July 7 that $54 million in settlements with 14 companies owned by 2 Johnson County, Missouri men will resolve charges that the men allegedly used personal information to take out loans without permission, among other charges. – Kansas City Star See item 5 below in the Financial Services Sector
· The Federal Aviation Administration reported July 8 that about 3,500 United Airlines flights were grounded and delayed nationwide throughout major airports after its computer system experienced a network connectivity issue. – NBC News
7. June 8, NBC News – (National) United Airlines flights no longer grounded, delays remain. The Federal Aviation Administration reported July 8 that about 3,500 United Airlines flights were grounded and delayed nationwide throughout major airports after its computer system experienced a network connectivity issue. Crews were able to repair the computer system, but delays can affect up to 373 flights.
· Amtrak train headed to St. Louis from Chicago was delayed 9 hours total after a semi-truck accident in Joliet, Illinois initially delayed the train and a derailment in Dwight, Illinois caused a consecutive delay July 6. – Associated Press
8. July 7, Associated Press – (Illinois) Freight train derailment causes ordeal for Amtrak passengers. Amtrak train headed to St. Louis from Chicago was delayed 9 hours total after a semi-truck accident in Joliet, Illinois initially delayed the train and a derailment in Dwight, Illinois caused a consecutive delay July 6. The train arrived to its destination 14 hours after leaving Chicago.
· Symantec reported that a cybercriminal group dubbed Morpho that was known for hacking Apple, Microsoft, Facebook, and Twitter, has extended its cyber-espionage to hit research-and-development related computer systems. – Dark Reading See item 16 below in the Information Technology Sector
Financial Services Sector
4. July 8, South Florida Sun-Sentinel – (Florida) FBI hunts suspected serial bank robber dubbed ‘Filter Bandit’. The FBI announced a $5,000 reward for information leading to the arrest of a suspect dubbed the “Filter Bandit,” who allegedly stole over $60,000 from 7 banks in Broward County since August 2014, ending with the robbery of a BB&T Bank June 16 in Davie.
5. July 7, Kansas City Star – (Missouri) Firms accused of faking loans, draining bank accounts settle with Feds. U.S. Federal Trade Commission officials announced $54 million in settlements July 7 with 14 companies owned by 2 Johnson County, Missouri men to resolve charges that the men allegedly used personal data from short-term payday loan Web sites in conjunction with “lead generators” to take out loans for people without their permission, and that they produced phony loan documentation, misstated loan terms, and misrepresented the transactions to banks.
6. July 7, WKBW 7 Buffalo – (New York) Bank vice president stole $5.3M in scheme. A former M&T Bank vice president from Williamsville, New York pleaded guilty July 7 to a $5.3 million loan scheme in which he created at least 12 “funding loans” in the name of credit-worthy entities, which he then distributed to customers of his choosing. Source: http://www.wkbw.com/news/police-blotter/bank-vice-president-stole-53m-in-scheme
Information Technology Sector
16. July 8, Dark Reading – (International) Cybercriminal group spying on U.S., European businesses for profit. Symantec reported that a cybercriminal group dubbed Morpho that was known for hacking Apple, Microsoft, Facebook, and Twitter, has extended its cyber-espionage to hit research-and-development related computer systems in 49 different multi-billion dollar pharmaceutical, software, Internet, oil, and metal mining commodities organizations across 20 countries, with the majority being in the U.S. Researchers believe the group has U.S. ties and is run by an organized crime ring.
17. July 8, Securityweek – (International) Hacker search engine becomes the new Internet of Things search engine. The developer of the Shodan Internet device search engine reported that the search engine exposes the systemic vulnerabilities present in consumer-grade Internet of Things hubs due to a poor security posture, where many hubs still use default passwords and have telnet enabled. Once compromised attackers could leverage hubs to monitor sensor data or determine if someone is home.
18. July 8, Securityweek – (International) Adobe patches Hacking Team’s Flash Player zero-day. Adobe released an emergency update for its Flash Player to address a zero-day vulnerability in the ActionScript 3 ByteArray class, which could allow a remote, unauthenticated attacker to execute arbitrary code. The vulnerability was exposed after hackers breached and dumped corporate information of the Hacking Team surveillance software company. Source: http://www.securityweek.com/adobe-patches-hacking-teams-flash-player-zero-day
19. July 7, Securityweek – (International) ANTlabs patches vulnerabilities in gateway products. ANTlabs released patches for several of its gateway products addressing a Structured Query Language (SQL) injection flaw in the default login page in which a remote attacker could execute arbitrary queries, and a cross-site scripting (XSS) vulnerability in the admin login page that could allow an attacker to obtain login credentials from the administrator panel. Source: http://www.securityweek.com/antlabs-patches-vulnerabilities-gateway-products
20. July 7, Securityweek – (International) Zero-day exploits leaked in Hacking Team breach. Security researchers from Trend Micro and Symantec reported that data from a recently confirmed Hacking Team breach contained several zero-day vulnerabilities and exploits, including a use-after-free (UAF) flaw affecting Adobe Flash Player versions 9 and later on Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, and Apple Safari, and a Microsoft Windows kernel vulnerability.
21. July 7, Network World – (International) Microsoft security tool fails malware detection test. AV Test released results from a recent experiment revealing that Microsoft Security Essentials performed the worst out of 11 tested antivirus products, only detecting 87 percent of malware in real-time tests, when the others were all at least 95 percent effective. Source: http://www.networkworld.com/article/2944810/microsoft-subnet/microsoft-windows-security-tool-fails-malware-detection-test.html#tk.rss_all
22. July 7, Threatpost – (International) Crypto leaders: “exceptional access” will undo security. Cryptography experts released a report warning of the long term economic and security risks associated with “exceptional access,” a U.S. government initiative to maintain access to cryptographic keys to secure information over the Internet primarily for law enforcement use. Source: https://threatpost.com/crypto-leaders-exceptional-access-will-undo-security/113639
For additional stories, see items 16 and 19 above in the Information Technology Sector