Complete DHS Report for
August 12, 2015
Daily Report
Top Stories
· Authorities announced indictments against
9 Ukrainian hackers and securities traders in the U.S. and Ukraine August 11,
alleging that the suspects conspired and made up to $100 million by stealing
confidential corporate press releases. – Reuters See item 6 below
in the Financial Services Sector
· Crews worked to reopen a 34-mile
stretch of Highway 89-A in Arizona after it was closed August 9 due to flood
waters that washed mud and boulders across the highway. – St. George News
13. August 10,
St. George News – (Arizona) ‘Boulders the size of houses’; 34-mile road closure
continues on Highway 89-A. Crews worked to reopen a 34-mile stretch of
Highway 89-A from milepost 545 to milepost 579 in Arizona after it was closed
August 9 due to flood waters that washed mud and boulders across the highway. Source: http://www.stgeorgeutah.com/news/archive/2015/08/10/ccj-closure-89a
· The city of St. Petersburg, Florida,
released 5.5 million gallons of treated sewage into Tampa Bay for 8 hours
August 9 after excess rainfall overwhelmed the Southwest Water Reclamation
Facility. – Tampa Bay Times
16. August 11,
Tampa Bay Times – (Florida) Swamped by rains, St. Pete dumps treated sewage
into Tampa Bay. The city of St. Petersburg released 5.5 million gallons of
treated sewage into Tampa Bay for 8 hours August 9 after excess rainfall
overwhelmed the Southwest Water Reclamation Facility. Source: http://www.tampabay.com/news/overburdened-by-rains-st-pete-dumps-treated-sewage-into-tampa-bay/2240745
· Security researchers from IBM
discovered an Android operating system (OS) “serialization vulnerability” related
to Android’s OpenSSLX509Certificate class framework that an attacker could
exploit. – Securityweek
28. August 11,
Securityweek – (International) Serialization vulnerabilities put many
Android devices at risk. Security researchers from IBM discovered an
Android operating system (OS) “serialization vulnerability” affecting versions
4.3 Jelly Bean through 5.1 Lollipop, related to Android’s
OpenSSLX509Certificate class framework that an attacker could exploit for
arbitrary code execution in applications and services, leading to privilege
escalation, in which legitimate apps can be replaced with malicious apps that
steal data, among other actions.Source: http://www.securityweek.com/serialization-vulnerabilities-put-many-android-devices-risk
Financial Services Sector
6. August 11,
Reuters – (International) Nine charged in U.S. insider trading scheme
involving hackers. Authorities announced indictments against 9 Ukrainian
hackers and securities traders in the U.S. and Ukraine August 11, alleging that
the suspects conspired and made up to $100 million by hacking into companies
that publish news releases about publicly traded companies, and made trades
using the information starting in February 2010. The U.S. Securities and
Exchange Commission filed a related civil lawsuit alleging that the thefts
generated over $100 million in illegal profits, and the case is the first
example of prosecution alleging the use of hacked inside information for
securities fraud. Source: http://www.reuters.com/article/2015/08/11/cybersecurity-hacking-stocks-idUSL1N10M05H20150811
7. August 10,
Reuters – (National) Citigroup in US$13.5 mln settlement over defunct
CSO hedge fund. Citigroup Inc., announced an agreement August 10 to pay
$13.5 million to resolve allegations that the bank and its Alternative
Investments affiliate deceived investors into staying in its Corporate Special
Opportunities hedge fund, reporting that the fund’s portfolio was sound before
liquidating it and losing most of the investment funds. Source: http://www.reuters.com/article/2015/08/10/citigroup-prosiebensat-1-settlement-idUSL1N10L2OR20150810
8. August 10,
Orange County Register – (California) Grand jury indicts retired
LAPD cop suspected as ‘Snowbird Bandit.’ A retired Los Angeles Police
Department detective believed to be the robbery suspect dubbed the “Snowbird
Bandit” was indicted the week of August 4, facing charges that he allegedly
held up banks in Dana Point, Rancho Santa Margarita, Mission Viejo, and Ladera
Ranch. Source: http://www.ocregister.com/articles/adair-676867-bank-santa.html
9. August 10,
Reuters – (National) Guggenheim settles for $20 mln over not disclosing
loan -SEC. The U.S. Securities and Exchange Commissioned (SEC) announced
August 10 that Guggenheim Partners Investment Management LLC agreed to pay $20 million to resolve
allegations that company senior officials failed to disclose a $50 million loan
by a client to a senior executive to finance his personal investment in a
corporate acquisition led by Guggenheim Partners LLC. The SEC also alleged that
the company failed to enforce its code of ethics and improperly charged a
client $6.5 million in asset management fees it did not earn. Source: http://www.reuters.com/article/2015/08/10/sec-guggenheim-idUSL1N10L1GD20150810
Information Technology Sector
25. August 11,
Securityweek – (International) Darkhotel APT uses Hacking Team exploit to
target specific systems. Security researchers from Kaspersky Lab reported
that the Darkhotel advanced persistent threat (APT) group recently started
leveraging a Flash zero-day vulnerability revealed in the July Hacking Team
Breach to target specific systems, and that the group has been using a variety of
techniques to attack defense industrial bases, energy policy makers,
militaries, governments, electronics, pharmaceutical organizations, and medical
providers in countries across Europe and Asia. Source: http://www.securityweek.com/darkhotel-apt-uses-hacking-team-exploit-target-specific-systems
26. August 11,
Help Net Security – (International) Angler EK exploits recently patched IE bug to
deliver ransomware. Security researchers from FireEye discovered that the
Angler exploit kit (EK) is exploiting a Microsoft Internet Explorer
vulnerability uncovered in the July Hacking Team breach to deliver Cryptowall
ransomware to affected systems. Source: http://www.net-security.org/malware_news.php?id=3087
27. August 11,
IDG News Service – (International) Asprox botnet, a long-running nuisance,
disappears. Officials from Palo Alto networks found that the Asprox botnet
was apparently shut down, after observers reported last seeing the botnet
distributing the Kuluoz malware in 2014. Source: http://www.computerworld.com/article/2969338/security/asprox-botnet-a-longrunning-nuisance-disappears.html
28. August 11,
Securityweek – (International) Serialization vulnerabilities put many
Android devices at risk. Security researchers from IBM discovered an
Android operating system (OS) “serialization vulnerability” affecting versions
4.3 Jelly Bean through 5.1 Lollipop, related to Android’s
OpenSSLX509Certificate class framework that an attacker could exploit for
arbitrary code execution in applications and services, leading to privilege
escalation, in which legitimate apps can be replaced with malicious apps that
steal data, among other actions. Source: http://www.securityweek.com/serialization-vulnerabilities-put-many-android-devices-risk
For additional stories, see
item 4, below from the Chemical
Industry Sector, item 6, above in the Financial Services Sector and
item 32 below in the Communications Sector
4. August 10,
Network World – (International) Cyber-physical attacks: Hacking a chemical
plant. Researchers with the European Network for Cyber Security and
IOActive released their Damn Vulnerable Chemical Plant Process framework at Def
Con 23 that stated ways in which a hacker could infiltrate a chemical plant,
and taught defenders how to spot cyber-physical attacks. The report is the
first open source framework based on two simulated chemical plants.Source: http://www.networkworld.com/article/2968432/microsoft-subnet/cyber-physical-attacks-hacking-a-chemical-plant.html
Communications Sector
29. August 10,
Okanogan Valley Gazette-Tribune – (Washington) CenturyLink
customers experiencing internet, phone and 9-1-1 outage. CenturyLink
officials reported that about 3,000 customers were without 9-1-1, phone, and
Internet services in Omak, Oroville, Pateros, Twisp, Winthrop, and surrounding
areas in Washington August 10. Emergency 9-1-1 calls were rerouted while
technicians worked to restore services. Source: http://www.gazette-tribune.com/news/centurylink-customers-experiencing-internet-phone-and-911-outage/70562/
30. August 10,
WROC 8 Rochester – (New York) Frontier outage frustrates customers. Frontier
officials reported that about 6,000 Rochester, New York, customers were without
phone service from August 10 – 11 due to a faulty circuit board. Source: http://www.rochesterhomepage.net/story/d/story/frontier-outage-frustrates-customers/20865/AocgmX3i2U2jdAfHyMsw6A
For another story, see item 28 above in the Information
Technology Sector