Complete DHS Report for
October 8, 2015
Daily Report
Top Stories
• Cincinnati-based
Fifth Third Bank will pay $85 million October 6 to settle civil fraud
allegations that they improperly certified 1,439 defective Federal Housing
Administration mortgage loans, resulting in millions of dollars of losses. – Cincinnati
Enquirer See
item 4 below in the Financial Services Sector
• The U.S. Centers for
Disease Control and Prevention reported October 5 an Oklahoma resident was the
fourth death tied to a 35-State Salmonella outbreak, increasing the total
number of illness to 732 people. – Associated Press
11. October 6,
Associated Press – (Oklahoma) 1 dead in Oklahoma from multistate salmonella
outbreak. The U.S. Centers for Disease Control and Prevention reported that
an Oklahoma resident was the fourth death tied to a 35-State Salmonella
outbreak, increasing the total number of illness to 732 people after each
person consumed tainted cucumbers gown in Mexico. Source: http://www.kjrh.com/news/state/1-dead-in-oklahoma-from-multistate-salmonella-outbreak
• Researchers from
Cisco shut down a massive ransomware campaign accounting for 50 percent of all
ransomware deployments via the Angler exploit kit (EK) that would have allowed
the campaign’s operators to collect over $34 million. – Softpedia See item 19 below in the Information Technology Sector
• The South Carolina
Emergency Management Division reported that at least 11 dams have failed in the
State while another 35 are being monitored October 7 due to heavy storms that
led to 17 deaths, water outages for tens of thousands, road closures, and
building evacuations. – CNN
25. October 7,
CNN – (South Carolina) South Carolina flooding: Dams breached, more
trouble. The South Carolina Emergency Management Division reported that at
least 11 dams have failed in the State while another 35 are being monitored
October 7 due to heavy rain storms that have led to 17 deaths, water outages
for tens of thousands, road closures, and building evacuations. Source: http://foxct.com/2015/10/07/south-carolina-flooding-dams-breached-more-trouble-ahead/
Financial Services Sector
3. October 6,
WTVR 6 Richmond – (Virginia) Sheriff: Three men arrested in cigarette, illegal
credit card bust in Caroline County. Caroline County authorities arrested a
New Yorker and two Jamaican citizens October 6 after finding over 100
fraudulent credit cards, electronics, and skimming devices in their vehicle in
Caramel Church, Virginia. Source: http://wtvr.com/2015/10/06/sheriff-three-men-arrested-in-cigarette-illegal-credit-card-bust-in-caroline-county/
4. October 6,
Cincinnati Enquirer – (National) Fifth Third pays $85M to settle
mortgage fraud. Federal officials announced October 6 that Cincinnati-based
Fifth Third Bank will pay $85 million to settle civil fraud allegations that
the company knowingly improperly certified 1,439 defective Federal Housing
Administration mortgage
loans, resulting in millions of dollars of losses to the agency from 2003 –
2013. Source: http://www.usatoday.com/story/money/nation-now/2015/10/06/fifth-third-pays-85m-settle-mortgage-fraud/73492444/
5. October 6,
WBRZ 2 Baton Rouge – (National) Third arrest made in BR-based national financial
fraud scheme. Louisiana officials announced October 6 the arrest of the
third suspect in a national financial fraud scheme in which conspirators
allegedly stole over 300 identities and committed over $5 million in fraud. The
suspect reportedly provided bogus credit repair services for free and helped
issue stolen Social Security numbers and used the numbers for fraudulent loan
applications. Source: http://www.wbrz.com/news/third-arrest-made-in-br-based-national-financial-fraud-scheme/
Information Technology Sector
17. October 7,
Securityweek – (International) Malicious Android adware infects devices in
20 countries. Security researchers from FireEye were monitoring a new
malicious adware campaign dubbed Kemoge that has affected Android devices in 20
countries, in which the malware serves ads to an infected device, extracts
exploits to root phones, and employs multiple persistence mechanisms. The
malware is packaged with popular Android apps uploaded to third-party stores. Source: http://www.securityweek.com/malicious-android-adware-infects-devices-20-countries
18. October 7,
Softpedia – (International) Zero-day exploit found in Avast antivirus. Security
researchers from Google’s Project Zero discovered a zero-day exploit in Avast
antivirus software in which an attacker could leverage a faulty method used for
parsing X.509 certificates in secure connections to execute code on an affected
system. Avast has since patched the vulnerability. Source: http://news.softpedia.com/news/zero-day-exploit-found-in-avast-antivirus-493958.shtml
19. October 7,
Softpedia – (International) Major ransomware campaign disrupted,
attackers lose potential revenues of $34M. Researchers from Cisco shut down
a massive
ransomware campaign accounting for 50 percent of all ransomware deployments via
the Angler exploit kit (EK) that would have allowed the campaign’s operators to
collect over $34 million. The cyber-criminals used a network of 147 proxy
servers bought from Limestone Networks via stolen credit cards to deliver the
largest ransomware delivery platform ever noticed in the wild. Source: http://news.softpedia.com/news/major-ransomware-campaign-disrupted-attackers-lose-potential-revenues-of-34m-493924.shtml
20. October 7,
Help Net Security – (International) Previously unknown Moker RAT is the latest
APT threat. Security researchers from enSilo discovered a new Remote Access
Trojan (RAT) dubbed Moker that takes over targeted systems by creating a new
user account before opening a RDP channel to gain remote control, and tampers
with sensitive system and security files and settings. The malware comes with a
complete feature set and, achieves system privileges, and may also be
controlled locally. Source: http://www.net-security.org/malware_news.php?id=3124
21. October 7,
The Register – (International) Remote code exec hijack hole found in Huawei
4G USB modems. Security researchers from Positive Technologies discovered
cross-site scripting (XSS) and stack overflow vulnerabilities in Huawei E3272
USB 4G modem that could allow attackers to conduct remote execution and
denial-of-service (DoS) attacks and hijack connected computers. Huawei released
patches addressing the vulnerabilities. Source: http://www.theregister.co.uk/2015/10/07/remote_code_exec_hijack_hole_found_in_huawei_4g_usb_modems/
22. October 6,
Securityweek – (International) Winnti spies use bootkit for persistence,
distributing backdoors. Security researchers from Kaspersky Lab discovered
that the advanced persistent threat (APT) group Winnti has been using an attack
platform dubbed “HDRoot” as a bootkit disguised to look like Microsoft’s
Net.exe utility while protected by VMProtect software, delivering two
backdoors. The group previously targeted gaming companies in the U.S. and
worldwide. Source: http://www.securityweek.com/winnti-spies-use-bootkit-persistence-distributing-backdoors
Communications Sector
Nothing to report