Monday, November 16, 2015



Complete DHS Report for November 16, 2015

Daily Report                                            

Top Stories

• Realty Capital Securities LLC was charged by Massachusetts financial regulators November 12 for allegedly impersonating shareholders to use their stocks to vote on corporate governance. – Boston Globe See item 6 below in the Financial Services Sector

Altaf Khanani Money Laundering Organization and Al Zarooni Exchange were sanctioned as transnational criminal organizations November 12 after investigators determined that the organizations were laundering billions of dollars. – U.S. Department of the Treasury See item 7 below in the Financial Services Sector

• Princess Cruises reported November 12 that travelers were stranded on a ship after docking in Los Angeles following a U.S. Customs and Border Protection computer failure. – KTLA 5 Los Angeles

10. November 12, KTLA 5 Los Angeles – (California) Computer glitch leaves passengers stranded for hours after cruise ship arrives in San Pedro. A Princess Cruises spokesperson reported November 12 that 30 percent of the Star Princess’s 2,600 travelers were temporarily stranded on the ship after docking in San Pedro, Los Angeles while crews manually processed passengers following a U.S. Customs and Border Protection computer failure. Officials reported that the incident was a result of a computer glitch and not a cyber-attack. Source: http://ktla.com/2015/11/12/computer-glitch-leaves-passengers-stranded-for-hours-after-cruise-ship-arrives-in-san-pedro/

• Securus Technologies announced November 12 that it is investigating an alleged breach of its systems and stated that its system was not hacked by an outside, but likely breached by an internal employee. – International Business Times See item 26 below in the Communications Sector

Financial Services Sector

4. November 12, Securityweek – (National) New PoS malware delivered via malicious docs, exploit kit. Researchers from Proofpoint observed the “AbaddonPOS” point-of-sale (PoS) malware and determined that it was being widely distributed with the aid compromised Microsoft Word documents designed to download information-stealing threats. Once the malware infects the system, it targets the memory of all processes in track 1 and track 2 data associated with payment cards. Source: http://www.securityweek.com/new-pos-malware-delivered-malicious-docs-exploit-kit

5. November 12, Orange County Daily Pilot – (California) Newport lawyer accused of $8 million investment scam pleads guilty to 3 felonies. A former attorney from Orange County pleaded guilty to 2 felony counts of wire fraud and 1 felony count of tax evasion November 12 for misleading investors by collecting their investment money and spending it on personal expenses, netting at least $8 million. Source: http://www.latimes.com/socal/daily-pilot/news/tn-dpt-me-1113-kang-plea-20151112-story.html

6. November 12, Boston Globe – (Massachusetts) Secretary of State alleges corporate-voting fraud at Realty Capital Securities. Boston-based Realty Capital Securities LLC was charged by Massachusetts financial regulators November 12 for allegedly impersonating shareholders to use their stocks to vote on corporate governance, which included a proxy vote that was used for a proposed $378 million deal and another that would have given New York investors who controlled the company more control over Business Development Corp. of America. Source: https://www.bostonglobe.com/business/2015/11/12/galvin-alleges-corporate-voting-fraud-realty-capital-securities/YbDnyUvM6nxJ8NbJEM0moK/story.html

7. November 12, U.S. Department of the Treasury – (International) Treasury sanctions the Khanani Money Laundering Organization. The U.S. Department of the Treasury’s Office of Foreign Assets Control announced November 12 that the Altaf Khanani Money Laundering Organization (Khanani MLO) and Dubai-based money services company Al Zarooni Exchange were sanctioned as transnational criminal organizations after investigators determined that the organizations were knowingly laundering billions of dollars to organized crime groups, drug trafficking organizations, and designated global terrorist groups. Source: http://www.treasury.gov/press-center/press-releases/Pages/jl0265.aspx

8. November 10, WFIE 14 Evansville – (Indiana) 36 people charged in fraud scheme involving staged car wrecks in the Tri-State. Thirty suspects out of the 36 people allegedly involved in a scheme to defraud insurance companies out of more than $600,000 in false insurance claims over a 4 year period were served warrants November 10 in Indiana. The suspect’s recruited people to participate in staged crashes and trained them how to act in order to file false insurance claims and run up medical bills through hospital stays. Source: http://www.14news.com/story/30484469/36-people-charged-in-fraud-scheme-involving-staged-car-wrecks-in-the-tri-state

Information Technology Sector

23. November 13, Securityweek – (International) Flaw in “Spring Social” puts user accounts at risk. Researchers at SourceClear (SRC:CLR) discovered that a vulnerability in Pivotal Software’s Spring Social authentication feature can be exploited via a specially crafted Uniform Resource Locator (URL) that bypasses the cross-site request forgery (CSRF) protection to link an attacker’s account, on a similar service to GitHub or Facebook, with a victim’s account on a compromised Web site. Pivotal Software patched the vulnerability with the release of Spring Social Core update.

24. November 12, The Register – (International) Jenkins plugs 11 security holes with two updates. Jenkins released Versions 1.638 and 1.625.2 for its open source integration tool that patched 11 critical security vulnerabilities including a zero-day vulnerability that exploited Jenkins CLI subsystem; a secret key flaw that allowed attackers to connect as slaves, take over Jenkins systems, and access private data; and a critical flaw that used unsafe deserialization, allowing remote attackers to run arbitrary code on the Jenkins master, among other vulnerabilities. Source: http://www.theregister.co.uk/2015/11/12/jenkins_security_update/

25. November 12, The Register – (International) Latest Android phones hijacked with tidy one-stop-Chrome-pop. A researcher from Quihoo 360 discovered, and reported during the MobilePwn2Own event at the PacSec security conference, a single clean exploit in Google’s Chrome browser for Android via its JavaScript v8 engine that does not require several chained vulnerabilities to gain access and load software without user interaction once a user visits a malicious Web site. Source: http://www.theregister.co.uk/2015/11/12/mobile_pwn2own/

For additional stories, see item 4 above in the Financial Services Sector and 22 below from the Emergency Services Sector

22. November 12, Foster’s Daily Democrat – (New Hampshire) Computer virus infects county dispatch center. The Strafford County chief deputy announced November 12 that computers at the Strafford County Regional Dispatch Center in Dover were infected by the CryptoLocker ransomware which severely limited the amount of data utilized by both dispatchers and emergency personnel on the field. Officials were able to isolate the virus and are working on bringing systems back online. Source: http://www.fosters.com/article/20151112/NEWS/151119727

Communications Sector

26. November 12, International Business Times – (National) Securus Technologies: A rogue employee, not a hacker, exposed 70 million inmate calls. Securus Technologies announced November 12 that it is investigating an alleged breach of its systems that provides phone service to incarcerated people around the U.S., and stated that its system was not hacked by an outside, but likely breached by an internal employee. An investigation into the breach, which reportedly includes unauthorized access to over 70 million recorded prison phone conversations, is ongoing. Source: http://www.ibtimes.com/securus-technologies-rogue-employee-not-hacker-exposed-70-million-inmate-calls-2181819