Complete DHS Report for
December 16, 2015
Daily Report
Top Stories
• The U.S. Navy announced December 14 that its littoral
combat ship, the USS Milwaukee, broke down December 10 due to a loss of
propulsion days after the ship’s crew discovered fine metal debris in the port
combining gear filter system. – CNN
4. December
14, CNN – (National) New $360 million Navy ship breaks down. The
U.S. Navy announced December 14 that its littoral combat ship, the USS
Milwaukee, broke down December 10 due to a loss of propulsion days after the
ship’s crew discovered fine metal debris in the port combining gear filter
system. The ship needed to be towed more than forty miles to undergo a full
inspection in Little Creek, Virginia.
• The U.S.
Department of Justice announced that a U.S. Army National Guard soldier pleaded
guilty December 14 to collaborating with a co-conspirator to provide material
support to ISIL. – U.S. Department of Justice
22. December
14, U.S. Department of Justice – (International) U.S. Army
National Guard soldier pleads guilty to attempting to provide material support
to ISIL. The U.S. Department of Justice announced that a U.S. Army National
Guard soldier pleaded guilty December 14 to collaborating with a co-conspirator
to provide material support to a designated foreign terrorist organization in
the Middle East. The soldier also admitted to planning an attack at the
National Guard base in Joliet, Illinois. Source: https://www.fbi.gov/chicago/press-releases/2015/u.s.-army-national-guard-soldier-pleads-guilty-to-attempting-to-provide-material-support-to-isil
• MacKeeper, the
utility software for Apple Mac products, reported that its database containing
passwords and the personal information of 13 million users were exposed in a
data breach. – Help Net Security See item 23 below in the Information Technology Sector
• The West Linn Police Department arrested 6 adults and 1
minor November 29 for allegations that the suspects were linked to a theft ring
scheme in which they victimized 110 people across 7 States by using stolen
credit cards to purchase thousands of gift cards. – The Oregonian
27. December
14, Portland Oregonian – (National) West Linn police arrest six in
interstate ‘theft ring.’ The West Linn Police Department arrested 6 adults
and 1 minor November 29 for alleged charges of first-degree aggravated theft,
organized retail theft, aggravated identity theft, criminal possession of a
forged instrument, and fraudulent use of a credit card after the suspects were
linked to a theft ring scheme in which they victimized 110 people across 7
States by using stolen credit cards to buy more than $26,000 in gift cards. Source:
http://www.oregonlive.com/west-linn/index.ssf/2015/12/west_linn_police_arrest_six_in.html#incart_river_home
Financial Services Sector
5. December
15, Softpedia – (National) Two mobile banking trojans used Facebook Parse as
C&C server. Security researchers in Germany announced that the
Android/OpFake and Android/Marry banking trojans targeting mobile devices stored
their command and control (C&C) servers on 5 Facebook Parse databases, the
company’s BaaS (Backend-as-a-Service) offering, and gathered nearly 170,000
short message service (SMS) messages from infected devices in addition to
successfully executing over 20,000 commands primarily for financial fraud.
Facebook closed all five accounts in August. Source: http://news.softpedia.com/news/two-mobile-banking-trojans-used-facebook-parse-as-c-c-server-497597.shtml
6. December
15, Newark Star-Ledger – (New Jersey) Woman pleads guilty to $1.1
million Securities and Annuities fraud scheme. New Jersey State officials
announced December 14 that a former Morris County investor pleaded guilty
December 11 to orchestrating a 10-year, $1.178 million Securities and Annuities
fraud scheme by fabricating more than 100 financial statements to inflate her
14 clients’ accounts, stealing money from client accounts, fraudulently using
the logos of at least 9 corporations, and collecting unlawful financial adviser
fees after her license was revoked.
Source: http://www.nj.com/somerset/index.ssf/2015/12/woman_pleads_guilty_to_11_million_securities_and_a.html
For additional stories, see
item 1 below from the Energy Sector and item 27 above in Top Stories
1. December
14, Dayton Daily News – (Ohio) Identity theft devices found on gas
pumps in 7th Ohio county. Authorities in Ohio found skimming devices on gas
pumps in Warren County December 10, bringing the total number of State counties
affected to seven. State and local authorities are investigating an organized
Cuban crime ring believed to be tied to the installation of the devices in
Ohio, Michigan, Illinois, Indiana, Wisconsin, and Kentucky. Source: http://www.mydaytondailynews.com/news/news/crime-law/identity-theft-devices-found-on-gas-pumps-in-7th-o/npjrH/
Information Technology Sector
23. December
15, Help Net Security – (International) 13 million MacKeeper users
exposed in data breach. MacKeeper, the utility software for Apple Mac
products, reported that its database containing passwords and the personal
information of 13 million users were exposed in a data breach after a security
researcher submitted a Shodan search and discovered four Internet Protocol (IP)
addresses led to a MongoDB database belonging to Kromtech, the company that
produces MacKeeper. MacKeeper patched the vulnerability and reported no data
was shared or used inappropriately. Source: http://www.net-security.org/secworld.php?id=19232
24. December
15, SecurityWeek – (International) Joomla patches zero-day exploited in the
wild. Joomla released its software version 3.4.6 and hotfixes patching a
critical remote code execution flaw that was exploited in the wild for two
days, enabling attackers to perform object injection via the Hypertext Transfer
Protocol (HTTP) user agent which led to a full remote command execution attack
from three different Internet Protocol (IP) addresses: 74.3.170.33,
146.0.72.83, and 194.28.174.106. The company advised users to check their logs
for incoming requests from the three IP addresses and check if their Web sites
were compromised by searching for “JDatabaseDriverMysqli” or “O:” in the User
Agent. Source: http://www.securityweek.com/joomla-patches-zero-day-exploited-wild
25. December
15, Softpedia – (International) The return of macro malware and other malware
trends. Security researchers from Intel Security released a report stating
there were two types of malicious campaigns using macro-based malware to
compromise a user’s personal computer (PC) via weaponized Word documents and
another using fileless, in-memory malware to compromise a device by working in
a PC’s random-access memory (RAM). The report stated the office-based macro
threats were the highest last seen within six years. Source: http://news.softpedia.com/news/the-return-of-macro-malware-and-other-malware-trends-497590.shtml
26. December
14, SecurityWeek – (International) Polycom patches flaw in VVX Business Media
phones. Polycom released software updates patching a path traversal
vulnerability for several of its VVX Business Media phones after a security
researcher from Depth Security found the request used by the interface
displayed background images and ringtones in filename, which can allow
attackers to use ‘../../’ to back out of the ring tones and background image
files and access sensitive file content using ‘/etc/passwd.’ The company
advised users to update its software to the latest version and disable the web
servers on the affected devices. Source: http://www.securityweek.com/polycom-patches-flaw-vvx-business-media-phones
For another story, see item 5 above in the Financial Services Sector
Communications Sector
See item 26 above in the Information Technology
Sector