Complete DHS Report for January 21, 2016
Daily Report
Top Stories
• The U.S. Department of the Treasury issued a warning
January 19 advising taxpayers to be aware of callers impersonating Internal
Revenue Service (IRS) agents and threatening victims to pay back-owed taxes. – ABC
News See item 3 below in the Financial Services Sector
• Authorities are investigating various threats of violence
made via robocalls towards dozens of schools in six States January 19 which
prompted evacuations, closures, and searches. – Washington Post
15. January
19, Washington Post – (National) Police investigate threats against schools in six
states. Authorities are investigating various threats of violence made
towards dozens of schools in Delaware, Maryland, New Jersey, Iowa,
Pennsylvania, and Massachusetts January 19 which prompted evacuations,
closures, and searches. No suspicious items were found and many of the threats
were made via computer-generated robocalls. Source: https://www.washingtonpost.com/local/education/police-investigate-threats-against-schools-in-six-states/2016/01/19/49ffdc92-bee2-11e5-9443-7074c3645405_story.html
• The Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT) reported that there was a surge in incidents involving U.S.
critical infrastructure in fiscal year 2015, which brought the total count to
295 incidents. – SecurityWeek See item 21 below
in the Information Technology Sector
• A 4-alarm fire January 19 at a Center City, Pennsylvania
apartment building prompted the response of 120 firefighters, an evacuation of
21 apartment units, and an evacuation of a surrounding apartment complex. – WCAU
10 Philadelphia
23. January
19, WCAU 10 Philadelphia – (Pennsylvania) Fire, now ice: Center City
apartment fire. A 4-alarm fire January 19 at a Center City, Pennsylvania
apartment building prompted the evacuation of 21 apartment units and a
surrounding apartment complex, and caused more than 120 firefighters to remain
on site for over 2 hours containing the incident. Two firefighters sustained
minor injuries and an investigation is ongoing to determine the cause of the
blaze. Source: http://www.nbcphiladelphia.com/news/local/Center-City-Apartment-Fire-Philadelphia-365830431.html
Financial Services Sector
1. January
19, Canton Repository – (Ohio) Lake Twp. man pleads guilty in
investment fraud case. The owner of Lake Township-based Keystone Capital
Management pleaded guilty January 19 to one count of wire fraud and two counts
of money laundering charges after he reportedly ran a Ponzi scheme which
defrauded 19 investors out of nearly $5.5 million between October 2009 and
September 2013. The owner also used his client’s money to pay personal and
business expenses and promote and prolong his investment scheme, among other
illegal actions. Source: http://www.cantonrep.com/article/20160119/NEWS/160119215
2. January
19, U.S. Securities and Exchange Commission – (Colorado) SEC:
Alternative fund manager overcharged fees, misled investors. The U.S.
Securities and Exchange Commission announced January 19 that Equinox Fund
Management LLC agreed to pay $400,000 in penalties, $600,000 in prejudgment
interest, and $5.4 million in refunds to investors to settle allegations that
the company overcharged management fees and misled investors by deviating from
its valuation methodology for its future funds, The Frontier Fund (TFF) holdings. Source: https://www.sec.gov/news/pressrelease/2016-11.html
3. January
19, ABC News – (National) US Department of Treasury warns taxpayers about a
‘frightening’ fraud scam. The U.S. Department of the Treasury issued a
warning January 19 advising taxpayers to be aware of callers impersonating
Internal Revenue Service (IRS) agents and threatening victims to pay back-owed
taxes following reports that the Treasury Inspector General for Tax
Administration (TIGTA) received 900,000 reports of fraudulent calls, resulting
in over $26.5 million in victim losses since October 2013. TIGTA is urging
people to hang up on the fraudulent callers. Source: http://abcnews.go.com/Business/us-department-treasury-warns-taxpayers-frightening-fraud-scam/story?id=36366276
For another story, see item 21 above in Top Stories
Information Technology Sector
17. January
20, Softpedia – (International) Apple releases 28 security fixes for iOS, OS
X and Safari. Apple released 28 security patches for its iOS and Mac OS X
operating systems (OS) and its Safari web browser through updated versions of
OS X El Capitan 10.11.13, Safari 9.0.3, and OS X kernel that addressed critical
vulnerabilities and allowed attackers to execute arbitrary code in the
operating system’s kernel and execute arbitrary code on the underlying
operating system to trick a victim into accessing a malicious Web site. Source:
http://news.softpedia.com/news/apple-releases-28-security-fixes-for-ios-os-x-and-safari-499159.shtml
18. January
20, Help Net Security – (International) Intel patches MiTM flaw in
its Driver Update Utility. Intel Corporation patched a remotely exploitable
vulnerability in its Intel Driver Update Utility program that could have been
exploited by attackers to conduct a man-in-the-middle (MiTM) attack to corrupt
transferred data, leak information, and conduct arbitrary code execution. Source: http://www.net-security.org/secworld.php?id=19349
19. January
20, SecurityWeek – (International) Oracle released 248 security fixes. Oracle
released its Critical Patch Update (CPU) that fixed 248 vulnerabilities
including authentication flaws and security issues in its Oracle Database, Java
SE, and Oracle E-Business Suite, as well as other products. The company advised
users to ensure all their products were updated to the newest versions to avoid
exploitation. Source: http://www.securityweek.com/oracle-releases-248-security-fixes
20. January
20, The Register – (International) Cisco patches borked web box proxy hole. Cisco
released a patch fixing a vulnerability in its Web Security Appliance versions
8.5.3-055, 9.1.0-000, and 9.5.0-235 that allowed unauthenticated remote
attackers to circumvent functionality that prevents proxied network traffic and
bypass security restrictions due to improper handling of malformed Hypertext
Transfer Protocol (HTTP) methods. Source: http://www.theregister.co.uk/2016/01/20/cisco_patches_borked_web_box_proxy_hole/
21. January
20, SecurityWeek – (International) Critical infrastructure incidents increased
in 2015: ICS-CERT. The Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT) reported that there was an increase in incidents involving U.S.
critical infrastructure in fiscal year 2015, increasing the total count to 295
incidences. Officials reported the increase was due to a spear-phishing
campaign launched by an advanced persistent threat (APT) group against
organizations in critical manufacturing, energy, transportation systems,
government facilities, healthcare, and the communications sector, among other
sectors. Source: http://www.securityweek.com/critical-infrastructure-incidents-increased-2015-ics-cert
Communications Sector
See Item 21 above in Top Stories
No comments:
Post a Comment