Complete DHS Report for March 16, 2016
Daily Report
Top Stories
• Temple city officials reported that Lions Park in Temple, Texas,
was closed March 14 after approximately 300,000 gallons of wastewater
overflowed as a result of heavy rainfall the week of March 7. – Temple Daily
Telegram
8. March 15,
Temple Daily Telegram – (Texas) 230,000 gallons of wastewater shut
down Lions Park. Temple city officials reported that Lions Park in Temple,
Texas, was closed March 14 after approximately 300,000 gallons of waste water
overflowed as a result of heavy rainfall the week of March 7. Clean-up crews
were working to clean up the overflow.
• Officials announced the week of March 7 that a former employee
at Reliable Medical Supply in Brooklyn Park, Minnesota, was charged with
stealing nearly $1.1 million from the company from 2011 – 2015. – Minneapolis
Star Tribune
10. March 14,
Minneapolis Star Tribune – (Minnesota) Charges: Twin Cities medical
supplier’s ‘trusted employee’ skimmed $1M. Officials announced the week of
March 7 that a former employee at Reliable Medical Supply in Brooklyn Park was
charged in Hennepin County District Court for stealing nearly $1.1 million from
the company by reportedly forging checks to herself from the company’s business
account from 2011 – 2015. Source: http://www.startribune.com/charges-twin-cities-medical-supplier-s-trusted-employee-skimmed-1m-plus/371975901/
• A spokesperson for the U.S. Army Material Command stated March
14 that the U.S. Army spent about $145,000 on a new crime reporting app, iWatch
Army, for use at 17 U.S. bases to boost anti-terrorism and anti-crime efforts.
– Reuters
12. March 14,
Reuters – (National) New app aims to thwart crime, attacks at U.S.
military bases. A spokesperson for the U.S. Army Material Command stated
March 14 that the U.S. Army spent about $145,000 on a new crime reporting app,
iWatch Army, for use at 17 U.S. bases, which was created to boost its
anti-terrorism and anti-crime efforts. The app remains under evaluation by the
U.S. Army. Source: http://www.reuters.com/article/us-usa-military-closewatch-idUSKCN0WG1GJ
• Yahoo! released patches fixing an email spoofing vulnerability
after a security researcher discovered that Yahoo! Mail’s Basic interface
allowed attackers to send malicious emails by changing Hypertext Transfer
Protocol (HTTP) requests sent to the server and changing the “from address”
associated with each new email. – Softpedia See item 17 below in
the Information Technology Sector
Financial Services Sector
2. March 14,
U.S. Securities and Exchange Commission – (National) AIG affiliates
charged with mutual fund shares conflicts. The U.S. Securities and Exchange
Commission announced March 14 that 3 American International Group, Inc., (AIG)
affiliates, Royal Alliance Associates, Inc., SagePoint Financial, and FSC
Securities Corporation agreed to pay more than $9.5 million to settle charges
that the firms placed mutual fund clients in more expensive share classes in
order to collect approximately $2 million in extra fees without disclosing to
clients the option to buy shares without additional charges. The firms
additionally failed to monitor advisory accounts on a quarterly basis, and
failed to implement compliance policies and procedures that ensured advisory
service fees and trading costs remained in the best interest of clients. Source:
https://www.sec.gov/news/pressrelease/2016-52.html
3. March 14,
U.S. Attorney’s Office, District of New Jersey –
(International) CEO of microcap company charged with securities fraud for
falsely claiming millions in revenue from contracts with Nigeria and other
foreign countries. Federal authorities in San Francisco announced charges
against the chief executive officer (CEO) of RVPlus Inc., March 14 after he was
arrested in San Francisco March 13 for allegedly filing false reports with the
U.S. Securities and Exchange Commission (SEC) and creating misleading press
releases and blog posts which falsely certified that RVPlus Inc., had entered
into contracts with Nigeria, Haiti, and Liberia worth more than $1.9 billion,
and held more than $26 million in short-term accounts receivables from the
agreements. The CEO also falsely claimed that his not-for-profit, ECCO2 Corp.,
was an affiliate organization of the United Nations Convention on Climate
Change and could receive over $100 billion in financial aid to fund the
organization’s projects. Source: https://www.justice.gov/usao-nj/pr/ceo-microcap-company-charged-securities-fraud-falsely-claiming-millions-revenue-contracts
Information Technology Sector
16. March 15,
Softpedia – (International) Recent wave of malware uses macro-enabled
Word documents and Windows PowerShell. Security researchers from Palo Alto
Networks discovered that attackers were using a new tactic to distribute
malicious malware by combining spam campaigns, malicious Word documents, and
Window’s PowerShell code. Researchers reported that the macro code, embedded
within each malicious Word document, starts a hidden instance of Windows
PowerShell to download malicious scripts.
17. March 15,
Softpedia – (International) Yahoo fixes ridiculously simple email address
spoofing bug. Yahoo! released patches fixing an email spoofing
vulnerability after a security researcher from Vulnerability Lab discovered
Yahoo! Mail’s Basic interface, also named Classic Mode, allowed attackers to
send malicious emails by changing Hypertext Transfer Protocol (HTTP) requests
sent to the server and changing the “from address” associated with each new
email. Source: http://news.softpedia.com/news/yahoo-fixes-ridiculously-simple-email-address-spoofing-bug-501750.shtml
18. March 14,
SecurityWeek – (International) Code.org flaw exposes volunteer email
addresses. An official from Code.org, a non-profit organization that helps
teach computer science, reported that the email addresses of its volunteers
were allegedly compromised after a vulnerability was found on its Web site that
allowed an unauthorized recruiting firm to obtain private email addresses. The
company patched the flaw, stating that its servers were not vulnerable and the
details of its 10 million teachers and students were not exposed. Source: http://www.securityweek.com/codeorg-flaw-exposes-volunteer-email-addresses
19. March 14,
Softpedia – (International) Vulnerability in torrent portal software
exposes user private information. An anonymous security researcher reported
that the SceneAccess Web site, a private torrent portal, was susceptible to a
security flaw in the built-in BBcodes (Bulletin Board Code) that allowed
attackers to expose details pertaining to the Web sites’ users including
exposing clients’ Internet Protocol (IP) addresses by nesting the BBcode inside
an image Universal Resource Language (URL), and sending users the malicious image
via open forum threads or private messages.
For another story, see item 12 above in Top Stories
Communications Sector
20. March 13,
SecurityWeek – (International) Hackers pillage DDoS protection firm
Staminus. The distributed denial-of-service (DDoS) protection firm,
Staminus reported March 10 that its database was compromised for several hours
and exposed more than 15 gigabyte of data including customers’ login
credentials, customers’ credit card numbers, and server log data, among other
information due to low security protocol such as using one root passwords for
all its routers. Staminus patched the issue March 11 after the incident spanned
across multiple routers.
No comments:
Post a Comment