Friday, March 11, 2016



Complete DHS Report for March 11, 2016

Daily Report                                            

Top Stories

• Elevated levels of lead found in water at 30 Newark, New Jersey schools required schools to shut off drinking fountains and post warning signs March 9. – CNN

20. March 9, CNN – (New Jersey) Elevated levels of lead found in water at Newark schools. The mayor of Newark announced March 9 that 30 Newark Public Schools shut off drinking fountains and posted signs after testing showed elevated levels of lead in the water. Officials stated that alternative water sources would be provided. Source: http://www.cnn.com/2016/03/09/us/newark-schools-lead-levels-water/index.html

• Kaspersky discovered a new trojan reportedly believed to be the most advanced mobile malware yet, dubbed Triada that targets Android operating system (OS) devices. – SecurityWeek

25. March 9, SecurityWeek – (International) Triada trojan most advanced mobile malware yet: Kaspersky. Security researchers from Kaspersky discovered a new trojan reportedly believed to be the most advanced mobile malware yet, dubbed Triada that targets Android operating system (OS) devices to redirect financial short message service (SMS) transactions to buy additional content or steal money from victims via an advertising botnet that is embedded with rooting capabilities. The trojan also uses the Zygot parent process to implement its code in the context of all software on the target’s device, allowing the trojan to run in each application. Source: http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky

• Florida-based Rosen Hotels & Resorts Inc., reported March 9 that its payment processing system was compromised which allowed attackers to steal customer data including cardholders’ names, card numbers, and internal verification codes. – Softpedia

28. March 9, Softpedia – (National) Rosen Hotel Chain had a PoS malware infection for 17 months. Florida-based Rosen Hotels & Resorts Inc., reported March 9 that its payment processing system was compromised after a security company discovered malware installed in its credit card systems, which allowed attackers to steal customer data including cardholders’ names, card numbers, expiration dates, and internal verification codes from September 2014 – February 2016.

• Approaching rain storms in Bossier City, Louisiana, prompted the evacuation of 3,500 homes March 10, the declaration of a State of emergency in several Louisiana parishes, and the closure of Bossier Parish public schools and Northwestern State University campuses. – Associated Press

30. March 10, Associated Press – (Louisiana) 3,500 homes evacuated in northern Louisiana because of flooding. Approaching rain storms in Bossier City, Louisiana, prompted the evacuation of 3,500 homes March 10 due to the threat of a bayou approaching the top of its levee, caused the closure of several sections of Interstate 20, prompted a State of emergency in several Louisiana parishes, and forced the closure of Bossier Parish public schools and Northwestern State University campuses. Source: http://www.nola.com/weather/index.ssf/2016/03/bossier_city_home_evacuations.html

Financial Services Sector

4. March 10, Associated Press – (Alabama; Tennessee) Alabama car dealers admit bank fraud. Nashville officials announced March 10 that 2 New Market, Alabama residents pleaded guilty to charges alleging that the pair used their pre-owned car business to defraud 65 financial institutions by seeking multiple loans on over 100 vehicles from different financial institutions by using fraudulently obtained titles as collateral. The scheme caused $5.9 million in losses over a five year period.
Source: http://www.wrcbtv.com/story/31433311/alabama-car-dealers-admit-bank-fraud
5. March 9, U.S. Securities and Exchange Commission – (International) Money returning to investors harmed by unregistered broker. The U.S. Securities and Exchange Commission (SEC) announced March 9 that Cyprus-based Banc de Binary Ltd., agreed to pay a total of $11 million to the SEC and Commodity Futures Trading Commission (CFTC) to settle charges that the company, its founder, and three affiliates illegally sold binary options to U.S. investors after the company failed to register as a broker-dealer before communicating directly with U.S. clients via phone, email, and instant messenger chats, and soliciting U.S. customers through YouTube videos, spam emails, and other Internet advertising outlets. A Fair Fund was established to compensate harmed investors and Banc de Binary Ltd., its founder, and its affiliates agreed to be suspended from the securities industry for a year and permanently banned from issuing penny stock offerings.

Source: https://www.sec.gov/news/pressrelease/2016-42.html
6. March 9, Lee’s Summit Journal – (Missouri) Greenwood man indicted for mortgage fraud scheme. A Greenwood, Missouri home builder, doing business as Penrod Homes, Inc., was charged March 8 for his role in a scheme to defraud mortgage lenders from May 2005 – June 2007 where he and others allegedly recruited buyers to apply for mortgage loans to purchase 61 homes in Greenwood and Peculiar that later went into foreclosure causing the banks and mortgage companies approximately $4.5 million in losses, and accepted illegal kickbacks totaling $1.5 million on 57 of the homes sold.

Source: http://www.lsjournal.com/2016/03/09/137896_greenwood-man-indicted-for-mortgage.html
7. March 8, Greenville News – (South Carolina) Greenville broker indicted in $3 million Ponzi scam. A former Greenville, South Carolina broker was indicted on Federal fraud charges March 8 after he allegedly ran a $2.8 million Ponzi scheme where he advised clients to invest their money into a fictitious company, SG Investment Management, provided investors with bogus earning statements, and returned a portion of the funds to make it appear as though the clients’ funds were invested and earning profits between 2000 – 2014.

Source: http://www.greenvilleonline.com/story/news/crime/2016/03/08/greenville-broker-indicted-3-million-ponzi-scam/81495112/
8. March 8, U.S. Attorney’s Office, Western District of Kentucky – (Kentucky) Louisville attorney charged with wire fraud and money laundering. The U.S. Attorney’s Office in Kentucky announced March 8 that a former attorney and executor of 7 estates was indicted on Federal charges after he allegedly defrauded the estates of approximately $1,666,671 by withdrawing cash from the estate accounts without authorization and using the money for personal expenses while mischaracterizing the withdrawals as estate expenses from November 2008 – February 2015. The executor also allegedly laundered fraud proceeds by using funds from one estate to conceal the depletion of the funds from another estate in July 2014. Source: https://www.justice.gov/usao-wdky/pr/louisville-attorney-charged-wire-fraud-and-money-laundering

For additional stories, see items 25 and 28 above in Top Stories

Information Technology Sector

22. March 10, Softpedia – (International) 600,000 TFTP servers can be abused for reflection DDoS attacks. Researchers from the Edinburgh Napier University reported that a combination of flaws in Trivial File Transfer Protocol (TFTP) and publicly-exposed TFTP servers can easily be exploited for attackers to abuse misconfigured setups for reflection denial-of-service (DDoS) attacks after finding that 599,600 TFTP servers were publicly open and had an amplification factor of 60. The vulnerable TFTP servers can be used to launch attacks on other Internet-available services, or used as a pathway for targets inside a closed network. Source: http://news.softpedia.com/news/600-000-tftp-servers-can-be-abused-for-reflection-ddos-attacks-501568.shtml

23. March 10, The Register – (International) Cisco patches a bunch of cable modem vulns. Cisco Systems reported three vulnerable systems were open to attackers including two wireless gateways, the DPC3941 and DPC3939B, that can allow attackers to exploit the Web-based administration interface via specially crafted Hypertext Transfer Protocol (HTTP) requests; two cable modems, the DPC2203 and EPC2203, that can allow attackers to execute remote code execution via an HTTP input validation vulnerability; and one gateway, the DPQ 3925, that can allow attackers to perform denial-of-service (DDoS) attacks via an HTTP handling flaw. Source: http://www.theregister.co.uk/2016/03/10/cisco_patches_a_bunch_of_cable_modem_vulns/

24. March 9, Softpedia – (International) Samsung fixes driver update tool to prevent malicious takeover. Samsung released updates for its SW Update Tool patching two security-related issues that could have been exploited to perform Man-in-the-Middle (MitM) attacks after a security researcher from Core Security discovered that when contacting Samsung’s servers, the SW Update Tool sent all users’ information in cleartext and did not check for the data’s authenticity after the software received the driver downloads from Samsung’s servers. Samsung patched the issues by implementing a ciphered communication between the tool and its servers, and inputting a verification mechanism of the downloaded drivers. Source: http://news.softpedia.com/news/samsung-fixes-driver-update-tool-to-prevent-malicious-takeover-501547.shtml

25. March 9, SecurityWeek – (International) Triada trojan most advanced mobile malware yet: Kaspersky. Security researchers from Kaspersky discovered a new trojan reportedly believed to be the most advanced mobile malware yet, dubbed Triada that targets Android operating system (OS) devices to redirect financial short message service (SMS) transactions to buy additional content or steal money from victims via an advertising botnet that is embedded with rooting capabilities. The trojan also uses the Zygot parent process to implement its code in the context of all software on the target’s device, allowing the trojan to run in each application. Source: http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky

For another story, see item 28 above in Top Stories

Communications Sector


26. March 9, Telecomlead.com – (Florida) Net One faces $1.6 mn penalty for illegal billing. The U.S. Federal Communications Commission (FCC) imposed a $1.6 million penalty on Florida-based Net One International March 9 for billing more than 100 consumers for unauthorized charges and fees in an illegal practice known as “cramming.” Officials advised consumers to contact the FCC if they were improperly charged. Source: http://www.telecomlead.com/telecom-services/net-one-faces-1-6-mn-penalty-illegal-billing-67878