Monday, March 28, 2016



Complete DHS Report for March 28, 2016

Daily Report                                            

Top Stories

• A collision between a Canadian Pacific Railway train and a semi-truck transporting propane in Callaway, Minnesota, March 24 injured 2 railroad employees, prompted the evacuation of about 200 residents, and closed a stretch of Highway 59. – Forum of Fargo-Moorhead

5. March 25, Forum of Fargo-Moorhead – (Minnesota) Explosion shakes western Minn. town after tanker truck-train collision. A collision between a Canadian Pacific Railway train and a semi-truck transporting propane in Callaway, Minnesota, March 24 set off an explosion that caused 7 railcars and 1 locomotive to derail, injured 2 railroad employees, prompted the evacuation of about 200 residents, and closed a stretch of Highway 59 for several hours. Fire crews extinguished the blaze and residents were allowed to return home March 25. Source: http://www.inforum.com/news/accidents/3994161-video-explosion-shakes-western-minn-town-after-tanker-truck-train-collision

• Seven Iranian computer specialists were charged March 24 for conducting several coordinated distributed denial-of-service (DDoS) attacks against 46 major companies from 2011 – 2013. – Help Net Security See item 16 below in the Information Technology Sector

• Fox-IT warned users that EC Council was unknowingly distributing the Angler exploit kit (EK) after discovering that malicious code was embedded at the bottom of EC Council’s iClass Web site for Certified Ethical Hacker certification. – SecurityWeek See item 18 below in the Information Technology Sector

• Verizon Enterprise Solutions stated March 24 that it discovered and remediated a security vulnerability in its client portal that allowed an attacker to obtain basic contact information on an undisclosed number of enterprise customers. – Krebs on Security See item 19 below in the Communications Sector

Financial Services Sector

3. March 25, U.S. Department of Justice – (Louisiana) Louisiana check cashers plead guilty to conspiracy, tax charges and agree to forfeit $4.12 million. The two owners of VJ Discount Inc., in Kenner, Louisiana, pleaded guilty March 24 to Federal charges after the pair acted with co-conspirators to defraud the U.S. government and impair the Internal Revenue Service (IRS) by cashing fraudulently obtained tax refund checks at elevated rates, filing false reports with the government to conceal the illicit activity, and filing false tax returns that underreported business and individual income to the IRS, despite third-party check deposits totaling more than $172 million from 2011 – 2013. As part of the guilty pleas, the duo agreed to forfeit $4.12 million dollars.Source: https://www.justice.gov/opa/pr/louisiana-check-cashers-plead-guilty-conspiracy-tax-charges-and-agree-forfeit-412-million-0

4. March 23, U.S. Attorney’s Office, District of New Jersey – (New York) New York man indicted in $17 million Microcap stock manipulation scheme. The founder of a New York-based registered broker-dealer was indicted on Federal charges March 23 after he allegedly orchestrated a $17.2 million pump-and-dump stock market manipulation scheme where he and co-conspirators artificially inflated the stock prices of Raven Gold Corporation and Kentucky USA Energy Inc., by pumping the price of the two companies’ shares through manipulative trading, dumping the stocks, and selling large amounts of the shares to investors at inflated rates, causing the companies’ stock prices to drop and investors to suffer losses. Officials stated that two Canadian stock promoters have pleaded guilty for their involvement in the scheme. Source: https://www.justice.gov/usao-nj/pr/new-york-man-indicted-17-million-microcap-stock-manipulation-scheme

For another story, see item 16 below in the Information Technology Sectory

Information Technology Sector

16. March 24, Help Net Security – (International) 7 Iranians indicted for cyber attacks on US banks and a dam. The U.S. Department of Justice reported March 24 that 7 Iranian computer specialists, allegedly sponsored by Iran’s Islamic Revolutionary Guard Corps, were charged for conducting several coordinated distributed denial-of-service (DDoS) attacks against 46 major companies which primarily targeted the U.S. financial sector from 2011 – 2013. The attacks disabled victims’ bank Web sites, prevented customers from accessing online accounts and cost banks tens of millions of dollars in remediation.

17. March 24, SecurityWeek – (International) Cisco patches serious DoS flaws in IOS software. Cisco released patches for six high severity denial-of-service (DoS) flaws in its IOS, IOS XE, and Unified Communications Manager (UCM) software including a flaw that can allow an unauthenticated attacker to cause a memory leak, eventually causing the infected device to reload, and a vulnerability affecting the DHCP version 6 relay feature of which can cause the affected device to reload by sending specially crafted DHCPv6 relay messages. Source: http://www.securityweek.com/cisco-patches-serious-dos-flaws-ios-software

18. March 24, SecurityWeek – (International) EC Council website hacked to serve Angler Exploit Kit. Security researchers from Fox-IT warned users that the security certification provider, EC Council was unknowingly distributing the Angler exploit kit (EK) after discovering that malicious code was embedded at the bottom of EC Council’s iClass Web site for Certified Ethical Hacker (CEH) certification, which redirected users to a Web page with the Angler EK. Researchers suspected a security flaw in the Web site and notified the company of the exploit.

For another story, see item 19 below in the Communications Sector

Communications Sector

19. March 24, Krebs on Security – (International) Crooks steal, sell Verizon Enterprise customer data. Verizon Enterprise Solutions stated March 24 that it recently discovered and remediated a security vulnerability in its enterprise client portal that allowed an attacker to obtain basic contact information on an undisclosed number of customers. The company asserted that no customer proprietary network information or other data was accessed.