Thursday, April 7, 2016



Complete DHS Report for April 7, 2016

Daily Report                                            

Top Stories

• A minister was convicted April 5 for his role in a nearly $5 million fraudulent tax return scheme where he and a co-conspirator allegedly filed over 2,700 fraudulent tax returns on behalf of church members in Ohio and other States. – Associated Press See item 1 below in the Financial Services Sector

• A Kentucky lawyer, a retired administrative law judge, and a psychologist were charged April 5 with committing $600 million in disability fraud by submitting over 2,000 fake medical claims with the U.S. Social Security Administration seeking disability benefits. – Reuters  

7. April 5, Reuters – (Kentucky; West Virginia) Three Kentucky men indicted in $600 million federal fraud case. An indictment unsealed April 5 charged a Kentucky lawyer, a retired administrative law judge, and a psychologist with committing $600 million in disability fraud by submitting over 2,000 fake medical claims with the U.S. Social Security Administration seeking disability benefits. The attorney advertised his services through the Web site MrSocialSecurity.com and routed clients’ claims to a regional office in West Virginia where the administrative law judge would assign the cases to himself or have someone else assign them to him.

• State and Federal officials reported April 5 that 21 brokers in the New York metropolitan area were arrested for knowingly recruiting foreign students to the University of Northern New Jersey, a fake institution set up by DHS in 2012. – New York Times

10. April 5, New York Times – (New Jersey) New Jersey University was fake, but Visa fraud arrests are real. New Jersey officials and U.S. Immigration and Customs Enforcement authorities announced April 5 that 21 brokers in the New York metropolitan area were arrested for knowingly recruiting foreign students, mainly from China and India, to the University of Northern New Jersey, a fake institution set up by DHS in 2012, in order to obtain student visas. The brokers worked with individuals posing as university officials, charged the students fees, and received kickbacks in the scheme which allowed the students to stay in the county and obtain employment.

• Adobe reported April 5 that it will be releasing a patch for its Flash Player 21.0.0.197 and its earlier versions April 7 which will address a zero-day vulnerability after malicious attackers were seen actively exploiting the flaw. – SecurityWeek See item 14 below in the Information Technology Sector

Financial Services Sector

1. April 5, Associated Press – (National) Minister convicted in $5 million tax scam. A traveling minister from Arkansas was convicted April 5 for his role in a nearly $5 million fraudulent tax return scheme where he and a co-conspirator allegedly filed over 2,700 fraudulent tax returns on behalf of church members in Ohio and other States after obtaining church members’ personal information by claiming to help the members procure government stimulus funds. The minister and co-conspirator took fees from each tax refund while congregants received the balance. Source: http://www.foxnews.com/us/2016/04/05/minister-convicted-in-5-million-tax-scam.html

2. April 5, WUSA 9 Washington, D.C. – (Maryland) Serial ‘bandage’ bank bandit. The FBI announced a search April 5 for a bank robber dubbed the “Bandage” who robbed a Sandy Spring Bank branch in Burtonsville and a Capital One Bank branch in Elkridge April 1. Authorities stated that the man is suspected of robbing seven other banks in Maryland since October 2015. Source: http://www.wusa9.com/news/local/maryland/wanted-serial-bank-robber-wearing-neckbrace-eyepatch/121283824

Information Technology Sector

13. April 6, Softpedia – (International) Windows’ Pirrit adware ported to OS X via Qt Framework. Security researcher from Cybereason discovered that the OSX/Pirrit adware was infecting Apple Mac users for the first time and hijacking users’ Web traffic with several ads via the Qt Framework, which allows programmers to write applications that work on Apple Mac devices, Linux systems, and Microsoft Window devices. The malware was seen using several steps to infiltrate a system after a user launches a Pirrit-laced binary. Source: http://news.softpedia.com/news/windows-pirrit-adware-ported-to-os-x-via-qt-framework-502637.shtml

14. April 6, SecurityWeek – (International) Adobe to patch actively exploited Flash zero-day. Adobe reported April 5 that it will be releasing a patch for its Flash Player 21.0.0.197 and its earlier versions April 7 which will address a zero-day vulnerability after malicious attackers were seen actively exploiting the flaws. Customers were advised to ensure their Flash Players were updated to version 21.0.0.182 or later. Source: http://www.securityweek.com/adobe-patch-actively-exploited-flash-zero-day

15. April 5, SecurityWeek – (International) New Locky variants change communication patterns. Researchers from Check Point discovered that Locky, a prominent ransomware family, had changed its distribution mechanism to use JavaScript (.js) attachments for malware distribution and that another Locky variant was included as the malicious payload in the Nuclear exploit kit (EK) with additional communication changes. In addition, FireEye Labs researchers found that the ransomware was increasing its infection rate and surpassing the Dridex spam activities.

For another story, see item 16 below in the Communications Sector

Communications Sector

16. April 6, SecurityWeek – (International) Quanta routers plagued by many unpatched flaws. A security researcher discovered more than 20 vulnerabilities in the latest firmware version of Quanta Computer’s LTE QDH routers, and several other devices including QDH, UNE, Mobily, and YooMee 4G routers that can allow an attacker to obtain sensitive information including credentials and configuration data through several flaws including remote code execution, arbitrary file access, a denial-of-service (DoS) vulnerability, and a hardcoded Secure Shell (SSH) server key that can be used to decrypt SSH traffic going through the router. Quanta stated the vulnerabilities in the LTE QDH routers will not be patched since the routers have reached end of life (EOL). Source: http://www.securityweek.com/quanta-routers-plagued-many-unpatched-flaws