Complete DHS Report for May 11, 2016
Daily Report
Top Stories
• A loan officer and three others were indicted on Federal charges
May 9 after the group allegedly defrauded several central Kentucky banks out of
more than $40 million in loans or loan renewals. – Lexington Herald-Leader See item 5 below in
the Financial Services Sector
• Researchers at Proofpoint discovered CryptXXX version 2.006
which defeats a Kaspersky Lab decrypter, and locks a user’s entire screen,
forcing them to log onto a different computer to go online to buy Bitcoin and
pay the ransom. – Softpedia See item 20 below in
the Information Technology Sector
• The U.S. Federal Trade Commission began an investigation May 10
into the security practices of eight major mobile companies to determine how
the companies plan and carry out security operations for their mobile
divisions. – Softpedia See item 21 below in
the Communications Sector
• Los Angeles Police are searching for 5 men suspected of stealing
over 7,600 Dell laptop computers worth approximately $4 million May 6 from a
warehouse in the Harbor Gateway area. – MyNewsLA.com
23. May 9,
MyNewsLA.com – (California) $4M worth of laptops stolen from Harbor Gateway
warehouse. Los Angeles Police are searching for 5 men suspected of stealing
over 7,600 Dell laptop computers worth approximately $4 million May 6 during an
armed robbery at a warehouse in the Harbor Gateway area. The suspects zip-tied
a guard and hooked up two trailers containing the merchandise to two trucks
before driving off. Source: http://mynewsla.com/crime/2016/05/09/4m-worth-of-laptops-stolen-from-harbor-gateway-warehouse/
Financial Services Sector
5. May 9,
Lexington Herald-Leader – (Kentucky) Four charged in alleged central
Kentucky bank fraud involving $40 million. A loan officer and three others
were indicted on Federal charges May 9 after the group, operating as various
businesses, allegedly defrauded several central Kentucky banks out of more than
$40 million in loans or loan renewals by making false representations or
omissions on loan documents to banks in Fayette, Woodford, and Harrison
counties from May 2006 – September 2010. Officials stated that the group used
the loans for purposes other than those listed in the application. Source: http://www.kentucky.com/news/local/crime/article76606412.html
6. May 9,
SecurityWeek – (International) Android trojan steals credit card info, locks
devices remotely. Researchers from Avast discovered a new Android banking
trojan that is capable of spying on users and stealing credit card information
by gaining admin rights to a victim’s device after continuously prompting the
Device Admin activation dialog until the user grants the malware admin rights,
while hiding the app icon following the program’s first run. Researchers stated
that the trojan is designed to send information about the device to a command
and control (C&C) server, intercept incoming short message service (SMS)
messages and send them to the server, and receive further commands from its
operators. Source: http://www.securityweek.com/android-trojan-steals-credit-card-info-locks-devices-remotely
Information Technology Sector
19. May 10,
Softpedia – (International) SS7 attack leaves WhatsApp and Telegram
encryption useless. Positive Technologies researchers unveiled a new attack
that utilizes Signaling System No. 7 (SS7) to carry out attacks on encrypted
communications apps such as WhatsApp and Telegram by spoofing a mobile network
node and intercepting the initial phase of a chat between two users. The
researchers were able to impersonate a second user through SS7 loopholes that
were never patched.
20. May 10,
Softpedia – (International) CryptXXX is now undecryptable, prevents users
from accessing their PC. Researchers at Proofpoint discovered CryptXXX
version 2.006, an update to CryptXXX, which defeats a Kaspersky Lab decrypter,
blocks users’ from going online, and locks a user’s entire screen, forcing them
to log onto a different computer to go online to buy Bitcoin and pay the
ransom. The ransomware is distributed via malvertising campaigns, malicious ads
on legitimate Web sites, or through an intermediary malware called Bedep. Source:
http://news.softpedia.com/news/cryptxxx-is-now-undecryptable-prevents-users-from-accessing-their-pc-503884.shtml
Communications Sector
21. May 10,
Softpedia – (National) FTC orders Apple, Google, Microsoft, others to
reveal mobile security practices. The U.S. Federal Trade Commission (FTC)
began an investigation May 10 into the security practices at eight major mobile
companies including Apple Inc., BlackBerry Limited, Google, Microsoft, and
others to determine how the companies plan and carry out security operations
for their mobile divisions, and to understand the factors companies consider
when deciding whether to patch a vulnerability, among other inquires. The FTC
stated that the investigation is an attempt to understand the current mobile
security landscape. Source: http://news.softpedia.com/news/ftc-orders-apple-google-microsoft-others-to-reveal-mobile-security-practices-503872.shtml
22. May 9,
WABC 7 New York City – (New York) Time Warner Cable service restored after major
outage in New York City area. Time Warner Cable announced May 9 that
Internet, cable TV, and phone service was restored to customers across New York
City after multiple fiber optic cables at network providers were cut, leaving
customers without service for approximately 7 hours. Source: http://abc7ny.com/technology/time-warner-cable-service-restored-after-major-outage-in-new-york-city-area-/1330571/