Monday, June 13, 2016



Complete DHS Report for June 13, 2016

Daily Report                                            

Top Stories

• Two men were charged June 9 for their roles in a $250,000 bank heist and mail fraud scheme where the duo deposited over 300 altered U.S. Postal Service Money Orders into accounts at 14 banks in New York and New Jersey and later withdrew the money, causing the banks over $300,000 in losses. – Lower Hudson Valley Journal News

2. June 10, Lower Hudson Valley Journal News – (New York; New Jersey) 2 Rockland men indicted for bank theft, mail fraud. Two Rockland residents were charged June 9 for their roles in a $250,000 bank heist and mail fraud scheme where the duo deposited over 300 altered U.S. Postal Service Money Orders into accounts at 14 banks in Rockland and Orange counties in New York, and Bergen County in New Jersey and later withdrew the money, causing the banks more than $300,000 in losses. Officials stated the pair photocopied dollar amounts onto the fraudulent money orders, and used debit cards and personal identification numbers (PINs) linked to other individuals’ bank accounts to deposit the money orders into the bank accounts via an ATM.

• The governor of New York announced June 9 that the State will begin a $17 million project to restore and improve Niagara Falls State Park. – Associated Press

16. June 9, Associated Press – (New York) Niagara Falls State Park to get $17M upgrade. The governor of New York announced June 9 that the State will rename Robert Moses Parkway the Niagara State Parkway as part of a $17 million upgrade to Niagara Falls State Park, which will include a series of updates designed to restore and improve the park. Source: http://www.travelweekly.com/North-America-Travel/Niagara-Falls-State-Park-gets-17-million-dollar-upgrade-AP

• Multiple security firms detected that the Caliphate Cyber Army (CCA) leaked the personal information of more than 800 employees from the Arkansas Library Association (ALA) via a Structured Query Language (SQL) injection attack. – Softpedia See item 21 below in the Information Technology Sector

• Trihedral Engineering released updates for its VTScada products used in the water, energy, nuclear, and transportation sectors, among others after discovering three critical and high severity vulnerabilities in the Wireless Application Protocol (WAP) component that can be exploited by a remote attacker. – SecurityWeek See item 22 below in the Information Technology Sector

Financial Services Sector

2. June 10, Lower Hudson Valley Journal News – (New York; New Jersey) 2 Rockland men indicted for bank theft, mail fraud. Two Rockland residents were charged June 9 for their roles in a $250,000 bank heist and mail fraud scheme where the duo deposited over 300 altered U.S. Postal Service Money Orders into accounts at 14 banks in Rockland and Orange counties in New York, and Bergen County in New Jersey and later withdrew the money, causing the banks more than $300,000 in losses. Officials stated the pair photocopied dollar amounts onto the fraudulent money orders, and used debit cards and personal identification numbers (PINs) linked to other individuals’ bank accounts to deposit the money orders into the bank accounts via an ATM.

3. June 9, South Florida Sun-Sentinel – (Florida) ‘Filter Bandit’ may have struck in Broward again, FBI says. Authorities offered a reward June 9 in exchange for information on a man dubbed the “Filter Bandit” who is suspected of robbing a SunTrust Bank branch in Coral Springs, Florida, June 8 and nine other banks in Broward County since August 2014. The suspect is considered armed and dangerous. Source: http://www.sun-sentinel.com/news/crime/fl-coral-springs-filter-bandit-fbi-20160609-story.html

4. June 9, St. Louis Post-Dispatch – (Missouri) Ladue arrest leads to guilty plea to fake credit card scheme. A Bellevue, Washington man pleaded guilty June 9 to possessing over 100 fraudulent credit cards and a device to encode the cards’ magnetic strips, and admitted to organizing a multi-state trip to use the fake cards after he was arrested in March in Ladue, Missouri, when authorities discovered the illicit materials. Source: http://www.stltoday.com/news/local/crime-and-courts/ladue-arrest-leads-to-guilty-plea-to-fake-credit-card/article_360db35b-ce57-5197-b637-8e2f3d7a88f9.htm

Information Technology Sector

18. June 10, SecurityWeek – (International) VMware patches critical flaw in NSX, vCNS products. VMware released updates for its NSX Edge 6.1, 6.2, and vCloud Networking and Security (vCNS) Edge 5.5., patching a critical input validation flaw after a company security researcher found the product contained a stored cross-site scripting (XSS) vulnerability that could allow an attacker to hijack an authenticated user’s session. The company advised its users to update the products to the latest versions. Source: http://www.securityweek.com/vmware-patches-critical-flaw-nsx-vcns-products

19. June 10, IDG News Service – (International) New Mozilla fund will pay for security audits of open-source code. Mozilla reported that it will set up a $500,000 fund, titled Secure Open Source (SOS), to pay for professional security companies to audit project code in several of its software products after the company discovered 43 flaws including a HeartBleed and Shellshock malware, a critical vulnerability, and two other flaws in its open-source products. Source: http://www.computerworld.com/article/3082046/security/new-mozilla-fund-will-pay-for-security-audits-of-open-source-code.html#tk.rss_security

20. June 10, Softpedia – (International) Crysis ransomware appears out of thin air to take TeslaCrypt’s place. Security researchers reported that the malware, Crysis could be the next TeslaCrypt malware after discovering that Crysis encrypts all contacted files, with the exception of its own binaries and core Windows files, communicates with its Command and Control (C&C) server, sends local computer details to help identify the victim, and sends information on the number of files it encrypts. Source: http://news.softpedia.com/news/crysis-ransomware-appears-from-thin-air-to-take-teslacrypt-s-place-505082.shtml

21. June 10, Softpedia – (International) ISIS hackers leak details from Arkansas Library Association. The FBI and several other security firms detected that the Caliphate Cyber Army (CCA), an Islamic State de-facto hacking division, leaked the personal information including names, addresses, and telephone numbers of more than 800 employees from the Arkansas Library Association (ALA) by using a Structured Query Language (SQL) injection attack. Source: http://news.softpedia.com/news/isis-hackers-leak-details-from-arkansas-library-association-505074.shtml

22. June 9, SecurityWeek – (International) Trihedral patches flaws in SCADA software. Trihedral Engineering released version 11.2.02 for its VTScada products used in the water, energy, food and agriculture, critical manufacturing, communications, nuclear, and transportation sectors after discovering three critical and high severity vulnerabilities in the Wireless Application Protocol (WAP) component including an out of-bounds read issue, a path traversal flaw, and an authentication bypass flaw that can all be exploited by a remote attacker. Source: http://www.securityweek.com/trihedral-patches-flaws-scada-software

For another story, see item 23 below from the Commercial Facilities Sector

23. June 10, SecurityWeek – (International) Wendy’s finds more PoS systems hit by malware. Wendy’s fast food restaurant reported June 9 that the number of locations affected by a point-of-sale (PoS) breach was much higher than previously anticipated after an investigation revealed unrelated cybersecurity issues had been identified at approximately 300 other franchise restaurants following the infection of a remote access tool (RAT) that was found on PoS systems. Officials are continuing to investigate the incident and the food chain did not give an exact number of affected locations.

Communications Sector

See item 22 above in the Information Technology Sector