Complete DHS Report for December 20, 2016
Daily Report
Top Stories
• The president of Lisle, Illinois-based Capital Management
Associates Inc. was charged December 14 for allegedly engaging in a $400
million fraudulent securities trading scheme. – U.S. Attorney’s Office,
Northern District of Illinois See item 8 below in the Financial Services Sector
• Officials announced December 16 that Deutsche Bank AG agreed to
pay a total of $37 million to resolve charges that the firm made materially
false statements and omissions to its clients regarding the Dark Pool Ranking
Model feature of one of its order routers. – U.S. Securities and Exchange
Commission See item 9 below in
the Financial Services Sector
• Lynda.com announced it will notify about 9.5 million users
worldwide that their user information may have been compromised after an
unauthorized third party accessed a database containing the information. – SecurityWeek
See item 26 below in the Information Technology Sector
• Three Romanian nationals were extradited to the U.S. the week of
December 12 and charged for their alleged roles in a $4 million cyber fraud
scheme where the trio infected at least 60,000 devices, primarily in the U.S. –
U.S. Department of Justice See item 29 below in the Information Technology Sector
Financial Services Sector
7. December 17, Southern
California City News Service – (California) Recognize the Valley's
'Skipper Bandit' bank robber? The FBI continued to search December 16 for a
man dubbed the “Skipper Bandit,” who has allegedly robbed or attempted to rob 6
banks, primarily in California’s San Fernando Valley, between July 2015 and
July 2016.
8. December 16, U.S.
Attorney’s Office, Northern District of Illinois – (International) Suburban
investment advisor charged with securities fraud for engaging in fraudulent
allocation scheme. The president of Lisle, Illinois-based Capital
Management Associates Inc. was charged December 14 for allegedly placing more
than $400 million in securities trades without disclosing in advance if he was
trading personal funds or client funds, waiting up to 5 days to allocate the
trades so that he could choose the profitable ones for his personal accounts
and assign the losing ones to the accounts of unsuspecting clients, as well as
withdrawing more than $1 million in profits earned from the scheme from his
personal accounts between July 2008 and August 2012. The charges allege that
the defendant bought over 16,000 publicly traded securities, including shares
in The Walgreen Company, British Petroleum, and Caterpillar Inc., among other
firms. Source: https://www.justice.gov/usao-ndil/pr/suburban-investment-advisor-charged-securities-fraud-engaging-fraudulent-allocation
9. December 16, U.S.
Securities and Exchange Commission – (International) Deutsche Bank
settles charges of misleading clients about order router. The U.S.
Securities and Exchange Commission (SEC) and New York Attorney General’s office
announced December 16 that Deutsche Bank AG agreed to pay a total of $37
million to resolve charges that the firm made materially false statements and
omissions to its clients regarding the Dark Pool Ranking Model feature of one
of its order routers, SuperX+, where, due to a coding error, the bank updated
the ranking model only once during a 2-year period, causing at least 2 dark
pools to receive inflated rankings and consequently generate millions of orders
that SuperX+ would have sent elsewhere if the system was operating the way the
bank described. The SEC also discovered that the firm manually overrode the
Dark Pool rankings in select instances and manually assigned fill rates for new
venues based on subjective judgment that was inconsistent with the venues’ real
performance.
Source:
https://www.sec.gov/news/pressrelease/2016-264.html
For another story, see item 28
below in the Information
Technology Sector
Information Technology Sector
25. December 19,
SecurityWeek – (International) Privilege escalation, RCE flaws patched
in Nagios Core. A security researcher from Legal Hackers discovered the
Nagios Core alerting and monitoring software is plagued by two vulnerabilities,
one of which is a remote code execution (RCE) flaw that can be exploited by a
man-in-the-middle (MitM) attacker via the Rich Site Summary (RSS) feed feature,
allowing the malicious actor to read and write arbitrary files on the
compromised server, as well as execute code in the context of a Nagios user.
Once an attacker achieves this level of access, the actor can exploit the
second flaw to elevate their privileges to root, potentially causing the entire
system to be compromised.
Source:
http://www.securityweek.com/privilege-escalation-rce-flaws-patched-nagios-core
26. December 19,
SecurityWeek – (International) LinkedIn’s Lynda.com notifies users of
data breach. Lynda.com, LinkedIn’s online learning platform, announced it
will notify about 9.5 million users worldwide that their user information may
have been compromised after the company became aware that a database containing
user information had been accessed by an unauthorized third party. LinkedIn
stated the passwords of roughly 55,000 Lynda.com users have been reset as a
precaution, and there is no evidence that passwords were exposed or that any
data was made publicly available.
Source:
http://www.securityweek.com/linkedins-lyndacom-notifies-users-data-breach
27. December 19,
SecurityWeek – (International) MacBooks leak disk encryption password. A
security researcher discovered that an attacker with physical access to a
locked or sleeping Apple MacBook can retrieve the FileVault 2 password in clear
text by connecting a special device to the targeted device’s Thunderbolt port
due to the fact that the direct memory access (DMA) attack protections are not
active before the operating system (OS) has booted, thereby enabling an
attacker to read and write memory from a MacBook device via the Thunderbolt
device. The researcher found that the attack does not work if the targeted
MacBook has been turned off as the password is no longer available in the
memory. Source:
http://www.securityweek.com/macbooks-leak-disk-encryption-password
28. December 16,
SecurityWeek – (International) Updated Tordow Android malware gets
ransomware capabilities. Comodo security researchers warned that an updated
version of the Tordow Android malware, dubbed Tordow v2.0 was spotted and is
now able to act as a ransomware, steal login credentials, and manipulate
banking data, as well as encrypt and decrypt files, and remove security
software. The malware spreads through compromised variants of popular social
media and gaming applications that are available for download via third-party
Websites and behave like the legitimate apps, while they include embedded and
encrypted malicious functions. Source: http://www.securityweek.com/updated-tordow-android-malware-gets-ransomware-capabilities
29. December 16, U.S.
Department of Justice – (International) Three Romanian nationals
indicted in $4 million cyber fraud scheme that infected at least 60,000
computers and sent 11 million malicious emails. Three Romanian nationals
were extradited to the U.S. the week of December 12 and charged for their alleged
roles in a $4 million cyber fraud scheme where the trio infected at least
60,000 devices, primarily in the U.S., by sending more than 11 million
malicious emails that contained a malware that the group created in order to
harvest personally identifiable information, such as credit card information
and user names and passwords from the infected devices. The trio reportedly
used the stolen credit card information to fund their criminal activities. Source: https://www.justice.gov/opa/pr/three-romanian-nationals-indicted-4-million-cyber-fraud-scheme-infected-least-60000-computers
Communications Sector
See item 28 above in the Information Technology
Sector