Complete DHS Report for December 20, 2016
• The president of Lisle, Illinois-based Capital Management Associates Inc. was charged December 14 for allegedly engaging in a $400 million fraudulent securities trading scheme. – U.S. Attorney’s Office, Northern District of Illinois See item 8 below in the Financial Services Sector
• Officials announced December 16 that Deutsche Bank AG agreed to pay a total of $37 million to resolve charges that the firm made materially false statements and omissions to its clients regarding the Dark Pool Ranking Model feature of one of its order routers. – U.S. Securities and Exchange Commission See item 9 below in the Financial Services Sector
• Lynda.com announced it will notify about 9.5 million users worldwide that their user information may have been compromised after an unauthorized third party accessed a database containing the information. – SecurityWeek See item 26 below in the Information Technology Sector
• Three Romanian nationals were extradited to the U.S. the week of December 12 and charged for their alleged roles in a $4 million cyber fraud scheme where the trio infected at least 60,000 devices, primarily in the U.S. – U.S. Department of Justice See item 29 below in the Information Technology Sector
Financial Services Sector
7. December 17, Southern California City News Service – (California) Recognize the Valley's 'Skipper Bandit' bank robber? The FBI continued to search December 16 for a man dubbed the “Skipper Bandit,” who has allegedly robbed or attempted to rob 6 banks, primarily in California’s San Fernando Valley, between July 2015 and July 2016.
8. December 16, U.S. Attorney’s Office, Northern District of Illinois – (International) Suburban investment advisor charged with securities fraud for engaging in fraudulent allocation scheme. The president of Lisle, Illinois-based Capital Management Associates Inc. was charged December 14 for allegedly placing more than $400 million in securities trades without disclosing in advance if he was trading personal funds or client funds, waiting up to 5 days to allocate the trades so that he could choose the profitable ones for his personal accounts and assign the losing ones to the accounts of unsuspecting clients, as well as withdrawing more than $1 million in profits earned from the scheme from his personal accounts between July 2008 and August 2012. The charges allege that the defendant bought over 16,000 publicly traded securities, including shares in The Walgreen Company, British Petroleum, and Caterpillar Inc., among other firms. Source: https://www.justice.gov/usao-ndil/pr/suburban-investment-advisor-charged-securities-fraud-engaging-fraudulent-allocation
9. December 16, U.S. Securities and Exchange Commission – (International) Deutsche Bank settles charges of misleading clients about order router. The U.S. Securities and Exchange Commission (SEC) and New York Attorney General’s office announced December 16 that Deutsche Bank AG agreed to pay a total of $37 million to resolve charges that the firm made materially false statements and omissions to its clients regarding the Dark Pool Ranking Model feature of one of its order routers, SuperX+, where, due to a coding error, the bank updated the ranking model only once during a 2-year period, causing at least 2 dark pools to receive inflated rankings and consequently generate millions of orders that SuperX+ would have sent elsewhere if the system was operating the way the bank described. The SEC also discovered that the firm manually overrode the Dark Pool rankings in select instances and manually assigned fill rates for new venues based on subjective judgment that was inconsistent with the venues’ real performance.
For another story, see item 28 below in the Information Technology Sector
Information Technology Sector
25. December 19, SecurityWeek – (International) Privilege escalation, RCE flaws patched in Nagios Core. A security researcher from Legal Hackers discovered the Nagios Core alerting and monitoring software is plagued by two vulnerabilities, one of which is a remote code execution (RCE) flaw that can be exploited by a man-in-the-middle (MitM) attacker via the Rich Site Summary (RSS) feed feature, allowing the malicious actor to read and write arbitrary files on the compromised server, as well as execute code in the context of a Nagios user. Once an attacker achieves this level of access, the actor can exploit the second flaw to elevate their privileges to root, potentially causing the entire system to be compromised.
26. December 19, SecurityWeek – (International) LinkedIn’s Lynda.com notifies users of data breach. Lynda.com, LinkedIn’s online learning platform, announced it will notify about 9.5 million users worldwide that their user information may have been compromised after the company became aware that a database containing user information had been accessed by an unauthorized third party. LinkedIn stated the passwords of roughly 55,000 Lynda.com users have been reset as a precaution, and there is no evidence that passwords were exposed or that any data was made publicly available.
27. December 19, SecurityWeek – (International) MacBooks leak disk encryption password. A security researcher discovered that an attacker with physical access to a locked or sleeping Apple MacBook can retrieve the FileVault 2 password in clear text by connecting a special device to the targeted device’s Thunderbolt port due to the fact that the direct memory access (DMA) attack protections are not active before the operating system (OS) has booted, thereby enabling an attacker to read and write memory from a MacBook device via the Thunderbolt device. The researcher found that the attack does not work if the targeted MacBook has been turned off as the password is no longer available in the memory. Source: http://www.securityweek.com/macbooks-leak-disk-encryption-password
28. December 16, SecurityWeek – (International) Updated Tordow Android malware gets ransomware capabilities. Comodo security researchers warned that an updated version of the Tordow Android malware, dubbed Tordow v2.0 was spotted and is now able to act as a ransomware, steal login credentials, and manipulate banking data, as well as encrypt and decrypt files, and remove security software. The malware spreads through compromised variants of popular social media and gaming applications that are available for download via third-party Websites and behave like the legitimate apps, while they include embedded and encrypted malicious functions. Source: http://www.securityweek.com/updated-tordow-android-malware-gets-ransomware-capabilities
29. December 16, U.S. Department of Justice – (International) Three Romanian nationals indicted in $4 million cyber fraud scheme that infected at least 60,000 computers and sent 11 million malicious emails. Three Romanian nationals were extradited to the U.S. the week of December 12 and charged for their alleged roles in a $4 million cyber fraud scheme where the trio infected at least 60,000 devices, primarily in the U.S., by sending more than 11 million malicious emails that contained a malware that the group created in order to harvest personally identifiable information, such as credit card information and user names and passwords from the infected devices. The trio reportedly used the stolen credit card information to fund their criminal activities. Source: https://www.justice.gov/opa/pr/three-romanian-nationals-indicted-4-million-cyber-fraud-scheme-infected-least-60000-computers
See item 28 above in the Information Technology Sector