Complete DHS Report for January 6, 2017
Daily Report
Top Stories
• Deutsche Bank AG agreed January 4 to pay $95 million to settle a
tax fraud lawsuit after the bank allegedly used shell companies to avoid paying
tens of millions of dollars in Federal taxes in 2000. – MarketWatch See item 3
below in the Financial Services Sector
• About 104 people were injured after a Long Island Rail Road train
arriving from Far Rockaway derailed at the Atlantic Terminal in Brooklyn, New
York, January 4. – Reuters
5. January 5, Reuters –
(New York) New York train crash injures more than 100 commuters. About
104 people were injured after a Long Island Rail Road train arriving from Far
Rockaway derailed at the Atlantic Terminal in Brooklyn, New York, January 4
after striking a bumping block when the train failed to stop on time. The
incident remains under investigation.
• Baltimore County public works officials reported that around
57,000 gallons of sewage spilled in Reisterstown, Maryland, January 4 after a
10-inch sewer line broke. – Baltimore Sun
12. January 4, Baltimore
Sun – (Maryland) 57,000 gallons of sewage spills in Reisterstown. Baltimore
County public works officials reported that around 57,000 gallons of sewage
spilled in Reisterstown, Maryland, January 4 after a 10-inch sewer line broke due
to its proximity to an eroding stream bed. Health officials will monitor
bacteria levels in the water for possible contamination. Source:
http://www.baltimoresun.com/news/maryland/baltimore-county/bs-md-co-sewage-spill-reisterstown-20170104-story.html
• The Northside Independent School District in San Antonio
notified January 4 approximately 23,000 former and current students and
employees that their personal information may have been compromised after
hackers accessed the email accounts of some employees. – KSAT 12 San Antonio
16. January 4, KSAT 12
San Antonio – (Texas) Letter notifies NISD employees, students of email
breach. The Northside Independent School District in San Antonio notified
January 4 approximately 23,000 former and current students and employees that
their personal information may have been compromised after it was discovered in
August 2016 that hackers accessed some employees’ email accounts. Officials
stated there is no evidence that any of the information has been abused.
Source:
http://www.ksat.com/education/letter-sent-notifying-nisd-employees-students-of-email-breach
Financial Services Sector
3. January 5, MarketWatch
– (International) Deutsche Bank settles tax fraud suit for $95 million. Deutsche
Bank AG agreed January 4 to pay the U.S. Government $95 million to settle a tax
fraud lawsuit filed in 2014 after the bank allegedly used shell companies to
avoid paying tens of millions of dollars in Federal taxes in 2000, including as
much as $190 million in taxes, penalties, and interest.
Source: http://www.marketwatch.com/story/deutsch-bank-settles-tax-fraud-suit-for-95-million-2017-01-04
4. January 4, Lafayette
Journal & Courier – (Indiana; Illinois) Ex-fast food employee admits
to card skimming. A West Lafayette, Indiana woman pleaded guilty January 4
to skimming 100 customer credit cards through the cash register and another
handheld device while employed at a West Lafayette McDonald’s restaurant in
December 2015. The woman and two co-conspirators reportedly used the stolen
card information to create counterfeit credit cards and make fraudulent
purchases at stores in Lafayette and Chicago. Source: http://www.jconline.com/story/news/crime/2017/01/04/mcdonalds-employee-pleads-credit-card-skimming/96159498/
Information Technology Sector
24. January 5,
SecurityWeek – (International) FireCrypt ransomware packs DDoS code. The
MalwareHunterTeam discovered that the FireCrypt ransomware is able to encrypt
victims’ files, as well as launch a distributed denial-of-service (DDoS) attack
against a Uniform Resource Locator (URL) hardcoded in the source code. The
researchers found the URL FireCrypt targets cannot be modified using the
ransomware’s builder, and reported that in order for the malware’s DDoS attack
to cause significant damage, FireCrypt would have to infect thousands of
devices simultaneously.
25. January 4,
SecurityWeek – (International) Google patches 22 critical Android
vulnerabilities. Google released its January 2017 Android Security Bulletin
addressing a total of 95 vulnerabilities, including 23 flaws that impact
various Android components and 72 bugs that affect drivers and other original
design manufacturer (ODM) software, as well as Nexus and Pixel devices. The
patches resolve a total of 22 critical vulnerabilities, including 21 elevation
of privilege flaws in the Qualcomm bootloader, kernel file system, and Qualcomm
video driver, among other components.
26. January 4,
SecurityWeek – (International) MongoDB databases actively hijacked for
extortion. A security researcher and co-founder of GDI Foundation found
that a hacker, known as Harak1r1, is searching for vulnerable MongoDB databases
exposed to the Internet and subsequently hijacks them to steal and replace the
databases content with one called “Warning” before demanding a ransom in
exchange for the data. The researcher reported that the malicious actor targets
only those databases that contain important data, as companies are more likely
to pay a high ransom to regain access to the content. Source: http://www.securityweek.com/mongodb-databases-actively-hijacked-extortion
Communications Sector
Nothing to report