Daily Report
Top Stories
• Eleven individuals were injured by fire and
flying debris when a propane tank on a food truck exploded while it was parked
in the Feltonville section of Philadelphia July 1. – WCAU 10 Philadelphia
14.
July 2, WCAU 10 Philadelphia – (Pennsylvania) 12 hurt, 2 critical in
food truck explosion. Eleven individuals were injured by fire and flying
debris when a propane tank on the La Parrillada Chapina food truck exploded
while it was parked in the Feltonville section of Philadelphia July 1. Nearby
roadways were blocked off for several hours while police investigated the cause
of the explosion. Source: http://www.nbcphiladelphia.com/news/local/Auto-Body-Shop-Explodes-in-Feltonville-265446241.html
• Federal authorities announced July 1 that
six members of the Los Angeles County Sheriff’s Department were convicted of
obstructing a federal investigation into violence against inmates in county
jails. – Southern California City News Service
24.
July 2, Southern California City News Service – (California) 6 in Los
Angeles County Sheriff’s Department convicted in federal jail probe. Federal
authorities announced July 1 that six members of the Los Angeles County
Sheriff’s Department were convicted of obstructing a federal investigation into
violence against inmates in county jails. The individuals conspired to transfer
and rebook a federal informant in the jail and hide him from his FBI handlers
in order to prevent him from testifying in court. Source: http://www.dailynews.com/government-and-politics/20140701/6-in-los-angeles-county-sheriffs-department-convicted-in-federal-jail-probe
• Kaspersky stated that the takedown by
Microsoft of several domains belonging to the No-IP Internet service also
disrupted in some form the operations of around 25 percent of advanced
persistent threat (APT) groups the company is tracking. – SC Magazine (See
item 28) below in the Information
Technology Sector
• A Texas woman pleaded guilty June 30 to her
role in an international shoplifting ring that used oversized bags to steal
millions of dollars’ worth of merchandise from stores in Texas, Canada, and
Australia. – Reuters
35. July 1, Reuters – (International) Texas woman
sentenced for million dollar shoplifting ring. A Texas woman pleaded guilty
June 30 to her role in an international shoplifting ring that used oversized
bags to steal millions of dollars’ worth of merchandise from stores in Texas,
Canada, and Australia, then sold the products through online stores. Source: http://www.reuters.com/article/2014/07/01/us-usa-crime-texas-shoplifting-idUSKBN0F65FR20140701
Financial Services Sector
9. July 2, WMAZ 3 Macon –
(Georgia) 16 people arrested in Macon racketeering investigation. Sixteen
suspects were arrested in Macon as part of a joint federal investigation into
an alleged identity theft scheme that used stolen credentials from hundreds of
victims to add funds to Bibb County Jail and Georgia Department of Corrections
prisoner’ accounts. Authorities believe many of the suspects are associated
with the Crips street gang and six suspects are still being sought. Source: http://www.13wmaz.com/story/news/local/macon/2014/07/02/rico-investigation-nets-16-macon-arrests/12010377/
10. July 1, Reuters –
(National) HSBC settles U.S. fraud charges over foreclosure fees. HSBC
agreed July 1 to pay $10 million to settle charges that the bank overcharged
the Federal Housing Administration and Fannie Mae for foreclosure-related fees
on federally-backed home loans between 2009 and 2010. Source: http://www.reuters.com/article/2014/07/01/us-hsbc-settlement-foreclosures-idUSKBN0F64GQ20140701
11. July 1, BankInfoSecurity –
(National) POS vendor: Possible restaurant breach. Vancouver,
Washington-based point of sale (POS) vendor Information Systems & Supplies
notified restaurant customers June 12 that it experienced a LogMeIn
remote-access compromise three times between February and April, potentially
exposing the payment card data of the restaurants’ customers who used the POS
devices. Source: http://www.bankinfosecurity.com/pos-vendor-possible-restaurant-breach-a-7009/op-1
12. July 1, WFLD 32 Chicago –
(Illinois) FBI offers $5K reward for ‘No Boundaries Bandit’. The FBI
announced a reward for information leading to the arrest of a suspect known as
the “No Boundaries Bandit” wanted in connection with at least seven bank
robberies in the Chicago area since May 16. The most recent robbery associated
with the suspect occurred June 24 at a Chase Bank branch in Chicago. Source: http://www.myfoxchicago.com/story/25918468/fbi-offers-5k-reward-for-no-boundaries-bandit
For additional stories, see item 8 from the Critical Manufacturing Sector
below and 31 below
in the Information Technology Sector
8. July 1, U.S. Attorney’s Office,
Western District of Missouri – (Missouri) Kansas City woman indicted in
$3 million fraud scheme that forced employer into bankruptcy. A Kansas
City, Missouri certified public accountant was indicted July 1 on charges that
she allegedly created unauthorized Automated Clearing House (ACH) transactions
and loan documents to defraud her employer, Galvmet Inc., and Missouri Bank
& Trust of around $3 million between 2004 and 2014. Prosecutors allege that
the fraud caused the company to go into bankruptcy and cease operations in
2014. Source: http://www.fbi.gov/kansascity/press-releases/2014/kansas-city-woman-indicted-in-3-million-fraud-scheme-that-forced-employer-into-bankruptcy
Information Technology Sector
26. July 2, IDG News Service – (International) Critical
flaw in WordPress newsletter plug-in endangers many blogs. Researchers with
Sucuri identified a vulnerability in the MailPoet (formerly wysija-newsletters)
plugin for WordPress that could allow attackers to take control of sites using
the plugin. The vulnerability was patched July 1 in an update for MailPoet and
all users were advised to upgrade as soon as possible. Source: http://www.computerworld.com/s/article/9249519/Critical_flaw_in_WordPress_newsletter_plug_in_endangers_many_blogs
27. July 2, The Register – (International) MONSTER
COOKIES can nom nom nom ALL THE BLOGS. A security researcher identified and
reported a method that could be used to prevent users from accessing Web sites
by setting cookies with header values so large that they trigger Web server
errors. The researcher demonstrated the attack against the Google Blog Spot
network and showed that users given the altered cookies were not able to see
any blogs on the service. Source: http://www.theregister.co.uk/2014/07/02/monster_cookies_can_nom_nom_nom_all_the_blogs/
28. July 2, SC Magazine – (International) MS No-IP
takedown hits 25% of APT attackers. Kaspersky stated that the takedown by
Microsoft of several domains belonging to the No-IP Internet service also
disrupted in some form the operations of around 25 percent of advanced
persistent threat (APT) groups the company is tracking. Microsoft also stated
that service was restored to legitimate customers July 1, however No-IP stated
that domains were still experiencing outages July 2 Source: http://www.scmagazineuk.com/ms-no-ip-takedown-hits-25-of-apt-attackers/article/359021/
29. July 2, The Register – (International) Redmond’s
EMET defense tool disabled by exploit torpedo. Researchers with Offensive
Security demonstrated how an exploit code can be uploaded which disables and
bypasses version 4.1 of Microsoft’s Enhanced Mitigation Toolkit (EMET) security
tool. Source: http://www.theregister.co.uk/2014/07/02/redmonds_emet_defense_tool_disabled_by_exploit_torpedo/
30. July 1, Help Net Security – (International) Number
and diversity of phishing targets continues to increase. The Anti-Phishing
Working Group (APWG) released a report on phishing during the first quarter of
2014 and found that the number of phishing sites increased by 10.7 percent over
the previous quarter, among other findings. Source: http://www.net-security.org/secworld.php?id=17070
31. July 1, Help Net Security – (International) Geodo
infostealer gets help from worm. A security researcher identified a new
version of the Cridex information-stealing malware known as Geodo that works in
conjunction with a worm to spread. The researcher found that the malware is
completely new code but uses the same botnet, command and control infrastructure,
and distribution mechanisms as the previous Feodo version of Cridex. Source: http://www.net-security.org/malware_news.php?id=2799
32. July 1, IDG News Service – (International) Microsoft
boosts anti-snooping protection in Outlook.com, OneDrive. Microsoft
announced that it added encryption protection to its Outlook.com webmail
service and OneDrive cloud storage service in order to better protect users’
privacy. Source: http://www.computerworld.com/s/article/9249490/Microsoft_boosts_anti_snooping_protection_in_Outlook.com_OneDrive
33. July 1, Help Net Security – (International) Facebook
SDK flaw allows unauthorized access to Facebook accounts. MetaIntell
researchers identified a vulnerability in the Facebook SDK for Android and iOS
that could allow an attacker to compromise users’ Facebook accounts due to
insecure storage of the Facebook Access Token. The vulnerability is present in
31 of the top 100 Android apps and 71 of the top 100 iOS apps. Source: http://www.net-security.org/secworld.php?id=17074
For another story, see item 11 above in the Financial Services Sector
Communications Sector
Nothing
to report