· MRI International and its
owner were found liable October 3 for operating a Ponzi scheme that raised more
than $800 million from thousands of investors living primarily in Japan. – U.S.
Securities and Exchange Commission See
item 3 below
in the Financial Services Sector
· Two
people were killed in a storm that moved across southern U.S. States October 14
which flooded roadways and knocked out electricity for more than 66,000
customers, closing schools in several States. – Associated Press
19. October
14, Associated Press – (National) 2 killed as storms sweep across
several states. Two people were killed in a storm that moved across
southern U.S. States October 14 producing heavy rains and strong winds which
flooded roadways and knocked out electricity for more than 66,000 customers in
Georgia and Louisiana. Schools in several States cancelled classes and
activities. Source: http://www.msn.com/en-us/news/us/2-killed-as-storms-sweep-across-several-states/ar-BB95BDz
· The
Oregon Employment Department notified 851,322 individuals October 13 who
registered with the WorkSource Oregon Management Information System that their
information may have been compromised by a security vulnerability. – KPTV 12
Portland; KPDX 49 Vancouver
20. October
13, KPTV 12 Portland; KPDX 49 Vancouver – (Oregon) 850,000 people
potentially impacted by WorkSource Oregon security breach. The Oregon
Employment Department notified 851,322 individuals October 13 who registered
with the WorkSource Oregon Management Information System that their information
may have been compromised by a security vulnerability. Users were asked to
change passwords and re-set security questions while officials continue to
investigate. Source: http://www.kptv.com/story/26776035/worksource-oregon-data-breach-affects-850000-people
· Sears
Holding Corporation disclosed that the payment data systems associated with the
company’s Kmart stores were breached and an undetermined amount of consumers’
payment card data may have been compromised. – Help Net Security
33. October
13, Help Net Security – (International) Kmart confirms month-old
data breach, payment card data stolen. Sears Holding Corporation disclosed
that the payment data systems associated with the company’s Kmart stores were
breached and an undetermined amount of consumers’ payment card data may have
been compromised. The breach is believed to have started in September when
attackers infected the system with a form of undetectable malware, which was
removed after the breach was detected October 9. Source: http://www.net-security.org/secworld.php?id=17482
Financial Services Sector
3. October 10, U.S. Securities and
Exchange Commission – (International) SEC obtains summary
judgment win on liability in Ponzi scheme case. A federal judge ruled October
3 that MRI International and its owner were liable for operating a Ponzi scheme
that raised more than $800 million from thousands of investors living primarily
in Japan who believed their investments were being used to purchase medical
accounts receivable from medical providers at a discounted rate. Source: http://www.sec.gov/litigation/litreleases/2014/lr23111.htm
For another story, see item 33 above in Top Stories
Information Technology Sector
25. October 14, Help Net Security – (International) Russian espionage group used Windows
0-day to target NATO, EU. iSIGHT Partners discovered a zero-day
vulnerability used in a cyber-espionage campaign dubbed SandWorm targeting the
North Atlantic Treaty Organization, the European Union, Ukrainian and Polish
government organizations, and several European telecommunications and energy
sectors. Microsoft is expected to release a patch for the zero-day which
exploits supported versions of Microsoft Windows and Windows Server 2008 and
2012. Source: http://www.net-security.org/secworld.php?id=17491
26. October 14, Softpedia – (International) Dropbox denies being hacked, points to
third-party services. Dropbox announced that its servers were not breached
after a list of 420 username and password pairs were publicized on Pastebin
with a poster claiming that more would be published with Bitcoin donations. The
company reported that the information was stolen from other Web services used by
the victims, who had identical usernames and passwords for Dropbox. Source: http://news.softpedia.com/news/Dropbox-Denies-Being-Hacked-Points-At-Third-Party-Services-461989.shtml
27. October 13, Network World – (International) The snappening: Snapsaved admits to
hack that leaked SnapChat photos. Snapchat’s third-party app Snapsaved was
hacked involving the release of 500MB of images containing between 90,000 and
200,000 photos and videos due to a misconfiguration in their Apache server.
Snapsaved subsequently deleted the entire Web site and database associated with
the breach. Source: http://www.networkworld.com/article/2825359/microsoft-subnet/the-snappening-snapsaved-admits-to-hack-that-leaked-snapchat-photos.html
28. October 10,
Securityweek – (International) Multiple
vulnerabilities found in BMC Track-It! help desk software. Researchers with
the Computer Emergency Response Team Coordination Center at Carnegie Mellon
University (CERT/CC) and Agile Information Security found that Track-It!
version 11.3.0.355, the IT helpdesk solution created by BMC Software, contains
three vulnerabilities related to permissions, privileges, and access control,
missing authentication for critical function, and an exploitation using blind
SQL injection. The company is working on addressing the issues. Source: http://www.securityweek.com/multiple-vulnerabilities-found-bmc-track-it-help-desk-software
29. October 10,
SC Magazine – (International) New mobile
trojan masquerading as Tic-tac-toe game targets Android devices. Kaspersky
Lab researchers found that a Tic-tac-toe game available on Android devices
houses the Gomal trojan which allows hackers to record audio from the
microphone, steal incoming SMS messages, steal data from the device log, and
obtain root privileges, among other things. Good for Enterprise researchers
determined that the app was a proof-of-concept app presented at Black Hat 2013
and used only in Samsung Exynos memory access vulnerability, which has since
been patched. Source: http://www.scmagazine.com/new-mobile-trojan-masquerading-as-tic-tac-toe-game-targets-android-devices/article/376722/
30. October 10,
SC Magazine – (International) HP to remove
digital signature that code-signed malware. Symantec discovered that an HP
digital certificate was used to cryptographically sign (code-sign) malware
shipped through HP products in May 2010. HP will revoke the digital certificate
October 21 after researchers found an apparent signature on a four-year-old
trojan that may have been included in the software. Source: http://www.scmagazine.com/hp-to-remove-digital-signature-that-code-signed-malware/article/376737/
Communications Sector
Nothing
to report