Wednesday, December 24, 2014



Complete DHS Report for December 24, 2014

Daily Report

Top Stories

 · Federal prosecutors announced December 19 that Lockheed Martin Integrated Systems agreed to pay $27.5 million to resolve allegations that the defense contractor overbilled the federal government for work on two U.S. Army contracts. – Associated Press

5. December 20, Associated Press – (Maryland; New Jersey) Lockheed Martin pays $27.5M in billing allegation. Federal prosecutors announced December 19 that Lockheed Martin Integrated Systems agreed to pay $27.5 million to resolve allegations that the defense contractor overbilled the federal government for work on 2 U.S. Army Communications and Electronics Command contracts at Fort Monmouth in New Jersey and the Aberdeen Proving Ground in Maryland. Officials allege that the contractor provided under-qualified employees for the work while billing the government at higher rates intended for qualified workers. Source: https://news.yahoo.com/lockheed-martin-pays-27-5m-002620492.html

 · A Delta Airlines baggage handler and three others were charged December 22 for an alleged weapons smuggling operation in which more than 129 firearms and ammunition were smuggled from Atlanta to New York in luggage. – ABC News

9. December 22, ABC News – (Georgia; New York) Feds bust alleged Delta Airlines gun-smuggling ring. A baggage handler for Delta Airlines and 3 other accomplices were charged December 22 for an alleged weapons smuggling operation in which more than 129 firearms and ammunition were smuggled from Atlanta to New York through carry-on luggage. Authorities in New York arrested one co-conspirator after an investigation determined he was working with the Delta Airlines ramp agent/baggage handler in the scheme. Source: http://abcnews.go.com/US/feds-bust-alleged-delta-airlines-gun-smuggling-ring/story?id=27777273

 · A former correctional officer at the John E. Goode Pretrial Detention Facility in Jacksonville, Florida, pleaded guilty December 22 to stealing personal information from 49 inmates housed at the facility and using it to create fake debit card accounts and file fake tax returns. – WJXT 4 Jacksonville

22. December 22, WJXT 4 Jacksonville – (Florida) Former correctional officer pleads guilty to wire fraud, ID theft. A former correctional officer at the John E. Goode Pretrial Detention Facility in Jacksonville pleaded guilty December 22 to stealing personal information from 49 inmates housed at the facility and using it to create fake debit card accounts and 38 fake W-2 forms claiming more than $250,000 in tax refunds. Source: http://www.news4jax.com/news/former-correctional-officer-pleads-guilty-to-wire-fraud-id-theft/30357336

 · Staples officials released December 19 a list of 115 U.S. stores that were affected by a security breach that was announced in October and reported that an estimated 1.16 million payment cards were compromised. – CBS News

29. December 22, CBS News – (National) Staples says 1.16 million credit card numbers stolen in breach. Staples officials released December 19 a list of 115 U.S. stores that were affected by a security breach that was announced in October and reported that an estimated 1.16 million payment cards were compromised during the attack that started in July. The company stated that the company began removing the malware that infected the stores’ payment systems in September. Source: http://www.cbsnews.com/news/staples-says-1-16-million-credit-card-numbers-stolen-in-breach/

Financial Services Sector

6. December 22, Securityweek – (International) ‘Vawtrak’ banking malware continues to evolve. Researchers with Sophos identified a new variant of the Vawtrak banking malware (also known as NeverQuest or Snifula) that is capable of injecting a DLL into browser processes to infect users and compromise banking credentials. The malware variant is capable of disguising its communications and bypassing two-factor authentication, among other capabilities. Source: http://www.securityweek.com/vawtrak-banking-malware-continues-evolve

7. December 22, U.S. Securities and Exchange Commission – (International) SEC charges two traders in Chile with insider trading. The U.S. Securities and Exchange Commission filed charges December 22 against 2 business associates in Chile for allegedly using insider information that 1 of the individuals gained while serving as a member of the board of CFR Pharmaceuticals S.A. to make around $10.6 million in illicit profits. Source: http://www.sec.gov/news/pressrelease/2014-291.html

For another story, see item 29 above in Top Stories

Information Technology Sector

23. December 23, Softpedia – (International) The first polymorphic ransomware emerges, spreads on its own. Researchers with ESET and Sophos identified a new piece of ransomware known as VirLock or VirRansom that acts as a virus to infect several file types and scramble the files, then de-scrambles the files when a victim attempts to open them and installs the malware. The malware then locks the screen and demands a ransom be paid to unlock it. Source: http://news.softpedia.com/news/The-First-Polymorphic-Ransomware-Emerges-Spreads-On-Its-Own-468232.shtml

24. December 23, Threatpost – (International) Apple patches NTP vulnerabilities in first automated patch. Apple released an automatic update for its Mac OS X operating system, closing several remotely exploitable vulnerabilities in Network Time Protocol (NTP) that could have allowed attackers to exploit buffer overflow vulnerabilities. Source: http://threatpost.com/apple-patches-ntp-vulnerabilities-in-first-automated-patch/110090

25. December 23, Softpedia – (International) Security breach at NVIDIA triggers employee credentials reset. NVIDIA reset the credentials of an undisclosed number of employees’ accounts after an unauthorized intrusion into the company’s network occurred October 8 and was detected in early December. Security improvements were implemented to prevent future intrusions. Source: http://news.softpedia.com/news/Security-Breach-At-NVIDIA-Triggers-Employee-Credentials-Reset-468183.shtml

26. December 22, Softpedia – (International) Tor exit node cluster shut down. The operator of a large Tor exit node cluster stated that his exit node cluster was tampered with and activity terminated December 21, and warned users not to use the affected exit nodes if they reappear online until an investigation is completed. Source: http://news.softpedia.com/news/Tor-Exit-Node-Cluster-Shut-Down-468160.shtml

Communications Sector

Nothing to report