Complete DHS Report for
November 16, 2015
Daily Report
Top Stories
• Realty Capital Securities LLC was charged by
Massachusetts financial regulators November 12 for allegedly impersonating
shareholders to use their stocks to vote on corporate governance. – Boston
Globe See item 6 below in the Financial Services Sector
• Altaf Khanani Money Laundering Organization
and Al Zarooni Exchange were sanctioned as transnational criminal organizations
November 12 after investigators determined that the organizations were
laundering billions of dollars. – U.S. Department of the Treasury See
item 7 below in the Financial Services Sector
• Princess Cruises reported November 12 that travelers were
stranded on a ship after docking in Los Angeles following a U.S. Customs and
Border Protection computer failure. – KTLA 5 Los Angeles
10. November
12, KTLA 5 Los Angeles – (California) Computer glitch leaves
passengers stranded for hours after cruise ship arrives in San Pedro. A
Princess Cruises spokesperson reported November 12 that 30 percent of the Star
Princess’s 2,600 travelers were temporarily stranded on the ship after docking
in San Pedro, Los Angeles while crews manually processed passengers following a
U.S. Customs and Border Protection computer failure. Officials reported that
the incident was a result of a computer glitch and not a cyber-attack. Source: http://ktla.com/2015/11/12/computer-glitch-leaves-passengers-stranded-for-hours-after-cruise-ship-arrives-in-san-pedro/
• Securus Technologies announced November 12 that it is
investigating an alleged breach of its systems and stated that its system was
not hacked by an outside, but likely breached by an internal employee. – International
Business Times See
item 26 below in the Communications Sector
Financial Services Sector
4. November
12, Securityweek – (National) New PoS malware delivered via malicious docs,
exploit kit. Researchers from Proofpoint observed the “AbaddonPOS”
point-of-sale (PoS) malware and determined that it was being widely distributed
with the aid compromised Microsoft Word documents designed to download
information-stealing threats. Once the malware infects the system, it targets
the memory of all processes in track 1 and track 2 data associated with payment
cards. Source: http://www.securityweek.com/new-pos-malware-delivered-malicious-docs-exploit-kit
5. November
12, Orange County Daily Pilot – (California) Newport lawyer
accused of $8 million investment scam pleads guilty to 3 felonies. A former
attorney from Orange County pleaded guilty to 2 felony counts of wire fraud and
1 felony count of tax evasion November 12 for misleading investors by
collecting their investment money and spending it on personal expenses, netting
at least $8 million. Source: http://www.latimes.com/socal/daily-pilot/news/tn-dpt-me-1113-kang-plea-20151112-story.html
6. November
12, Boston Globe – (Massachusetts) Secretary of State alleges corporate-voting
fraud at Realty Capital Securities. Boston-based Realty Capital Securities
LLC was charged by Massachusetts financial regulators November 12 for allegedly
impersonating shareholders to use their stocks to vote on corporate governance,
which included a proxy vote that was used for a proposed $378 million deal and
another that would have given New York investors who controlled the company
more control over Business Development Corp. of America. Source: https://www.bostonglobe.com/business/2015/11/12/galvin-alleges-corporate-voting-fraud-realty-capital-securities/YbDnyUvM6nxJ8NbJEM0moK/story.html
7. November
12, U.S. Department of the Treasury – (International) Treasury
sanctions the Khanani Money Laundering Organization. The U.S. Department of
the Treasury’s Office of Foreign Assets Control announced November 12 that the
Altaf Khanani Money Laundering Organization (Khanani MLO) and Dubai-based money
services company Al Zarooni Exchange were sanctioned as transnational criminal
organizations after investigators determined that the organizations were
knowingly laundering billions of dollars to organized crime groups, drug
trafficking organizations, and designated global terrorist groups. Source: http://www.treasury.gov/press-center/press-releases/Pages/jl0265.aspx
8. November
10, WFIE 14 Evansville – (Indiana) 36 people charged in fraud scheme
involving staged car wrecks in the Tri-State. Thirty suspects out of the 36
people allegedly involved in a scheme to defraud insurance companies out of
more than $600,000 in false insurance claims over a 4 year period were served
warrants November 10 in Indiana. The suspect’s recruited people to participate
in staged crashes and trained them how to act in order to file false insurance
claims and run up medical bills through hospital stays. Source: http://www.14news.com/story/30484469/36-people-charged-in-fraud-scheme-involving-staged-car-wrecks-in-the-tri-state
Information Technology Sector
23. November
13, Securityweek – (International) Flaw in “Spring Social” puts user accounts at
risk. Researchers at SourceClear (SRC:CLR) discovered that a vulnerability
in Pivotal Software’s Spring Social authentication feature can be exploited via
a specially crafted Uniform Resource Locator (URL) that bypasses the cross-site
request forgery (CSRF) protection to link an attacker’s account, on a similar
service to GitHub or Facebook, with a victim’s account on a compromised Web
site. Pivotal Software patched the vulnerability with the release of Spring
Social Core update.
24. November
12, The Register – (International) Jenkins plugs 11 security holes with two
updates. Jenkins released Versions 1.638 and 1.625.2 for its open source
integration tool that patched 11 critical security vulnerabilities including a
zero-day vulnerability that exploited Jenkins CLI subsystem; a secret key flaw
that allowed attackers to connect as slaves, take over Jenkins systems, and
access private data; and a critical flaw that used unsafe deserialization,
allowing remote attackers to run arbitrary code on the Jenkins master, among
other vulnerabilities. Source: http://www.theregister.co.uk/2015/11/12/jenkins_security_update/
25. November
12, The Register – (International) Latest Android phones hijacked with tidy
one-stop-Chrome-pop. A researcher from Quihoo 360 discovered, and reported
during the MobilePwn2Own event at the PacSec security conference, a single
clean exploit in Google’s Chrome browser for Android via its JavaScript v8
engine that does not require several chained vulnerabilities to gain access and
load software without user interaction once a user visits a malicious Web site. Source: http://www.theregister.co.uk/2015/11/12/mobile_pwn2own/
For additional stories, see
item 4 above in the Financial Services Sector and 22 below from the Emergency Services Sector
22. November 12, Foster’s Daily Democrat – (New Hampshire) Computer virus infects county dispatch center. The Strafford County chief deputy announced November 12 that computers at the Strafford County Regional Dispatch Center in Dover were infected by the CryptoLocker ransomware which severely limited the amount of data utilized by both dispatchers and emergency personnel on the field. Officials were able to isolate the virus and are working on bringing systems back online. Source: http://www.fosters.com/article/20151112/NEWS/151119727
Communications Sector
26. November
12, International Business Times – (National) Securus
Technologies: A rogue employee, not a hacker, exposed 70 million inmate calls. Securus
Technologies announced November 12 that it is investigating an alleged breach
of its systems that provides phone service to incarcerated people around the
U.S., and stated that its system was not hacked by an outside, but likely
breached by an internal employee. An investigation into the breach, which
reportedly includes unauthorized access to over 70 million recorded prison
phone conversations, is ongoing. Source: http://www.ibtimes.com/securus-technologies-rogue-employee-not-hacker-exposed-70-million-inmate-calls-2181819