Complete DHS Report for March 11, 2016
Daily Report
Top Stories
• Elevated levels of lead found in water at 30 Newark, New Jersey
schools required schools to shut off drinking fountains and post warning signs
March 9. – CNN
20. March 9,
CNN – (New Jersey) Elevated levels of lead found in water at Newark
schools. The mayor of Newark announced March 9 that 30 Newark Public
Schools shut off drinking fountains and posted signs after testing showed
elevated levels of lead in the water. Officials stated that alternative water
sources would be provided. Source: http://www.cnn.com/2016/03/09/us/newark-schools-lead-levels-water/index.html
• Kaspersky discovered a new trojan reportedly believed to be the
most advanced mobile malware yet, dubbed Triada that targets Android operating
system (OS) devices. – SecurityWeek
25. March 9,
SecurityWeek – (International) Triada trojan most advanced mobile malware
yet: Kaspersky. Security researchers from Kaspersky discovered a new trojan
reportedly believed to be the most advanced mobile malware yet, dubbed Triada
that targets Android operating system (OS) devices to redirect financial short
message service (SMS) transactions to buy additional content or steal money
from victims via an advertising botnet that is embedded with rooting
capabilities. The trojan also uses the Zygot parent process to implement its
code in the context of all software on the target’s device, allowing the trojan
to run in each application. Source: http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky
• Florida-based Rosen Hotels & Resorts Inc., reported March 9
that its payment processing system was compromised which allowed attackers to
steal customer data including cardholders’ names, card numbers, and internal
verification codes. – Softpedia
28. March 9,
Softpedia – (National) Rosen Hotel Chain had a PoS malware infection for
17 months. Florida-based Rosen Hotels & Resorts Inc., reported March 9
that its payment processing system was compromised after a security company
discovered malware installed in its credit card systems, which allowed
attackers to steal customer data including cardholders’ names, card numbers,
expiration dates, and internal verification codes from September 2014 –
February 2016.
• Approaching rain storms in Bossier City, Louisiana, prompted the
evacuation of 3,500 homes March 10, the declaration of a State of emergency in
several Louisiana parishes, and the closure of Bossier Parish public schools
and Northwestern State University campuses. – Associated Press
30. March 10,
Associated Press – (Louisiana) 3,500 homes evacuated in northern Louisiana
because of flooding. Approaching rain storms in Bossier City, Louisiana,
prompted the evacuation of 3,500 homes March 10 due to the threat of a bayou
approaching the top of its levee, caused the closure of several sections of
Interstate 20, prompted a State of emergency in several Louisiana parishes, and
forced the closure of Bossier Parish public schools and Northwestern State
University campuses. Source:
http://www.nola.com/weather/index.ssf/2016/03/bossier_city_home_evacuations.html
Financial Services Sector
4. March 10,
Associated Press – (Alabama; Tennessee) Alabama car dealers admit bank fraud. Nashville
officials announced March 10 that 2 New Market, Alabama residents pleaded
guilty to charges alleging that the pair used their pre-owned car business to defraud
65 financial institutions by seeking multiple loans on over 100 vehicles from
different financial institutions by using fraudulently obtained titles as
collateral. The scheme caused $5.9 million in losses over a five year period.
Source: http://www.wrcbtv.com/story/31433311/alabama-car-dealers-admit-bank-fraud
5. March 9,
U.S. Securities and Exchange Commission – (International) Money
returning to investors harmed by unregistered broker. The U.S. Securities
and Exchange Commission (SEC) announced March 9 that Cyprus-based Banc de
Binary Ltd., agreed to pay a total of $11 million to the SEC and Commodity
Futures Trading Commission (CFTC) to settle charges that the company, its
founder, and three affiliates illegally sold binary options to U.S. investors
after the company failed to register as a broker-dealer before communicating
directly with U.S. clients via phone, email, and instant messenger chats, and
soliciting U.S. customers through YouTube videos, spam emails, and other
Internet advertising outlets. A Fair Fund was established to compensate harmed
investors and Banc de Binary Ltd., its founder, and its affiliates agreed to be
suspended from the securities industry for a year and permanently banned from
issuing penny stock offerings.
Source: https://www.sec.gov/news/pressrelease/2016-42.html
6. March 9,
Lee’s Summit Journal – (Missouri) Greenwood man indicted for mortgage fraud scheme. A
Greenwood, Missouri home builder, doing business as Penrod Homes, Inc., was
charged March 8 for his role in a scheme to defraud mortgage lenders from May
2005 – June 2007 where he and others allegedly recruited buyers to apply for
mortgage loans to purchase 61 homes in Greenwood and Peculiar that later went
into foreclosure causing the banks and mortgage companies approximately $4.5
million in losses, and accepted illegal kickbacks totaling $1.5 million on 57
of the homes sold.
Source: http://www.lsjournal.com/2016/03/09/137896_greenwood-man-indicted-for-mortgage.html
7. March 8,
Greenville News – (South Carolina) Greenville broker indicted in $3 million
Ponzi scam. A former Greenville, South Carolina broker was indicted on
Federal fraud charges March 8 after he allegedly ran a $2.8 million Ponzi
scheme where he advised clients to invest their money into a fictitious
company, SG Investment Management, provided investors with bogus earning
statements, and returned a portion of the funds to make it appear as though the
clients’ funds were invested and earning profits between 2000 – 2014.
Source: http://www.greenvilleonline.com/story/news/crime/2016/03/08/greenville-broker-indicted-3-million-ponzi-scam/81495112/
8. March 8,
U.S. Attorney’s Office, Western District of Kentucky –
(Kentucky) Louisville attorney charged with wire fraud and money laundering.
The U.S. Attorney’s Office in Kentucky announced March 8 that a former
attorney and executor of 7 estates was indicted on Federal charges after he
allegedly defrauded the estates of approximately $1,666,671 by withdrawing cash
from the estate accounts without authorization and using the money for personal
expenses while mischaracterizing the withdrawals as estate expenses from November
2008 – February 2015. The executor also allegedly laundered fraud proceeds by
using funds from one estate to conceal the depletion of the funds from another
estate in July 2014. Source: https://www.justice.gov/usao-wdky/pr/louisville-attorney-charged-wire-fraud-and-money-laundering
For additional stories, see
items 25 and 28 above in Top Stories
Information Technology Sector
22. March 10,
Softpedia – (International) 600,000 TFTP servers can be abused for
reflection DDoS attacks. Researchers from the Edinburgh Napier University
reported that a combination of flaws in Trivial File Transfer Protocol (TFTP)
and publicly-exposed TFTP servers can easily be exploited for attackers to
abuse misconfigured setups for reflection denial-of-service (DDoS) attacks
after finding that 599,600 TFTP servers were publicly open and had an
amplification factor of 60. The vulnerable TFTP servers can be used to launch
attacks on other Internet-available services, or used as a pathway for targets
inside a closed network. Source: http://news.softpedia.com/news/600-000-tftp-servers-can-be-abused-for-reflection-ddos-attacks-501568.shtml
23. March 10,
The Register – (International) Cisco patches a bunch of cable modem vulns. Cisco
Systems reported three vulnerable systems were open to attackers including two
wireless gateways, the DPC3941 and DPC3939B, that can allow attackers to
exploit the Web-based administration interface via specially crafted Hypertext
Transfer Protocol (HTTP) requests; two cable modems, the DPC2203 and EPC2203,
that can allow attackers to execute remote code execution via an HTTP input
validation vulnerability; and one gateway, the DPQ 3925, that can allow
attackers to perform denial-of-service (DDoS) attacks via an HTTP handling
flaw. Source: http://www.theregister.co.uk/2016/03/10/cisco_patches_a_bunch_of_cable_modem_vulns/
24. March 9,
Softpedia – (International) Samsung fixes driver update tool to prevent
malicious takeover. Samsung released updates for its SW Update Tool
patching two security-related issues that could have been exploited to perform
Man-in-the-Middle (MitM) attacks after a security researcher from Core Security
discovered that when contacting Samsung’s servers, the SW Update Tool sent all
users’ information in cleartext and did not check for the data’s authenticity
after the software received the driver downloads from Samsung’s servers.
Samsung patched the issues by implementing a ciphered communication between the
tool and its servers, and inputting a verification mechanism of the downloaded
drivers. Source: http://news.softpedia.com/news/samsung-fixes-driver-update-tool-to-prevent-malicious-takeover-501547.shtml
25. March 9,
SecurityWeek – (International) Triada trojan most advanced mobile malware
yet: Kaspersky. Security researchers from Kaspersky discovered a new trojan
reportedly believed to be the most advanced mobile malware yet, dubbed Triada
that targets Android operating system (OS) devices to redirect financial short
message service (SMS) transactions to buy additional content or steal money
from victims via an advertising botnet that is embedded with rooting
capabilities. The trojan also uses the Zygot parent process to implement its
code in the context of all software on the target’s device, allowing the trojan
to run in each application. Source: http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky
For another story, see item 28 above in Top Stories
Communications Sector
26. March 9,
Telecomlead.com – (Florida) Net One faces $1.6 mn penalty for illegal billing. The
U.S. Federal Communications Commission (FCC) imposed a $1.6 million penalty on
Florida-based Net One International March 9 for billing more than 100 consumers
for unauthorized charges and fees in an illegal practice known as “cramming.”
Officials advised consumers to contact the FCC if they were improperly charged.
Source: http://www.telecomlead.com/telecom-services/net-one-faces-1-6-mn-penalty-illegal-billing-67878