Fraud Alert Message Center
Tips for Safe Banking Over the Internet
As use of the Internet continues to expand, more banks are using the Web to offer products and services or otherwise enhance communications with customers.
The internet offers the potential for safe, convenient new ways shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices - decisions that will help you avoid costly surprises or even scams.
- Consumer Best Practices for Online Banking
- Business Best Practices for Online Banking
- Recommendations for Online Fraud Victims
- Recommendations for Mobile Phone Security
Current Online Threats
Please be aware of any email you receive from the following organizations FDIC, FFIEC, NACHA, EPCOR, Federal Reserve and the Better Business Bureau. None of these organizations should ever send you unsolicited emails regarding your bank or your bank accounts. If you receive an email purporting to be from any of the above organizations or other emails you are unsure about, do not open it. The email could potentially contain a virus or malware.
For more information regarding email and phishing scams, please visit: http://onguardonline.gov/
Online Shopping Tips for Consumers. Click Here for Information.
ATM and Gas pump skimming information. Click Here for Article.
Target Card Breach - A breach of credit and debit card data at discount retailer Target may have affected as many as 70 million shoppers. The Secret Service, which is charged with safeguarding the nation's financial infrastructure and payment systems, confirmed it was investigating the breach. Please be assured we are aware of the breach. As we receive additional information from Visa, we will notify any client whose card has potentially been compromised. Customers should monitor their account activity online if they have used their card at Target and report any fraudulent activity to the bank.
Goldman settles SEC charges over 2013 trading incident. Goldman Sachs Group Inc., agreed to pay $7 million June 30 to resolve U.S. Securities and Exchange Commission charges connected to the “market access” rule, and a 2013 programming error which flooded the stock options market with about 16,000 erroneous orders, causing 1.5 million options contracts to be executed and costing the company $38 million.
Attackers abuse RIPv1 Protocol for DDoS reflection: Akami. Security researchers from Akami discovered that malicious actors have been leveraging routers running Routing Information Protocol version 1 (RIPv1) to reflect distributed denial-of-service (DDoS) attacks by creating malicious requests for routes and then spoofing the source Internet protocol (IP) address to match the one of the targeted system.
iOS 8.4 fixes 33 security vulnerabilities. Apple released iOS version 8.4 addressing 33 security vulnerabilities, including a fix for the Logjam flaw that allows a man-in-the-middle (MitM) attacker to downgrade cryptographic security, and other protection against potential arbitrary code execution.
Researchers expose attack on iOS that can break system apps. Security researchers from FireEye reported two Apple iOS flaws, dubbed Manifest Masque and Extension Masque, in which an attacker could break or replace system apps and extensions on an affected device by taking advantage of apps created in Xcode outside of Apple’s App Store. The vulnerabilities behind Manifest Masque attacks were partially addressed in the release of iOS 8.4.
ESET analyzes complex espionage platform used by “Animal Farm” APT. ESET released research on the Dino cyber-espionage platform used by the “Animal Farm” advanced persistent threat (APT) group revealing that Dino is capable of retrieving information, executing Microsoft Windows batch commands, searching for files, and transferring files back and forth between a command and control (C&C) server. Researchers have not determined the tool’s initial infection vector.
2 downtown Springfield banks robbed, 3 suspicious packages left behind: Springfield officials are investigating two bank robberies at a United Bank and a Bank of America in Springfield, Massachusetts, after a suspect allegedly left three suspicious packages and stole cash June 29.
Dridex is the most prevalent banking malware in the corporate sector: SecurityScorecard released findings from a report revealing that the Dridex banking trojan was the most prevalent malware found in corporate environments from January – May, primarily targeting the manufacturing and retail sectors, followed by the Beloh and Tinba trojans, which targeted telecommunications and technologies companies.
Yahoo patches SSRF vulnerability in image processing system: researcher: A security researcher reported that Yahoo patched a server-side request forgery (SSRF) vulnerability affecting all of its services that required images to be processed in which an attacker could use the vulnerability to bypass controls and access data on the affected system.
Many organizations using Oracle PeopleSoft vulnerable to attacks: report: ERPScan released findings from a report revealing that Oracle’s PeopleSoft contained several vulnerabilities including information disclosure, extensible markup language external entity (XXE), cross-site scripting (XSS), and authentication bypass flaws as well as configuration-related issues that could allow an attacker to breach PeopleSoft systems connected to the Internet.
SEC charges KKR with misallocating broken deal expenses. The U.S. Securities and Exchange Commission charged New York-based Kohlberg Kravis Roberts & Co., June 29 with misallocating over $17 million in “broken deal” expenses to co-investors in the firm’s private equity funds. The company agreed to pay $28.5 million to settle the charges.
Security firm discloses details of Amazon Fire Phone vulnerabilities. MWR InfoSecurity released details on three recently patched Amazon Fire Phone vulnerabilities, including flaws in the CertInstaller package that can allow third party applications to install digital certificates to intercept encrypted traffic via man-in-the-middle attacks, and an issue with the Android Debug Bridge (ADB) in which an attacker could bypass the lock screen, steal information, add and remove applications, and access a high privilege shell on the phone.
Hackers are exploiting Magento flaw to steal payment card info. A security researcher from Sucuri Security discovered that attackers are actively exploiting a flaw in eBay’s Magento platform to steal users’ billing and payment card information by injecting malicious code into Magento’s core file. Researchers are investigating the attack vectors to identify the vulnerability.
LG’s Update Center app fails to check server’s SSL certificate, MitM risk. Security researchers from Search-Lab discovered a vulnerability in LG’s Update Center application on Android phones in which an attacker could exploit the fact that the app does not check the secure sockets layer/transport layer security (SSL/TLS) certificate of the update server to execute a man-in-the-middle (MitM) attack and install arbitrary applications on the device.
Flash player flaw used by APT3 group added to Magnitude exploit kit. A French security researcher discovered that an exploit for a recently patched Adobe Flash Player heap buffer overflow vulnerability, leveraged by the APT3 threat group has been added to the Magnitude exploit kit (EK).
Samsung will stop blocking Microsoft software updates ‘within a few days’. Samsung reported that users will be receiving a patch through the Samsung Software Update notification process to revert back to restore default Microsoft Windows Update settings, after a security researcher discovered that the company had disabled Windows Update to de-conflict with its SW Update service.
Three accused of Akron-based Ponzi scheme that cost investors $17 million. Three Northeast Ohio men were indicted June 25 on charges alleging that they defrauded 70 investors out of $17 million from 2010 – 2014 by convincing them to give money to KGTA Petroleum Ltd., a company partially owned by one of the suspects, and spent the proceeds on luxury items and mortgage payments.
Md. man charged with stealing from ATMs with skimming device. A Riverdale, Maryland man was arrested June 24 on charges that he allegedly stole $300,000 from ATMs using skimming devices at a Sandy Spring Bank in Maryland.
Hundreds of fraudulent credit cards seized, two suspects behind bars. The Boise Police Department’s Organized Retail Crime Unit arrested 2 suspects June 24 and seized 424 counterfeit credit and gift cards along with merchandise that they had bought with the fraudulent cards.
Click-fraud attack morphs into ransomware risk in a couple of hours. Security researchers at Damballa discovered that a threat actor dubbed RuthlessTreeMafia is distributing exploit kits along with the Rerdom malware in a click-fraud campaign in which they sell other threat actors access to infected users’ systems. Researchers observed an infection result in the delivery of the CryptoWall ransomware.
Default SSH keys expose Cisco’s virtual security appliances. Cisco reported that customers using its Web Security, Email Security, and Security Management Virtual Appliances were vulnerable due to the products’ use of default secure shell (SSH) keys, which could allow an unauthenticated, remote attacker to connect to a system with root user privileges. The company released a patch addressing the issue.
94% of Android devices vulnerable to bug exposing memory content. Security researchers from Trend Micro discovered security flaw in the Android operating system’s (OS) debugging component in which an attacker could create a special Executable and Linkable Format (ELF) file to crash the debugger and view dumps and log files stored in memory, or to create a denial-of-service (DoS) condition. The issue affects all Android versions after 4.0, Ice Cream Sandwich.
St. Mary’s Bank issues new debit cards following breach. St. Mary’s Bank officials in Manchester, New Hampshire reported June 23 that the bank was reissuing 5,029 debit cards and replacing about $25,000 in funds after about 160 cards were found to have been compromised in a breach.
Samsung disables Windows Update, undermines the security of your devices. A security researcher discovered that the Samsung SW Update software for Microsoft Windows personal computers (PCs) runs an executable file upon start-up that disables Windows Update to prevent driver and update software conflicts, posing a security risk to users. Microsoft has reportedly contacted Samsung to address the issue.
The downfall of a major cybercrime ring exploiting banking trojans. European authorities from six countries along with Europol and Eurojust arrested five suspects in Ukraine believed to be part of a major cybercriminal ring that developed, exploited, and distributed Zeus and SpyEye malware, actively traded stolen credentials, laundered profits, and infected tens of thousands of users’ computers worldwide with banking Trojans.
Why a Dyre infection leads to more than just stolen banking credentials. Symantec reported that in addition to targeting banks, financial institutions, customers of electronic payment services, and users of digital currencies, cybercriminals are employing the Dyre Trojan to collect credentials for career and human resource Web sites, as well as Web hosting companies. The group using Dyre has reportedly targeted customers of over 1,000 organizations worldwide.
Study: 61 percent of critical infrastructure execs confident systems could detect attack in less than a day. Tripwire released survey results from 400 executives in the energy, oil, gas, and utility industries in its “Critical Infrastructure Study” revealing that executives had high levels of confidence regarding their organizations’ ability to quickly detect cyber-attacks on their systems, while noting that attacks could seriously damage their infrastructure, among other findings.
Android malware dominates mobile threat landscape. Pulse secure released findings from its Mobile Threat Report revealing that 97 percent of mobile malware is targeted at Android devices, and that in 2014 almost 1 million individual malicious apps were released. The report also highlighted the dangers in jailbroken and non-jailbroken iOS devices, among other findings.
Cyber-crime economy triggers rise in malicious macros. Proofpoint released The Cybercrime Economics of Malicious Macros report, revealing that malicious macro campaigns have grown in size, frequency, sophistication, and effectiveness while increasingly relying on inexpensive vectors and techniques to exploit the human factor, among other findings.
MacKeeper flaw enables attacker to run code with admin rights. Security researchers discovered a serious vulnerability in ZeoBit’s MacKeeper utility program in which an attacker could use a phishing email containing a malicious link that prompts a user for a password, effectively executing the malware with administrator rights. ZeoBit reportedly acknowledged and patched the vulnerability.
COA Network breached, all customer data treated as potentially compromised. New Jersey-based COA Network Inc., reported that it had detected a pattern of irregular activity in its systems June 5, and is considering all customer contact and payment information as possibly having been compromised. The company took actions to increase security and protect customer information, and has notified all customers.
ESET patches scan engine against remote root exploit. ESET pushed an update for its scan engine addressing a vulnerability in antivirus products’ code emulator component in which an attacker used a remote root exploit to take complete control of a system. NOD32 Antivirus, Microsoft Windows, Apple OS X, Linux, and numerous other consumer and business antivirus solutions, utilize the product.
Deadly Windows, Reader font bugs can lead to full system compromise. A security engineer with Google Project Zero shared the discovery of 15 flaws in font engines used by Microsoft Windows, Adobe Reader, and other popular software that could allow an attacker to compromise systems in a variety of ways including creating an exploit chain leading to a full-system compromise. All of the reported vulnerabilities have been patched in recent updates.
Visibility challenges industrial control system security: survey. Findings from a SANS Institute survey of over 314 respondents across several industries that interact with industrial control systems (ICS) revealed the perceived threats posed by internal and external attackers and the challenges of ICS protection. Challenges cited include poor optimization of ICS protection for information technology (IT) environments, the difficulty in detecting threats that spread without affecting operations, and the integration of IT into previously isolated ICS platforms, among other findings.
U.S.-Canadian man charged for Cynk trades, $300 mln fraud. A U.S. and Canadian dual-citizen was arrested June 23 on charges surrounding alleged securities fraud and money laundering conspiracies that generated $300 million in illegal profits, including a pump-and-dump scheme that inflated the market value of Cynk Technology Corp to over $6 billion. The U.S. Securities and Exchange Commission filed related civil charges against the suspect.
Suspect dubbed ‘Lucky Bandit’ bank robber arrested. FBI officials reported that the suspect dubbed the “Lucky Bandit” was arrested June 23 in connection with a robbery of a Wells Fargo bank and an attempted robbery of a Citibank branch in Pembroke Pines in April. The suspect is believed to be connected to 8 bank robberies since October 2014.
SEC charges unregistered brokers in EB-5 Immigrant Investor Program. The U.S. Securities and Exchange Commission charged Florida-based Ireeco LLC and its Hong Kong-based successor June 23 with allegedly illegally brokering over $79 million worth of investments by foreigners seeking U.S. residency in the U.S. Citizenship and Immigration Service’s EB-5 Immigrant Investor Program. The firms agreed to be censured and to cease and desist from similar violations in the future.
Banks targeted by hackers three times more than other sectors. Raytheon and Websense released findings from a study on their customers revealing that financial services organizations, many of which are U.S. firms, are targeted three times more by cybercriminals than any other industry, and that these attacks are primarily utilizing the Rerdom, Vawtrack, and Geodo malware families, among other findings.
Most-wanted cybercriminal extradited to U.S. from Germany. German authorities extradited a Turkish suspect, who is considered to be one of the world’s most wanted cybercriminals, to the U.S. June 23 on charges that he allegedly organized a complex bank heist of $40 million in cash from ATMs in New York and in 23 other countries in February 2013. The suspect also reportedly stole $19 million through 25,700 ATM transactions in 20 countries from 2011 – 2012.
RICO conspiracy charged in payday lending case. A Jenkintown, Pennsylvania was charged in an indictment unsealed June 22 with participation in a racketing conspiracy for allegedly operating a payday lending business that violated numerous State usury laws and reaped millions of dollars from illegal fees, and for allegedly helping his sons in a multi-million-dollar telemarketing scam that victimized over 70,000 people nationwide.
Dyre banking malware uses 285 command and control servers. Security researchers from Symantec released a report revealing that multiple groups are running at least 285 command and control (C&C) servers as well as 44 machines to deliver payloads and execute man-in-the-browser (MitB) attacks. The servers are located primarily in Ukraine and Russia but located worldwide, and are primarily targeting financial organizations in the U.S. and United Kingdom.
Feds count Cryptowall cost: $18 million says FBI. The FBI reported that the U.S. Internet Crime Complaints Commission (IC3) received 992 complaints associated with the CryptoWall ransomware resulting in U.S. user and business losses of over $18 million from April 2014 – June 2015.
Flash Player zero-day used by Chinese Cyber-Espionage group. Security researchers from FireEye discovered that the APT3 advanced threat group is currently exploiting a zero-day Adobe Flash Player heap buffer overflow vulnerability patched by Adobe June 23. The group’s latest campaign was dubbed Operation Clandestine Wolf, and they generally target organizations from the aerospace and defense, construction and engineering, technology, telecommunications, and transportation industries.
Cheap radio device can steal decryption keys from nearby laptop. Researchers from Israel created a palm-sized radio device that can capture decryption keys from laptops just a few feet away by intercepting bit patterns in electromagnetic emanations from the targeted machine’s central processing unit (CPU). The device can be built for about $300 from readily available components, and was able to extract decryption keys within seconds.
Targeted attacks rise, cyber attackers spreading through networks, report says. Vectra Networks released findings from its Post-Intrusion Report of 40 customer and prospect networks revealing that non-linear growth in lateral movement of attacks increased 580 percent from 2014, that reconnaissance detections were up 270 percent, and that overall detections increased 97 percent. Vectra attributed the large uptick in detections partly to the increased accessibility of hacker tools.
Government, Healthcare particularly lackluster in application security. Veracode released findings from its State of Software Security Report revealing that government agencies and healthcare organizations performed the worst in industry-specific software security metrics due to issues such as slow rates in addressing identified flaws and cryptographic vulnerabilities from weak algorithms, while all industries struggled with software supply chain issues, among other findings.
TCP vulnerability haunts Wind River VxWorks embedded OS. Security researchers at Georgia Tech discovered a transmission control protocol (TCP) prediction vulnerability in Wind River’s VxWorks embedded operating system (OS) used in a large number of industrial control system (ICS) products in which an attacker can leverage a predictable TCP initial sequence to spoof or disrupt connections to and from target devices.
Adobe fixes Flash Player zero-day exploited in the wild. Adobe released an emergency update for its Flash Player software addressing a heap buffer overflow vulnerability that is being exploited in the wild in which an attacker could execute arbitrary code and take control of an affected system, possibly funneling in malware via drive-by download attacks.
Critical RubyGems vulns can lead to installation of malicious apps: Security researchers Trustwave discovered a vulnerability in the RubyGems package manager in which an attacker could redirect a RubyGem client using hypertext transfer protocol secure (HTTPS) to an attacker controlled gem server, bypassing HTTPS verification and allowing the attacker to install malicious or trojan gems.
Minor Chrome release fixes high severity issues: Google released an update for its Chrome browser addressing issues including a scheme validation error in WebUI, and a cross-origin bypass bug in the browser’s layout engine, among other fixes.
HP releases details, exploit code for unpatched IE flaws: Security researchers at Hewlett-Packard Company’s Zero Day Initiative released details on unpatched Microsoft Internet Explorer vulnerabilities which could allow attackers to fully bypass address space layout randomization (ASLR) mitigation in the browser.
Two more Swiss banks settle with U.S. over tax evasion: The U.S. Department of Justice reported June 19 that Swiss banks, Bank Linth LLB AG and Bank Sparhafen Zurch AG will pay a combined $5.96 million in penalties to avoid criminal charges for assisting American citizens in tax evasion. Eleven other Swiss banks made similar deals with the U.S. government under a voluntary program set up in 2013.
Hackers disrupt Polish airline LOT, ground 10 flights: Officials from LOT Polish Airlines reported that their ground operation systems at Warsaw’s Frederic Chopin Airport suffered a 5-hour cyber-attack that grounded 10 national and international flights and affected about 1,400 passengers June 21. An investigation into the attack is ongoing.
New password recovery scam hitting Gmail, Outlook and Yahoo Mail users: Security researchers from Symantec discovered a new password recovery scam in which attackers are utilizing targets’ email addresses and mobile phone numbers along with Microsoft Outlook, Gmail, and Yahoo Mail’s password recovery feature to trick victims into compromising their accounts, at which point the scammers create alternate email addresses that receive forwarded copies of all messages on affected accounts.
‘Bluto Bandit’ sought for bank robberies in L.A., San Bernardino counties: The FBI is offering a $5,000 reward leading to the arrest and conviction of a suspect dubbed the “Bluto Bandit” who has allegedly robbed 3 banks and cased another 3 in Los Angeles and San Bernardino counties since June 10.
Police: Sock Hat Bandit caught after chase: Authorities reported that they caught the suspect dubbed the “Sock Hat Bandit” after he allegedly robbed a Fifth Third Bank in Independence, Kentucky June 18 and led police on a high-speed chase. The suspect admitted to committing 9 bank robberies throughout Ohio, Kentucky, and Indiana.
SEC charges microcap oil company, CEO, and stock promoter with defrauding investors: The U.S. Securities and Exchange Commission (SEC) charged Texas-based Norstra Energy, Inc., its CEO, and the author of a stock-picking newsletter June 18 with allegedly defrauding investors with misleading information about drilling operations to sell the company’s penny stock shares, leading to stock price increases of up to 600 percent in 3 months. The SEC had suspended trading of the company’s stock in June 2013.
SEC charges 36 firms for fraudulent municipal bond offerings: The U.S. Securities and Exchange Commission announced civil penalties against 36 municipal underwriting firms June 18 for alleged fraudulent municipal bond offerings from 2010 – 2014 as part of the Municipalities Continuing Disclosure Cooperation (MCDC) Initiative.
Static encryption key found in SAP HANA database: Security researchers from ERPScan discovered a vulnerability in SAP’s HANA in-memory relational database management system in which an attacker could use various web-based external attacks to remotely execute code, and then leverage static encryption keys to read encrypted passwords, stored data, and backups.
Samsung to issue fix for SwiftKey keyboard bug affecting Galaxy S6 in ‘coming days’: Samsung officials announced plans June 18 to send out an update addressing a plaintext connection vulnerability in the SwiftKey-developed keyboard technology used in up to 600 million devices, including the Galaxy S6. SwiftKey developers reported that the issue is limited to devices running Samsung software, and that the SwiftKey app is not affected.
Report: average botnet in Q1 2015 made up of 1,700 infected hosts per C&C server: Findings from a recently released Level 3 Botnet Research Report for the first quarter of 2015 revealed that the average botnet was made up of 1,700 hosts per command and control (C&C) server, a server’s average lifespan was 38 days, the U.S. generated the most server traffic and was targeted by 56 percent of distributed denial-of-service (DDoS) attacks, and 600 of the servers analyzed were being used for malicious communications targeting corporate environments, among other findings.
SEC charges investment adviser with fraudulently funneling client assets to companies in owner’s interest: The U.S. Securities and Exchange Commission charged Boston-based
Interinvest Corporation and its owner June 17 with allegedly defrauding investors out of up to $12 million after funneling $17 million worth of investments into Canadian penny stock companies in which the owner had undisclosed business interests.
Suspected gas pump identity snatchers arrested for luxe shopping sprees in Santa Clara Co: Santa Clara County authoritiesreported June 16 that 4 suspects were charged with allegedly using credit card information stolen from gas station pumps to create counterfeit cards in which they used to purchase over $500,000 in luxury items at 31 stores in Santa Clara and 1 store in Fresno County from August 2014 – February 2015.
Reddit announces switch to HTTPS only: Reddit Web site developers reported that starting June 29, the site will only be accessible over hypertext transfer protocol secure (HTTPS) encrypted connections served via the company’s CloudFlare content delivery network (CDN).
Drupal security updates patch several vulnerabilities: Drupal developers released updates patching open redirect, information disclosure, and access bypass vulnerabilities in versions 6 and 7 of its open source content management software (CMS).
Unpatched OS X, iOS flaws allow password, token theft from keychain, apps: Researchers from three universities identified critical inter-app interaction services and cross-app resource access (XARA) vulnerabilities in Apple’s OS X and iOS platforms in which an attacker could use sandboxed malware to bypass protections and steal confidential information from affected devices.
2 arrested for stealing thousands of credit, ID, Social Security cards in Highland: Highland, California authorities arrested 2 people June 16 after discovering thousands of stolen credit, identification, Social Security cards, income tax documents, and more in their vehicle’s trunk, as well as an embossing machine allegedly used to flatten names on cards for replacement. The investigation is ongoing.
SEC announces charges against retirement plan custodian in connection with Ponzi scheme: The U.S. Securities and Exchange Commission announced charges June 16 against Westlake, Ohio-based Equity Trust Company, alleging that the company failed to protect its customers from a Ponzi retirement fund investment scheme that 2 representatives used to defraud over 100 investors out of more than $5 million. The two representatives were indicted for alleged offering fraud in New Jersey.
Retrospect clients patched to prevent exposure of backup files: Retrospect Inc., released a patch addressing a password hashing vulnerability in its network backup utility for Apple, Linux, and Microsoft Windows operating systems (OS) in which an attacker with access to networked clients could gain access to users’ backup files.
Over 600 million Samsung devices vulnerable to keyboard security risk: Security researchers at NowSecure discovered a remote code execution vulnerability in the SwiftKey Android app in which an attacker could access device sensors, pictures, and text messages, alter or install apps, or listen to voice-calls. The vulnerability was patched in early 2015.
Study: 15-30 percent of eCommerce site visitors infected with CSIM: A report released by Namogoo revealed that 15 – 30 percent of eCommerce site visitors are infected with client-side injected malware (CSIM), and that attacks have increased by 20 percent in the last 6 months, among other findings.
FinCEN penalizes West Virginia bank for serious BSA violations and actions by a branch manager that assisted criminal activity: The Financial Crimes Enforcement Network announced June 15 a $4.5 million civil money penalty against Bank of Mingo in Williamson, West Virginia, following the bank’s willful violation of the Bank Secrecy Act by staff and a former branch manager who failed to implement and maintain an effective anti-money laundering program from 2008 – 2013, specifically regarding a customer that conducted over $9 million of structured transactions.
Former oil exec pleads guilty in Colombian bribery case: A former co-CEO of PetroTiger pleaded guilty June 15 to violating the Foreign Corrupt Practices Act by conspiring with several company officials to bribe an employee of Colombian Ecopetrol with $333,500 in exchange for help in winning a $45 million contract. Two co-conspirators and a general counsel previously pleaded guilty in connection to the scheme.
Stegoloader malware hides in images on legit sites: Security researchers from Dell SecureWorks released findings from a report warning of potential new trend in which malware uses digital stenography to evade detection and steal information from affected users via various configurable modules.
LastPass has been hacked, change your master password now: Officials from LastPass advised that users change their master passwords after the company discovered that their system was compromised June 12. No user accounts were reported to have been accessed, and encrypted vault data was reportedly not tampered with.
Canonical patches privilege escalation vulnerability in Ubuntu: Canonical released updates for Ubuntu fixing a local root privilege escalation vulnerability related to the OverlayFS Linux file system’s permissions in which an attacker could gain administrative privileges on the affected system.
Duqu 2.0 used stolen digital certificate in attacks: Kaspersky Lab: Security researchers at Kaspersky Lab reported that the attackers behind the Duqu 2.0 malware identified in worldwide attacks in June used a stolen valid digital signature from Hon Hai Precision Industry Co., LTD/Foxcon Technology Group to sign a driver that masked command-and-control (C&C) traffic and ensured the persistence of the malware. The attackers reportedly installed the malicious drivers on firewalls, gateways, and servers with direct internet access as well as corporate network access.
Cisco fixes DoS vulnerability affecting carrier routing systems: Cisco released updates for IOS XR Software installed on CRS-3 Carrier Routing Systems addressing a medium severity vulnerability in which an attacker could cause the line card to reload by sending specially crafted packets to the vulnerable device, causing an extended denial-of-service (DoS) condition.
Police seek South County’s ‘Snowbird Bandit’ bank robber: Authorities are searching for information leading to the capture of a suspect dubbed the “Snowbird Bandit” who allegedly robbed a Wells Fargo bank June 11 in Mission Viejo, California and 2 others in Orange County since March.
Ex-Dolphins player faces charges in Ponzi scheme: A former professional football player and a business partner were charged June 12 in connection to a Ponzi scheme in which they allegedly defrauded investors out of $31 million by forging documents and using later investors’ funds to pay for loans offered to professional athletes through their business, Capital Financial Partners.
Popular WordPress SEO plugin fixes XSS bug: Security researchers discovered a cross-site scripting (XSS) vulnerability in the Yoast WordPress SEO plugin in which an attacker could leverage “snippet preview” functionality to force a vulnerable site to execute arbitrary hypertext markup language (HTML) code.
Wikimedia rolling out HTTPS to encrypt all Wikipedia traffic: The Wikimedia Foundation announced that all Wikpedia and organization Web site traffic will employ Hyptertext Transfer Protocol Secure (HTTPS) and HTTP Strict Transport Security (HSTS) to protect data security and guard against attempts to break HTTPS and intercept traffic.
Pop-under malvertising spreads CryptoWall via Magnitude exploit kit: Security researchers at Malwarebytes discovered a new malvertising campaign leveraging pop-under advertisements over the Popcash ad network to distribute the Magnitude exploit kit (EK), which delivers exploits for Microsoft Internet Explorer and Adobe Flash Player vulnerabilities to inject the Necurs dropper and CryptoWall ransomware on affected systems.
44.5 million new malware variants recorded in 1 month: Symantec released findings from a report revealing that new malware variants increased by over 50 percent in May to 44.5 million, that the most commonly seen threat on the Apple OS X operating system (OS) was a trojan virus that changes the domain name system settings of affected computers, and that medium-sized companies were the most frequently targeted by spear-phishing attacks.
Apple fixed a nasty MitM vulnerability in the latest watchOS: Security researchers from Zimperium Mobile Security discovered that Apple Watch users running watchOS 1.0 are vulnerable to man-in-the-middle attacks dubbed “DoubleDirect” in which threat actors can leverage Internet Control Message Protocol (ICMP) redirects from the device and gateway to potentially steal credentials and deliver malicious payloads that could spread to devices on an entire corporate network.
Encryption keys hard-coded in industrial access point: The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported an unpatched vulnerability in the firmware code of N-Tron 702W industrial-level wireless access point systems in which an attacker could use secure shell (SSH) toremotely intercept encryption keys and communication from the device.
Fileless malware makes almost 200,000 victims mostly in the U.S: Security researchers at Symantec discovered that cybercriminals used a Microsoft Windows zero-day vulnerability permitting arbitrary remote file execution to spread Poweliks malware to 198,500 computers, almost all of which were in the U.S. Poweliks resides in system memory and is primarily used for ad-fraud purposes.
CryptoWall 3.0 delivered in campaign started more than a week ago: Security researchers from Cisco’s TALOS discovered an active malicious email campaign purporting to be regarding possible employment including hypertext markup language (HTML) attachments that redirect users to Google Drive accounts hosting the CryptoWall ransomware.
Only few organizations patched recent Honeywell SCADA flaw: researchers: Security researchers from Outpost24 reported that 90 Honeywell Falcon XLWeb supervisory control and data acquisition (SCADA) control systems, most located in Europe and the Middle East, remain unpatched and are vulnerable to directory traversal flaws in which an attacker could execute operating system (OS) commands. The experts believe that four of the systems analyzed could have been exploited.
OpenSSL patches Logjam bug, DoS vulnerabilities: OpenSSL released patches for its open-source toolkit addressing the “Logjam” vulnerability in which an attacker could use a man-in-the-middle (MitM) attack to force transport layer security (TLS) connections to downgrade to weaker cryptography, as well as a denial-of-service (DoS) vulnerability caused by the way ECParameters structures are handled.
Sock Hat Bandit: man matching suspect’s description accused of robbing Indiana bank: Anderson, Indiana Police Department officials reported that a man matching the description of the suspect dubbed the “Sock Hat Bandit” struck the town’s PNC Bank June 10, marking his ninth robbery across Ohio, Kentucky, and Indiana. The FBI is offering a $5,000 reward for information leading to his arrest.
Serious flaw in iOS mail app exposes users to phishing attacks: A Czech security researcher discovered a vulnerability in Apple’s iOS mobile operating system (OS) in which an attacker can create emails that load remote Hypertext Markup Language (HTML) content when opened, prompting users to input credentials that are sent back to the attacker.
Malvertising campaign hits Bejeweled Blitz game on Facebook, CNN Indonesia: Security researchers from Websense discovered a malvertising campaign impacting up to 50 million users a month that is distributed through popular online locations including the Bejeweled Blitz game on Facebook via the OpenX advertising platform and an old Adobe Flash Player glitch. The campaign directs users to a site hosting the Angler exploit kit (EK) and delivers payloads including ransomware, ad-fraud, backdoor, and malware downloaders.
New APT Duqu 2.0 hits high-value victims, including Kaspersky Lab: Security researchers from Kaspersky Lab discovered that the Duqu advanced persistent threat (APT) group had used a new platform dubbed Duqu 2.0 to compromise the lab’s systems along with about 100 other victims between 2014 – 2015, most of whom were related to P5 + 1 talks over Iran’s nuclear program. The APT group seeks to gain access to intellectual property by attacking systems using modules residing entirely in-memory via Windows zero-day vulnerabilities to inject a backdoor and a larger espionage platform with extensive capabilities
Stuxnet still a threat to critical infrastructure: Findings from Kleissner & Associates “Internet Attacks Against Nuclear Power Plants” report revealed that the Stuxnet malware was found on at least 153 devices worldwide in almost 5 years, at least 6 of which were running supervisory control and data acquisition (SCADA) development software. The researchers reiterated the threat posed by malware developed on behalf of foreign nation states.
U.S. National Vulnerability Database vulnerable to XSS attack: A security consultant discovered that the National Institute of Standards and Technology’s National Vulnerability Database (NVD) housing common vulnerabilities and exposures (CVE) flaws is vulnerable to a cross-site scripting (XSS) attack by replacing the document object mode (DOM) with a phishing page to collect personal identifiable information (PII) and card information. NVD officials reported that the agency is working to address the issue.
Weak remote access practices contributed to nearly all PoS breaches: Trustwave: Trustwave released a report revealing that 40 percent of the 574 breaches the company investigated from 2014 were in point-of-sale (PoS) systems and that 94 percent of the incidents were a result of weak remote security and passwords. The retail sector comprised 43 percent of the PoS breach investigations, among other findings.
Microsoft brings HSTS to Windows 7 and 8.1: Microsoft released patches introducing Hypertext Transfer Protocol (HTTP) Strict Transport Security (HSTS) to users running Internet Explorer 11 on Windows 7 and 8.1, in an effort to increase security against man-in-the-middle (MitM) Web sessions and attacks using invalid digital certificates. The protocol forces HTTP sessions to be sent over HTTP Secure (HTTPS) connections according to a list of preloaded sites supporting it.
‘Bandage Bandit’ strikes 8th bank in robbery: The FBI is offering a $10,000 reward for information leading to the capture of the suspect dubbed the “Bandage Bandit,” who allegedly robbed a Fifth Third Bank branch in Chicago June 9 and is tied to 7 other robberies or attempted robberies since March.
Fullerton man among three convicted in loan modification scheme: The co-owner Rancho Cucamonga, California-based 21st Century Legal Services Inc., and 2 co-defendants were convicted June 9 for their roles in a $7 million loan modification scheme that victimized over 4,000 distressed home owners who were falsely promised loan modifications and other services. Seven other defendants previously pleaded guilty in connection to the scheme.
Microsoft patches zero-day used in targeted attacks: Microsoft released eight security bulletins, including vulnerability in Windows’ kernel-mode driver Win32k.sys that was leveraged by threat actors to elevate privileges and execute arbitrary code on affected machines. The bulletins also included two critical security patches for Internet Explorer and Windows Media Player that could have allowed the possibility of remote code execution.
Financial impact of SaaS storage breaches now $13.85 million: Findings from analysis in Elastica’s Shadow Data Report revealed that the direct financial impact of exposed data in software as a service models can be up to $13.85 million, and that 1.34 percent of all accounts had signs of malicious activities. Analysis also indicated that the healthcare industry suffers the highest frequency of policy violations due to leaks of protected health information, among other findings.
VMware fixes critical security issues in Workstation, Fusion, Horizon View: VMware published fixes for several memory manipulation issues and denial-of-service (DoS) vulnerabilities affecting its Workstation, Player, and Horizon View Client for Microsoft Windows.
DDoS attacks increase in Q2 2015, largest one over 253Gbps strong: Incapsula released findings from a report on distributed denial-of-service attacks in the second quarter of 2015 which revealed that powerful user datagram protocol (UDP) and synchronize (SYN) floods were the preferred method of network-layer attacks, while botnet-for-hire services were typically used to probe defenses. Incapsula reported that out of 56 percent of UDP and SYN floods seen, 8 percent were launched from “Internet of Things” (IoT) devices, among other findings.
Flash Player 188.8.131.52 fixes 13 vulnerabilities: Adobe released updates for Flash Player addressing 13 security flaws, including vulnerabilities that could be leveraged for information disclosure, privilege escalation, and remote code execution, among others.
RPM Mortgage fined $20 million over loan scheme: The U.S. Consumer Financial Protection Bureau issued $20 million in fines June 8 to RPM Mortgage and the company’s CEO following allegations that he paid employees bonuses to place clients in loans with higher interest rates from 2011 – 2013. RPM Mortgage agreed to settle the allegations without admitting wrongdoing.
Cyber-thieves cash in from malware: Security researchers at Trustwave reported that cyber-thieves can earn almost 1,500 percent potential profit from ransomware kits by spending approximately $5,900 on kits that could earn about $90,000 a month in an attack campaign via a compromised Web site.
HDD firmware altering modules from Equation Group may exist for Apple devices: Security researchers from the Intel Corporation’s McAfee Labs analyzed samples of EquationDrug hard-drive reprogramming modules in their May McAffee Labs Threats Report and found indications that versions of the module exist for Apple iOS and OS X systems, as well as Microsoft Windows.
High-tech extortion attacks nearly doubled in first quarter, report says: Findings from the Intel Corporation’s May McAfee Labs Threats Report revealed that high-tech extortion schemes via ransomware surged by 165 percent to 700,000 samples in the first quarter of 2015, and that Adobe Flash malware increased by 317 percent to 200,000 samples.
Vawtrak banking malware found to use Tor2Web: Security researchers from Fortinet reported that the Vawtrak banking malware, also known as Neverquest, is using Tor2Web as a method to steal banking credentials undetected by accessing Tor anonymous network sources without directly connecting to the network or using a Tor client. The malware typically used fixed command-and-control (C&C) servers, which are easier to trace.
HTTPS-everywhere for government: The White House Office of Management and Budget issued the HTTPS-Only Standard directive June 8, requiring that all publicly accessible Federal Web sites and Web services only provide service through Hyper Text Transfer Protocol Secure (HTTPS) connections by December 31, 2016. The U.S. Chief Information Officer set up a Web site to provide technical assistance and best-practices for migration as well as a public dashboard to monitor progress.
‘Sock hat bandit’ strikes again, allegedly robs bank No. 8: Authorities are searching for a suspect dubbed the “Sock hat bandit” after he allegedly robbed a PNC Bank in Hamilton Township June 6, and has been connected to seven other bank robberies in Bellevue, Queensgate, Columbus, and Green Township.
MalumPOS malware targets Oracle Micros PoS systems: Security researchers at Trend Micro discovered a new point-of-sale (PoS) malware dubbed MalumPOS that is targeting Oracle’s Micros and other PoS platforms via files disguised as display drivers before targeting up to 100 running processes to scrape payment card information.
NIST updates ICS cyber security guide: The National Institute of Standards and Technology (NIST) released the second revision of its “Guide to Industrial Control Systems (ICS) Security,” which includes updated sections for vulnerabilities and other threats, risk management, security architectures, recommended practices, and security capabilities and tools as well as guidance on how to adapt traditional cybersecurity controls to ICS requirements
SEC charges CSC and former executives with accounting fraud: The U.S. Securities and Exchange Commission charged the Computer Sciences Corporation (CSC) and eight former executives June 5 with manipulating financial results and concealing problems regarding its multi-billion dollar contract with the United Kingdom’s National Health Service. CSC agreed to pay $190 million to settle the charges, and 5 of 8 executives charged agreed to settlements.
Florida residents arrested in Aurora with over 700 fake credit and gift cards: Kane County authorities arrested 6 Florida residents in Aurora, Illinois June 1 after traffic stops led to the discovery of over 700 fake credit and gift cards in their hotel rooms and vehicles.
Virginia Credit Union finds evidence of skimming at third ATM: Virginia Credit Union officials reported June 4 the discovery of a third debit-card skimming device on an ATM at its Chester, Virginia branch, bringing the total number of replacement cards being issued to 2,800. ATM skimmers were previously discovered at its Southpark and Glenside branches, and the bank said it disrupted another skimming attempt at its Hanover branch.
Zeus banking trojan variant goes completely undetected: A security researcher from PricewaterhouseCoopers discovered that a new variant of the Zeus banking trojan delivered via the Neutrino exploit kit (EK) is completely undetectable by most antivirus products, and that encoded data in the EK indicates that the trojan is part of a new malicious campaign.
Adware-laden Skype botnet disrupted: Security researchers from PhishMe and Amazon Web Services dismantled a Microsoft Skype-driven botnet that circulated adware via calls from attackers that prompted users to install infected executable files.
Police: ATMs stolen from businesses in West Side burglaries: Chicago Police issued an alert and are seeking information after 5 ATMs were stolen from West Side businesses in Chicago between April and June. In two instances, the thieves pulled the electric meter from the back of the ATMs to disable surveillance and alarm systems.
Hoard of vulnerabilities found in SysAid Help Desk: A security researcher discovered 11 vulnerabilities in SysAid Help Desk version 14.4, including a flaw that could allow an attacker to create an administrator account without any authentication, and an exploit in which an attacker could perform remote execution by uploading arbitrary files via directory transversal attacks. The software is used by over 10,000 organizations worldwide.
Cloud providers hit hard by DDoS attacks in Q1: VeriSign: VeriSign reported research finding that information technology (IT) services and cloud providers received over one third of all distributed denial-of-service (DDoS) attacks in the first quarter of 2015, followed by the government and financial services sectors, where the frequency of attacks increased by 3 percent. The total number of attacks increased seven percent since the last quarter of 2014.
Zero-day disclosed in Unity Web Player: Unity Technologies acknowledged bug reports and released details about a zero-day vulnerability in the company’s Unity Web Player browser plugin in which an attacker could load or inject a malicious Unity app in order to use a victim’s credentials to read messages or gain access to online services.
Southern California broker pleads guilty in $6 million fraud: A Carlsbad stockbroker pleaded guilty June 2 to charges that he stole over $6 million from 32 investors from 2007 – 2014 by misappropriating investments into funding his personal lifestyle and for risky day trading, which he concealed using false statements and funds from newer investors.
2,000 Virginia Credit Union debit cards being replaced after skimming scheme: Virginia Credit Union representatives reported that approximately 2,000 bank member debit cards were vulnerable after the bank discovered ATM skimming devices were installed at their Glenside and Southpark branches over the weekend of May 23. The bank promised to restore any losses due to fraud, and the investigation is ongoing.
Weak SSH keys opened many GitHub repositories to compromise: A security researcher discovered that large numbers of GitHub repositories are vulnerable to compromise and the delivery of malicious code due to a flaw that generated weak cryptographic secure shell (SSH) keys until 2008.
IoT devices entering enterprises, opening company networks to attacks: A recently released OpenDNS report on Internet of Things (IoT) devices and infrastructure in business found that IoT devices have become prevalent in highly regulated industries such as healthcare, energy infrastructure, government, financial services, and retail, and that the infrastructure supporting the devices are vulnerable to well-known security flaws as well as other threats inherent to the nature of IoT technology.
Russian crypto-malware encrypts files completely: Security researchers at Check Point discovered that a new piece of ransomware called Troldesh, also known as Encoder.858 and Shade, applies full encryption to files it processes and offers a way to contact the ransomware operators in an effort to maximize profits and guarantee payment.
Southern Oregon developer indicted in alleged Oklahoma bank fraud scheme: The former president of First State Bank of Altus and a business partner were indicted on bank fraud and other charges June 1 for allegedly committing 3 fraud schemes totaling over $22.5 million in loans issued without proper approval and to companies affiliated with the former president.
‘Black Cap Bandit’ suspect arrested, charged: The FBI arrested the suspect known as the “Black Cap Bandit,” who is believed to be responsible for robbing banks in Chicago, Oak Lawn, Burbank, and Calumet City from September – December 2014. The man was arrested by State authorities May 22 on unrelated charges.
Merrill Lynch pays $11 mln to settle short sale violations: U.S. regulators announced June 1 that Bank of America’s Merill Lynch agreed to pay $11 million and admitted that they had violated “Regulation SHO” Federal short sale rules by using inaccurate data for short sale orders. The company also agreed to retain an independent compliance consultant as part of the settlement.
Tennessee bank to pay $212.5 mln in FHA-insured mortgage lending case: U.S. Department of Justice officials reported June 1 that First Tennessee Bank agreed in April to pay $212.5 million to resolve claims of mortgage lending violations relating to U.S. Federal Housing Administration (FHA)-insured home loans issued from 2006 – 2008, in which the bank allegedly failed to report deficient mortgages to the FHA and caused them to insure hundreds of loans ineligible for insurance, resulting in substantial losses.
Exploit for recently patched Flash flaw added to Magnitude, Neutrino, Nuclear Pack: Security researchers from Kafeine discovered that the Magnitude, Neutrino, and Nuclear Pack exploit kits (EKs) are leveraging a recently published Adobe Flash Player memory corruption vulnerability to deliver variants of the Andromeda malware and CryptoWall ransomware.
Dyre banking trojan aims at Europe and North America, infections double up: Security researchers at Trend Micro reported that the number of infections caused by the Dyre banking trojan increased by 125 percent in the first quarter of 2015, up from a previous increase of 4,000 in the previous quarter, and that cybercriminals increasingly targeted Europe and North America over the last 3 months. Researchers also reported that the Upatre downloader used to inject Dyre had gained capabilities that allow it to bypass detection from firewalls and other network-related products.
Thousands targeted by credit card skimmer in Seatac: Seatac authorities arrested a man during the week of May 18 for allegedly paying employees at Doug Fox Parking and Shuttle Park 2 in Seatac to skim over 17,000 customer card numbers from 2013 – 2014, resulting in over $600,000 in fraudulent charges.
Man indicted for $50M mortgage fraud involving Miami-Dade homes: Authorities indicted a Guyanese national May 28 for his role in a $50 million mortgage fraud scheme in which he and co-conspirators allegedly recruited and paid straw buyers to obtain fraudulent loan applications in order to buy properties from distressed owners and sellers in Florida and other States.
U.S. sports exec pleads not guilty in FIFA case: The U.S. head of the Brazilian sports marketing company Traffic Group pleaded not guilty May 29 to allegations that he secured media and marketing contracts worth over $35 million and arranged bribes for the vice president of the Fédération Internationale de Football Association (FIFA). Thirteen other suspects were indicted for bribery-related charges.
Apple vulnerability could allow firmware modifications, researcher says: A security researcher discovered a vulnerability in the firmware of Apple computers made before mid-2014 in which an attacker could tamper with the system’s unified extensible firmware interface (UEFI) and install a rootkit by exploiting a flaw that unlocks UEFI code when a computer goes to sleep and reawakens.
Blue coat patches SSL visibility appliance against 4 security bugs: Carnegie Mellon University’s Computer Emergency Response Team (CERT) released an advisory warning of cross-site request forgery (CSRF), same-origin policy failure, and other flaws in Blue Coat’s Secure Sockets Layer (SSL) Visibility appliance in which a remote attacker could assume legitimate users’ identities and execute actions on their behalf. The company released a patch mitigating the vulnerabilities.
Jackson man admits $6M mortgage scam. A former loan officer in North Jersey pleaded guilty May 28 to his role in a $6 million mortgage fraud scheme in which he allegedly conspired with 9 others to target 15 institutions in Newark and Elizabeth and used information about potential “straw buyers” along with falsified documents to obtain mortgage loans. Authorities believe the scheme caused establishments around $10 million in losses over a 4-year period.
Bicycle Bank Bandit indicted on 16 counts. The suspect dubbed the “Bicycle Bandit” was indicted May 28 on charges that he allegedly robbed 5 Northern Virginia banks and attempted to rob another between 2013 – 2015. The suspect was originally charged in March but escaped from a hospital where he was receiving treatment, triggering a large manhunt.
Non-sophisticated malware steals thousands of credentials from targeted SMBs. Security researchers from Kaspersky discovered a large malware campaign, dubbed Grabit that has infiltrated small and medium businesses worldwide across a variety of sectors with a commercial keylogger called HawkEye and several remote administration tools (RATs) distributed via emails containing malicious macro-laden Microsoft Word documents. The researchers reported that the campaign has collected about 10,000 files from the U.S., India, and Thailand since February.
Researchers find over 50 security flaws in D-Link NAS, NVR devices. Security researchers at SEARCH-LAB identified over 50 vulnerabilities in network-attached storage (NAS) and network video recorder (NVR) products from D-Link, including information leakage, authentication flaws, CGI vulnerabilities, input validation problems, and Web page issues, some of which attackers could exploit remotely to execute arbitrary code and take over affected devices.
Angler Exploit Kit exploiting new Adobe vulnerability, dropping CryptoWall 3.0. A security researcher at SANS Internet Storm Center discovered variants of the Angler Exploit Kit (EK) dropping CryptoWall ransomware on affected machines for the first time, and security researchers at FireEye observed that the EK added a recent Adobe Flash Player vulnerability in which attackers could exploit a race condition in its shader class to execute arbitrary code.
(Arkansas) LR man reaches a deal in IRS case. The former CEO, president, and manager of Little Rock-based Global Coal LLC pleaded guilty May 27 to charges alleging that he fraudulently sold millions of dollars’ worth of non-existent refined coal tax credits since starting the company in 2010.
(International) World soccer rocked by U.S., Swiss arrests of officials for graft. Seven Fédération Internationale de Football Association (FIFA) officials were arrested on U.S. corruption and face extradition in Switzerland May 27 after an investigation revealed FIFA officials were allegedly apart of corruption involving more than $150 million in bribes over a period of 24 years. U.S. officials reportedly plan to make more arrests in connection to the charges and announced a criminal investigation into the awarding of the next two World Cups.
(Oregon) ‘Short Stack Bandit’ pleads guilty to 5 Portland area bank robberies. A bank robbery suspect dubbed the “Short Stack Bandit” pleaded guilty May 26 to allegedly robbing 5 Portland-area banks and attempting to rob another from 2013 – 2014.
(New Jersey) Police seeking suspect in ATM thefts at Kearny Bank in North Arlington. Authorities are searching for a suspect that allegedly used a skimming device to steal over $100,000 dollars from more than 128 customers of Kearny Bank in North Arlington in April. The bank plans to reimburse affected customers.
(Texas) Ponzi man looking at eight years in stir. The former owner of Dallas-based GC Resources LLC pleaded guilty May 28 to charges connected to an alleged Ponzi scheme in which he solicited $11.8 million worth of investments in oil and gas wells that the company neither owned nor controlled and forged contracts to fool victims.
(International) Apache Cordova glitch allows tampering with mobile app behavior. A security researcher at Trend Micro discovered a high-severity security flaw in Android apps built with Apache Cordova which could allow an attacker to use locally compromised apps or remote web servers to inject malicious intent bundles by taking advantage of default behavior preferences in the Cordova framework.
(International) Flash Player vulnerability exploited 2 weeks after Adobe’s patch release. Security researchers at FireEye discovered that cybercriminals are targeting outdated versions of Adobe’s Flash player with drive-by attacks that leverage a memory corruption vulnerability to deliver the Bedep trojan, which initiates click-fraud activities and an infection cycle that funnels in additional malware through redirects.
(International) Rockwell addresses weak password protections in its HMI software. Rockwell Automation patched a vulnerability in its RSView32 human machine interface (HMI) software in which an attacker with local access could exploit weak, outdated user-defined password encryption algorithms to reveal passwords and gain access to the automation environment.
Orchard Lake attorney charged with conducting mortgage fraud scheme. An Orchard Lake attorney and his company, Home Legal Group PLLC, were charged May 22 for allegedly defrauding over 114 victims by falsely promising mortgage modifications to clients seeking to avoid foreclosure and collecting hundreds of thousands of dollars in fees from the victims.
New Linux-based router worm used in social network scheme. Security researchers at ESET discovered a new piece of malware, known as Moose, that primarily spreads by compromising unsecure Linux-based consumer routers and can eavesdrop on communications. Compromised devices steal unencrypted network traffic, mostly from social network sites, and act as a proxy service for botnet operators.
SEC Charges Deutsche Bank with misstating financial reports during financial crisis. The U.S. Securities and Exchange Commission (SEC) reported May 26 that Deustche Bank AG agreed to pay $55 million to settle charges that the bank allegedly filed misstated financial reports during the financial crisis that discounted material gap risks for potential losses estimated to be in the billions of dollars. The SEC also ordered the bank to avoid committing similar violations in the future. Source: http://
Apache HBase fixes denial-of-service, info disclosure flaw. Apache released a fix for a vulnerability in its HBase software in which a remote attacker with network access could create a denial-of-service (DoS) condition and read sensitive information by exploiting insecure Access Control Lists (ACLs) on the ZooKeeper quorum.
Synology fixes XSS, command injection vulnerabilities in NAS software. Taiwan-based Synology released software updates addressing security vulnerabilities in DiskStation Manager (DSM) network attached storage (NAS) software that runs on the company’s DiskStation and RackStation devices, including a cross-site scripting (XSS) bug that could allow attackers to steal victims session tokens and login credentials or perform arbitrary actions, and a command injection flaw that exposes devices to cross-site request forgery (CSRF) attacks.
Massive campaign uses router exploit kit to change routers’ DNS servers. A security researcher discovered an active campaign in which attackers are targeting Google Chrome browser users with cross-site request forgery (CSRF) code attacks via compromised Web sites with the intent of compromising routers and changing their domain name system (DNS) settings to point to a hacker-controlled server. Researchers believe that millions of devices across 55 router models made by several manufacturers have been affected in the campaign.
New PoS malware hits victims via spam campaign: FireEye. Security researchers at FireEye discovered a new type of point-of-sale (PoS) malware dubbed NitlovePoS that can capture and exfiltrate both track one and two data from payment cards by running process on compromised machines, and is distributed via emails containing Word documents with embedded malicious macros.
Emerson patches SQL injection vulnerability in ICS product. Emerson’s Process Management group released a software addressing a structured query language (SQL) injection vulnerability in its AMS Device Manager in which an attacker could escalate privileges and gain access to administrative functions by supplying a malformed input to the software. The AMS Device Manager is part of the AMS Suite and is used in many industrial control systems (ICS) worldwide, especially in the oil, gas, and chemical industries.
South Florida men targeted seniors around the world in $28M sweepstakes fraud, feds say. Authorities arrested 4 individuals in connection to a sweepstakes fraud ring that allegedly bilked about $28 million from hundreds of thousands of victims internationally by targeting senior citizens with false notifications of sweepstake winnings that were guaranteed in exchange for small payments from the winners.
Apache Hive infrastructures vulnerable to authentication flaw in HiveServer2. Apache reported that a vulnerability in all versions of its HiveServer2 interface for Apache Hive enterprise data warehouse infrastructure in which users without proper credentials could gain access by exploiting a flaw in the Lightweight Directory Access Protocol (LDAP) authentication mode. The company recommended that users update to the newest version or disable unauthenticated binds in the LDAP service.
Flawed Android factory reset allows recovery of sensitive data: researchers. Security researchers at the University of Cambridge discovered that up to 500 million Android devices may not properly sanitize data partitions containing credentials and other personal data when users utilize the “factory reset” feature.
mSpy finally admits they’ve been hacked. Officials from mSpy announced that their servers had been breached, and that data from 80,000 customers could have been stolen and leaked on the Dark Web. The software is intended for legal monitoring of individuals’ online and phone activity.
Major banks admit guilt in forex probe, fined $6 billion. Citigroup, JP Morgan, Barclays, the United Bank of Switzerland (UBS), and the Royal Bank of Scotland (RBS) agreed to plead guilty and pay $6 billion in fines May 20 in a settlement with the U.S. Federal Reserve and U.S. Department of Justice (DOJ) to resolve charges of foreign currency exchange manipulation that had occurred until regulators started punishing banks for the misconduct in 2013. The settlement represents the largest antitrust fines issued by the DOJ in agency history.
State finds 103 credit-card skimmers in 3-month inspection of gas pumps. Florida’s Commissioner of Agriculture and Consumer Services announced May 19 that a 3-month inspection of 7,571 gas pumps revealed 103 credit-card skimming devices across the State. The Florida Petroleum Council and the Florida Petroleum Marketers and Convenience Store Association plan to train employees to be vigilant for skimmers.
PayPal to pay $25 mln over credit product problems. The U.S. Consumer Financial Protection Bureau (CFPB) announced allegations May 19 that PayPal illegally signed consumers up for an online credit product without their knowledge or permission, and has issued the company to pay $25 million in fines to the government and consumer refunds. The CFPB also alleged that PayPal Credit failed to honor advertised promotions and charged illegitimate late fees when Web site problems prevented customers from making payments.
TLS protocol flawed, HTTPS connections susceptible to FREAK-like attack. Cryptography and security researchers discovered that approximately 8.4 percent of the top one million domains containing mail and web servers are vulnerable to an attack dubbed Logjam, in which an attacker could compromise a secure communication between a client and server by downgrading the transport layer security (TLS) connection to 512-bit export-grade cryptography due to left over variants of the Diffie-Hellman cryptographic key exchange mechanism from the 1990s. The attack method is similar to the one used in the Factoring RSA Export Keys (FREAK) attacks from early 2015
Millions of routers vulnerable to attacks due to NetUSB bug. Security researchers at SEC Consult discovered a kernel stack buffer overflow vulnerability in NetUSB drivers developed by Taiwan-based KCodes, in which an unauthenticated attacker can execute arbitrary code or cause a denial-of-service (DoS) condition by specifying a computer name longer than 64 characters when the client connects to the server. The driver is found in millions of routers from vendors including Netgear, TP-Link, ZyXEL, and TRENDnet.
Google fixes sandbox escape in Chrome. Google patched 37 bugs in Chrome version 43, including 6 high-risk sandbox-escape, cross-origin bypass, and use-after-free vulnerabilities discovered by various security researchers.
Malvertising leads to Magnitude exploit kit, ransomware infection. Security researchers at Zscaler discovered that attackers are using malicious ads and 302 cushioning attacks to direct users to sites hosting the Magnitude exploit kit (EK), which in turn infects users with CryptoWall ransomware. The researchers reported that most of the threat infrastructure for these attacks is housed in Germany.
Thieves use skimmer to get away with $50,000 from Lincolnwood ATM: Lincolnwood police are searching for 2 suspects who allegedly placed skimming devices on an ATM at a BMO Harris Bank in Chicago and stole at least $50,000 from bank customers since April 26. A similar incident in January cost bank customers $70,000, and bank officials reported that all affected accounts will be fully reimbursed.
Accused ‘ghost employee’ pleads guilty to bank fraud: A man described by authorities as a former “ghost employee” of the Knox County Trustee’s Office pleaded guilty May 18 for allegedly conspiring with 2 others to file false loan applications to defraud Bank of America, SmartBank, and Pinnacle National Bank of over $6.7 million, which they used for personal expenses. The man also faces separate charges for receiving pay for work for a former trustee that he did not do.
St. Louis Federal Reserve suffers DNS breach: The St. Louis Federal Reserve reported that hackers hijacked its domain name servers (DNS’) April 24 and redirected a portion of the bank’s online traffic to rogue sites resembling portions of its research.stlouisfed.org Web site. The bank recommended that potentially affected users change login information that could have been compromised in the attack.
Attackers use trojanized version of PuTTY to steal SSH credentials: Security researchers at Symantec discovered that actors are using a malicious version of the PuTTY open-source secure shell (SSH) software to access systems remotely and steal data by copying secure server connection info and login details to be sent to an attacker-controlled server. The software bypasses common firewalls and security products due to its whitelisted status and used by system and database administrators and web developers.
Address bar spoofing bugs found in Safari, Chrome for Android: Security researchers identified address bar vulnerabilities in the Safari and Chrome for Android Web browsers in which attackers could leverage Web page reloads via the setInterval() function in Safari and a problem in how Chrome handles 204 ‘No Content’ responses to render spoofed Web pages.
Finter Bank Zurich to pay $5.4 million in deal with U.S. over tax offenses: Finter Bank Zurich reached a settlement with the U.S. Department of Justice May 15 in which the bank agreed to pay $5.4 million to avoid U.S. prosecution for helping U.S. clients open, conceal, and maintain bank accounts, undeclared assets, and income from U.S. tax authorities from 2008 – 2011. The bank provided detailed information on designated accounts, agreed to close accounts that do not meet U.S. obligations, and agreed to implement new controls to stop future misconduct.
FBI hunts for serial bank robber dubbed ‘Lucky Bandit’: The FBI is offering a $2,500 reward for information leading to the arrest of the suspect dubbed the “Lucky Bandit”, who is wanted in connection to 8 robberies in Pembroke Pines, Cooper City, and Hollywood in a 6 month span.
Theft ring accused of using Oregon data breach to help steal $2 million in tax refunds: Five suspects from Georgia and Maryland were indicted May 7 for their roles in an identity-theft ring which they allegedly mined the personal information of over 125,000 people to file $6.6 million in false tax returns from 2013 – 2014, $2 million of which they successfully collected. Four of the suspects have been arrested while one remains at large.
Aparche fixes vulnerability affecting security manager protections: The security team responsible for Apache Tomcat discovered a vulnerability in multiple versions of the software’s open-source web server and servlet container that could allow an attacker to bypass protections for the Security Manager component and run malicious web applications.
Washington Post mobile site temporarily shut down in apparent hack: The Washington Post confirmed that it was the victim of an apparent hack May 14 after the paper’s mobile Web site was blocked and redirected users to a site claiming to be run by the Syrian Electronic Army. No customer information was impacted.
Connecticut fund executive faces new SEC fraud charges: The U.S. Securities and Exchange Commission charged and froze the assets of a former Oak Investment Partners venture capital executive from Greenwich, May 13, alleging that the suspect transferred $27.5 million worth of investors’ funds to himself, induced his firm to overpay for investments into 2 Asian e-commerce companies for which he pocketed $20 million, and induced the firm to pay I-Cubed Domains LLC $7.5 million for its stake in an e-commerce company without disclosing that he and his wife owned I-Cubed Domains and had purchased the stake for $2 million.
Delco mortgage lender charged with $9.7M fraud scheme: A former co-owner of Folsom-based Capital Financial Mortgage Corporation was charged May 13 for his role in a $9.7 million mortgage fraud scheme in which he allegedly defrauded lenders including Wells Fargo & Co., and Customers Bank into purchasing second mortgages that he represented as first mortgages and defrauded other lenders that loaned money to the company on a warehouse line of credit. Authorities claim he used the fraudulent profits to pay for personal expenses.
FBI increases reward for serial ‘Bandage Bandit’ bank robbery suspect: The FBI increased the reward for information leading to the arrest of the bank robber dubbed the “Bandage Bandit” to $10,000, after a May 9 robbery at a Chase Bank in Chicago was attributed to him, bringing the total to 5 robberies since March.
Cisco TelePresence vulnerable to unauthorized root access, denial of service: Cisco reported two vulnerabilities in versions of its TelePresence TC and TE video conference products in which an attacker could exploit improper authentication protocols for internal services to bypass authentication and obtain root access on the system, and a flaw in the network drivers in which an attacker could use specially crafted internet protocol (IP) packets sent at a high rate to cause a denial-of-service (DoS) condition.
APT17 DeputyDog hackers are pushing Blackcoffee malware using TechNet: Research by FireEye revealed that the APT17 threat group used posts and profiles on the TechNet blog as a way to conceal their use of the Blackcoffee backdoor by embedding strings that the malware would decode to find and communicate with the malware’s true command-and-control (C&C) server. The TechNet blog was not compromised and the operation was shut down, but FireEye warned that other groups may mimic the tactic.
XSS, CSRF vulnerabilities identified in WSO2 Identity Server: Researchers at SEC Consult discovered three cross-site scripting (XSS), cross-site request forgery (CSRF), and extensible markup language (XML) external injection vulnerabilities in version 5.0.0 of WSO2 Identity Server that could allow an attacker to take over a victim’s session, add arbitrary users to the server, or inject arbitrary XML entities.
Flaw found in OSIsoft product deployed in critical infrastructure sectors: OSIsoft advised customers to mitigate an incorrect default permissions vulnerability in its PI Asset Framework (PI AF) in which an unauthorized remote attacker could leverage “Trusted Users” group status in some product installations to execute arbitrary structured query language (SQL) statements on the affected system, potentially leading to information disclosure, data tampering, privilege escalation, and/or denial-of-service (DoS) conditions.
Russian cyber espionage group planning to hit banks: Report: The cybersecurity services and training provider root9B discovered that the cyberespionage group APT28, also known as Pawn Storm, Sednit, Fancy Bear, Tsar Team, and Sofacy, has planned attacks on financial institutions worldwide including Bank of America, The United Nations Children’s Fund, and others. The group was previously linked to Russia by cybersecurity experts.
Nomura, RBS face $805 million damages after U.S. ruling –lawyer: A U.S. District Judge ruled May 11 that Nomura Holdings Inc., and the Royal Bank of Scotland Group Plc., were liable for making false statements in the sale of mortgage-backed securities to Fannie Mae and Freddie Mac. Officials estimated that the damages owed to the Federal Housing Finance Agency could exceed $805 million, while the exact amount is yet to be determined.
Flash Player 184.108.40.206 addresses security holes: Adobe released updates for Flash Player that fixed 18 vulnerabilities, including 10 memory corruption, heap overflow, integer overflow, type confusion, and use-after-free bugs that could allow an attacker to run arbitrary code on an affected system.
Mozilla Firefox 38 fixes 13 vulnerabilities, 5 are critical: Mozilla released fixes for 13 vulnerabilities in Firefox version 38, including 5 critical flaws that could be leveraged to execute arbitrary code or read parts of the memory containing sensitive data. The update also added support for Digital Rights Management (DRM), among other improvements.
Adobe rolls out critical update for Reader and Acrobat: Adobe released new versions for Acrobat and Reader PDF software patching 34 vulnerabilities, 17 of which include use-after-free, heap-based buffer overflow, and buffer overflow to memory corruption bugs that could have allowed an attacker to execute arbitrary code and take control of an affected system.
Microsoft fixes 46 flaws in Windows, IE, Office, other products: Microsoft released patches addressing 46 vulnerabilities across various products, including 3 critical security bulletins that covered remote code execution flaws in Windows, Internet Explorer, Office, Microsoft .NET Framework, Lync, and Silverlight.
“VENOM” flaw in virtualization software could lead to VM escapes, data theft: Security researchers from CrowdStrike discovered a vulnerability in virtualization platforms in which an attacker could exploit a flaw in the virtual floppy disk controller component of the QEMU open-source visualization package to escape from a guest virtual machine (VM) to gain code execution on the host in addition to any other VMs running on the affected system. The bug has been dubbed VENOM and affects a variety of virtualization software running on all major operating systems (OS’).
SEC charges ITT Educational, CEO, CFO with fraud; shares plunge. The U.S. Securities and Exchange Commission charged ITT Educational Services Inc., its chief executive officer, and chief financial officer May 12 with fraud, alleging that the defendants concealed two poorly performing financially-guaranteed student loan programs by making payments on behalf of struggling borrowers and by hiding the extent of losses due to high default rates.
DDoS botnet relies on thousands of insecure routers in 109 countries. An investigation by the Web site security company Incapsula revealed that cybercriminals are using tens of thousands of Internet service providers (ISP) distributed home routers with default security configurations to create large botnets for distributed denial of service (DDoS) attacks. Findings revealed that 60 command and control (C&C) servers were being used for the botnets by a variety of groups employing various forms of malware worldwide.
FBI agent shot at motel; suspect dead: An FBI agent was injured May 8 after being fired upon while trying to serve an arrest warrant at a Littleton motel to the bank robbery suspected dubbed “The Longhorn Bandit,” who had allegedly robbed multiple banks in the area since February. Authorities reported that officers did not fire any shots, and that the suspect was found dead in his room.
MacKeeper patches serious remote code execution flaw: The developers of the MacKeeper utility software suite for Apple OS X patched a critical input validation vulnerability which an attacker could exploit to remotely execute code on affected systems by tricking victims to visit a specially crafted Web site that runs code with root privileges once visited.
Angler EK makes it difficult to track down malvertising sources: A security expert discovered that the Angler Exploit Kit (EK) is leveraging Web browser bugs to break the referrer chain, making it more difficult for security researchers and advertising networks to determine the kit’s source in the campaign.
Apple fixes webkit vulnerabilities in Safari browser. Apple released an update for its Safari Web browser fixing multiple vulnerabilities in Webkit, including memory corruption and anchor element issues that could be exploited by an attacker to send users to malicious Web sites, leading toarbitrary code execution or unexpected application termination, as well as a state management problem in which unprivileged origins could access filesystem contents via a specially crafted Web page.
Six people convicted in Sacramento-area mortgage fraud scheme: Six Sacramento residents were convicted of wire fraud May 6 in connection to a mortgage fraud scheme in which they served as straw buyers for area homes and obtained over $5 million in loans from 2007 – 2008 by using falsified applications and documentation.
US charges ex-Wilmington Trust officers over troubled loans: Four executives from Wilmington Trust Co., a part of M&T Bank Corp, were indicted May 6 on charges alleging that they concealed the amount of loans that were not being repaid from U.S. regulators following the financial crisis. The U.S. Securities and Exchange Commission previously brought related civil charges against the individuals for their roles.
Ex-MillerCoors executive, 7 others charged for $7 mln fraud: U.S. authorities announced charges May 6 against a former MillerCoors executive and seven others for their roles in an alleged scheme in which they defrauded the brewing company out of at least $7 million by falsely billing for promotional and marketing services. The individuals allegedly used the money for personal expenses, collectible firearms, and investments in a hotel and bar, among other things.
Feds: Republic man gathers $14.5 million for phony video games: Authorities unsealed Federal charging documents revealing that the former owner of multiple video game companies including Interzone Entertainment, LLC, and Spectacle Games, was indicted in June 2014 on charges of wire fraud and money laundering after the suspect allegedly raised over $14.5 million from clients for companies in Missouri, Chicago, Australia, Brazil, and China since 2008, which produced less than $2,300 in revenue in that period. Authorities claimed the suspect solicited funds to create video games, but instead used the money for personal expenses.
Cisco plugs critical vulnerability in UCS Central Software: Cisco reported that it released an update addressing a vulnerability in its Unified Computing System (UCS) Central Software versions 1.2 and older that could have allowed attackers to access information, run arbitrary code, or make affected devices unavailable by leveraging an improper input validation flaw in the software’s Web framework.
WordPress 4.2.2 fixes DOM-based XSS bug affecting millions of websites: WordPress developers released a critical security update for the platform’s content management system (CMS) addressing a critical cross-site scripting (XSS) flaw in all plugins and themes utilizing the Genericons icon font package, in which attackers could take over an affected Web site or execute code remotely via a document object model (DOM)-based XSS attack targeting a file called “example.html.”
Lenovo patches vulnerabilities in system update service: Security researchers from IOActive reported that Lenovo patched three vulnerabilities in April including a serious bug that allows least privileged users to potentially run commands as a system administrator due to the use of a predictable authentication token, another in which an attacker could bypass signature validation by creating a fake certificate authority (CA) to swap out executables being downloaded by System Update, and a third in which local users could run commands as an administrator using a directory writeable by any user.
Tinba banking trojan checks for sandbox before launching: Security researchers from F-Secure discovered a new variant of the Tiny Banker (Tinba) trojan, which checks for mouse movement and the active window a user is working on to ensure that it is executed on a real machine and not a sandbox before running its malicious routines. The trojan also queries the number of cylinders available to the system’s storage device to determine if it is a virtual machine.
Ripple Labs Inc. resolves criminal investigation: The U.S. Treasury Department Financial Crimes Enforcement Network (FinCEN) in conjunction with the U.S. Attorney’s Office of the Northern District of California assessed a $700,000 penalty against San Francisco-based Ripple Labs Inc., and its subsidiary, XRP II, LLC May 5, for willful violations of the Bank Secrecy Act. Violations include selling virtual currency without registering with FinCEN, and failing to implement and maintain an adequate anti-money laundering program.
SEC lawsuit alleges Ponzi scheme over North Dakota ‘man camps.’: The U.S. Securities and Exchange Commission (SEC) sued North Dakota Developments LLC and its three owners May 5, for an alleged fraud and Ponzi scheme in which the suspects illegally raised over $62 million from hundreds of investors in at least 12 States and multiple European countries since 2012 by selling stakes in 4 short-term housing projects for oil workers in the Bakken oil field region in North Dakota and Montana, known as “man camps.” The SEC claimed that the trio paid investors from other invested funds and misappropriated over $25 million for hidden broker commissions, payment to themselves, and investment in other Bakken projects.
Longhorn Bandit strikes again: Suspect robs credit union in Broomfield; 9th target, FBI says: Denver authorities are searching for a suspect dubbed the “Longhorn Bandit” who is allegedly responsible for six bank robberies, one casing, and two attempted robberies in the area since February. The suspect’s most recent robbery included a Public Service Credit Union branch in Broomfield May 4.
New AlphaCrypt ransomware delivered via Angler EK: Security researchers at Webroot and Rackspace discovered and determined that a new form of ransomware resembling TeslaCrypt and CryptoWall, dubbed AlphaCrypt, is being delivered via the Angler exploit kit (EK). Researchers stated that it differs from other ransomware variants by deleting volume snapshot services (VSS) and executing quietly in background processes to avoid detection.
New infostealer tries to foil analysis attempts by wiping hard drive: Security researchers from Cisco discovered a new information-stealing trojan dubbed Romberik, which is being delivered via spoofed emails purporting to be from the “Windows Corporation,” and hooks into users’ browsers to read credentials and other sensitive information for exfiltration to an attacker-controlled server. If the trojan detects an analysis attempt, it attempts to destroy the affected computer’s hard disk by overwriting the system’s master boot record (MBR).
Cybercriminals borrow from APT playbook in attack against PoS vendors: Security researchers at RSA and FireEye reported cybercriminals began mimicking cyberespionage advanced persistent threat (APT) groups by deploying spear-phishing campaigns designed to infect point-of-sale PoS payment systems. The attacks delivered the Vawtrak banking trojan and a new document-based exploit kit (EK) called Microsoft Word Intruder (MWI).
Crimeware infects one-third of computers worldwide: The Anti-Phishing Working Group (APWG) reported that 23.5 million malware variants were detected in the fourth quarter of 2014, setting a new record that was up 59 percent from the second quarter of 2014. According to researchers, the retail/service industry was the most targeted sector, specifically through payment services.
3 suspects charged with credit, debit card fraud: Salem, Oregon police reported that three suspects from California were arrested April 23 on charges of identity theft related to a regional skimming scheme in which the suspects allegedly planted skimming devices at various locations to steal credit and debit card information that they used to purchase thousands of dollars of merchandise in multiple cities in Oregon. Authorities recovered over 100 fraudulent credit and debit cards, electronics, clothing, gift cards, and $3,500 in currency in searches of the suspects’ vehicle and hotel room.
3 convicted in $9.2-million wire fraud scheme: Three businessmen were convicted of wire fraud May 1 for a scheme in which they used two New Zealand-based companies, Unistate Investments Savings and Loan Limited, as well as Aster Capital, Inc., and Vital Funds, Inc., to offer clients alternative capital financing and collected account arrangement fees on deals that were never closed, costing clients about $9.2 million in losses. One additional suspect remains a fugitive while two others pleaded guilty to their roles in the scheme.
“Cotton Ball Bandit” convicted for 10 bank robberies: A Lakspur, California man dubbed the “Cotton Ball Bandit” was convicted April 29 for robbing 10 banks and attempting to rob another throughout Marin County between December 2012 and December 2013. Police arrested the suspect after he robbed the Novato Bank of the West in 2013 and led officers on a chase before crashing near Northgate Mall on U.S. Highway 101 in San Rafael.
Kearny bank branch in North Arlington says skimmer was hooked up to ATM: Authorities are investigating after reporting May 1 that 128 Kearny Bank customers in North Arlington, New Jersey, may have had their credit or debit card data stolen after a skimmer device was found on an ATM machine at the bank.
PayPal fixes remote code execution flaw in Partner Program website: PayPal fixed a vulnerability discovered by Vulnerability Lab researchers in its Partner Program Web site which would allow an attacker to leverage a bug in the site’s Java Debug Wire Protocol (JDWP) service to remotely execute server-side commands with root privileges.
Mozilla moving toward full HTTPS enforcement in Firefox: The Mozilla Foundation reported that it will be phasing out unsecured hypertext transfer protocol (HTTP) connections in the Firefox browser in a two-phase plan, in which the company will only offer new browser features to secure, HTTPS (HTTP Secure)-enabled Web sites, before ultimately making existing features incompatible with HTTP sites altogether.
2 men arrested with hundreds of fraudulent credit cards: Two individuals were arrested April 29 in Palm Desert for burglary, fraud, identity theft, and possession of stolen property after authorities discovered hundreds of manufactured credit cards, purchased gift cards, and stolen clothing and electronics from several local businesses in a rental car. Investigators allege the pair racked up tens of thousands of dollars in fraudulent charges in the area with stolen credit card numbers from victims across the U.S.
Security bug in ICANN portals exploited to access user data: The Internet Corporation for Assigned Names and Numbers (ICANN) released April 30 initial findings from an investigation revealing that a vulnerability in two of the organizations generic top-level domain (gTLD) portals had resulted in the exposure of 330 advanced search result records pertaining to 96 applicants and 21 registry operators since April 2013. The organization plans to contacboth the affected users and those who exploited the vulnerability to access the records.
Unnoticed for years, malware turned Linux and BSD servers into spamming machines: Security researchers at ESET discovered that servers running BSD and Linux operating systems (OS) worldwide have been targeted for the past 5 years by a group that compromised systems via a backdoor trojan that would use a commercial automated e-mail distribution system to send out anonymous emails.
Dyre banking trojan jumps out of sandbox: Security researchers at Seculert discovered a new strain of the Dyre banking trojan, called Dyreza, that evades detection by checking for the number of processor cores running on an infected machine, and terminating itself if there is only one. The researchers also noted that the new strain changed to a new user agent and incluother minor updates to avoid signature-based detection products.
MySQL bug can strip SSL protection from connections: Researchers at Duo Security identified a serious vulnerability in how versions of Oracle’s MySQL database product handle requests for secure connections, in which an attacker could use a man-in-the-middle (MitM) attack to force an unencrypted connection and intercept unencryptoed queries from the client to the database. In this scenario, the attack could occur regardless of whether or not the server is toggled to require secure socket layer (SSL).
FBI offers $5,000 after ‘Bandage Bandit’ hits fourth bank in last month: The FBI offered a $5,000 reward for information leading to a suspect dubbed the “Bandage Bandit” who allegedly robbed 4 Chicago banks since March 31, including a PNC Bank branch on Western Avenue April 28.
Barracuda fixes critical MITM flaws in its Web filter: Barracuda Networks issued a security update patching two critical flaws in the firmware of its Web Filter appliances in which an attacker could perform man-in-the-middle (MitM) attacks due to vulnerabilities in certificate verification when performing secure socket layer (SSL) inspection and the use of default certificates for multiple machines.
Bartalex malware used to deliver Dyre banking trojan to enterprises: Security researchers at Trend Micro discovered a campaign employing thousands of spam emails purporting to be from the Automated Clearing House (ACH) that point to malicious documents on Dropbox containing the Bartalex malware, which downloads the Dyre banking trojan once macros are enabled. Thirty-five percent of the infections observed in the past 3 months were in the U.S.