Friday, October 24, 2014



Complete DHS Report for October 24, 2014

Daily Report

Top Stories

 · Power was restored and new motors installed at a wastewater treatment plant in Honolulu, Hawaii, October 22 after the plant was overwhelmed by 20 million gallons of untreated sludge and storm water from Hurricane Ana October 19. – Associated Press

16. October 23, Associated Press – (Hawaii) Honolulu restoring power to sewage plant damaged by 20 million gallons of untreated sludge. The City of Honolulu reported that crews installed new motors at the Sand Island Wastewater Treatment Plant October 22 after the plant was overwhelmed by sludge and storm water from Hurricane Ana October 19. The storm sent 20 million gallons of untreated sludge into the plant’s below-ground areas, cutting power to the plant as well as allowing around 5,000 gallons of sewage to flow into Honolulu Harbor. Source: http://www.dailyjournal.net/view/story/d256ec13b23b4fbeb70f647662645d0b/HI--Sewage-Plant/

 · Ventura County, California officials reported that around 68,000 gallons of raw sewage spilled in Moorpark due to a blockage during the October 18-19 weekend but was not reported until October 20. – Associated Press; Ventura County Star

17. October 23, Associated Press; Ventura County Star – (California) 68,000 gallons of raw sewage spill in Moorpark. Ventura County officials reported that around 68,000 gallons of raw sewage spilled in Moorpark due to a blockage during the October 18-19 weekend but was not reported until October 20. The area of the spill in the Arroyo Simi was sandbagged to isolate and clean the sewage and the blockage was cleared while residents were advised to avoid contact with the water for at least 72 hours Source: http://www.ktvu.com/news/ap/california/68000-gallons-of-raw-sewage-spill-in-moorpark/nhqTC/

 · Authorities are investigating after medical records including the personal information of 40,000 former and current patients of a Jersey City, New Jersey internist were stolen from a storage shed outside the doctor’s office. – Jersey Journal

20. October 22, Jersey Journal – (New Jersey) Medical records of 40,000 patients stolen from Jersey City doctor’s office, police say. Authorities are investigating after medical records including Social Security numbers and the personal information of 40,000 former and current patients of a Jersey City internist were stolen from a storage shed outside the doctor’s office the week of October 21. Source: http://www.nj.com/hudson/index.ssf/2014/10/medical_records_of_40000_patients_stolen_from_jersey_city_doctors_office_police_say.html

 · The FBI arrested and charged a National Weather Service employee working out of the Wilmington, Delaware office October 21 for allegedly hacking into the restricted U.S. Army Corps of Engineers’ National Inventory of Dams. – Dayton Daily News

25. October 21, Dayton Daily News – (National) FBI arrests Weather Service employee for alleged cyber hacking. The FBI arrested and charged a National Weather Service employee working out of the Wilmington office October 21 for allegedly hacking into the restricted U.S. Army Corps of Engineers’ National Inventory of Dams, which contains detailed information about dams nationwide, in May 2012 and downloading sensitive files from the inventory. Source: http://www.daytondailynews.com/news/news/fbi-arrests-weather-service-employee-for-alleged-c/nhpKt/

Financial Services Sector

Nothing to report

Information Technology Sector

27. October 23, Softpedia – (International) CryptoWall 2.0 delivered through malvertising on Yahoo and other large sites. Proofpoint researchers observed a recent campaign using malicious advertisements on Yahoo, 9gag, and other popular Web sites to deliver the CryptoWall 2.0 ransomware via the FlashPack Exploit Kit. The exploit kit exploits vulnerabilities in Adobe Flash Player to deliver the ransomware that encrypts users’ files and demands a ransom to decrypt them. Source: http://news.softpedia.com/news/CryptoWall-2-0-Delivered-Through-Malvertising-On-Yahoo-and-Other-Large-Sites-462970.shtml

28. October 23, Securityweek – (International) 1.2 million networking devices vulnerable due to NAT-PMP issues. A security researcher with Rapid7 reported October 21 that the company identified around 1.2 million Internet-connected devices that are vulnerable to various attacks due to poor implementation or configuration of the Network Address Translation – Port Mapping Protocol (NAT-PMP). The vulnerabilities could allow attackers to perform denial of service (DoS) attacks, intercept traffic, or perform other malicious actions. Source: http://www.securityweek.com/12-million-networking-devices-vulnerable-due-nat-pmp-issues

29. October 22, Softpedia – (International) Apple warns users of attack targeting iCloud site. Apple confirmed reports of man-in-the-middle (MitM) attacks against its iCloud service that employed an insecure certificate and advised users not to dismiss browser warnings regarding the security of content. The attacks trigger warnings in the Chrome and Firefox browsers but not in Qihoo, the most popular Web browser in China. Source: http://news.softpedia.com/news/Apple-Warns-Users-of-Attack-Targeting-iCloud-Site-462846.shtml

For another story, see item 21 below from the Government Facilities Sector

21. October 22, Securityweek – (International) ‘Operation Pawn Storm’ cyber-espionage campaign hits organizations. Trend Micro researchers identified a cyberespionage operation dubbed “Operation Pawn Storm” that uses targeted emails and compromised Web sites to infect users in government, military, and media organizations with the SEDNIT (also known as Sofacy) malware. Source: http://www.securityweek.com/operation-pawn-storm-cyber-espionage-campaign-hits-organizations

Communications Sector

30. October 22, KMA 960 AM Shenandoah – (Iowa) 911, Internet and cable service back in southwest Iowa. Internet, telephone, cable, and 9-1-1 services were restored to Mediacom customers across southwest Iowa after a fiber cable ruptured causing a widespread outage that affected Montgomery and Adams counties for several hours October 22. Source: http://www.kmaland.com/news/internet-and-cable-service-back-in-southwest-iowa/article_7a361bee-5a28-11e4-9f56-0017a43b2370.html

31. October 22, WEHT 25 Evansville – (Kentucky) Crews work to repair broken fiberoptic AT&T line. Crews spent 8-10 hours working to restore AT&T Internet, phone, and cable services in Daviess County after a construction crew hit a fiber optic line in the Hawesville area October 22. Source: http://www.tristatehomepage.com/story/d/story/crews-work-to-repair-broken-fiberoptic-att-line/80091/yUrjQV5v-k6BTwEpyuTYaQ

32. October 22, Scranton Times-Tribune – (Pennsylvania) The sound of radio silence: WARM transmitter fails, station off air. WARM 590 AM Scranton went off air September 15 and filed for a notice to suspend operations September 25 to the U.S. Federal Communications Commission due to a transmitter failure located near Falls. Engineers worked to identify the technical issue in order to bring the station back on air. Source: http://thetimes-tribune.com/news/the-sound-of-radio-silence-warm-transmitter-fails-station-off-air-1.1775261

Thursday, October 23, 2014



Complete DHS Report for October 23, 2014

Daily Report

Top Stories

 · The U.S. National Highway Traffic Safety Administration October 22 expanded a recall affecting vehicles with airbags manufactured by Takata to a total of 7.8 million from 6.1 million that were announced October 21. – Reuters 

1. October 21, Associated Press – (Connecticut) US oversight increased at Millstone nuclear plant. The U.S. Nuclear Regulatory Commission announced October 21 that it was increasing oversight at the Millstone nuclear power plant in Waterford due to the length of time it took plant operators to address problems with a back-up cooling pump at the plant. Source: http://www.greenwichtime.com/news/article/US-oversight-increased-at-Millstone-nuclear-plant-5837614.php

 · Matson Terminals Inc. agreed to plead guilty to two violations of the Rivers and Harbors Act of 1899 and pay a $1 million penalty for illegally discharging more than 233,000 gallons of molasses into Honolulu Harbor in September 2013 after a pipe in its ship cracked, killing more than 25,000 fish. – KHON 2 Honolulu

11. October 21, KHON 2 Honolulu – (Hawaii) Matson to pay $1 million for Honolulu Harbor molasses spill. Matson Terminals Inc. agreed to plead guilty to two violations of the Rivers and Harbors Act of 1899 and pay a $1 million penalty for illegally discharging more than 233,000 gallons of molasses into Honolulu Harbor in September 2013 after a pipe in its ship cracked, killing more than 25,000 fish. Source: http://khon2.com/2014/10/21/matson-to-pay-1-million-for-honolulu-harbor-molasses-spill/

 · Two St. John the Baptist Parish Utilities Department employees were indicted October 20 for allegedly lying and falsifying data about a public water system infected with the deadly Naegleria fowleri amoeba. – New Orleans Times-Picayune 

18. October 20, New Orleans Times-Picayune – (Louisiana) Brain-eating amoeba inquiry yields charges that 2 St. John employees lied about water samples. Two St. John the Baptist Parish Utilities Department employees were charged October 20 with lying and falsifying data about a public water system infected with the deadly Naegleria fowleri amoeba. Authorities discovered the employees had lied about the amount and results of water samples that were collected at the Lions treatment plant in Reserve and the end of the system in Mount Airy after Louisiana health officials reported the presence of the amoeba in August. Source: http://www.nola.com/crime/index.ssf/2014/10/indictment_from_brain-eating_a.html

 · Microsoft disclosed a vulnerability affecting most current releases of Microsoft Windows that allows an attacker to perform remote code execution if a user opens a specially-crafted Microsoft Office file containing a malicious Object Linking and Embedding (OLE) object. – Securityweek See item 20 below in the Information Technology Sector
 
Financial Services Sector

3. October 21, Associated Press – (New Mexico) Belen woman pleads guilty to a bank fraud charge. A Belen woman pleaded guilty October 21 for making fraudulent withdrawals from Belen Railroad Employees Credit Union accounts causing around $118,376 in losses to her employer. Source: http://www.demingheadlight.com/deming-news/ci_26774959/belen-woman-pleads-guilty-bank-fraud-charge

4. October 21, U.S. Attorney’s Office, Eastern District of Virginia – (Virginia) Vienna investment advisor pleads guilty to defrauding numerous elderly and widowed clients. A Vienna, Virginia resident and former investment advisor for Apple Federal Credit Union affiliate Apple Financial Services pleaded guilty October 21 to using his position to misappropriate between around $1 million and $7 million from customers. Source: http://www.justice.gov/usao/vae/news/2014/10/20141021emasnr.html

Information Technology Sector

20. October 22, Securityweek – (International) Windows zero-day exploited in targeted attacks through PowerPoint. Microsoft reported that it has observed limited targeted attacks exploiting a zero-day vulnerability in the company’s Object Linking and Embedding (OLE) technology which could allow an attacker to perform remote code execution if a user opens a specially-crafted Microsoft Office file. The vulnerability affects all current Microsoft Windows releases except Windows Server 2003 and Microsoft advised users to apply a series of workarounds until a patch can be released. Source: http://www.securityweek.com/windows-zero-day-exploited-targeted-attacks-through-powerpoint

21. October 22, Help Net Security – (International) Koler worm spreads via SMS, holds phones for ransom. Researchers at AdaptiveMobile identified a new variant of the Koler worm for Android that spreads via a bitly link that directs users to a Dropbox page where the malware is disguised as an app. The malware then blocks infected devices’ screens with a fake law enforcement page and demands a ransom to be paid via Money Pak Voucher. Source: http://www.net-security.org/malware_news.php?id=2890

22. October 22, Help Net Security – (International) Attackers change home routers’ DNS settings via malicious code injected in ads. Sucuri Security researchers identified a malvertising campaign that embeds malicious code into an ad hosted on the googlesyndication.com network and attempts to change the DNS settings on users’ home routers in order to lead them to potentially malicious Web sites. Source: http://www.net-security.org/malware_news.php?id=2891

23. October 22, Help Net Security – (International) Malware directs stolen documents to Google Drive. Researchers with Trend Micro identified a new piece of information-stealing malware dubbed Drigo that uploads any .PDF, text, and Microsoft Word, Excel, and PowerPoint files to a Google Drive account. The researchers reported that the malware appears to be targeting government agencies and reported the Google Drive account associated with the malware to Google. Source: http://www.net-security.org/malware_news.php?id=2888

24. October 21, Securityweek – (International) Apple fixes security flaws with release of iOS 8.1. Apple released an update to its iOS 8 mobile operating system, closing several vulnerabilities and adding new features. Source: http://www.securityweek.com/apple-fixes-security-flaws-release-ios-81

Communications Sector

Nothing to report