Tuesday, July 29, 2014


Complete DHS Report for July 29, 2014

Daily Report

Top Stories

 · Four doctors, an attorney, and several clinic employees were among the 11 allegedly involved in handing out prescription drugs for cash throughout clinics across several Indiana counties. – WTHR 13 Indianapolis
18. July 28, WTHR 13 Indianapolis – (Indiana) DEA serves search warrants at several Indiana clinics. Four doctors, an attorney, and several clinic employees were among the 11 allegedly involved in handing out prescription drugs for cash throughout clinics across several Indiana counties. The illegal drug operation was reportedly based in an office in Carmel and included four other sites where patients would receive prescriptions without any exams in exchange for cash. Source: http://www.wthr.com/story/26112815/2014/07/25/dea-serves-search-warrants-at-several-indiana-clinics

 · Crews reached 59 percent containment July 27 of the 250,514-acre Carlton Complex Fire which has destroyed an estimated 300 homes in Washington, and firefighters also reached 25 percent containment of the Chiwaukum Complex Fire in Chelan County, Washington, which has burned 12,320 acres. – KCPQ 13 Tacoma

19. July 27, KCPQ 13 Tacoma – (Washington) Carlton Complex fire burns 391 square miles, hundreds of homes. Crews reached 59 percent containment July 27 of the 250,514-acre Carlton Complex Fire which has destroyed an estimated 300 homes in north-central Washington. Firefighters also reached 25 percent containment of the Chiwaukum Complex Fire in Chelan County which has burned 12,320 acres. Source: http://q13fox.com/2014/07/26/300-homes-lost-in-carlton-complex-fire-now-59-contained-interactive-map/

 · A man from England was indicted July 24 for offenses that enabled him to access sensitive information belonging to more than 100,000 federal government employees by breaching the systems of several U.S. government entities. – Softpedia 

20. July 27, Softpedia – (International) Englishman indicted for stealing thousands of U.S. government employee records. A man from England was indicted July 24 in the Eastern District of Virginia for offenses that enabled him to access sensitive information belonging to more than 100,000 federal government employees by breaching the systems of the U.S. Department of Energy, the U.S. Sentencing Commission, FBI’s Regional Computer Forensics Laboratory, and Deltek, Inc., among several others. The man was able to exploit a security vulnerability in Adobe ColdFusion gaining administrator-level access to the networks using custom file managers. Source: http://news.softpedia.com/news/Englishman-Indicted-for-Stealing-Thousands-of-US-Government-Employee-Records-452280.shtml

 · One person was killed and at least 13 others were injured July 27 when a lightning bolt struck the water and beach at Venice Beach in Los Angeles, California. – CNN 

31. July 28, CNN – (California) One dead, 13 injured after lightning strikes at Southern California beach. One person was killed and at least 13 others were injured July 27 when a lightning bolt struck the water and beach at Venice Beach in Los Angeles. Lightning also struck near a golf course on Catalina Island, injuring one individual. Source: http://www.reuters.com/article/2014/07/28/us-usa-lightning-idUSKBN0FW0TJ20140728


Financial Services Sector

6. July 25, U.S. Securities and Exchange Commission – (National) Citigroup business unit charged with failing to protect confidential subscriber data while operating alternative trading system. New York-based LavaFlow Inc., agreed July 25 to pay $5 million to settle U.S. Securities and Exchange Commission charges that the Citigroup business unit failed to safeguard the confidential trading data of its subscribers when it allowed an affiliate to access the LavaFlow-operated alternative trading system (ATS). Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542371114#.U9Zy6fldVKI

For another story, see item 20 above in Top Stories

Information Technology Sector

24. July 28, Softpedia – (International) XSS flaw fixed in Barracuda Spam and Virus Firewall. Vulnerability Laboratory researchers discovered a non-persistent cross-site scripting (XSS) vulnerability in the Barracuda Spam and Virus Firewall web application affecting versions 5.1.3 and earlier that allowed a potential attacker to hijack session information or execute a non-persistent code. The vulnerability was patched July 15 after researchers notified the developer. Source: http://news.softpedia.com/news/XSS-Flaw-Fixed-in-Barracuda-Spam-and-Virus-Firewall-452377.shtml

25. July 26, Softpedia – (International) Remotely exploitable flaws fixed in Siemens SCADA system. Siemens patched 5 vulnerabilities discovered in its SIMATIC industrial automation system, four of them presenting remote exploitation risk, after an advisory by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) which explained that the flaws resided in the SIMATIC WinCC product which is a supervisory control and data acquisition (SCADA) system. Source: http://news.softpedia.com/news/Remotely-Exploitable-Flaws-Fixed-in-Siemens-SCADA-System-452219.shtml

26. July 25, Softpedia – (International) XML-RPC abused in brute-force attacks against WordPress sites. Sucuri researchers found new brute-force attacks delivered against WordPress Web sites leverage the XML-RPC protocol and the wp.getUersBlogs function have increased since July 4 with 2 million attempts originating from 17,000 different IP addresses. Source: http://news.softpedia.com/news/XML-RPC-Abused-In-Brute-Force-Attacks-Against-WordPress-Sites-452143.shtml

For another story, see item 20 above in Top Stories

Communications Sector

27. July 27, Juneau Empire – (Alaska) ACS restores service to southeast customers. Internet and cell phone service was restored July 26 to Alaska Communications customers in southeast Alaska after an underwater fiber optic cable was severed due to an earthquake July 25. Other network carriers were able to provide service to customers while crews continued work to repair the cable. AT&T cell service was also down due to the damaged cable that hindered service for several hours. Source: http://juneauempire.com/local/2014-07-25/acs-restores-service-southeast-customers

Monday, July 28, 2014




Complete DHS Report for July 28, 2014

Daily Report

Top Stories

 · Four people were injured July 24 when a vehicle collided with a semi-truck on Interstate 95 in Chesterfield County, Virginia, prompting the 12-hour closure of southbound lanes before authorities reopened all but two lanes. – WTVR 6 Richmond
10. July 24, WTVR 6 Richmond – (Virginia) All lanes back open after tanker truck overturns on I-95. Four people were injured in an accident involving a vehicle that collided with a semi-truck carrying gasoline on Interstate 95 in Chesterfield County July 24 prompting the 12-hour closure of southbound lanes before authorities reopened all but two lanes. Crews worked to pump out gasoline from the overturned semi-truck in order to contain the leak and clear the scene. Source: http://wtvr.com/2014/07/24/interstate-95-tractor-trailer-crash/

· An outpatient opened fire July 24 at the Mercy Wellness Center in Delaware County, Pennsylvania, killing a caseworker and injuring a doctor who reportedly exchanged gunfire with the suspect, wounding the outpatient. – USA Today
17. July 24, USA Today – (Pennsylvania) Pa. doctor shoots patient who killed caseworker. A psychiatric outpatient opened fire July 24 in an office at the Mercy Wellness Center of Mercy Fitzgerald Hospital in Delaware County, Pennsylvania, killing a caseworker and injuring a doctor who reportedly exchanged gunfire with the suspect, wounding the outpatient. Source: http://www.11alive.com/story/news/nation/2014/07/24/shooting-wellness-center/13118213/

· The U.S. State Department announced July 24 that its main computer system for processing visa and passport applications worldwide was brought back online at limited capacity after it crashed during the week of July 21 during routine maintenance on the consular database. – IDG News Service

19. July 24, IDG News Service – (International) State Department computer crash slows visa, passport applications worldwide. The U.S. State Department announced July 24 that its main computer system for processing visa and passport applications worldwide crashed during the week of July 21 after routine maintenance on the consular database. The system was brought back online but remained at limited capacity while officials worked to correct the problem. Source: http://www.networkworld.com/article/2458181/state-department-computer-crash-slows-visa-passport-applications-worldwide.html

· Two people died and 31 others were injured July 24 when a tornado ripped through the Cherrystone Campground in Capes Charles, Virginia, prompting the evacuation of about 1,300 people and damaging several motor homes. – Reuters

30. July 24, Reuters – (Virginia) Storm kills two, injures 31 at Virginia campground. A tornado likely ripped through the Cherrystone Campground in Capes Charles July 24, killing two individuals and injuring 31 others. About 1,300 people were evacuated from the campground after the storm overturned vehicles and trees smashed through the roofs of motor homes. Source: http://www.reuters.com/article/2014/07/25/us-usa-virginia-storm-idUSKBN0FT1WI20140725

Financial Services Sector

5. July 24, U.S. Securities and Exchange Commission – (New York) Morgan Stanley to pay $275M to settle subprime charges. Morgan Stanley agreed July 24 to pay $275 million to harmed investors to resolve allegations by the U.S. Securities and Exchange Commission that three of the investment firm’s entities misrepresented the delinquency status of mortgage loans and misled investors in the sale of more than $2.5 billion in residential mortgage-backed securities (RMBS). Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542355594

6. July 24, Reuters – (National) Bank of America to pay $16.6 million to resolve U.S. sanctions violations. The U.S. Treasury Department announced July 24 that Bank of America agreed to pay $16.6 million in penalties to resolve allegations that the financial institution knowingly processed about $91,000 in transactions for six designated narcotics traffickers subject to U.S. sanctions between 2005 and 2009. A Bank of America representative stated that the bank addressed the problem in 2009 when it improved its sanctions-related systems and controls. Source: http://www.reuters.com/article/2014/07/24/us-bankofamerica-sanctions-settlement-idUSKBN0FT1V220140724

For another story, see item 25 below in the Information Technology Sector

Information Technology Sector

23. July 25, Threatpost – (International) TAILS team recommends workarounds for flaw in I2P. TAILS operating system developers claimed a vulnerability in the I2P anonymity network software affecting versions 1.1 and earlier can be mitigated with a couple of workarounds, though the vulnerability has yet to be patched. Source: http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107422

24. July 25, Softpedia – (International) Cloud botnets used for mining crypto-currency. Researchers from Bishop Fox created a botnet capable of mining several hundred dollars in Litecoin crypto-currency on a daily basis using free services of multiple cloud-computing businesses. Conducted distributed denial of service (DDoS) attacks was determined to be another way to use the machines. Source: http://news.softpedia.com/news/Cloud-Botnets-Used-for-Mining-Crypto-Currency-452030.shtml

25. July 24, SC Magazine – (International) Sony to shell out $15M in PSN breach settlement. Sony released a statement July 24 claiming it reached an agreement to pay $15 million in a preliminary settlement associated with the April 2011 hacking of its PlayStation Network system, its on-demand service Qriocity, and gaming portal Sony Online Entertainment, exposing the personal data of roughly 77 million users. Source: http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/

26. July 24, Threatpost – (International) More details of Onion/Critroni crypto ransomware emerge. Kaspersky Lab and other researchers found that the Critroni or CTB-Locker dubbed Onion uses a number of features that separate it from other forms of malware including that the ransomware is spread through Andromeda using a version of the asymmetric ECDH (Elliptic Curve Diffie-Hellman) algorithm. Source: http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-encryption/107408

27. July 24, Softpedia – (International) Popular wireless home alarms can be hacked from afar. Two security researchers found that wireless home alarm systems are vulnerable to remote hijacking which would allow for access into the protected environment without tripping the alarm due to the signals lack of encryption or authentication. The tools used to hack into systems are available for purchase, potentially allowing intruders to completely disable the alarm from 10 feet. Source: http://news.softpedia.com/news/Popular-Wireless-Home-Alarms-Are-Easy-to-Hack-452023.shtml

Communications Sector

Nothing to report