Friday, August 30, 2013



  
Complete DHS Daily Report for August 30, 2013

Daily Report

Top Stories

 • Officials closed the Bay Bridge that connects San Francisco and Oakland, California, August 27 until September 3 so that workers can complete a new eastern span. – CNN

9. August 28, CNN – (California) California’s Bay Bridge closure starting. Officials closed the Bay Bridge that connects San Francisco and Oakland for August 27 so that workers can complete a new eastern span. The bridge is scheduled to reopen September 3. Source: http://www.cnn.com/2013/08/28/us/california-bay-bridge-closure/index.html

 • The U.S. Fish and Wildlife Services and U.S. Geological Survey issued a report that found hydraulic fracturing fluids that spilled from a natural gas well site near Acorn Fork, Kentucky, in 2007 were the cause of a fishkill in a nearby stream. – WFPL 89.3FM Louisville

20. August 28, WFPL 89.3FM Louisville – (Kentucky) Study finds 2007 eastern Kentucky fish kill likely caused by natural gas fracking fluid. The U.S. Fish and Wildlife Services jointly with the U.S. Geological Survey issued a report that found hydraulic fracturing fluids, spilled from a natural gas well site near Acorn Fork in 2007, were the cause of the death of fish in an eastern Kentucky stream. The study reported lesions found on the fish gills were consistent with exposure to acidic water and toxic concentrations of heavy metals found in samples from a nearby natural gas well site. Source: http://wfpl.org/post/study-finds-2007-eastern-kentucky-fish-kill-likely-caused-natural-gas-fracking-fluid

 • Firefighters reached 23 percent containment of California’s Rim Fire after it burned over 187,000 acres August 29, with full containment expected by September 10. – Los Angeles Times

24. August 29, Los Angeles Times – (California) Rim fire spreading more slowly; containment expected in 2 weeks. Firefighters reached 23 percent containment of California’s Rim Fire after it burned over 187,000 acres August 29. Officials expect full containment by September 10. Source: http://www.latimes.com/local/lanow/la-me-ln-rim-fire-containment-20130828,0,2975657.story

 • The domain and hosting service for several media sites hit by defacement and redirect attacks August 27 confirmed that the company’s systems were compromised due to successful spearphishing emails. – Softpedia See item 32 below in the Information Technology Sector

Details

Banking and Finance Sector

4. August 28, Associated Press – (New York) Son of prominent financier enters NY plea, joins 3 siblings in admitting hiding $12M overseas. A man pleaded guilty in a New York City courtroom to hiding more than $12 million inherited from his father for the purpose of evading taxes. Three of his siblings also pleaded guilty to similar tax evasion. Source: http://www.greenfieldreporter.com/view/story/7ba8b1a61f7c49278b6b9f367e4ceae7/US--Tax-Fraud

For another story, see item 27 from the Government Facilities Sector below:

27. August 28, Chicago Tribune – (Illinois) Ex-aide to former Cook County board president convicted of theft, money-laundering. A former deputy chief of staff for a former Cook County board president was found guilty August 28 of theft and money-laundering charges after she stole over $300,000 with a second aide through use of fraudulent contracts and kickbacks paid in cash-stuffed envelopes. Source: http://articles.chicagotribune.com/2013-08-28/news/chi-exaide-to-todd-stroger-convicted-of-theft-moneylaundering-20130828_1_arrei-management-inc-cgc-communications-attorney-robert-podlasek

Information Technology Sector

32. August 29, Softpedia – (International) Melbourne IT confirms that Syrian Electronic Army used spear phishing in latest attack. Melbourne IT, the domain registration and hosting company that was compromised as part of attacks against several media Web sites, confirmed that the company’s systems were compromised due to some of its employees falling for spearphishing emails. Source: http://news.softpedia.com/news/Melbourne-IT-Confirms-that-Syrian-Electronic-Army-Used-Spear-Phishing-in-Latest-Attack-378945.shtml

33. August 28, Threatpost – (International) Kelihos relying on CBL blacklists to evaluate new bots. Researchers found that the peer-to-peer botnet Kelihos is now using legitimate, freely available composite blocking list (CBL) services to determine whether a potential victim’s IP address has been flagged as a spam source or proxy. Source: http://threatpost.com/kelihos-relying-on-cbl-blacklists-to-evalute-new-bots

34. August 28, Help Net Security – (International) Researchers detail attacks for compromising Dropbox user accounts. Researchers presenting at the USENIX Security Symposium published a paper that details how to reverse engineer frozen Python applications, including the Dropbox client, as well as, how to intercept Dropbox server SSL traffic bypass the service’s two factor authentication, and hijack Dropbox accounts. Source: http://www.net-security.org/secworld.php?id=15480

35. August 28, Threatpost – (International) Remote unauthenticated bug haunts Cisco ACS Server. Cisco warned of a remotely-exploitable vulnerability in several versions of its Secure Access Control Server (ACS) that can allow an attacker to take full control of a server if it is configured as a RADIUS server. Source: http://threatpost.com/remote-unauthenticated-bug-haunts-cisco-acs-server

Communications Sector

Nothing to report

Thursday, August 29, 2013



Complete DHS Daily Report for August 29, 2013

Daily Report

Top Stories

 • A section of southbound Interstate 81 in Montgomery County, Virginia, could be closed for up to 10 days after a scheduled blast caused a crack in an unstable slope near the highway to grow. – Roanoke Times

6. August 28, Roanoke Times – (Virginia) Unstable slope could close I-81 south in Montgomery Co. for several days. A section of southbound Interstate 81 in Montgomery County, Virginia, was closed August 27 and could be closed for up to 10 days after a scheduled blast caused a crack in an unstable slope near the highway to grow to about 120 feet in length. Source: http://www.roanoke.com/news/nrv/2183185-12/unstable-slope-could-close-i-81-south-in-montgomery.html\

 • Firefighters reached 23 percent containment of California’s Rim Fire August 28 as it burned 187,466 acres. – Los Angeles Times

15. August 28, Los Angeles Times – (California) Containment of Yosemite fire now 23% as blaze climbs record books. Firefighters reached 23 percent containment of California’s Rim Fire as it burned 187,466 acres August 28. More evacuations orders were announced for residents in the fire’s path after the blaze destroyed 111 buildings, including 31 homes. Source: http://www.latimes.com/local/lanow/la-me-ln-rim-fire-wednesday-20130828,0,248400.story

 • Hacktivists caused disruptions and redirects on Web sites belonging to the New York Times, the Huffington Post, and Twitter after they breached a domain registration and hosting company and modified the sites’ DNS records. – Softpedia  
See item 22 below in the Information Technology Sector

 • A Pennsylvania man pleaded guilty to installing backdoors on several government, university, telecoms, and commercial systems and offering access to them in exchange for payment. – Softpedia See item 23 below in the Information Technology Sector

Details

Banking and Finance Sector

2. August 27, Reuters – (International) JPMorgan’s former ‘London Whale’ supervisor arrested in Spain. A former JP Morgan Chase trader was arrested in Spain and faces extradition to the U.S. for allegedly trying to inflate the value of trading positions during a $6.2 billion financial scandal. Source: http://www.reuters.com/article/2013/08/27/us-jpmorgan-whale-idUSBRE97Q0D620130827

3. August 27, IDG News Service – (International) Cybercrime service automates creation of fake scanned IDs, other identity verification documents. Researchers at Group-IB identified a new Web-based cybercrime service that automates the creation of various forms of fake identification including passports, banking statements, and utility bills. Source: http://www.networkworld.com/news/2013/082713-cybercrime-service-automates-creation-of-273262.html

4. August 27, CNN (Nevada) Las Vegas Sands resolves laundering cases with $47 million deal. The U.S. Department of Justice and casino operator Las Vegas Sands agreed to a $47 million settlement in an non-prosecution agreement for the casino to avoid charges over its failure to report suspicious money wiring transactions by an alleged drug kingpin. Source: http://money.cnn.com/2013/08/27/news/companies/las-vegas-sands/index.html

5. August 26, Bloomberg News – (New York) Three charged with stealing Flow Traders trading software. Two former Flow Traders employees and one other individual were charged with allegedly stealing the firm’s electronic trading software and using it to create their own trading company. Source: http://www.bloomberg.com/news/2013-08-26/three-charged-with-stealing-flow-traders-trading-software.html

Information Technology Sector

22. August 28, Softpedia – (International) Syrian Electronic Army hacks Australian internet company, NYT and Twitter disrupted. Members of the Syrian Electronic Army hacktivist group caused disruptions and redirects on Web sites belonging to the New York Times, the Huffington Post, and Twitter August 27 after they breached Australian domain registration and hosting company Melbourne IT and modified the sites’ DNS records. Source: http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Australian-Internet-Company-NYT-and-Twitter-Disrupted-378637.shtml

23. August 28, Softpedia – (International) Hacker admits to selling access to U.S. Energy Department computers. A Pennsylvania man pleaded guilty to installing backdoors on several government, university, telecoms, and commercial systems and offering access to them in exchange for payment. Among others, the man offered undercover agents access to U.S. Department of Energy supercomputers that he had compromised via universities that had access to them. Source: http://news.softpedia.com/news/Hacker-Admits-Selling-Access-to-US-Energy-Department-Computers-378659.shtml

24. August 28, Softpedia – (International) Cloud hosting company DigitalOcean hit by DDoS attack. Cloud hosting service provider DigitalOcean announced that it was the target of a distributed denial of service (DDoS) attack August 28 that disrupted the company’s Web site and control panel. Source: http://news.softpedia.com/news/Cloud-Hosting-Company-DigitalOcean-Hit-by-DDOS-Attack-378713.shtml

Communications Sector

25. August 28, The Register – (International) Eggheads turn Motorola feature phone into CITYWIDE GSM jammer. Research presenting at the 22nd USENIX Security Symposium showed how an attacker could take advantage of a vulnerability in the GSM communications protocol to deny service to a network or individual user by using a phone to masquerade as another handset and prevent the original from establishing an authenticated connection. Source: http://www.theregister.co.uk/2013/08/28/german_boffins_mod_moto_into_citywide_gsm_jammer/

26. August 27, WRAL 5 Raleigh – (North Carolina) Severed cable affecting Robbins 911 service repaired. A CenturyLink fiber-optic cable along North Carolina highway 24/27 was cut August 27, causing a telephone service outage which affected phone and 9-1-1 services for several hours before being repaired. Source: http://www.wral.com/severed-cable-affecting-robbins-911-service-repaired/12822445/

For another story, see item 23 above in the Information Technology Sector

Wednesday, August 28, 2013



Wednesday, August 28, 2013   

Complete DHS Daily Report for August 28, 2013

Daily Report

Top Stories

 • Entergy Corp. announced that the Vermont Yankee Nuclear Power Station in Vernon, Vermont, will shut down permanently by the end of 2014, citing costs and market conditions. – Associated Press

2. August 27, Associated Press – (Vermont) Vermont Yankee nuke plant to close by end of 2014. Operator Entergy Corp. announced that the Vermont Yankee Nuclear Power Station in Vernon will shut down permanently by the end of 2014, citing costs, low wholesale energy prices, and market structures. The plant will remain under U.S. Nuclear Regulatory Commission oversight during its decommissioning process. Source: http://www.wfaa.com/news/business/221310401.html

 • Firefighters reached 20 percent containment of California’s 161,000-acre Rim Fire after the fire spread towards the Hetch Hetchy Reservoir, threatening hydroelectric generators, which were temporarily shut down. – CNN

21. August 27, CNN – (California) Yosemite wildfire grows, threatens reservoir, power station. Firefighters reached 20 percent containment of California’s 161,000-acre Rim Fire August 26. The fire spread towards the Hetch Hetchy Reservoir and potentially threatens San Francisco’s hydroelectric generators, which were temporarily shut down. Source: http://www.cnn.com/2013/08/27/us/california-yosemite-wildfire/

 • Several school districts around the Midwest cancelled classes, after-school sports practices, and games, and initiated early release schedules due to a heat wave. – Associated Press

22. August 26, Associated Press – (National) Heat prompts early dismissals in Midwest schools. Several school districts around the Midwest cancelled classes, after-school sports practices, and games, and initiated early release schedules due to a heat wave the week of August 26. Source: http://news.msn.com/us/heat-prompts-early-dismissals-in-midwest-schools

 • Researchers spotted a zero-day vulnerability in Java 6 currently being exploited in the wild, and warned there would be no patch for the older, unsupported Java version. – Softpedia See item 29 below in the Information Technology Sector

Details

Banking and Finance Sector

5. August 26, Reuters – (Indiana) SEC says Indiana man used Ponzi scheme to fund a reality TV show. The U.S. Securities and Exchange Commission charged a Noblesville man with running a $6 million Ponzi scheme that defrauded at least 37 investors through his Guaranty Reserves Trust LLC firm. Source: http://www.reuters.com/article/2013/08/26/us-sec-ponzi-realtitytv-idUSBRE97P0WV20130826

6. August 26, New London Day – (Connecticut) NL woman pleads guilty in credit card scam. A New London woman pleaded guilty to her role in a fraudulent credit card scheme that allowed her and 10 co-conspirators to steal more than $362,000 from victims’ accounts. Source: http://www.theday.com/article/20130826/NWS01/130829740/1047

7. August 26, Cincinnati Business Courier – (Ohio) Business partner pleads guilty in investment fraud case. An Auburn commodities trader pleaded guilty to defrauding investors of $5.2 million through his firm, TS Capital Management. Source: http://www.bizjournals.com/cincinnati/news/2013/08/26/tuberville-business-partner-pleads.html

8. August 23, Fort Lauderdale Sun-Sentinel – (Florida) Man targeted fellow Haitians in $30-million Ponzi scheme, prosecutors say. Federal prosecutors charged a Georgia man with allegedly running an affinity scam targeting Haitian Americans in south Florida that defrauded investors of $30 million. Source: http://www.sun-sentinel.com/news/palm-beach/fl-haitian-ponzi-schemer-charges-20130823,0,1571711.story

For another story, see item 30 below in the Information Technology Sector

Information Technology Sector

29. August 27, Softpedia – (International) Java 6 zero-day spotted in the wild, users advised to update to Java 7. Researchers at F-Secure spotted a zero-day vulnerability in Java 6 currently being exploited in the wild. Users are advised to update to Java 7 as there will be no patch for the no-longer-supported Java 6. Source: http://news.softpedia.com/news/Java-6-Zero-Day-Spotted-in-the-Wild-Users-Advised-to-Update-to-Java-7-378432.shtml

30. August 27, Softpedia – (International) New DirtJumper variant capable of bypassing DDOS mitigation systems. Arbor Networks researchers identified a new variant of the DirtJumper distributed denial of service (DDoS) malware which includes new features including the ability to bypass some DDoS mitigation mechanisms. Source: http://news.softpedia.com/news/New-DirtJumper-Variant-Capable-of-Bypassing-DDOS-Mitigation-Systems-378564.shtml

31. August 27, Softpedia – (International) Chinese cybercriminals leverage G-20 Summit in espionage campaigns. Researchers at Rapid7 identified recent attacks by Chinese hacker group the Calc Team (also known as APT-12) using three similar pieces of malware in spearphishing campaigns using the upcoming G-20 Summit as bait. Source: http://news.softpedia.com/news/Chinese-Cybercriminals-Leverage-G-20-Summit-in-Espionage-Campaigns-378552.shtml

32. August 27, Softpedia – (International) FBI warns of “search for missing children” spear phishing emails. The FBI warned users of a spearphishing campaign using three malicious files in emails and documents purporting to be from its National Center for Missing and Exploited Children. Source: http://news.softpedia.com/news/FBI-Warns-of-Search-for-Missing-Children-Spear-Phishing-Emails-378537.shtml

33. August 26, Threatpost – (International) Phony Adobe plug-in malware bypasses Craigslist spam controls. Researchers at Solera Networks discovered a spam campaign on Craigslist that uses malware on compromised machines to post spam advertisements. Source: http://threatpost.com/phony-adobe-plug-in-malware-bypassess-craigslist-spam-controls

Communications Sector

34. August 26, Laurinburg Exchange – (North Carolina) Downtown loses cable services. Time Warner Cable customers in Scotland County and surrounding areas, lost cable, Internet, and telephone services for more than five hours after a semi-truck damaged a fiber optic cable August 26. Source: http://www.laurinburgexchange.com/news/home_top/2399449/Downtown-loses-cable-services