Friday, September 27, 2013



Friday, September 27, 2013   

Complete DHS Daily Report for September 27, 2013

Daily Report

Top Stories

 • Between 20 and 30 cars derailed near Amarillo, Texas, after 3 freight trains collided, injuring 4 crew members. – Associated Press

8. September 25, Associated Press – (Texas) 3 freight trains collide in Texas, 4 crew hurt. Between 20 and 30 cars derailed near Amarillo after 3 freight trains collided. Four crew members were injured and authorities said there was no immediate timetable as to when the tracks will be cleared. Source: http://www.kansascity.com/2013/09/25/4506772/3-bnsf-trains-in-collision-near.html

 • A power failure shut down the Metro-North Railroad and Amtrak service north of New York City, forcing tens of thousands of commuters to cope with jammed, delayed trains or long alternative routes to work. – Wall Street Journal

13. September 25, Wall Street Journal – (New York) Power failure hits Metro-North, Amtrak. A power failure shut down the Metro-North Railroad and Amtrak service north of New York City, forcing tens of thousands of commuters to cope with jammed, delayed trains or long alternative routes to work. Officials from Con Edison reported that it could take as long as 2 to 3 weeks to restore electricity to the section of overhead wires at Mount Vernon where a 138-kilovolt feeder line failed. Source: http://online.wsj.com/article/SB10001424052702303796404579097793898983768.html

 • Authorities recaptured a California prison inmate at his home in Jessieville, Arkansas, after he escaped 36 years ago. – Reuters

29. September 25, Reuters – (California; Arkansas) California prison escapee recaptured after 36 years. Authorities recaptured a California prison inmate September 25 at his home in Jessieville, Arkansas, after he escaped 36 years ago. He became California’s longest sought fugitive inmate to be caught. Source: http://news.msn.com/crime-justice/california-prison-escapee-recaptured-after-36-years

 • Kaspersky released a report on an advanced persistent threat cyberespionage campaign dubbed Icefog that has been targeting a variety of industrial, government, and communications organizations since 2011. – Softpedia See item 30 below in the Information Technology Sector

Details

Banking and Finance Sector

3. September 25, U.S. Attorney’s Office, Northern District of Illinois; Federal Bureau of Investigation – (Illinois) Ten defendants indicted in alleged $14.5 million mortgage fraud scheme that resulted in $8 million loss to lenders. Ten individuals were indicted for allegedly running a $14.5 million mortgage fraud scheme that used straw buyers to obtain mortgage loans for properties primarily in Chicago’s south and west sides, causing at least $8 million in losses to lenders. An eleventh individual was charged separately in connection to the scheme. Source: http://www.fbi.gov/chicago/press-releases/2013/ten-defendants-indicted-in-alleged-14.5-million-mortgage-fraud-scheme-that-resulted-in-8-million-loss-to-lenders

For another story, see item 22 below from the Healthcare and Public Health Sector

22. September 24, WFOR 4 Miami – (Florida) Holy Cross Hospital informs former patients of data breach. Holy Cross Hospital in Ft. Lauderdale notified 9,900 patients that their personal information may have been inappropriately accessed by a former employee from November 2011 and August 2013. The hospital terminated the employee after discovering the information was accessed to allegedly file fraudulent tax returns. Source: http://miami.cbslocal.com/2013/09/24/holy-cross-hospitals-inform-former-patients-of-data-breach/

Information Technology Sector

30. September 26, Softpedia – (International) Icefog cybercriminals launch hit and run attacks against high-profile organizations. Kaspersky released a report on an advanced persistent threat (APT) cyberespionage campaign dubbed Icefog that has been targeting a variety of organizations since 2011. The campaign targets military contractors, telecoms, maritime and shipbuilding organizations, satellite operators, media, governments, and high-tech companies mainly in Japan and South Korea but with some targets in the U.S. and several European and Asian countries. Source: http://news.softpedia.com/news/Icefog-Cybercriminals-Launch-Hit-and-Run-Attacks-Against-High-Profile-Organizations-386293.shtml

31. September 26, Softpedia – (International) New malware Napolar steals information, launches DDoS attacks. Researchers from Avast and ESET analyzed a new piece of malware dubbed Napolar, whose author is Solarbot, that is capable of stealing information and launching distributed denial of service (DDoS) attacks. The malware is being sold for $200 and is being distributed to targets through Facebook. Source: http://news.softpedia.com/news/New-Malware-Napolar-Steals-Information-Launches-DDOS-Attacks-386317.shtml

32. September 26, V3.co.uk – (International) Microsoft uncovers Sefnit trojan return after Groupon click-fraud scam. Researchers at Microsoft discovered a new version of the Sefnit click fraud trojan being used as a botnet to defraud Groupon and other popular Web sites. Source: http://www.v3.co.uk/v3-uk/news/2297027/microsoft-uncovers-sefnit-trojan-return-after-groupon-click-fraud-scam

33. September 26, Softpedia – (International) Patches released to fix 4 XSS vulnerabilities in IP.Board 3.4.5 and IP.Gallery 5.0.5. Invision Power Services released patches to address four cross-site scripting (XSS) vulnerabilities in IP.Board 3.3.4, IP.Board 3.4.5, IP.Gallery 4.2.1, and IP.Gallery 5.0.5. Source: http://news.softpedia.com/news/Patches-Released-to-Fix-4-XSS-Vulnerabilities-in-IP-Board-3-4-5-and-IP-Gallery-5-0-5-386478.shtml

34. September 26, ZDNet – (International) Google Hangouts/GTalk glitch sends chats to wrong recipients. Some users of Google Hangouts and GTalk reported experiencing an issue September 26 where messages were being delivered to unintended recipients. Google reported that they were investigating the issues. Source: http://www.zdnet.com/google-hangoutsgtalk-glitch-sends-chats-to-wrong-recipients-7000021195/

35. September 25, Threatpost – (International) Javascript issue plagues Mailbox app for iOS. A security researcher found that the Mailbox app for iOS automatically executes any Javascript contained in an HTML email, presenting a security issue that could be taken advantage of to a variety of attacks. Source: http://threatpost.com/javascript-issue-plagues-mailbox-app-for-ios

For another story, see item 15 below from the Transportation Systems Sector

15. September 24, Alaska Dispatch – (Alaska) iPhone map app directs Fairbanks drivers on airport taxiway. At least twice in the past 3 weeks, drivers from outside of Fairbanks unknowingly crossed the runway and drove to the ramp side of the passenger terminal at the Fairbanks International Airport while following directions from iPhones. Airport authorities closed the aircraft access route and Apple officials have said that the map application would be fixed by September 25. Source: http://www.alaskadispatch.com/article/20130924/iphone-map-app-directs-fairbanks-drivers-airport-taxiway

Communications Sector

36. September 26, WIS 10 Columbia – (South Carolina) Orangeburg Co. phone service restored. Frontier Communications restored cell and land phone service to residents in Orangeburg County September 26 after a fiber line was cut near Bowman September 25. Source: http://www.live5news.com/story/23532150/phone-service-outage-reported-for-parts-of-orangeburg-county

For another story, see item 30 above in the Information Technology Sector