Thursday, November 7, 2013



Complete DHS Daily Report for November 7, 2013

Daily Report

Top Stories

 • California regulators fined Pacific Gas and Electric Co. $8.1 million for flawed pipe inspections of 224 welds on natural gas pipelines from Petaluma to Lodi. – San Francisco Chronicle

1. November 5, San Francisco Chronicle – (California) PG&E fined $8 million for flawed pipe inspections. Pacific Gas and Electric Co. (PG&E) was fined $8.1 million November 5 by California regulators for the contractor, TC Inspections Inc.’s, faulty inspections of 224 welds on natural gas pipelines from Petaluma to Lodi during a testing replacement program that the utility company began after a 2010 San Bruno explosion that killed eight people. PG&E is excavating and re-inspecting the lines. Source: http://www.sfgate.com/bayarea/article/PG-amp-E-fined-8-million-for-flawed-pipe-4958491.php

• An Office of Inspector General and Office of Audits and Inspections audit revealed that 29 new weaknesses emerged from the U.S. Department of Energy’s network in 2013, which do not include older flaws that were found but have not been addressed. – Threatpost

29. November 4, Threatpost – (National) DOE audit reveals new weaknesses, and unpatched older flaws. An audit undertaken by the Office of Inspector General and the Office of Audits and Inspections revealed that 29 new weaknesses emerged from the U.S. Department of Energy’s network in 2013 in addition to 10 existing that the agency failed to fix after a 2012 audit. Source: http://threatpost.com/doe-audit-reveals-new-weaknesses-and-unpatched-older-flaws

 • Researchers have detected a new variant of the Shiz remote access trojan (RAT) being used to search infected systems for SAP applications, potentially as the reconnaissance phase of an attack campaign. – The Register See item 31 below in the Information Technology Sector

 • A suspicious fire at Hampton Greens in Bellevue, Washington, destroyed 10 apartments, injured 7 people, and caused an estimated $1.5 million in damages. – Seattle Times

43. November 5, Seattle Times – (Washington) 7 injured as 10 apartments burn in suspicious Bellevue blaze. A fire at Hampton Greens in Bellevue, Washington, November 5 destroyed 10 apartment units, left 7 people injured, and caused an estimated $1.5 million in damages to the building as well as $150,000 to the contents. Authorities are investigating the cause of the fire. Source: http://seattletimes.com/html/latestnews/2022197529_bellevuefirexml.html

Details

Financial Services Sector

5. November 6, Eugene Register-Guard – (Oregon) ‘Tall Man’ admits robberies. A man known as the “Tall Man Bandit” pleaded guilty November 5 to robbing four banks in Eugene and two in Springfield during February and March. Source: http://registerguard.com/rg/news/local/30693095-75/evans-bank-eugene-banks-march.html.csp

6. November 5, Tulsa World – (National) Tulsa woman admits guilt in six-figure prepaid debit card fraud. A Tulsa, Oklahoma woman pleaded guilty November 5 to her part in a multistate prepaid debit card fraud scheme that caused losses of between $200,000 and $400,000. The woman and her conspirators would induce employees at Walmart stores to activate prepaid debit cards by falsely claiming to be from the company’s headquarters or from prepaid debit card company Green Dot. Source: http://www.tulsaworld.com/news/crimewatch/tulsa-woman-admits-guilt-in-six-figure-prepaid-debit-card/article_7fdf9558-4673-11e3-bb78-0019bb30f31a.html

7. November 5, Softpedia – (International) Cybercriminals use Android trojan Svpeng for mobile phishing. Researchers at Kaspersky found that the Svpeng Android trojan has been enhanced with the ability to perform mobile phishing attacks targeting online banking and credit card information. The trojan currently targets Russian users but is already equipped with the ability to check for operating system language versions. Source: http://news.softpedia.com/news/Cybercriminals-Use-Android-Trojan-Svpeng-for-Mobile-Phishing-397388.shtml

Information Technology Sector

31. November 6, The Register – (International) It’s the Shiz: Mutant RAT spotted gnawing at SAP apps. Researchers have detected a new variant of the Shiz remote access trojan (RAT) being used to search infected systems for SAP applications, potentially as the reconnaissance phase of an attack campaign. The new variant includes its usual remote access features, as well as SAP-related capabilities with an unknown purpose. Source: http://www.theregister.co.uk/2013/11/06/sap_rat_malfeasance/

32. November 6, Softpedia – (International) CSRF vulnerability in Twitter allowed hackers to read DMs, post tweets. Twitter closed a cross-site request forgery (CSRF) vulnerability in its “add mobile device” feature after a researcher reported the issue. The vulnerability could have been leveraged to gain access to a user’s direct messages and to post tweets. Source: http://news.softpedia.com/news/CSRF-Vulnerability-in-Twitter-Allowed-Hackers-to-Read-DMs-Post-Tweets-397654.shtml

33. November 6, Softpedia – (International) FBI adds 5 hackers to Cyber Most Wanted list. The FBI added five new alleged cybercriminals to its Cyber Most Wanted list, including two accused of causing $50 million in damages by hacking into business telephone systems. Source: http://news.softpedia.com/news/FBI-Adds-5-Hackers-to-Cyber-Most-Wanted-List-397572.shtml

34. November 5, Krebs on Security – (International) Microsoft warns of zero-day attack on Office. Microsoft warned users of a zero day vulnerability in some versions of Office on systems running older versions of Windows. Microsoft offered a fix-it tool until a comprehensive patch can be issued. Source: http://krebsonsecurity.com/2013/11/microsoft-warns-of-zero-day-attack-on-office/

35. November 5, Threatpost – (International) Marketplace for phony Twitter followers is big business. Researchers at Barracuda Networks reported that cybercriminals behind fake Twitter accounts used to sell fake followers and spread malicious links have shifted to duplicating legitimate accounts in order to avoid detection and get better click-through rates on their malicious links. Source: http://threatpost.com/marketplace-for-phony-twitter-followers-is-big-business

36. November 5, IDG News Service – (International) Spike in traffic with TCP source port zero has some researchers worried. Researchers at Cisco Systems reported a significant increase in TCP traffic with source port zero over the November 2-3 weekend. The increase in traffic could be a precursor to attempts to compromise networks. Source: http://www.computerworld.com/s/article/9243809/Spike_in_traffic_with_TCP_source_port_zero_has_some_researchers_worried

Communications Sector

37. November 5, United Press International – (Washington) Copper thieves knock Spokane radio station off the air. Radio station KMBI-AM in Spokane ceased broadcasting after copper thieves stole wire from the transmission tower November 3, disrupting transmission. The theft resulted in several thousand dollars in repairs needed to rewire the tower and return service. Source: http://www.upi.com/Odd_News/2013/11/05/Copper-thieves-knock-Spokane-radio-station-off-the-air/UPI-31271383685851/

38. November 5, Cincinnati Business Courier – (National) Kroger's wireless phone company faces $8.7M fine. The Federal Communications Commission proposed fining I-Wireless $8.75 million in penalties for alleged abuse of the Lifeline program between October 2012 and April 2013. Source: http://www.bizjournals.com/cincinnati/news/2013/11/05/krogers-wireless-company-faces-87m.html

39. November 5, San Juan Islander – (Washington) Estimated 24 to 72 hours to repair broken fiber-optic line. An underwater break in a fiberoptic line shut down CenturyLink-operated cellphone service, long distance land-line service, and 911 calls on Orcas, Shaw, and Lopez islands. Source: http://sanjuanupdate.com/2013/11/internet-outage/

40. November 5, Broadcasting & Cable – (National) FCC proposes fining TBS $25,000 over 'Conan' promo. The Federal Communications Commission (FCC) proposed fining TBS $25,000 for a simulated Emergency Alert System warning used in a promotion that constituted a false distress signal in violation of FCC rules. Source: http://www.broadcastingcable.com/article/496427-FCC_Proposes_Fining_TBS_25_000_Over_Conan_Promo.php

For another story, see item 7 above in the Financial Services Sector