Friday, January 31, 2014




Complete DHS Report for January 31, 2014

Daily Report

 • Schools, government offices, and most roads in six outlying counties north of Mobile, Alabama, remained closed January 30 after a severe winter storm left people stranded on highways or involved in automobile accidents. – Mobile Press-Register

24. January 29, Mobile Press-Register – (Alabama) Schools, roads and some offices to remain closed until Thursday in Clarke, Conecuh, Covington, Escambia, Monroe and Washington counties. Emergency management officials reported that schools, government offices, and most roads in six outlying counties north of Mobile would remain closed January 30 after a severe winter storm left people stranded on highways or involved in automobile accidents. Source: http://blog.al.com/live/2014/01/schools_roads_and_some_offices.html

 • A 4-alarm fire broke out January 30 at a strip mall in Elizabeth, New Jersey, destroying eight stores and prompting officials to order the evacuation and demolition of surrounding stores and a church. – WNBC 4 New York City

33. January 30, WNBC 4 New York City – (New Jersey) 8 New Jersey stores, church to be demolished after 4-alarm blaze. A 4-alarm fire broke out January 30 at a strip mall in Elizabeth, New Jersey, destroying eight stores and prompting officials to order the evacuation and demolition of surrounding stores and a church. Authorities are investigating the cause of the fire. Source: http://www.nbcnewyork.com/news/local/Elizabeth-New-Jersey-4-Alarm-Fire-Stores-242732211.html

 • A fire destroyed the Geraghty Street Building in Fairbanks, Alaska, which contained apartment units, a second-hand furniture store, and offices January 29, and left several people injured while  displacing more than 50 residents. – Fairbanks Daily News-Miner

34. January 30, Fairbanks Daily News-Miner – (Alaska) Geraghty Street apartment fire leaves 50 homeless. A fire destroyed the Geraghty Street Building in Fairbanks which contained apartment units, a second-hand furniture store, and offices January 29, and left several people injured while displacing more than 50 residents. Officials are investigating the incident. Source: http://www.newsminer.com/news/local_news/fire-destroys-geraghty-street-apartment-building-several-people-injured/article_e5dc0c02-8916-11e3-8722-0017a43b2370.html

 • One person was injured and 40 residents were displaced in a January 29 fire at the Turner Plaza Apartments in Baton Rouge, Louisiana, which caused an estimated $1.25 million in damage at the  complex. – New Orleans Times-Picayune

37. January 29, New Orleans Times-Picayune – (Louisiana) Turner Plaza apartment fire began in area of heater, caused $1.25 million in damage. The Baton Rouge Fire Department responded to a fire at the Turner Plaza Apartments January 29, which caused an estimated $1.25 million in damage at the complex. One person was injured and 40 residents were displaced. Source: http://www.nola.com/traffic/baton-rouge/index.ssf/2014/01/turner_plaza_apartment_fire_be.html

Details

Financial Services Sector

3. January 30, KGW 8 Portland – (Oregon) 3 arrested in Beaverton for ID theft ring. Three individuals were arrested in Beaverton January 26 after their car was stopped on suspicion of shoplifting and were found in possession of 100 counterfeit credit cards as well as thousands of dollars’ worth of gift cards and stolen property. Source: http://www.kgw.com/news/3-arrested-in-Beaverton-for-ID-theft-ring-242625221.html

4. January 29, Newark Star-Ledger – (New Jersey) U.S. regulator accuses NJ mortgage lender PHH of kickback scheme. The Consumer Financial Protection Bureau announced charges January 29 against Mount Laurel-based mortgage lender PHH Corp., and several of its subsidiaries for allegedly collecting hundreds of millions of dollars through a 15-year kickback scheme by referring business to mortgage insurance companies in exchange for payments, causing customers to pay higher borrowing costs. Source: http://www.nj.com/business/index.ssf/2014/01/cfpb_accuses_nj_mortgage_lender_phh_of_mortgage_insurance_kickback_scheme.html

5. January 29, U.S. Attorney’s Office, Northern District of Illinois – (Illinois) U.S. indicts corporate audit director on securities fraud charges for allegedly profiting $286,000 from insider trading. A certified public accountant in Chicago was indicted on federal fraud charges for allegedly engaging in insider trading and making over $286,000 in illicit profits in 2012. The accountant was the director of corporate audit for Allscripts Healthcare Solutions Inc., and used nonpublic information he obtained in that position. Source: http://www.fbi.gov/chicago/press-releases/2014/u.s.-indicts-corporate-audit-director-on-securities-fraud-charges-for-allegedly-profiting-286-000-from-insider-trading

6. January 29, Reuters – (National) Target: Hackers attacked with stolen credentials. Target Corp., reported January 29 that the attackers who perpetrated a massive breach of customer payment card data used stolen vendor credentials to access the company’s systems. Source: http://news.msn.com/us/target-hackers-attacked-with-stolen-credentials

7. January 29, SC Magazine – (National) Neiman Marcus hack involved two pieces of malware. Neiman Marcus reported that two pieces of malware were used to compromise its systems in a recent data breach, with the first inserted before July 2013 which allowed the payment card scraping malware to be uploaded later in the year. Source: http://www.scmagazine.com//neiman-marcus-hack-involved-two-pieces-of-malware/article/331669/

Information Technology Sector

27. January 30, Softpedia – (International) Remote code execution vulnerability impacts Wikipedia and other MediaWiki sites. Researchers at Check Point identified a critical vulnerability affecting Web sites created with the MediaWiki platform that could be exploited for remote code execution. The MediaWiki Foundation issued a patch to close the vulnerability and advised users to update their installations. Source: http://news.softpedia.com/news/Remote-Code-Execution-Vulnerability-Impacts-Wikipedia-and-Other-MediaWiki-Sites-422079.shtml

28. January 30, The Register – (International) Security 101 fail: 3G/4G modems expose control panels to hackers. A researcher found that several 3G and 4G USB modems are vulnerable to cross-site request forgery (CSRF) attacks that could allow attackers to access the modem’s control panel Web page and tamper with the device. The vulnerabilities could be exploited to send messages to premium-rate numbers and steal user credentials. Source: http://www.theregister.co.uk/2014/01/30/3gmodem_security_peril/

29. January 30, Softpedia – (International) Barracuda Networks identifies rogue SignNow version in App Store. Barracuda Labs researchers identified a rogue version of their SignNow app in Apple’s App Store, and found that developers listed as GameStruct and Tektrify are uploading rogue versions of other apps as well. Source: http://news.softpedia.com/news/Barracuda-Networks-Identifies-Rogue-SignNow-Version-in-the-App-Store-422306.shtml

30. January 29, SC Magazine – (International) Before shutdown, ransomware op spreading “Icepol” caused 42,000 U.S. infections. Bitdefender and Romanian authorities analyzed servers seized in relation to the Icepol ransomware and found that the ransomware was installed around 42,400 times in the U.S. between May and September 2013. An estimated $32,000 was stolen from U.S. victims. Source: http://www.scmagazine.com//before-shutdown-ransomware-op-spreading-icepol-caused-42000-us-infections/article/331677/

31. January 29, Threatpost – (International) High-volume DDoS attacks top operational threat to businesses, service providers. Arbor Networks released its Worldwide Infrastructure Security Report and found that distributed denial of service (DDoS) attacks were the largest operational threat to service providers and enterprises, reaching unprecedented levels in 2013, among other findings. Source: http://threatpost.com/high-volume-ddos-attacks-top-operational-threat-to-businesses-service-providers/103933

For additional stories, see items 6 and 7 above in the Financial Services Sector

Communications Sector

32. January 28, Baltimore-Sun – (Maryland) Some Harford AT&T landline customers faced blackout Tuesday. Some businesses utilizing AT&T communications in the Bel Air area experienced problems with their landlines for several hours January 28 due to a third-party cable cut. Source: http://www.baltimoresun.com/news/maryland/harford/belair/ph-ag-att-outage-0129-20140128,0,1503659.story

Thursday, January 30, 2014


Complete DHS Report for January 30, 2014

Daily Report

 • A Russian man extradited overseas pleaded guilty in an Atlanta court to developing, selling, and customizing the SpyEye banking trojan that infected more than 1.4 million computers in order to steal millions of dollars. – Wired.com See item 2 below in the Financial Services Sector

 • Bainbridge Island, Washington officials estimated that 145,000 gallons of raw sewage spilled into Eagle Harbor January 23 due to a sewer pipe break. – Bainbridge Island Review

10. January 28, Bainbridge Island Review – (Washington) Broken sewer pipe spills 145K gallons of raw sewage into Eagle Harbor. Bainbridge Island officials estimated that 145,000 gallons of raw sewage spilled into Eagle Harbor January 23 due to a sewer pipe break. Crews stopped flow through the pipeline and set up a temporary bypass. Source: http://www.bainbridgereview.com/news/242459141.html

 • Healthcare providers are asking hospitals, dialysis centers, and doctors to use smaller IV bags of intravenous saline and find alternatives to cope with a nationwide shortage. – Washington Post

14. January 28, Washington Post – (National) Shortage of saline causes hospitals, dialysis centers to scramble to manage supply. Healthcare providers are asking hospitals, dialysis centers, and doctors to use smaller IV bags of intravenous saline and find alternatives to cope with a nationwide shortage. The U.S. Food and Drug Administration is working with three manufacturers of intravenous saline solutions to address the shortage, and is looking into alternative sources. Source: http://www.washingtonpost.com/national/health-science/shortage-of-saline-causing-hospitals-dialsysis-centers-to-scramble-to-manage-supply/2014/01/28/9cfe2b8c-8862-11e3-833c-33098f9e5267_story.html

 • Southern U.S. States were hit by a severe winter storm January 28 that prompted the closure of dozens of schools, students remaining sheltered overnight in schools, hours-long traffic gridlock, and the cancellation of more than 3,200 flights nationwide. – Associated Press 

20. January 29, Associated Press – (National) Winter storm socks the Deep South with snow, ice; students stranded in Alabama schools. Southern U.S. States were hit by a severe winter storm January 28 that dropped snow and ice, prompting the closure of dozens of schools and the cancellation of more than 3,200 flights nationwide. Students in several schools were forced to remain sheltered overnight while traffic was gridlocked for hours, causing hundreds of cars to slide off the road or into each other. Source: http://abclocal.go.com/ktrk/story?section=news/national_world&id=9411313

Details

Financial Services Sector

2. January 28, Wired.com – (International) Coder behind notorious bank-hacking tool pleads guilty. A Russian man extradited from the Dominican Republic pleaded guilty in an Atlanta court to developing, selling, and customizing the SpyEye banking trojan that infected more than 1.4 million computers. The trojan was sold to over 150 customers worldwide who used it to compromise thousands of bank accounts and steal millions of dollars. Source: http://www.wired.com/threatlevel/2014/01/spy-eye-author-guilty-plea/

 3. January 28, USA Today – (National) BBB warns of scam charging $9.84 to credit cards. The Better Business Bureau warned consumers of a payment card fraud scheme that has been making $9.84 charges to consumers’ cards in the name of a generic customer support Web site. Source: http://www.clarionledger.com/article/20140128/BIZ/140128016/BBB-warns-scam-charging-9-84-credit-cards 4. January 28, Los Angeles Times – (California) ‘Ho-hum bandit’ pleads guilty to seven more bank robberies. A man known as the “Ho-Hum Bandit” pleaded guilty January 28 to robbing seven banks in the San Diego area from February to June 2010. The man had previously been convicted of four bank robberies in Denver, Colorado, and Cheyenne, Wyoming. Source: http://www.latimes.com/local/lanow/la-me-ln--ho-hum-20140128,0,268882.story

For another story, see item 26 below in the Information Technology Sector

Information Technology Sector

23. January 29, Help Net Security – (International) VPN bypass attack possible also on Android KitKat. Security researchers at Ben Gurion University found that a previously-reported VPN bypass vulnerability in Android 4.3 was also able to be modified and used on devices running Android 4.4 ‘KitKat.’ Source: http://www.net-security.org/secworld.php?id=16277

24. January 29, Softpedia – (International) Rovio confirms hackers defaced Angry Birds website, no user data compromised. Rovio confirmed that hacktivists briefly defaced the Web site of the Angry Birds game via DNS hijacking but did not compromise any user data. Source: http://news.softpedia.com/news/Rovio-Confirms-Hackers-Defaced-Angry-Birds-Website-No-User-Data-Compromised-421857.shtml

25. January 28, Softpedia – (International) Java bot can launch DDoS attacks from Windows, Mac and Linux machines. Researchers at Kaspersky identified a malicious Java application designed to perform distributed denial of service (DDoS) attacks that can run on Windows, Linux, and Mac OS computers dubbed HEUR:Backdoor.Java.Agent.a. The malware is believed to have been used to attack a bulk email service. Source: http://news.softpedia.com/news/Java-Bot-Can-Launch-DDOS-Attacks-from-Windows-Mac-and-Linux-Machines-421551.shtml

26. January 28, Softpedia – (International) Patnote virus used to distribute ZeuS trojan. Trend Micro researchers discovered a malware distribution campaign using the Patnote virus to spread the ZeuS malware. The virus adds its code to all executable files in a system and on removable and network drives, and contains mechanisms to prevent it from being analyzed. Source: http://news.softpedia.com/news/Patnote-Virus-Used-to-Distribute-ZeuS-Trojan-421468.shtml

For another story, see item 2 above in the Financial Services Sector

Communications Sector

Nothing to report

Wednesday, January 29, 2014




Complete DHS Report for January 29, 2014

Daily Report

 • Richardson Highway in Alaska was forced to close for at least a week north of Thompson Pass due to an avalanche caused by a snow dam at Keystone Canyon January 27. – United Press International

14. January 27, United Press International – (Alaska) Avalanche closes Alaskan highway for ‘at least a week.’ Richardson Highway in Alaska was forced to close for at least a week north of Thompson Pass due to an avalanche caused by a snow dam at Keystone Canyon January 27. Source: http://www.upi.com/Top_News/US/2014/01/27/Avalanche-closes-Alaskan-highway-for-at-least-a-week/UPI-82001390851839/

 • The U.S. Department of Agriculture’s Food Safety and Inspection Service announced January 27 that Arkansas-based George’s Inc., recalled 1.25 million pounds of frozen par-fried chicken tenders due to undeclared wheat. – KPHO 5 Phoenix

17. January 27, KPHO 5 Phoenix – (National) Company recalls 1.25M pounds of frozen chicken. The U.S. Department of Agriculture’s Food Safety and Inspection Service announced January 27 that Arkansas-based George’s Inc., recalled 1.25 million pounds of frozen par-fried chicken tenders due to undeclared wheat. The products were sold to wholesale locations for nationwide distribution. Source: http://www.kpho.com/story/24559344/company-recalls-125m-pounds-of-frozen-chicken

 • Coca-Cola Co. announced January 24 that they recovered unencrypted company laptops containing the personal information of up to 74,000 U.S. and Canadian employees that were stolen from the company’s Atlanta headquarters by a former employee. – Wall Street Journal

21. January 24, Wall Street Journal – (International) Coca-Cola: Stolen laptops had personal information of 74,000. Coca-Cola Co. announced January 24 that unencrypted company laptops containing the personal information of up to 74,000 U.S. and Canadian employees were stolen from the company’s Atlanta headquarters by a former employee. The laptops were recovered by Coca-Cola, but the company cannot confirm if the information was misused. Source: http://online.wsj.com/news/articles/SB10001424052702304632204579341022959922200

 • A severe winter storm stretching from southern to northern U.S. States prompted the cancellation of nearly 3,000 flights and led officials to close schools in several districts January 28 due to the potential for ice and snow. – CNN

25. January 28, CNN – (National) The Deep South faces a deep freeze. A severe winter storm stretching from southern to northern U.S. States prompted the cancellation of nearly 3,000 flights and led officials to close schools in several districts January 28 due to the potential for ice and snow. Source: http://www.cnn.com/2014/01/28/us/winter-weather/index.html

Details

Financial Services Sector

8. January 27, Wired.com – (International) Bitcoin exchange CEO charged with laundering $1 million through Silk Road. The CEO of Bitcoin exchange BitInstant was arrested and charged January 26 with allegedly engaging in money laundering for working with another individual to sell more than $1 million of Bitcoins to users of the Silk Road underweb marketplace. The individual alleged to have worked with the CEO was also arrested in Florida January 27. Source: http://www.wired.com/threatlevel/2014/01/bitcoin-exchangers-arrested/

9. January 27, U.S. Securities and Exchange Commission – (California) SEC charges Legg Mason affiliate with defrauding clients. California-based investment advisor Western Asset Management Company agreed to pay $21 million to settle U.S. Securities and Exchange Commission charges that the company concealed investor losses caused by a coding error and engaged in an illegal form of cross-trading. The settlement also covers a related issue with the U.S. Department of Labor. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370540675955

Information Technology Sector

29. January 28, Softpedia – (International) Researchers discover first Android bootkit, 350,000 devices already infected. Researchers at Doctor Web discovered what is believed to be the first Android bootkit, dubbed Android.Oldboot, which infects Android devices and waits for commands from a server to perform actions such as the downloading, installation, or deletion of apps. Researchers believe it is being spread via modified firmware updates, with the majority of the 350,000 infected devices found in China. Source: http://news.softpedia.com/news/Researchers-Discover-First-Android-Bootkit-350-000-Devices-Already-Infected-421383.shtml

30. January 28, Softpedia – (International) NetSky worm spreads via email attachments. Researchers at Symantec identified a cybercriminal operation using a worm dubbed NetSky that sends several different phishing emails containing the worm to the same email addresses. If a user opens the attached files the worm sends a copy of itself by email to the user’s contacts. Source: http://news.softpedia.com/news/NetSky-Worm-Spreads-via-Email-Attachments-421279.shtml

31. January 28, Softpedia – (International) Foursquare flaw could have been exploited to obtain users’ email addresses. A researcher published findings related to a vulnerability in Foursquare that could have been used to obtain users’ email addresses by altering part of a URL used to accept friend requests. The issue was fixed in 2013 but the researchers’ findings were only recently disclosed. Source: http://news.softpedia.com/news/Foursquare-Flaw-Could-Have-Been-Exploited-to-Obtain-Users-Email-Addresses-421523.shtml

32. January 28, Softpedia – (International) Google Chrome 32.0.1700.102 fixes memory corruption bug in V8. Google released the latest update to its Chrome browser, including patches for 14 security issues, including a use-after-free error occurring with SVG images and a memory corruption vulnerability in the V8 JavaScript engine. Source: http://news.softpedia.com/news/Google-Chrome-32-0-1700-102-Fixes-Memory-Corruption-Bug-in-V8-421283.shtml

33. January 27, Dark Reading – (International) Air Force researchers plant rootkit in a PLC. Researchers with the U.S. Air Force Institute of Technology created a prototype rootkit that can be installed on programmable logic controllers (PLCs) via modified firmware, USB device, or connected laptop and disrupt operations. The rootkit exploits the lack of security and monitoring capability in most PLCs. Source: http://www.darkreading.com/attacks-breaches/air-force-researchers-plant-rootkit-on-a/240165715

34. January 27, Softpedia – (International) Cybercriminals steal FTP credentials with fake FileZilla. Avast researchers warned users of cybercriminals using a fake version of the FileZilla FTP client to steal users’ FTP credentials. The fake FileZilla client can then upload the credentials to a server for use in hosting malware or stealing data. Source: http://news.softpedia.com/news/Cybercriminals-Steal-FTP-Credentials-with-Fake-FileZilla-421070.shtml

Communications Sector

Nothing to report