Friday, February 28, 2014




Complete DHS Report for February 28, 2014

Daily Report

Details

 • Thirteen workers of the Waste Isolation Pilot Plant in New Mexico were notified that preliminary test results came back positive for exposure to americium-241 after a radiation leak was detected at the nuclear waste repository. – Las Cruces Sun-News

3. February 26, Las Cruces Sun-News – (New Mexico) 13 WIPP employees exposed to radiation. Department of Energy and Nuclear Waste Partnership officials notified 13 workers of the Waste Isolation Pilot Plant that preliminary test results came back positive for exposure to americium-241 after a radiation leak was detected February 14 at the nuclear waste repository. Source: http://www.lcsun-news.com/las_cruces-news/ci_25232120/breaking-13-wipp-employees-exposed-radiation

 • Individual group members began entering guilty pleas to charges in connection to installing skimming devices and cameras in New Jersey ATMs in order to retrieve customer account information and personal identification numbers. – Associated Press See item 7 below in the Financial Services Sector

 • Avaya will release a patch for two zero-day vulnerabilities in its latest one-X 9608 IP telephones that allows bugs to be exploited remotely and turn the IP phone into a transmitter. – Threatpost See item 30 below in the Information Technology Sector

 • Officials arrested a man suspected of robbing eight hotels at gunpoint in Oregon and Washington, who is also believed to be connected to a bank robbery in Oregon. – KPTV 12 Portland

38. February 24, KPTV 12 Portland – (Oregon; Washington) Police: Serial robber linked to eight cities arrested. A man suspected of robbing hotels at gunpoint in seven Oregon cities and Woodland, Washington was arrested February 23 after a crime spree that began in September 2013. Investigators believe the suspect is also connected to a bank robbery in Lake Oswego, Oregon. Source: http://www.kptv.com/story/24800881/police-serial-robber-linked-to-eight-cities-arrested

Financial Services Sector

5. February 27, Associated Press – (Illinois) Georgia man convicted in investment fraud scheme. A federal jury in Illinois convicted a Georgia man in an investment fraud scheme after he obtained $5.5 million from others while offering investors the chance to generate income through overseas financial transactions. Source: http://onlineathens.com/breaking-news/2014-02-27/georgia-man-convicted-investment-fraud-scheme

6. February 26, Riverside Press-Enterprise – (California) San Bernardino County: Seven charged in mortgage loan scam. Seven suspects were arrested and charged February 26 in a $6.2 million San Bernardino County mortgage fraud scam that defrauded more than 1,550 homeowners seeking loan modifications from January 2007 to March 2010. Source: http://blog.pe.com/breaking-news/2014/02/26/san-bernardino-county-seven-charged-in-mortgage-loan-scam/

7. February 26, Associated Press – (New Jersey) Guilty pleas adding up for group charged with stealing more than $5 million in ATM 'skimming.’ Individuals tied to a New Jersey ATM skimming scheme began to enter guilty pleas to charges after federal authorities said the group of 12 installed devices in ATMs to retrieve customer account information and installed pinhole cameras in bank vestibules to record keystrokes in order to gain personal identification numbers. Source:http://www.dailyjournal.net/view/story/becce09e821c44458a3d378a80aeb0b3/NJ--ATM-Skimming/

For another story, see item 38 above in Top Stories

Information Technology Sector

25. February 27, Softpedia – (International) Fake “payment certificate” notifications used to deliver cross-platform RAT. Symantec researchers reported a spam campaign designed to distribute the Java remote access trojan (RAT) dubbed JRAT that is cross-platform, potentially infecting machines running Windows, OS X, and Linux operating systems. Source: http://news.softpedia.com/news/Fake-Payment-Certificate-Notifications-Used-to-Deliver-Cross-Platform-RAT-429736.shtml

26. February 27, Network World – (International) Security firm discloses Apple iOS ‘malicious profile’ vulnerability impact on MDM. Apple will release a patch addressing a vulnerability disclosed by researchers in Apple iOS devices that can impact mobile-device-management (MDM) systems running on them by allowing an attacker to create a hard to detect malicious profile hidden on the device. Source: http://www.networkworld.com/news/2014/022714-rsa-skycure-279094.html

27. February 27, Softpedia – (International) Flaws in Amazon’s mobile apps could have been exploited to crack passwords. Amazon patched their server after FireEye researchers reported that a weak password policy and no limitation or CAPTCHAs for passwords attempts could have been exploited by attackers to crack the passwords of accounts. Source: http://news.softpedia.com/news/Vulnerabilities-in-Amazon-s-Mobile-Apps-Could-Have-Been-Exploited-to-Crack-Passwords-429664.shtml

28. February 27, Softpedia – (International) Three alleged hackers arrested in Korea for stealing information from hundreds of sites. Three individuals from Korea are suspected of hacking into 225 Web sites and stealing the personal details of 17 million individuals including, real estate and trading services, Korean medical associations, and online gambling sites. Source: http://news.softpedia.com/news/Three-Alleged-Hackers-Arrested-in-Korea-for-Stealing-Information-from-Hundreds-of-Sites-429630.shtml

29. February 27, Softpedia – (International) D-Link fixes persistent SSL certificate vulnerability in DCS IP cameras. Firmware updates for several D-Link surveillance camera models from the DCS series were released addressing a SSL certificate vulnerability that could have allowed a malicious user to potentially gain access to the camera control information. Source: http://news.softpedia.com/news/D-Link-Fixes-Persistent-SSL-Certificate-Vulnerability-in-DCS-IP-Cameras-429622.shtml

30. February 26, Threatpost – (International) Avaya to patch zero days that turn IP phone into radio transmitters. Avaya will release a patch for two zero-day vulnerabilities in its latest one-X 9608 IP telephones that allow bugs to be exploited remotely, bypassing security appliances used to scan for malicious outgoing network traffic and allow the IP phone to turn into a transmitter. Source: http://threatpost.com/avaya-to-patch-zero-days-that-turn-ip-phone-in-radio-transmitters/104506

Communications Sector

31. February 27, Tampa Bay Business Journal – (Florida) Outage causes WTSP to go dark. Customers of Comcast and Dish Network could not access WTSP 10 Tampa Bay for over two hours February 26 due to a power outage affecting the station’s transmitter. Source: http://www.bizjournals.com/tampabay/blog/morning-edition/2014/02/outage-causes-wtsp-to-go-dark.html

Thursday, February 27, 2014




Complete DHS Report for February 27, 2014

Daily Report

Details

 • A federal emergency order was issued requiring that all oil produced from North Dakota’s Bakken region being loaded onto trains must be tested and properly labeled reflecting its volatile nature after a series of explosive train derailments. – Reuters

1. February 26, Reuters – (National) Accidents spur U.S. to mandate tests of oil moving by train. The U.S. Department of Transportation issued an emergency order February 25 requiring that all oil produced from North Dakota’s Bakken region being loaded onto trains must be tested and properly labeled reflecting its volatile nature after a series of explosive train derailments. Source: http://news.msn.com/us/accidents-spur-us-to-mandate-tests-of-oil-moving-by-train

 • General Motors expanded its compact car recall to fix faulty ignition switches linked to fatal accidents, to include 842,000 Saturn Ion, Chevrolet HHR, Pontiac Solstice, and Saturn Sky models built between 2003 and 2007. – CBS News; Associated Press

6. February 25, CBS News; Associated Press – (National) GM adds 842,000 vehicles to recall linked to fatal crashes. General Motors expanded its compact car recall to fix faulty ignition switches linked to fatal accidents, to include 842,000 Saturn Ion, Chevrolet HHR, Pontiac Solstice, and Saturn Sky models built between 2003 and 2007. The company is aware of 31 crashes and 13 front-seat fatalities related to the issue. Source: http://www.cbsnews.com/news/gm-adds-588000-vehicles-to-recall/

 • Asiana Airlines was $500,000 for failing to adopt and adhere to a law requiring airlines to provide a family assistance plan for major accidents following the July 2013 crash at San Francisco International Airport. – CNN (See item 10)

10. February 26, CNN – (International) Asiana Airlines fined $500,000 for failing to help families after July crash. The U.S. Department of Transportation fined Asiana Airlines $500,000 for failing to adopt and adhere to a law requiring airlines to provide a family assistance plan for major accidents following the July 2013 crash at San Francisco International Airport that left 3 passengers dead and injured several others. Source: http://www.cnn.com/2014/02/25/travel/asiana-plane-crash-fine/index.html

 • Indiana University will notify about 146,000 students and graduates after reporting a potential data breach that affected seven campuses when information was accessed by three automated computer data mining applications. – WBIW 13 Topeka (See item 18)
18. February 26, WBIW 13 Topeka – (Indiana) IU reports possible data breach. Indiana University (IU) will notify about 146,000 students and graduates after reporting a potential data breach of personal information February 25 that affected seven IU campuses when information was accessed by three automated computer data mining applications. The university secured the data after discovering the webcrawlers accessed the information, which had been stored in an insecure location for 11 months. Source: http://www.wbiw.com/local/archive/2014/02/iu-reports-possible-data-breach.php

Financial Services Sector

7. February 26, Softpedia – (International) Bitcoin-stealing Mac malware disguised as Angry Birds game. ESET researchers warned that cybercriminals are distributing OSX/CoinThief, malware designed to steal Bitcoins from Mac users, through torrent files, disguised as cracked versions of various popular Mac OS X applications. Source: http://news.softpedia.com/news/Bitcoin-Stealing-Mac-Malware-Disguised-as-Angry-Birds-Game-429408.shtml

8. February 25, Associated Press – (National) 20 detained in $3M Puerto Rico mortgage fraud scheme. Twenty people were arrested and charged in Puerto Rico February 25 in connection with a mortgage fraud scheme that defrauded four banks of $3 million using fraudulent documentation. Source: http://www.montrealgazette.com/news/world/detained+Puerto+Rico+mortgage+fraud+scheme/9548862/story.html

9. February 25, Lower Hudson Valley News – (New York) Man convicted in mortgage fraud orchestrated by Monsey resident. A man from queens was convicted for his role as an escrow agent that provided false information to the lender in a $126 million mortgage fraud scheme. Source: http://www.lohud.com/article/20140225/NEWS02/302250063

Information Technology Sector

22. February 26, Softpedia – (International) Viruses can spread via Wi-Fi access points like the common cold, researchers show. University of Liverpool researchers found that a computer virus can spread through Wi-Fi access points between businesses and homes due to the fact that many access points are not protected by encryption and passwords. Source: http://news.softpedia.com/news/Viruses-Can-Spread-via-Wi-Fi-Access-Points-Like-the-Common-Cold-Researchers-Show-429456.shtml

23. February 25, IDG News Service – (International) Gmail hit by message delivery delay. Google resolved a Gmail issue that caused delays in the delivery of messages to users for more than 2 hours February 25. Source: http://www.networkworld.com/news/2014/022514-gmail-hit-by-message-delivery-279147.html

24. February 25, Help Net Security – (International) Apple finally patches critical SSL flaw in OS X. Apple released an update for OS X that patches a bug which made the Secure Sockets Layer (SSL) implementation vulnerable, allowing an attacker with a privileged network position to intercept or modify data in sessions protected by SSL/Transport Layer Security (TLS). Source: http://www.net-security.org/secworld.php?id=16431

25. February 25, IDG News Service – (International) Android malware using TOR anonymity network makes a debut. Malware for the Android mobile operating system employing The Onion Router (TOR) anonymity network was found by researchers after discovering the malware uses a TOR Web site as a command-and-control server. Source: http://www.networkworld.com/news/2014/022614-android-malware-using-tor-anonymity-279178.html

Communications Sector

26. February 26, KTVT 11 Fort Worth – (Texas) City of Carrollton phone lines go down. Telephone service in the City of Carrollton was down February 26, including non-emergency lines to the police and fire departments. Officials are investigating the cause of the outage and worked to restore service. Source: http://dfw.cbslocal.com/2014/02/26/city-of-carrollton-phone-lines-go-down/

Wednesday, February 26, 2014




Complete DHS Report for February 26, 2014

Daily Report

Details

 • The Web site of Bitcoin exchange Mt. Gox was disabled and the company confirmed that it indefinitely halted withdrawals from its trading accounts after detecting unusual activity. – USA Today; Associated Press See item 3 below in the Financial Services Sector

 • The Federal Trade Commission stopped a work-from-home scheme that conned consumers out of millions of dollars through the sale of bogus resources and coaching services. – Time See item 4 below in the Financial Services Sector

 • A Holland America cruise ship experienced a possible norovirus outbreak when 114 passengers and 10 crew members suffered from symptoms during a week-long trip to the Caribbean. – CNN

10. February 23, CNN – (International) CDC looking into possible norovirus outbreak on cruise ship. A Holland America cruise ship experienced a possible norovirus outbreak when 114 passengers and 10 crew members suffered from symptoms during a week-long trip to the Caribbean that returned to its Fort Lauderdale port February 22. The U.S. Centers for Disease Control and Prevention will conduct an environmental health assessment to evaluate possible causes of the outbreak. Source: http://www.cnn.com/2014/02/23/travel/cdc-cruise-ship-norovirus/index.html?hpt=us_c2

 • Cybercriminals utilizing the Pony botnet stole more than 700,000 account credentials and $220,000 worth of virtual currencies. – Softpedia See item 21 below in the Information Technology Sector

Financial Services Sector

3. February 25, USA Today; Associated Press – (International) Bitcoin exchange Mt. Gox goes offline amid turmoil. The Web site of Bitcoin exchange Mt. Gox was disabled February 25 and the company confirmed that it indefinitely halted withdrawals from its trading accounts earlier in February after detecting unusual activity. Source: http://www.usatoday.com/story/tech/2014/02/25/mt-gox-offline/5801093/

4. February 24, Time – (Utah) Feds target multi-million dollar work-from-home scheme. The Federal Trade Commission announced February 24 that it stopped a deceptive work-from-home scheme that conned consumers out of millions of dollars through the sale of bogus resources and business coaching services falsely claiming to aid the launch of an online business. Source: http://business.time.com/2014/02/24/ftc-work-from-home-scheme/

5. February 24, WSMV 4 Nashville – (Tennessee) Two men accused in Murfreesboro credit card theft scheme. Murfreesboro, Tennessee police arrested 2 individuals the week of February 17 after a search of their motel room for unrelated charges uncovered an embossment credit card-making machine and nearly 200 credit cards. Authorities believe the suspects may be connected to a multi-state credit card number theft ring. Source: http://www.wsmv.com/story/24809993/two-men-accused-in-murfreesboro-credit-card-theft-scheme

6. February 24, Wausau Daily Herald – (Wisconsin) Weston man accused of selling fake stocks, stealing $100,000. Marathon County officials issued an arrest warrant for a Weston man suspected of deceiving three individuals out of nearly $100,000 by selling fraudulent shares of publicly traded stock. Source: http://www.wausaudailyherald.com/article/20140224/WDH0101/302240284/Weston-man-accused-stock-scheme

For another story, see item 21 below in the Information Technology Sectory

Information Technology Sector

21. February 25, Softpedia – (International) Cybercriminals use Pony botnet to steal 700,000 account credentials, virtual currencies. Experts found that cybercriminals managed to steal more than 700,000 credentials for Web sites, email accounts, File Transfer Protocol (FTP) servers, Secure Shell (SSH), and Virtual Desktops utilizing the Pony botnet. The botnet was also used to steal $220,000 worth of virtual currencies targeting Bitcoin and other virtual currency wallets. Source: http://news.softpedia.com/news/Cybercriminals-Use-Pony-Botnet-to-Steal-700-000-Account-Credentials-Virtual-Currencies-429170.shtml

22. February 25, Softpedia – (International) EC-Council says its servers haven’t been hacked. EC-Council announced that its Web site was targeted by a hacker who redirected the site’s visitors via a Domain Name System (DNS) hijack to a defacement page hosted by a Finland-owned company. The organization stated that its servers were not breached and continues to investigate the incident. Source: http://news.softpedia.com/news/EC-Council-Says-Its-Servers-Haven-t-Been-Hacked-429307.shtml

23. February 23, Dark Reading – (International) Researchers bypass protections in Microsoft’s EMET security tool. Bromium Labs researchers found a flaw in Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) 4.1 that could potentially allow attackers to sneak malware past it through bypassing several key defenses, taking advantage of its reliance on known vectors of return-oriented programming (ROP) exploitation attack methods. Source: http://www.darkreading.com/attacks-breaches/researchers-bypass-protections-in-micros/240166227

Communications Sector

Nothing to report