Monday, March 31, 2014




Complete DHS Report for March 31, 2014

Daily Report

Details

 • A Louisiana official reported March 27 that more than 5 million gallons of gasoline shipped from ExxonMobil’s Baton Rouge, Louisiana terminal was tainted by something causing valve and intake systems issues for vehicles. – Baton Rouge Advocate

1. March 28, Baton Rouge Advocate – (Louisiana) La. official: Exxon’s bad fuel totals 5 million gallons. Louisiana’s commissioner of agriculture and forestry reported March 27 that more than 5 million gallons of gasoline shipped from ExxonMobil’s Baton Rouge terminal was tainted by something causing valve and intake systems issues for vehicles. The terminal remained closed while authorities continue testing in order to determine the cause of the bad fuel. Source: http://theadvocate.com/news/business/8745898-123/40-or-50-cases-of

 • About 8 million pounds of plastic tubing was damaged by a March 27 fire in a plastic-containing lot at WL Plastics in Mills, Wyoming, causing an estimated $8 million to $10 million in damage. – Casper Star-Tribune

3. March 27, Casper Star-Tribune – (Wyoming) Investigators call in arson specialists for Mills plastic fire; cause remains unknown. About 8 million pounds of plastic tubing was damaged by a March 27 fire in a plastic-containing lot at WL Plastics in Mills, Wyoming, causing an estimated $8 million to $10 million in damage. No injuries were reported and no structures were damaged. Source: http://billingsgazette.com/news/state-and-regional/wyoming/investigators-call-in-arson-specialists-for-mills-plastic-fire-cause/article_95d03be1-d09f-588d-8a97-a5d8f388c1e2.html

 • The Industrial Control Systems Computer Emergency Response Team (ICS-CERT) issued a notice March 27 advising users of 11 Schneider Electric industrial control system products that a patch is available for a stack-based overflow vulnerability in Schneider’s modbus driver. – Threatpost See item 24 below in the Information Technology Sector

 • Researchers discovered a new malware worm that infects systems via an infected Microsoft Word or Excel file and then gathers information on the compromised system. – Help Net Security See item 25 below in the Information Technology Sector

Financial Services Sector

4. March 28, North Andover Eagle-Tribune – (Massachusetts) ‘Massive credit card counterfeiting’ scheme uncovered. A man was arrested in Haverhill March 21 on suspicion of being part of a payment card counterfeiting scheme after he was spotted making several purchases with suspicious cards, which led to a search of his home where police found blank cards and card-making materials. Police also found ID card printers and medical grade security paper that they allege the suspect was using to create counterfeit prescriptions. Source: http://www.eagletribune.com/haverhill/x1387891499/Massive-credit-card-counterfeiting-scheme-uncovered

5. March 27, KXTV 10 Sacramento – (California) ‘Bad Beard Bandit’ arrested for area bank robberies. A Half Moon Bay man was arrested March 27 and is suspected of being the “Bad Beard Bandit” responsible for robbing eight banks in northern and central California between November 2013 and February 2014. Source: http://www.news10.net/story/news/local/manteca/2014/03/27/bad-beard-bandit-bank-robber-arrest/6977439/

Information Technology Sector

24. March 28, Threatpost – (International) Critical vulnerabilities patches in Schneider Electric serial modbus driver. The Industrial Control Systems Computer Emergency Response Team (ICS-CERT) issued a notice March 27 advising users of 11 Schneider Electric industrial control system products that a patch is available for a stack-based overflow vulnerability in Schneider’s modbus driver. The vulnerable driver is used in a variety of industries, including energy, nuclear power, government facilities, transportation systems, and dams. Source: http://threatpost.com/critical-vulnerabilities-patched-in-schneider-electric-serial-modbus-driver/105100

25. March 28, Help Net Security – (International) Uncommon new worm targets Word and Excel files. Researchers at Trend Micro discovered a new malware worm known as Crigent that infects systems via an infected Microsoft Word or Excel file, communicates with a command and control (C&C) server via TOR and Polipo to obscure traffic, and then gathers information on the compromised system. The worm then changes other Word and Excel files on the infected system to older file formats and uses them to attempt to spread itself to other systems. Source: http://www.net-security.org/malware_news.php?id=2748

26. March 28, Softpedia – (International) Cybercriminals hijack WordPress websites with free premium plugins. Sucuri researchers found that several premium WordPress plugins available for free on some Web sites contain code that allows the plugins’ creator to create a new administrator account and gain control of WordPress sites that use the free premium plugins. Source: http://news.softpedia.com/news/Cybercriminals-Hijack-WordPress-Websites-With-Free-Premium-Plugins-434616.shtml

27. March 27, SC Magazine – (International) WinRAR spoofing vulnerability being exploited in malware campaign. A vulnerability in the WinRAR .zip file compressor identified by a security researcher was seen in a malware campaign targeting government, international, and business organizations. IntelCrawler researchers spotted the campaign, which uses the vulnerability to disguise the contents of .zip files, and found that a Zeus-like trojan is being used to establish remote administration channels and collect information. Source: http://www.scmagazine.com/winrar-spoofing-vulnerability-being-exploited-in-malware-campaign/article/340135/

28. March 27, U.S. Consumer Product Safety Commission – (International) Lenovo recalls battery packs for ThinkPad notebook computers due to fire hazard. Lenovo announced a recall March 27 of about 37,400 battery packs for ThinkPad notebooks in the U.S. and Canada due to an issue that can cause them to overheat, posing a fire hazard. Source: http://www.cpsc.gov/en/Recalls/2014/Lenovo-Recalls-Battery-Packs-for-ThinkPad-Notebook-Computers/

Communications Sector

Nothing to report

Friday, March 28, 2014




Complete DHS Report for March 28, 2014

Daily Report

Details

 • Authorities announced March 26 that 13 individuals in Chicago and 2 people in Bulgaria were arrested in connection with an alleged international money laundering scheme that used fraudulent payment cards to withdraw hundreds of thousands of dollars from ATMs. – Chicago Tribune See item 5 below in the Financial Services Sector

 • Two people were killed and more than a dozen others were injured in a crash involving 49 vehicles along Interstate 81 in Berkeley County, West Virginia, March 26, prompting the interstate to close for over 4 hours. – WJLA 7 Washington, D.C.

8. March 26, WJLA 7 Washington, D.C. – (West Virginia) Report: Two dead in I-81 W.Va. crash. Two people were killed and more than a dozen others were injured in a chain-reaction crash involving 49 vehicles along Interstate 81 in Berkeley County March 26. Southbound lanes of Interstate 81 were closed for more than 4 hours while northbound lanes were closed for over 8 hours. Source: http://www.wjla.com/articles/2014/03/report-3-people-dead-in-i-81-west-va-crash-101549.html

 • A March 26 power outage at the McDowell Creek sewage plant halted an ultraviolet disinfection, allowing more than 73,000 gallons of partially treated sewage to flow into a tributary of Charlotte, North Carolina’s water supply. – Charlotte Observer

14. March 26, Charlotte Observer – (North Carolina) 73,000 gallons of partly-treated sewage flows into Charlotte creek. A March 26 power outage at the McDowell Creek sewage plant halted an ultraviolet disinfection, a final treatment step, allowing more than 73,000 gallons of partially treated sewage to flow into a tributary of Charlotte’s water supply which drains into Mountain Island Lake. Operators began diverting the sewage into storage basins. Source: http://www.charlotteobserver.com/2014/03/26/4796684/partly-treated-sewage-flows-into.html#.UzQHAT9OWM8

 • Two firefighters were killed, 13 others were injured, and several police officers were hospitalized as they battled a 9-alarm fire at a brownstone in Boston March 26. – Associated Press

26. March 27, Associated Press – (Massachusetts) Boston mourns 2 firefighters killed in blaze. Two firefighters were killed, 13 others injured, and several police officers were hospitalized as they battled a 9-alarm fire at a brownstone in Boston’s Back Bay area March 26. Responders rescued residents from the building before strong winds fueled the flames that quickly engulfed the building. Source: http://news.msn.com/us/boston-mourns-2-firefighters-killed-in-blaze

Financial Services Sector

5. March 26, Chicago Tribune – (International) Arrests made in international ATM skimming. Authorities announced March 26 that 13 individuals in Chicago and 2 in Bulgaria were arrested in connection with an alleged international payment card fraud and money laundering scheme that used fraudulent payment cards to withdraw hundreds of thousands of dollars from ATMs. One additional suspect was previously arrested and another remains at large. Source: http://www.chicagotribune.com/news/local/breaking/chi-arrests-made-in-international-atm-skimming-20140326,0,2239227.story

Information Technology Sector

22. March 27, Help Net Security – (International) Hidden crypto currency-mining code spotted in apps on Google Play. Researchers at Lookout warned that Android apps which include hidden code used to mine for several forms of cryptocurrency have been spotted being offered on Spanish underweb forums. Trend Micro researchers also spotted two apps available in the Google Play store which contain cryptocurrency mining code, similar to compromised apps originally discovered by G Data researchers. Source: http://www.net-security.org/malware_news.php?id=2746

23. March 27, Help Net Security – (International) Cerberus app users warned about data breach. Cerberus Security Team advised users of their Android security app to reset their passwords as a precaution after suspicious traffic was detected and blocked on the company’s servers. Attackers were able to gain access to some users’ usernames and encrypted passwords during the breach. Source: http://www.net-security.org/secworld.php?id=16588

24. March 27, The Register – (International) When ZOMBIES attack: DDoS traffic triples as 20Gbps becomes the new normal. Incapsula released a report on distributed denial of service (DDoS) attack mitigation which found that DDoS attack volumes are increasing, with 20Gbps or above attacks occurring in around one-in-three attacks, among other findings. Source: http://www.theregister.co.uk/2014/03/27/ddos_trends_incapsula/

25. March 26, SC Magazine – (International) Windows trojan packs punch, downloads ransomware “Cribit.” Trend Micro researchers found that the Fareit trojan is being used to spread a ransomware known as Cribit that encrypts victims’ files and demands a ransom in Bitcoins. The trojan has previously been used to download other malware such as Zeus. Source: http://www.scmagazine.com/windows-trojan-packs-punch-downloads-ransomware-cribit/article/339958/

Communications Sector

Nothing to report

Thursday, March 27, 2014




Complete DHS Report for March 27, 2014

Daily Report

Details

 • The former CEO of Northbrook-based Sentinel Management Group Inc., was found guilty March 25 of defrauding more than 70 clients of over $500 million in a fraud scheme that ran between 2003 and 2007 before the firm collapsed. – Reuters See item 6 below in the Financial Services Sector

 • The Houston Ship Channel in Texas was partially reopened March 25 after a March 22 collision between a barge and a ship spilled up to 170,000 gallons of tar-like oil in the water. – Associated Press; KPRC 2 Houston

11. March 25, Associated Press; KPRC 2 Houston – (Texas) Houston Ship Channel partially reopens to ship traffic after oil spill. The Houston Ship Channel in Texas was partially reopened March 25 after a March 22 collision between a barge and a ship spilled up to 170,000 gallons of tar-like oil in the water. Crews continued cleanup efforts. Source: http://www.click2houston.com/news/oil-spill-cleanup-continues-in-houston-ship-channel/25150878

 • Firefighters responded to the Axis Apartments project in Houston, Texas, March 25 after gusty winds turned a small rooftop fire into a massive blaze that destroyed the under-construction complex. – Associated Press; KXAS 5 Fort Worth

22. March 26, Associated Press; KXAS 5 Fort Worth – (Texas) Houston apartment complex leveled by fire, worker saved. More than 200 firefighters responded to the Axis Apartments project in the Montrose district of Houston March 25 after gusty winds turned a small rooftop fire into a massive blaze that destroyed the under-construction complex. No injuries were reported, and nearby buildings were evacuated as a precaution. Source: http://www.nbcdfw.com/news/local/Houston-Apartment-Complex-Leveled-by-Fire-Worker-Saved-252421541.html

 • Police responded to a shots fired call at the Vista Apartments in Dallas March 25, leading to a more than 2-hour standoff before police took a man into custody, forcing downtown businesses to go on lockdown and schools to shelter in place. – KDFW 4 Dallas-Fort Worth

23. March 25, KDFW 4 Dallas-Fort Worth – (Texas) Suspect in standoff near Victory Park arrested, found unarmed. Dallas police responded to a shots fired call at the Vista Apartments March 25, leading to a more than 2-hour standoff before police took a man into custody. Authorities are investigating the incident that forced downtown businesses to go on lockdown and schools to shelter in place, after learning that the man appeared unarmed and no weapons were found at the scene. Source: http://www.myfoxdfw.com/story/25067583/active-shooter-prompts-victory-park-evacuations

Financial Services Sector

6. March 26, Reuters – (Illinois) Ex-Sentinel CEO found guilty over $500 million fraud. The former CEO of Northbrook-based Sentinel Management Group Inc., was found guilty March 25 of defrauding more than 70 clients of over $500 million in a fraud scheme that ran between 2003 and 2007 before the firm collapsed. Source: http://www.reuters.com/article/2014/03/26/sentinel-bloom-conviction-idUSL1N0MM22520140326

7. March 25, WAFB 9 Baton Rouge – (Louisiana) Police find thousands in counterfeit money during murder investigation. Police in Amite City found $421,000 in counterfeit currency and three printers during the search of a suspect’s residence while conducting a search as part of an unrelated investigation. The U.S. Secret Service is investigating. Source: http://www.wafb.com/story/25068247/police-find-thousands-in-counterfeit-money-during-murder-investigation

Information Technology Sector

20. March 25, Help Net Security – (International) Gameover ZeuS now targets users of employment websites. Researchers at F-Secure warned users and recruiters to be cautious after a variant of the popular Gameover Zeus trojan has been seen targeting users of popular employment Web sites, including CareerBuilder.com and Monster.com. The trojan has been spotted using Web injections and Man-in-the-Browser (MitB) attacks to serve fake login pages in an attempt to gather login information and personal information. Source: http://www.net-security.org/malware_news.php?id=2745

Communications Sector

21. March 26, WIBW 13 Topeka – (Kansas) 2 St Louis area workers killed in tower collapse identified. Two Wireless Horizon workers were killed after a pair of communication towers collapsed near Blaine, Kansas, March 25 while they were in the process of dismantling the older tower. The cause of the collapse is under investigation. Source: http://www.wibw.com/home/headlines/252268221.html

Wednesday, March 26, 2014




Complete DHS Report for March 26, 2014

Daily Report

Details

 • Five former associates of Bernard L. Madoff Investment Securities LLC, were convicted March 24 for their role in the company’s $17.5 billion Ponzi scheme, the largest such fraud in U.S. history. – Reuters See item 4 below in the Financial Services Sector

 • Officials confirmed the death toll from a March 22 mudslide in Arlington, Washington, rose to 14 after 6 more bodies were found March 24, while the number of individuals listed as missing also rose from 108 to 176. – Associated Press

10. March 25, Associated Press – (Washington) Fire chief: Death toll from slide expected to rise. Officials confirmed the death toll from a March 22 mudslide in Arlington, Washington, rose to 14 after 6 more bodies were found March 24. The number of individuals listed as missing also rose from 108 to 176. Source: http://www.dispatch.com/content/stories/national_world/2014/03/25/mudslide-death-toll-at-14-176-on-missing-list.html

 • U.S. Navy officials reported that a civilian suspect approached the USS Mahan destroyer docked at Naval Station Norfolk in Virginia, disarmed a petty officer on watch, and fatally shot a sailor March 24 before being shot and killed by security forces. – Associated Press

16. March 25, Associated Press – (Virginia) Navy: Base shooting suspect didn’t have own weapon. U.S. Navy officials reported that a civilian suspect approached the USS Mahan destroyer docked at Naval Station Norfolk in Virginia, disarmed a petty officer on watch, and fatally shot a sailor March 24 before being shot and killed by security forces. Officials are investigating the incident. Source: http://www.washingtonpost.com/local/2-killed-in-shooting-at-naval-station-norfolk/2014/03/25/be4c3268-b3ee-11e3-bab2-b9602293021d_story.html

 • Microsoft warned users March 24 of a zero day exploit for Microsoft Word and Outlook that can be used to deliver malicious code if a user opens or previews a message containing a specific .rtf file. – Krebs on Security See item 21 below in the Information Technology Sector

Financial Services Sector

4. March 25, Reuters – (National) Madoff aides convicted in $17.5 billion Ponzi trial after decades working for firm. Five former associates of Bernard L. Madoff Investment Securities LLC, were convicted March 24 for their role in the company’s $17.5 billion Ponzi scheme, the largest such fraud in U.S. history. Source: http://www.bloomberg.com/news/2014-03-24/madoff-aides-convicted-in-five-month-fraud-trial.html

5. March 25, IDG News Service – (International) ATM malware, controlled by a text message, spews cash. Researchers at Symantec identified a new version of the Ploutus ATM malware that targets an undisclosed variety of standalone ATM and can be controlled by text message to make the ATM dispense cash. Source: http://www.networkworld.com/news/2014/032514-atm-malware-controlled-by-a-280030.html

6. March 25, KEYC 12 Mankato – (National) Fairmont Police & Secret Service investigating credit card fraud. The Fairmont Police Department and the U.S. Secret Service are investigating over 200 reports of payment card fraud in 13 States that appear to be linked to a data compromise at El Agave in Fairmont, Minnesota. Source: http://www.keyc.com/story/25064394/fairmont-police-secret-service-investigating-credit-card-fraud

7. March 25, Denver Business Journal – (Colorado) Littleton homebuilder guilty of federal mortgage fraud. The former head of Golden Design Group Inc., was found guilty March 21 on charges of fraud and money laundering for running a mortgage fraud scheme that used unqualified or unwilling buyers to fraudulently obtain over $11 million. Source: http://www.bizjournals.com/denver/news/2014/03/24/littleton-homebuilder-guilty-of-federal-mortgage.html?page=all

Information Technology Sector

21. March 24, Krebs on Security – (International) Microsoft: 0day exploit targeting Word, Outlook. Microsoft warned users March 24 of a zero day exploit for Microsoft Word and Outlook that can be used to deliver malicious code if a user opens or previews a message containing a specific .rtf file. Exploits have been seen attacking the vulnerability in Word 2010, but the issue is also present in other versions of Word. Source: http://krebsonsecurity.com/2014/03/microsoft-warns-of-word-2010-exploit/

22. March 24, Help Net Security – (International) 10,000 GitHub users inadvertently reveal their AWS secret access keys. Researchers at Threat Intelligence reported that around 10,000 Amazon Web Services secret access keys are able to be found on GitHub via a search as some users have accidentally uploaded them to their project pages. Source: http://www.net-security.org/secworld.php?id=16566

23. March 24, Help Net Security – (International) Basecamp gets DDoSed and blackmailed. Basecamp was disrupted and made unavailable for several hours March 24 after it was hit by a distributed denial of service (DDoS) attack before the attack was mitigated. The attackers demanded a ransom similar to recent attacks on other services, which was not paid. Source: http://www.net-security.org/secworld.php?id=16565

Communications Sector

Nothing to report