Complete DHS Report for December 19, 2014
Daily Report
Top Stories
· About 25
families in eastern Ohio remained displaced December 17 following a natural gas
leak from a fracking well that prompted houses within a 1.5-mile radius to
evacuate December 13. – Columbus Dispatch
1. December 17, Columbus
Dispatch – (Ohio) Families
flee out-of-control natural gas leak at eastern Ohio fracking well. About
25 families in eastern Ohio remained displaced December 17 due to a natural gas
leak after crews resumed operations at a temporarily plugged fracking well in
Monroe County that began to flow uncontrollably, prompting the evacuation of
houses within a 1.5-mile radius of the well December 13. Source: http://www.dispatch.com/content/stories/local/2014/12/17/families-flee-out-of-control-natural-gas-leak.html
· New
York based cosmetics company, Avon Products Inc., agreed to pay $67 million to
settle criminal and civil charges by the U.S. Securities and Exchange
Commission after its China division pleaded guilty December 17 to violating the
Foreign Corrupt Practices Act (FCPA). – U.S. Securities and Exchange
Commission See
item 5 below in the Financial Services Sector
· Ten
passengers on board a New Jersey Transit bus were injured following a
multi-vehicle accident involving 3 semi-trucks December 17 that shut down
northbound lanes of the New Jersey Turnpike near Linden for nearly 5 hours. – NJ.com
7. December 17, NJ.com – (New Jersey) 10 injured in NJ
Transit bus, tractor-trailer crash on Turnpike in Linden. A 4- vehicle
collision closed several lanes of the New Jersey Turnpike outer roadway near
Linden for approximately 5 hours December 17 after a semi-truck attempted to
change lanes and struck the rear of a NJ Transit bus with 61 passengers on
board. Ten bus passengers were transported to an area hospital with injuries.
Source: http://www.nj.com/union/index.ssf/2014/12/4_seriously_injuried_in_nj_transit_bus_tractor-trailer_crash_on_turnpike_in_linden.html
· A
Chicago, Illinois businessman and his wife were convicted December 17 on more
than one dozen counts including conspiracy, mail fraud, and money laundering
for stealing $3.4 million in grants through the Illinois Department of Public
Health for personal expenses. – Associated Press
16. December 17, Associated Press – (Illinois) Couple
convicted of stealing grants. A Chicago businessman and his wife were
convicted December 17 on more than a dozen counts including conspiracy, mail
fraud, and money laundering for stealing $3.4 million in grants through the
Illinois Department of Public Health intended for AIDS awareness and other
health campaigns that they instead used for personal expenses. Source: http://www.nwherald.com/2014/12/18/couple-convicted-of-stealing-grants/axewh6/
Financial Services Sector
5. December
17, U.S. Securities and Exchange Commission – (International) SEC
charges Avon Products, Inc. with Fcpa violations. Avon Products Inc. agreed
to pay $67 million in disgorgement and interest to settle charges filed
December 17 by the U.S. Securities and Exchange Commission accusing the beauty
products company of violating the Foreign Corrupt Practices Act (FCPA) by
failing to put in place controls that could have detected and prevented $8
million in payments to Chinese government officials by employees and
consultants at the company’s Chinese subsidiary between 2004 and 2008. Source: http://www.sec.gov/litigation/litreleases/2014/lr23159.htm
6. December
16, Richmond Times-Dispatch – (Virginia) Data compromised at
Union First Market Bank. Richmond-based Union First Market Bank stated that
they shut off all ATM capabilities for their customers’ debit cards after
discovering skimming activities that affected over 3,000 customers’ cards.
Affected customers were being contacted by the bank and issued new debit cards
Source: http://www.roanoke.com/business/news/union-first-market-data-breach-affects-more-than-debit-cards/article_93a64ccc-855e-5448-8021-cd70803622f3.html
Information Technology Sector
24. December
18, Securityweek – (International) Serious vulnerabilities found in Schneider
Electric’s ProClima solution. An advisory from the Industrial Control
Systems Computer Emergency Response Team (ICS-CERT) December 16 warned that
five vulnerabilities in the Schneider Electrica ProClima thermal management
software were identified and reported by researchers and could be remotely
exploited. The software is used in industries such as manufacturing, energy,
and commercial facilities and affects ProClima versions 6.0.1 and earlier.
Source: http://www.securityweek.com/serious-vulnerabilities-found-schneider-electrics-proclima-solution
25. December
18, Securityweek – (International) “USBdriveby” emulates mouse and keyboard to
hijack computers. A researcher demonstrated an attack method known as
USBdriveby that can use a USB-based microcontroller to emulate a mouse and
keyboard to run several tasks including disabling security measures, opening
backdoors, and changing DNS settings due to many systems trusting USB devices
by default. The researcher tested the method on an OS X device but believes
that it can be used on Windows and Unix operating systems, and the source code
and operations for the attack were made public. Source: http://www.securityweek.com/usbdriveby-emulates-mouse-and-keyboard-hijack-computers
26. December
18, Help Net Security – (International) ICANN systems breached via
spear-phishing emails. The Internet Corporation for Assigned Names and
Numbers (ICANN) stated December 16 that it was compromised via spearphishing
emails during November and attackers were potentially able to access
Centralized Zone Data System (CZDS) files and salted and hashed user
information and credentials. ICANN deactivated all CZDS passwords as a
precaution and notified all potentially affected users. Source: http://www.net-security.org/secworld.php?id=17769
27. December
18, Softpedia – (International) Syrian Electronic Army hacks website of
International Business Times. Hacktivists claiming affiliation with the
Syrian Electronic Army group claimed responsibility for defacing the Web site
of the International Business Times December 17. Source: http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-International-Business-Times-467827.shtml
28. December
18, Help Net Security – (International) Researcher publishes
JavaScript DoS tool. A researcher with WhiteHat Security published a
prototype denial of service (DoS) attack script named FlashFlood written in
JavaScript December 16. The code could be used by attackers in DoS attacks or
to trick victims into executing the code. Source: http://www.net-security.org/secworld.php?id=17771
29. December
18, Help Net Security – (International) Ars Technica readers urged
to change passwords in wake of hack. Ars Technica advised its registered
readers to change their passwords as a precaution after an attacker briefly
gained access to one of the site’s Web servers December 14. The site stated
that the attacker may have been able to access hashed email addresses and
passwords. Source: http://www.net-security.org/secworld.php?id=17768
30. December
17, Securityweek – (International) Backdoor found in Android phones manufactured
by Coolpad: Research. Researchers with Palo Alto Networks reported that at
least 24 models of Android devices manufactured by Coolpad contained a backdoor
that could active applications, install unwanted applications, and upload
device information and location data. Source: http://www.securityweek.com/backdoor-found-android-phones-manufactured-coolpad-research
31. December
17, Securityweek – (International) Xsser malware targeting iOS, Android devices.
Researchers with Akamai identified a new mobile remote access trojan (mRAT)
known as Xsser that is spread through phishing and man-in-the-middle (MitM)
attacks and can steal credentials, execute code, and hijack browser sessions on
Android and iOS devices. The researchers found that the mRAT is being used by
an organized group currently targeting specific devices and software vendors,
software-as-a-service (SaaS) providers, and Internet service providers mainly
in Asia. Source: http://www.securityweek.com/xsser-malware-targeting-ios-android-devices
Communications Sector
32. December 18, The Register
– (International) URL LOL: Delta splats web flight boarding pass
snoop bug. Delta Airlines patched a security vulnerability in its paperless
boarding pass system that allowed hackers to access information on unknown
individuals’ flights by adjusting the URLs used to serve digital copies of
boarding passes to smart phones that appear as QR codes which are scanned at
the gate. Source: http://www.theregister.co.uk/2014/12/18/delta_fixes_flaw_that_allowed_hacker_pass_to_any_flight_anywhere_any_class/
33. December 17, WQAD 8 Quad
Cities – (Illinois) Internet outage reported for some Mediacom
Quad Cities-area customers. An equipment failure caused an Internet outage
December 17 for Mediacom customers in four areas of Illinois. A Mediacom
representative reported that a microchip was not functioning properly and was
replaced to restore service. Source: http://wqad.com/2014/12/17/internet-outage-reported-for-some-mediacom-customers-in-milan-and-rock-island/
34. December 17,
International Data Group – (National) US Agency sues Sprint for
alleged unauthorized charges. The U.S. Consumer Financial Protection Bureau
announced December 17 that it filed a lawsuit against Sprint for allegedly
billing cellular phone customers for tens of millions of dollars in unauthorized
services from third-parties. Related charges by the U.S. Federal Communications
Commission are pending. Source: http://www.networkworld.com/article/2860774/us-agency-sues-sprint-for-alleged-unauthorized-charges.html
35. December 16, Scranton
Times-Tribune – (Pennsylvania) WARM Radio back on the air, now
with sports. WARM 590 AM Scranton returned to the air December 15 after
going off air September 15 due to a failed transmitter caused by antiquated
equipment. The equipment was updated and technical issues were resolved before
operations were restored. Source: http://thetimes-tribune.com/news/warm-radio-back-on-the-air-now-with-sports-1.1803282
No comments:
Post a Comment