Tuesday, January 28, 2014

Complete DHS Report for January 28, 2014

Daily Report

 • A natural gas pipeline explosion in Canada over January 25 weekend blew out three lines that bring natural gas into the U.S., impacting nearly 100,000 customers in Minnesota and Wisconsin. – KARE 11 Minneapolis; CNN

1. January 25, Reuters – (West Virginia) Chemical tanks ordered removed in West Virginia after spill. The governor of West Virginia ordered Freedom Industries January 25 to dismantle and dispose of all 17 above-ground storage tanks located at its Charleston coal processing facility by March 15. A January 9 chemical spill from one of the company’s tanks contaminated the water supply for 300,000 people in the area. Source: http://news.yahoo.com/chemical-tanks-ordered-removed-west-virginia-spill-005919533--sector.html

 • Three men were charged in federal court for allegedly running a payment card counterfeiting Web site, while 11 others were charged for being alleged customers of the site that caused over $34.5 million in losses. – Softpedia See item 5 below in the Financial Services Sector

 • A Royal Caribbean cruise was cut short January 26 due to a gastrointestinal illness outbreak that affected more than 600 passengers and crew members. – CNN

10. January 27, CNN – (International) Royal Caribbean cruise cut short after more than 600 are sickened. A 10-day Royal Caribbean cruise was cut to 8 days January 26 due to a gastrointestinal illness outbreak that affected more than 600 passengers and crew members. The cause of the illness was not clear and the cruise liner will thoroughly sanitize the entire ship. Source: http://www.cnn.com/2014/01/26/travel/cruise-ship-illness/

 • The Mall in Columbia reopened January 27 after a gunman opened fire at the Maryland mall January 25, killing two people before taking his own life. Five others were injured and authorities disabled two homemade explosive devices found in the shooter’s backpack. – CNN  

38. January 27, CNN – (Maryland) Maryland mall shooting: Journal may reveal gunman's motives; mall to reopen. The Mall in Columbia reopened January 27 after a gunman opened fire at the Maryland mall January 25, killing two people before taking his own life. Five others were injured during the incident and authorities disabled two homemade explosive devices they found in the shooter’s backpack. Source: http://www.cnn.com/2014/01/27/us/maryland-mall-shooting/?hpt=hp_t1

Details

Financial Services Sector

3. January 27, Pensacola News Journal – (Florida) McGuire’s alerts customers to credit card breach. The McGuire Management Group began notifying customers January 24 that customers at two of its restaurant locations in Pensacola may have had their payment card information compromised during a data breach that lasted about 90 days in late 2013. Source: http://www.pnj.com/article/20140127/NEWS01/301270013/McGuire-s-alerts-customers-to-credit-card-breach

4. January 26, Casino.org – (New Jersey) Poker pro charged in Borgata fake chip scandal. A professional poker player was arrested January 24 in connection with clogging a sewer pipe with $2.7 million worth of counterfeit poker chips at Harrah’s Resort in Atlantic City. Harrah’s employees detected the counterfeit chips, used during a tournament at the Borgata Hotel Casino & Spa, after hotel guests complained of leaky pipes dripping water into their rooms. Source: http://www.casino.org/news/poker-pro-christian-lusardi-charged-in-borgata-fake-chip-scandal

5. January 25, Softpedia – (National) Operators of credit card counterfeiting service Fakeplastic.net charged. Three men were charged in the Western District of North Carolina federal court with allegedly running the Fakeplastic.net Web site that sold fraudulent credit cards and credit card-making materials, causing over $34.5 million in losses. Eleven other individuals were also arrested for allegedly being customers of the site. Source: http://news.softpedia.com/news/Operators-of-Credit-Card-Counterfeiting-Service-Fakeplastic-net-Charged-420645.shtml

6. January 25, Reuters – (National) U.S. retailer Michaels warns of possible payment card breach. Arts and crafts retailer Michaels Companies Inc., stated January 25 that it is investigating a possible payment network security breach and advised customers to monitor their financial statements for suspicious activity. Source: http://www.reuters.com/article/2014/01/25/us-michaels-databreach-idUSBREA0O0N320140125

7. January 24, Charlotte Observer – (North Carolina) Federal indictment charges 27 in a check fraud scheme. A federal indictment announced January 24 listed 27 individuals accused of running a check fraud scheme in North Carolina that allegedly stole around $1 million from area banks. Source: http://www.charlotteobserver.com/2014/01/24/4637672/federal-indictment-charges-27.html

8. January 23, Associated Press – (International) Clearstream Banking paying $152M in US settlement. Clearstream Banking SA of Luxembourg agreed January 23 to pay $152 million to settle U.S. Department of the Treasury charges that it allowed Iran access to the U.S. banking system in violation of sanctions. Source: http://abcnews.go.com/Business/wireStory/clearstream-banking-paying-152m-us-settlement-21641056

Information Technology Sector

30. January 27, IDG News Service – (International) Suspected email hackers for hire charged in four countries. Five suspects in Arkansas, New York, and California were charged with allegedly hacking into email accounts or hiring others to do so. The arrests were part of an international law enforcement operation that also resulted of the arrests of six others in China, India, and Romania. Source: http://www.computerworld.com/s/article/9245780/Suspected_email_hackers_for_hire_charged_in_four_countries

31. January 27, Softpedia – (International) GitHub down due to DDoS attack. GitHub reported coming under a distributed denial of service (DDoS) attack January 27 that prevented users form accessing some services. Source: http://news.softpedia.com/news/GitHub-Down-Due-to-DDOS-Attack-1-27-2014-421114.shtml

32. January 27, Help Net Security – (International) Hasbro’s website compromised, serves malware. Researchers at Barracuda Labs found that the Web site of toy maker Hasbro was compromised and would lead users through several redirects to a malicious Web site hosting Java exploits that would attempt to infect systems with an information-stealing trojan that was not initially detected by antivirus programs. Users who visited the site January 10, 11, 14, and 20 were likely to have been infected. Source: http://www.net-security.org/malware_news.php?id=2689

33. January 27, Softpedia – (International) Mozilla fixes Thunderbird flaw that allowed hackers to insert malicious code into emails. Mozilla confirmed that it fixed a vulnerability in its Thunderbird email client reported in May 2013 that could have allowed attackers to bypass security controls and filters. Source: http://news.softpedia.com/news/Critical-Validation-and-Filter-Bypass-Vulnerability-Fixed-in-Thunderbird-420962.shtml

34. January 27, Softpedia – (International) Expert finds remote code execution vulnerability in Yahoo server. A security researcher reported a PHP code injection vulnerability found in a Yahoo server that he was able to escalate to a remote code execution vulnerability. The vulnerability was then closed January 21. Source: http://news.softpedia.com/news/Expert-Finds-Remote-Code-Execution-Vulnerability-in-Yahoo-Server-Video-420896.shtml

35. January 26, IDG News Service – (International) Microsoft says law enforcement documents likely stolen by hackers. Microsoft stated that documents related to law enforcement inquiries were stolen during recent phishing attacks against the company. Source: http://www.computerworld.com/s/article/9245775/Microsoft_says_law_enforcement_documents_likely_stolen_by_hackers

36. January 25, Softpedia – (International) Vulnerability that allowed hackers to hijack Samsung.com accounts fixed. Samsung closed a vulnerability reported by a researcher that could have allowed an attacker to take over a user’s Samsung.com account by registering an account with extra spaces on the end of the username. Source: http://news.softpedia.com/news/Vulnerability-that-Allowed-Hackers-to-Hijack-Samsung-com-Accounts-Fixed-Video-420630.shtml

37. January 24, IDG News Service – (International) Gmail, other Google services hit by outage on Friday. A software issue in a Google system left Gmail and other Google applications unavailable for around 30 minutes to 2 hours January 24. Source: http://www.networkworld.com/news/2014/012514-gmail-other-google-services-hit-278072.html

Communications Sector

Nothing to report