Complete DHS Report for February 11, 2014
Daily Report
• The Federal Energy Regulatory Commission
used an emergency order instructing Enterprise Energy Partners to prioritize
supplies on its line from the Gulf Coast to the Northeast due to a shortage of
heating fuel impacting several States. – Reuters
2.
February 7, Reuters – (National) U.S. orders priority propane
supplies to ease shortage. The Federal Energy Regulatory Commission used an
emergency order under the Interstate Commerce Act for the first time to order Enterprise
Energy Partners to prioritize supplies on its line from the Gulf Coast to the
Northeast due to the shortage of heating fuel impacting several States across
the U.S. Source: http://kdal610.com/news/articles/2014/feb/07/senators-ask-white-house-for-propane-shortage-relief/
• A Romanian national was extradited and
charged in New Jersey February 7 with allegedly being the leader of an ATM
skimming group that stole at least $5 million from bank customers in four
States. – Associated Press See item 5 below in the Financial
Services Sector
• Rancho Feeding Corporation of Petaluma,
California, recalled approximately 8,742,700 pounds of beef products because it
processed diseased and unsound animals without the benefit of federal
inspection. – U.S. Department of Agriculture
13.
February 8, U.S. Department of Agriculture – (National) California
firm recalls unwholesome meat products produced without the benefit of full
inspection. The U.S. Department of Agriculture’s Food Safety and Inspection
Service announced that Rancho Feeding Corporation of Petaluma, California,
recalled approximately 8,742,700 pounds of beef products because it processed
diseased and unsound animals without the benefit of federal inspection, leaving
the products unfit for human consumption. The company also recalled more than
40,000 pounds of meat products in January. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2014
• North Carolina’s environmental agency
acknowledged February 9 that they initially misread test results February 4 and
stated that water in the Dan River was safe after a massive coal ash spill when
it was in fact unsafe. – Associated Press
14.
February 10, Associated Press – (North Carolina) NC admits mistake,
says arsenic topped safe level. North Carolina’s environmental agency
acknowledged February 9 that they initially misread test results February 4
stating water in the Dan River was safe for people after a massive coal ash
spill. A sample taken February 3 revealed arsenic levels were four times higher
than the maximum level people should have contact with. Source: http://www.timesdispatch.com/news/national-world/ap/nc-admits-mistake-says-arsenic-topped-safe-level/article_3c7cca3e-9212-11e3-a5ed-0017a43b2370.html
Details
Financial Services Sector
4. February 10,
Help Net Security – (International) Trojan steals Bitcoins and targets
OS X. Researchers at SecureMac identified a new trojan dubbed
OSX/CoinThief.A which infects systems running OS X and monitors Internet
traffic in order to steal login credentials for Bitcoin wallets and exchanges.
The trojan is disguised as an app called StealthBit used to send and receive
Bitcoin payments. Source: http://www.net-security.org/malware_news.php?id=2702
5. February 7,
Associated Press – (International) Romanian charged in NJ for alleged
ATM ‘skimming.’ A Romanian national was charged in New Jersey February 7
with allegedly being the leader of an ATM skimming group that stole at least $5
million from bank customers in New Jersey, New York, Connecticut, and Florida.
The accused was extradited from Sweden after he fled the U.S. following the
arrest of 12 alleged co-conspirators. Source: http://www.washingtontimes.com/news/2014/feb/7/romanian-charged-in-nj-for-alleged-atm-skimming/
6. February 7,
Softpedia – (National) Bank of America customers targeted in massive
Bredo malware distribution campaign. Researchers at AppRiver identified a
large spam campaign capable of avoiding filtering engines that is currently
targeting Bank of America customers. Spam email messages carry a variant of the
Bredo information-stealing malware that was identified by only 11 antivirus
engines. Source: http://news.softpedia.com/news/Bank-of-America-Customers-Targeted-in-Massive-Bredo-Malware-Distribution-Campaign-425067.shtml
Information Technology Sector
26. February 10, Softpedia – (International) CSRF
vulnerability in Instagram allowed hackers to make private profiles public. A
researcher identified and reported a cross-site reference forgery (CSRF)
vulnerability in Instagram that could have been used to make private profiles
public. Facebook issued a patch in September 2013, and a second patch February
4 to fully address the issue. Source: http://news.softpedia.com/news/CSRF-Vulnerability-in-Instagram-Allowed-Hackers-to-Make-Private-Profiles-Public-425650.shtml
27. February 10, The Register – (International) Snapchat
bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBE. A Telefonica
security consultant identified a bug in Snapchat that allows authentication
tokens to be reused, which could be exploited to spam users and cause a phone
running iOS to freeze or make the app lock up on Android phones. Source: http://www.theregister.co.uk/2014/02/10/snapchat_token_bug_creates_dos_attack_for_ios_android/
28. February 9, The Register – (International) RoR
Paperclip infested by content type spoofing bug. A Ruby on Rails developer
identified a cross-site scripting (XSS) flaw in the Ruby on Rails Paperclip
uploader that could be extended to allow remote code execution. A new version
of Paperclip was released that addresses the vulnerability and users were
advised to update to it. Source: http://www.theregister.co.uk/2014/02/09/content_type_spoofing_bug_in_ror_paperclip/
29. February 8, Softpedia – (International) Expert
hacks private repositories on GitHub by combining 5 low-severity bugs. A
researcher found and reported a way to gain access to private GitHub code
repositories by combining five low-severity flaws to create a high-severity
exploit. GitHub fixed the vulnerabilities and paid a $4,000 reward as part of
its bug bounty program. Source: http://news.softpedia.com/news/Expert-Hacks-Private-Repositories-on-GitHub-by-Combining-5-Low-Severity-Bugs-425190.shtml
For additional stories, see items 4
and 6 above in the Financial
Services Sector
Communications Sector
30.
February 7, Greenfield Daily Reporter – (Indiana) Router problem
disrupts NineStar Connect service. A faulty router at the Maxwell facility
in Hancock County, Indiana, caused thousands of NineStar Connect customers to
lose Internet, cable television, and phone service for about 2 hours February
7. Crews replaced a hardware chassis and restored services. Source: http://www.greenfieldreporter.com/view/local_story/Ninestar-crashes-customers-aff_1391797363