Complete DHS Report for February 13, 2014
Daily Report
• More than 350,000 customers across several
southern States lost power February 12 due to a severe ice storm which also
prompted 3,003 flight cancellations nationwide. – NBC News
1.
February 12, NBC News – (National) Bone-chilling: ‘Catastrophic’
winter blast wipes out power in south. More than 350,000 customers across
several southern States lost power February 12 due to a severe ice storm which
also prompted 3,003 flight cancellations nationwide and 3,198 delayed flights.
Source:
http://www.nbcnews.com/storyline/deep-freeze/bone-chilling-catastrophic-winter-blast-wipes-out-power-south-n28156
• A pipeline at Patriot Coal’s Kanawha Eagle
Prep Plant near Winifrede, West Virginia, ruptured and released 108,000 gallons
of coal slurry a Kanawha River tributary February 11. – Associated Press
3.
February 11, Associated Press – (West Virginia) W.Va. coal prep plant
spills slurry into creek. A pipeline at Patriot Coal’s Kanawha Eagle Prep
Plant near Winifrede ruptured and released 108,000 gallons of coal slurry into
Fields Creek, a tributary of the Kanawha River, February 11. West Virginia
American Water officials do not anticipate the slurry spill will affect public
drinking water but believe environmental impacts could be severe. Source: http://www.timesunion.com/news/science/article/W-Va-coal-prep-plant-spills-slurry-into-creek-5224726.php
• Toyota announced a recall covering 2.1
million vehicles worldwide, including 973,000 in North America, for two
software issues. – CNNMoney
5.
February 12, CNNMoney – (International) Toyota recalls 2.1 million
vehicles. Toyota announced a recall covering 2.1 million vehicles worldwide,
including 973,000 in North America, for two software issues. 713,000 model year
2010-2014 Prius vehicles have a software issue that could result in higher
thermal stress and a loss of power, while 260,000 model year 2012RAV4,
2012-2013 Tacoma, and 2012-2013 Lexus RX 350 vehicles in the U.S. may
experience loss of vehicle stability control, anti-lock braking, and traction
control due to a second software issue. Source: http://money.cnn.com/2014/02/12/autos/toyota-prius-recall/index.html
• Cloudflare confirmed February 10 that one of
its customers was being targeted by a massive distributed denial of service
(DDoS) attack that utilized Network Time Protocol (NTP) reflection, reaching
over 400 gigabits per second. – Help Net Security See item 21
below in the Information Technology
Sector
Details
Financial Services Sector
7. February 12, Softpedia – (International) Bitstamp
suspends Bitcoin withdrawals due to DOS attack. Bitcoin exchange service
Bitstamp began suspending withdrawals while dealing with a denial of service
(DoS) attack exploiting a transaction malleability issue. Source: http://news.softpedia.com/news/Bitstamp-Suspends-Bitcoin-Withdrawals-Due-to-DOS-Attack-426249.shtml
8. February 11, Softpedia – (International) Corkow
trojan targets bank customers, Bitcoin owners and Android developers. Researchers
at ESET have monitored the use of a modular banking trojan known as Corkow that
can be fitted with additional capabilities and is able to steal keystrokes,
screenshots, and inject phishing pages. The malware also appears to be
targeting Android developers and the login credentials for Bitcoin Web sites.
Source: http://news.softpedia.com/news/Corkow-Trojan-Targets-Bank-Customers-Bitcoin-Owners-and-Android-Developers-426056.shtml
9. February 11, U.S. Securities and Exchange Commission –
(International) Two Hong Kong-based firms to pay $11 million for insider
trading ahead of Nexen acquisition by company in China. Hong Kong-based
firms CITIC Securities International Investment Management Limited and China
Shenghai Investment Management Limited agreed to pay a combined $11 million to
settle U.S. Securities and Exchange Commission charges that the companies
engaged in insider trading ahead of the acquisition of Nexen by China-based
CNOOC Limited. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370540775561
Information Technology Sector
21. February 12, Help Net Security – (International) 400Gbps
NTP-based DDoS attack hits Cloudflare. Cloudflare confirmed February 10
that one of its customers was being targeted by a massive distributed denial of
service (DDoS) attack that utilized Network Time Protocol (NTP) reflection. The
attack reached over 400 gigabits per second and misused over 4,500 NTP servers.
Source: http://www.net-security.org/secworld.php?id=16350
22. February 12, Softpedia – (International) Bitcoin-stealing
Mac malware distributed via Download.com and MacUpdate. Researchers from
SecureMac analyzed the CoinThief Bitcoin-stealing malware for OS X and found
that it is being distributed under various names on several legitimate Web
sites, including MacUpdate and Download.com. Source: http://news.softpedia.com/news/Bitcoin-Stealing-Mac-Malware-Distributed-via-Download-com-and-MacUpdate-426284.shtml
23. February 11, IDG News Service – (International) Microsoft
addresses critical IE vulnerabilities for Patch Tuesday. Microsoft released
its monthly Patch Tuesday round of patches February 11, including 7 bulletins,
4 of which were rated critical, closing a total of 31 vulnerabilities. Source: http://www.networkworld.com/news/2014/021114-microsoft-addresses-critical-ie-vulnerabilities-278672.html
24. February 11, Threatpost – (International) Adobe
patches critical vulnerabilities in Shockwave. Adobe released a patch
February 11 for its Shockwave Player, closing a critical vulnerability in the
platform that could allow an attacker to remotely take control of an affected
system. Source: http://threatpost.com/adobe-patches-critical-vulnerabilities-in-shockwave/104207
25. February 11, Computerworld – (International) Windows
XP isn’t the only software getting the knife in 8 weeks. Microsoft will
cease support and no longer issue security updates for its Office 2003 and
Exchange Server 2003 after April 8, the same date it will cease support for the
Windows XP operating system. Source: http://www.networkworld.com/news/2014/021114-windows-xp-isn39t-the-only-278675.html
26. February 11, Help Net Security – (International) Older
Flash Player vulnerability exploited in the wild. Researchers at Microsoft
discovered several recent attacks exploiting a Flash Player vulnerability that
was patched in November 2013, which attempts to install a trojan downloader on
vulnerable computers. Source: http://www.net-security.org/secworld.php?id=16343
For another story, see item 8 above in the Financial Services Sector
Communications Sector
Nothing to
report