Thursday, February 13, 2014




Complete DHS Report for February 13, 2014

Daily Report

 • More than 350,000 customers across several southern States lost power February 12 due to a severe ice storm which also prompted 3,003 flight cancellations nationwide. – NBC News

1. February 12, NBC News – (National) Bone-chilling: ‘Catastrophic’ winter blast wipes out power in south. More than 350,000 customers across several southern States lost power February 12 due to a severe ice storm which also prompted 3,003 flight cancellations nationwide and 3,198 delayed flights. Source: http://www.nbcnews.com/storyline/deep-freeze/bone-chilling-catastrophic-winter-blast-wipes-out-power-south-n28156

 • A pipeline at Patriot Coal’s Kanawha Eagle Prep Plant near Winifrede, West Virginia, ruptured and released 108,000 gallons of coal slurry a Kanawha River tributary February 11. – Associated Press

3. February 11, Associated Press – (West Virginia) W.Va. coal prep plant spills slurry into creek. A pipeline at Patriot Coal’s Kanawha Eagle Prep Plant near Winifrede ruptured and released 108,000 gallons of coal slurry into Fields Creek, a tributary of the Kanawha River, February 11. West Virginia American Water officials do not anticipate the slurry spill will affect public drinking water but believe environmental impacts could be severe. Source: http://www.timesunion.com/news/science/article/W-Va-coal-prep-plant-spills-slurry-into-creek-5224726.php

 • Toyota announced a recall covering 2.1 million vehicles worldwide, including 973,000 in North America, for two software issues. – CNNMoney

5. February 12, CNNMoney – (International) Toyota recalls 2.1 million vehicles. Toyota announced a recall covering 2.1 million vehicles worldwide, including 973,000 in North America, for two software issues. 713,000 model year 2010-2014 Prius vehicles have a software issue that could result in higher thermal stress and a loss of power, while 260,000 model year 2012RAV4, 2012-2013 Tacoma, and 2012-2013 Lexus RX 350 vehicles in the U.S. may experience loss of vehicle stability control, anti-lock braking, and traction control due to a second software issue. Source: http://money.cnn.com/2014/02/12/autos/toyota-prius-recall/index.html

 • Cloudflare confirmed February 10 that one of its customers was being targeted by a massive distributed denial of service (DDoS) attack that utilized Network Time Protocol (NTP) reflection, reaching over 400 gigabits per second. – Help Net Security See item 21 below in the Information Technology Sector

Details

Financial Services Sector

7. February 12, Softpedia – (International) Bitstamp suspends Bitcoin withdrawals due to DOS attack. Bitcoin exchange service Bitstamp began suspending withdrawals while dealing with a denial of service (DoS) attack exploiting a transaction malleability issue. Source: http://news.softpedia.com/news/Bitstamp-Suspends-Bitcoin-Withdrawals-Due-to-DOS-Attack-426249.shtml

8. February 11, Softpedia – (International) Corkow trojan targets bank customers, Bitcoin owners and Android developers. Researchers at ESET have monitored the use of a modular banking trojan known as Corkow that can be fitted with additional capabilities and is able to steal keystrokes, screenshots, and inject phishing pages. The malware also appears to be targeting Android developers and the login credentials for Bitcoin Web sites. Source: http://news.softpedia.com/news/Corkow-Trojan-Targets-Bank-Customers-Bitcoin-Owners-and-Android-Developers-426056.shtml

9. February 11, U.S. Securities and Exchange Commission – (International) Two Hong Kong-based firms to pay $11 million for insider trading ahead of Nexen acquisition by company in China. Hong Kong-based firms CITIC Securities International Investment Management Limited and China Shenghai Investment Management Limited agreed to pay a combined $11 million to settle U.S. Securities and Exchange Commission charges that the companies engaged in insider trading ahead of the acquisition of Nexen by China-based CNOOC Limited. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370540775561

Information Technology Sector

21. February 12, Help Net Security – (International) 400Gbps NTP-based DDoS attack hits Cloudflare. Cloudflare confirmed February 10 that one of its customers was being targeted by a massive distributed denial of service (DDoS) attack that utilized Network Time Protocol (NTP) reflection. The attack reached over 400 gigabits per second and misused over 4,500 NTP servers. Source: http://www.net-security.org/secworld.php?id=16350

22. February 12, Softpedia – (International) Bitcoin-stealing Mac malware distributed via Download.com and MacUpdate. Researchers from SecureMac analyzed the CoinThief Bitcoin-stealing malware for OS X and found that it is being distributed under various names on several legitimate Web sites, including MacUpdate and Download.com. Source: http://news.softpedia.com/news/Bitcoin-Stealing-Mac-Malware-Distributed-via-Download-com-and-MacUpdate-426284.shtml

23. February 11, IDG News Service – (International) Microsoft addresses critical IE vulnerabilities for Patch Tuesday. Microsoft released its monthly Patch Tuesday round of patches February 11, including 7 bulletins, 4 of which were rated critical, closing a total of 31 vulnerabilities. Source: http://www.networkworld.com/news/2014/021114-microsoft-addresses-critical-ie-vulnerabilities-278672.html

24. February 11, Threatpost – (International) Adobe patches critical vulnerabilities in Shockwave. Adobe released a patch February 11 for its Shockwave Player, closing a critical vulnerability in the platform that could allow an attacker to remotely take control of an affected system. Source: http://threatpost.com/adobe-patches-critical-vulnerabilities-in-shockwave/104207

25. February 11, Computerworld – (International) Windows XP isn’t the only software getting the knife in 8 weeks. Microsoft will cease support and no longer issue security updates for its Office 2003 and Exchange Server 2003 after April 8, the same date it will cease support for the Windows XP operating system. Source: http://www.networkworld.com/news/2014/021114-windows-xp-isn39t-the-only-278675.html

26. February 11, Help Net Security – (International) Older Flash Player vulnerability exploited in the wild. Researchers at Microsoft discovered several recent attacks exploiting a Flash Player vulnerability that was patched in November 2013, which attempts to install a trojan downloader on vulnerable computers. Source: http://www.net-security.org/secworld.php?id=16343

For another story, see item 8 above in the Financial Services Sector

Communications Sector
Nothing to report