Thursday, February 20, 2014




Complete DHS Report for February 20, 2014

Daily Report

Details

 • The North Carolina Division of Water Resources ordered Duke Energy to stop the flow of contaminated water at its Eden power plant February 18, after learning that groundwater containing unsafe levels of arsenic is still pouring into the Dan River. – Associated Press

1. February 19, Associated Press – (North Carolina) Toxins leaking from second pipe at N.C. coal ash dump. The North Carolina Division of Water Resources ordered Duke Energy to stop the flow of contaminated water coming out of a pipe that runs under a coal ash dump at its Eden power plant February 18, after learning that the groundwater containing unsafe levels of arsenic is still pouring into the Dan River. Source: http://www.bdtonline.com/apnational/x1783679477/Toxins-leaking-from-second-pipe-at-N-C-coal-ash-dump

 • Halliburton Energy Services was fined $1.8 million by the Pennsylvania Department of Environmental Protection for violating record keeping requirements about 255 times between 1999 and 2011. – Pittsburgh Post-Gazette

2. February 18, Pittsburgh Post-Gazette – (Pennsylvania) Halliburton fined $1.8 million over disposal. Halliburton Energy Services was fined $1.8 million by the Pennsylvania Department of Environmental Protection for transporting, processing, and disposing of hydrochloric acid without classifying it as a hazardous substance, violating record keeping requirements about 255 times between 1999 and 2011. Source: http://www.post-gazette.com/business/2014/02/18/State-fines-Hallibutron-1-8-million-for/stories/201402180151

 • California health officials stated February 18 that 10 communities are at acute risk of running out of drinking water and well water is at risk of being concentrated with contaminants due to a severe drought in the State. – Reuters

18. February 19, Reuters – (California) Water contamination feared from California drought. California health officials stated February 18 that 10 communities are at acute risk of running out of drinking water in 60 days due to a severe drought in the State, and well water in rural communities are at particular risk of becoming more concentrated with contaminants due to less water available to dilute them. Source: http://news.msn.com/us/water-contamination-feared-from-california-drought

 • Researchers believe the medical records and payment information documents that they found on a Web site was posted by individuals who gained access to SigmaCare software, designed by eHealth Solutions Inc. – Wall Street Journal

20. February 18, Wall Street Journal – (National) Nursing homes are exposed to hacker attacks. Two cybersecurity firms found a Web site containing documents that could allow hackers to potentially obtain electronic medical records and payment information from health care providers. Researchers believe the information was posted by individuals who gained access to SigmaCare software, designed by eHealth Solutions Inc., although the company is unaware of how the files were accessed. Source: http://online.wsj.com/news/articles/SB10001424052702304899704579389171658671940

Financial Services Sector

5. February 18, Softpedia – (National) Bank of the West job applicants told that hackers might have stolen their details. Bank of the West began notifying employment applicants in February that its Web site was breached and any personal information submitted may have been stolen by hackers. Source: http://news.softpedia.com/news/Bank-of-the-West-Job-Applicants-Told-That-Hackers-Might-Have-Stolen-Their-Details-427708.shtml

6. February 18, SC Magazine – (International) New variant of Zeus banking trojan concealed in JPG images. Researchers identified a new variant of the Zeus banking trojan, ZeusVM, that is concealed in a JPG image file to avoid detection by security software. The JPG image files contain the malware configuration files that are needed to launch man-in-the-middle and man-in-the-browser attacks and allow attackers to collect personal information and perform online transactions. Source: http://www.scmagazine.com/new-variant-of-zeus-banking-trojan-concealed-in-jpg-images/article/334477/

Information Technology Sector

29. February 19, V3.co.uk – (International) Microsoft crash reports reveal Houdini hack campaign hitting firms. A security researcher from Websense found a new hack campaign utilizing the Houdini remote access trojan (RAT) targeting a mobile network operator and government body while cross-referencing Microsoft application and software crash reports. Source: http://www.v3.co.uk/v3-uk/news/2329562/microsoft-crash-reports-reveal-houdini-hack-campaign-hitting-firms

30. February 19, Network World – (International) Zeus malware-botnet variant spotted ‘crawling’ Salesforce.com. Adallom researchers found that the Zeus trojan, malware known to steal banking credentials, was targeting Windows-based computers in order to swipe business data from the SalesForce Web site through a kind of Web-crawling action. Source: http://www.networkworld.com/news/2014/021914-zeus-malware-278711.html

31. February 19, Softpedia – (International) Two different cybercriminal groups are using IE 10 zero-day in their operations. Security experts believe that two different cybercriminal groups are responsible for an attack on the U.S. Veterans of Foreign Wars Web site and an attack involving the French aerospace industries association, but both groups utilized the same IE zero-day exploit. Source: http://news.softpedia.com/news/Two-Different-Cybercriminal-Groups-Are-Using-IE-10-Zero-Day-in-Their-Operations-427949.shtml

32. February 19, Softpedia – (International) DoS, XSS, and data injection flaws fixed in Rails 4.0.3, 3.2.17 and 4.1.0.beta2. Ruby on Rails released fixes to address three vulnerabilities, including a data injection flaw impacting Active Record, a cross-site scripting (XSS) vulnerability, and a denial-of-service (DoS) issue in Action View. Source: http://news.softpedia.com/news/DOS-XSS-and-Data-Injection-Flaws-Fixed-in-Rails-4-0-3-3-2-17-and-4-1-0-beta2-428015.shtml

33. February 19, Help Net Security – (International) US businesses suffered 660,000 internal security breaches. Researchers at IS Decisions found that in the last 12 months, over 660,000 internal security breaches took place in U.S. businesses, and only about 17 percent of information technology managers consider insider threats to be a top priority for their organization. Source: http://www.net-security.org/secworld.php?id=16379

34. February 18, Softpedia – (International) Hackers posted details of 300,000 accounts on Pastebin in the last 12 months. Researchers discovered that in the last 12 months, over 300,000 accounts’ credentials were published on Pastebin through two main sources of information leaks including, insecure Web applications and compromised user machines with installed trojans. Source: http://news.softpedia.com/news/Hackers-Posted-Details-of-300-000-Accounts-on-Pastebin-in-the-Last-12-Months-427658.shtml

For another story, see item 6 above in the Financial Services Sector

Communications Sector

Nothing to report