Complete DHS Report for March 12, 2014
Daily Report
Details
• The U.S. National Transportation Safety
Board released a report March 10 stating that a December 2012 Columbia Gas
Transmission Corporation natural gas pipeline explosion in Sissonville, West
Virginia, was likely the result of poor maintenance for almost 25 years. – Charleston
Daily Mail
3.
March 10, Charleston Daily Mail – (West Virginia) Pipeline explosion
caused by corrosion, lack of inspections, NTSB concludes. The U.S. National
Transportation Safety Board released a report March 10 stating that a December
2012 Columbia Gas Transmission Corporation natural gas pipeline explosion in
Sissonville was likely the result of corrosion and lack of inspection of the
pipeline for almost 25 years. Source: http://www.charlestondailymail.com/News/201403100088
• A Vietnamese national pleaded guilty the
week of March 3 to running an identity theft service by tricking an Experian
subsidiary into giving him access to personal and financial data belonging to
over 200 million U.S. citizens – Krebs on Security See item 8 below
in the Financial Services Sector
• The Montana governor declared a flood
emergency March 9 after rains and melted snow pushed streams and rivers over
their banks, shutting off roads to towns, closing schools, and threatening to
overcome protective dykes. – Associated Press
11.
March 11, Associated Press – (Montana; Wyoming) Flooding swells
Montana rivers, washes out roads. The Montana governor declared a flood
emergency March 9 after warm weather mixed with rain caused snow to melt
rapidly and push streams and rivers over their banks, shutting off roads to
towns, closing schools, and threatening to overcome protective dykes. National
Guard members in Wyoming also worked to stack sandbags and divert flooding from
a school and water treatment plant. Source: http://www.abc6.com/story/24936965/governor-declares-flood-emergency-for-montana
• About 80,000 people plus 11 schools and
several businesses were placed under a boil water order March 11 for up to 48
hours when an 18-inch water main broke in Port Orange, Florida. – WESH 2
Daytona Beach
18.
March 11, WESH 2 Daytona Beach – (Florida) Boil water notice affects
4 Volusia County towns. About 80,000 people plus 11 schools and several
businesses were placed under boil order March 11 for up to 48 hours when an
18-inch water main broke in Port Orange, Florida. Source: http://www.wesh.com/news/port-orange-issues-boil-water-alert/24901590
Financial Services Sector
7. March 11, Softpedia – (Washington) Hackers steal
details of thousands of individuals from Archdiocese of Seattle. The
Archdiocese of Seattle warned volunteers and employees that their personally
identifiable information, including Social Security numbers, may have been
compromised when attackers breached the archdiocese’s systems. The archdiocese
advised those affected to check and see if fraudulent tax returns have been
filed in their names. Source: http://news.softpedia.com/news/Hackers-Steal-Details-of-Thousands-of-Individuals-from-Archdiocese-of-Seattle-431508.shtml
8. March 10, Krebs on Security – (International) Experian
lapse allowed ID theft service access to 200 million consumer records. A
Vietnamese national pleaded guilty the week of March 3 to running an identity
theft service from his home in Vietnam by tricking an Experian subsidiary into
giving him access to personal and financial data belonging to over 200 million
U.S. citizens by claiming to be a private investigator. Source: http://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-service-to-access-200-million-consumer-records/
9. March 10, NJ.com – (New Jersey) FBI: Suspect wanted
in 5 NJ bank robberies strikes again in Woodbridge. A suspect who robbed a
Capital One Bank branch in Woodbridge, New Jersey, March 8 is believed to be
responsible for five other bank robberies in the State beginning in August
2013.
Source: http://www.nj.com/middlesex/index.ssf/2014/03/fbi_suspect_wanted_in_5_nj_bank_robberies_strikes_again_in_woodbridge.html
Information Technology Sector
24.
March 11, Softpedia – (International) 162,000 WordPress sites abused
to amplify DDoS attack. Researchers at Securi found that attackers used
around 162,000 WordPress sites to indirectly launch a distributed denial of
service (DDoS) attack on a client’s WordPress site by abusing the sites’
XML-RPC feature, which is enabled by default on WordPress sites. Source: http://news.softpedia.com/news/162-000-WordPress-Sites-Abused-to-Amplify-DDOS-Attack-431590.shtml
25.
March 11, Threatpost – (International) Apple iOS 7.1 fixes more than
20 code-execution flaws. Apple released an update for its iOS mobile
operating system, closing several code execution vulnerabilities and other
issues. The Webkit framework underlying the Safari browser also received fixes
for 19 memory corruption issues. Source: http://threatpost.com/apple-ios-7-1-fixes-more-than-20-code-execution-flaws/104705
26.
March 10, SC Magazine – (International) Saboteurs slip Dendroid RAT
into Google Play. A researcher at Lookout found that the Dendroid remote
access trojan (RAT) had been uploaded into the Google Play store disguised as
other apps, but was quickly removed. Source: http://www.scmagazine.com/saboteurs-slip-dendroid-rat-into-google-play/article/337607/
27.
March 10, IDG News Service – (International) Joomla receives patches
for zero-day SQL injection vulnerability, other flaws. The Joomla Project
released security updates for its Joomla content management system, addressing
a SQL injection vulnerability that could be used to steal information from
databases on Joomla-based Web sites, as well as addressing two cross-site
scripting (XSS) vulnerabilities and an unauthorized log-in flaw. Source: http://www.computerworld.com/s/article/9246849/Joomla_receives_patches_for_zero_day_SQL_injection_vulnerability_other_flaws
Communications Sector
Nothing to report