Wednesday, March 12, 2014




Complete DHS Report for March 12, 2014

Daily Report

Details

 • The U.S. National Transportation Safety Board released a report March 10 stating that a December 2012 Columbia Gas Transmission Corporation natural gas pipeline explosion in Sissonville, West Virginia, was likely the result of poor maintenance for almost 25 years. – Charleston Daily Mail

3. March 10, Charleston Daily Mail – (West Virginia) Pipeline explosion caused by corrosion, lack of inspections, NTSB concludes. The U.S. National Transportation Safety Board released a report March 10 stating that a December 2012 Columbia Gas Transmission Corporation natural gas pipeline explosion in Sissonville was likely the result of corrosion and lack of inspection of the pipeline for almost 25 years. Source: http://www.charlestondailymail.com/News/201403100088

 • A Vietnamese national pleaded guilty the week of March 3 to running an identity theft service by tricking an Experian subsidiary into giving him access to personal and financial data belonging to over 200 million U.S. citizens – Krebs on Security See item 8 below in the Financial Services Sector

 • The Montana governor declared a flood emergency March 9 after rains and melted snow pushed streams and rivers over their banks, shutting off roads to towns, closing schools, and threatening to overcome protective dykes. – Associated Press

11. March 11, Associated Press – (Montana; Wyoming) Flooding swells Montana rivers, washes out roads. The Montana governor declared a flood emergency March 9 after warm weather mixed with rain caused snow to melt rapidly and push streams and rivers over their banks, shutting off roads to towns, closing schools, and threatening to overcome protective dykes. National Guard members in Wyoming also worked to stack sandbags and divert flooding from a school and water treatment plant. Source: http://www.abc6.com/story/24936965/governor-declares-flood-emergency-for-montana

 • About 80,000 people plus 11 schools and several businesses were placed under a boil water order March 11 for up to 48 hours when an 18-inch water main broke in Port Orange, Florida. – WESH 2 Daytona Beach

18. March 11, WESH 2 Daytona Beach – (Florida) Boil water notice affects 4 Volusia County towns. About 80,000 people plus 11 schools and several businesses were placed under boil order March 11 for up to 48 hours when an 18-inch water main broke in Port Orange, Florida. Source: http://www.wesh.com/news/port-orange-issues-boil-water-alert/24901590

Financial Services Sector

7. March 11, Softpedia – (Washington) Hackers steal details of thousands of individuals from Archdiocese of Seattle. The Archdiocese of Seattle warned volunteers and employees that their personally identifiable information, including Social Security numbers, may have been compromised when attackers breached the archdiocese’s systems. The archdiocese advised those affected to check and see if fraudulent tax returns have been filed in their names. Source: http://news.softpedia.com/news/Hackers-Steal-Details-of-Thousands-of-Individuals-from-Archdiocese-of-Seattle-431508.shtml

8. March 10, Krebs on Security – (International) Experian lapse allowed ID theft service access to 200 million consumer records. A Vietnamese national pleaded guilty the week of March 3 to running an identity theft service from his home in Vietnam by tricking an Experian subsidiary into giving him access to personal and financial data belonging to over 200 million U.S. citizens by claiming to be a private investigator. Source: http://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-service-to-access-200-million-consumer-records/

9. March 10, NJ.com – (New Jersey) FBI: Suspect wanted in 5 NJ bank robberies strikes again in Woodbridge. A suspect who robbed a Capital One Bank branch in Woodbridge, New Jersey, March 8 is believed to be responsible for five other bank robberies in the State beginning in August 2013. Source: http://www.nj.com/middlesex/index.ssf/2014/03/fbi_suspect_wanted_in_5_nj_bank_robberies_strikes_again_in_woodbridge.html

Information Technology Sector

24. March 11, Softpedia – (International) 162,000 WordPress sites abused to amplify DDoS attack. Researchers at Securi found that attackers used around 162,000 WordPress sites to indirectly launch a distributed denial of service (DDoS) attack on a client’s WordPress site by abusing the sites’ XML-RPC feature, which is enabled by default on WordPress sites. Source: http://news.softpedia.com/news/162-000-WordPress-Sites-Abused-to-Amplify-DDOS-Attack-431590.shtml

25. March 11, Threatpost – (International) Apple iOS 7.1 fixes more than 20 code-execution flaws. Apple released an update for its iOS mobile operating system, closing several code execution vulnerabilities and other issues. The Webkit framework underlying the Safari browser also received fixes for 19 memory corruption issues. Source: http://threatpost.com/apple-ios-7-1-fixes-more-than-20-code-execution-flaws/104705

26. March 10, SC Magazine – (International) Saboteurs slip Dendroid RAT into Google Play. A researcher at Lookout found that the Dendroid remote access trojan (RAT) had been uploaded into the Google Play store disguised as other apps, but was quickly removed. Source: http://www.scmagazine.com/saboteurs-slip-dendroid-rat-into-google-play/article/337607/

27. March 10, IDG News Service – (International) Joomla receives patches for zero-day SQL injection vulnerability, other flaws. The Joomla Project released security updates for its Joomla content management system, addressing a SQL injection vulnerability that could be used to steal information from databases on Joomla-based Web sites, as well as addressing two cross-site scripting (XSS) vulnerabilities and an unauthorized log-in flaw. Source: http://www.computerworld.com/s/article/9246849/Joomla_receives_patches_for_zero_day_SQL_injection_vulnerability_other_flaws

Communications Sector

Nothing to report