Thursday, March 20, 2014




Complete DHS Report for March 20, 2014

Daily Report

Details

 • Toyota Motor Corporation agreed to pay a record $1.2 billion in fines and admit to misleading consumers as part of a settlement with the U.S. government regarding the company’s handling of two unintended acceleration issues. – Los Angeles Times

3. March 19, Los Angeles Times – (National) Toyota admits misleading regulators, pays $1.2-billion federal fine. Toyota Motor Corporation agreed to pay a record $1.2 billion in fines and admit to misleading consumers as part of a settlement with the U.S. government over an investigation into the company’s handling of two unintended acceleration issues. Source: http://www.latimes.com/business/la-fi-hy-toyota-billion-dollar-justice-department-settlement-20140319,0,7794824.story

 • A KOMO-TV 4 Seattle, Washington, news helicopter plummeted into an intersection near the Seattle Center campus March 18, setting three cars on fire and killing two people on board. – Associated Press

8. March 19, Associated Press – (Washington) Seattle looks at helipad rules after deadly crash. Authorities are investigating after a KOMO-TV 4 Seattle news helicopter plummeted into an intersection near the Seattle Center campus March 18, setting three cars on fire and killing two people on board. A third person suffered extensive injuries while escaping from their burning car. Source: http://news.msn.com/us/seattle-looks-at-helipad-rules-after-deadly-crash

 • The Internal Revenue Service (IRS) reported March 18 that an employee took home a computer thumb drive containing personal information of about 20,000 IRS workers, former workers, and contractors. – Associated Press

21. March 18, Associated Press – (National) IRS: Employee took home personal info on 20K workers. The Internal Revenue Service (IRS) reported March 18 that an employee took home a computer thumb drive containing personal information of about 20,000 IRS workers, former workers, and contractors. The agency’s inspector general is investigating the potential breach. Source: http://news.msn.com/us/irs-employee-took-home-personal-info-on-20k-workers

 • A March 18 fire at the Vivint complex in Lindon, Utah, prompted the evacuation of 400-500 employees and left 3 people injured. – Salt Lake Tribune

34. March 18, Salt Lake Tribune – (Utah) Firefighter badly injured during blaze at Lindon’s Vivint Building. Officials believe a March 18 fire at the Vivint warehouse-and-office complex in Lindon, which prompted the evacuation of 400-500 employees, was sparked by heat tape used to prevent freezing in the facility’s gutter system. One firefighter suffered serious injuries after a wall collapsed, and two other individuals were treated for smoke inhalation. Source: http://www.sltrib.com/sltrib/news/57697719-78/fire-lindon-500-building.html.csp

Financial Services Sector

4. March 19, Bloomberg News – (New York) Simpson Thacher clerk charged in insider-trading scheme. A clerk at law firm Simpson Thacher & Bartlett LLP and a stockbroker who worked at Oppenheimer & Co., and Morgan Stanley were charged by federal authorities for allegedly running an insider trading scheme through a middleman that resulted in over $5.6 million in illicit profits. Source: http://www.bloomberg.com/news/2014-03-19/simpson-thacher-clerk-charged-in-insider-trading-scheme.html

5. March 19, The Register – (International) ‘Zotob’ hacker ‘Diabl0’ arrested in Bangkok after three-year hunt. A Moroccan suspected of causing $4 billion in damages to Swiss banking systems was arrested in Thailand and faces extradition to Switzerland. The man was previously arrested and jailed in Morocco for spreading the Zotob worm that infected systems around the world, including a U.S. government Web site. Source: http://www.theregister.co.uk/2014/03/19/diabl0_hacker_arrested_bangkok/

6. March 18, Carlisle Sentinel – (Pennsylvania) Another bank robbed in South Middleton. State Police in Carlisle believe that the suspect who robbed an M&T Bank branch in South Middleton Township March 18 was the same suspect responsible for two bank robberies in Boiling Springs. The three robberies also caused partial lockdowns at South Middleton School District schools since February 27. Source: http://cumberlink.com/news/local/crime-and-courts/another-bank-robbed-in-south-middleton/article_055aeb86-aec2-11e3-96b9-0019bb2963f4.html

For another story, see item 29 below in the Information Technology Sector

Information Technology Sector

25. March 19, Softpedia – (International) Security researcher accidentally crashes Google Play when testing PoC app. A security researcher uploading a proof of concept for a potential Android vulnerability may have caused several users to be unable to upload applications to the Google Play app market for a short time. Source: http://news.softpedia.com/news/Security-Researcher-Accidentally-Crashes-Google-Play-When-Testing-POC-App-432931.shtml

26. March 19, Softpedia – (International) Hacked EA server used to host Apple phishing page. Researchers at Netcraft reported that attackers compromised a server that hosts two Electronic Arts (EA) Web sites and used it to host a phishing page that mimics an Apple login page. Source: http://news.softpedia.com/news/Hacked-EA-Website-Used-to-Host-Apple-Phishing-Page-432977.shtml

27. March 19, Softpedia – (International) Expert finds RCE flaw in Yahoo after logging in with “Admin/Admin” credentials. A security researcher identified and reported a flaw in a Hong Kong subdomain of Yahoo that allowed him to gain read/write/execute permissions by entering a default login name and password. The issue was reported February 20 and fixed February 21. Source: http://news.softpedia.com/news/Expert-Finds-RCE-Flaw-on-Yahoo-After-Logging-in-with-Admin-Admin-Credentials-432956.shtml

28. March 19, Softpedia – (International) Mozilla releases Firefox 28, fixes vulnerabilities presented at Pwn2Own. Mozilla released Firefox 28, the newest version of its Web browser, adding new features and closing 18 vulnerabilities identified during the Pwn2Own 2014 security competition. Source: http://news.softpedia.com/news/Mozilla-Releases-Firefox-28-Fixes-Vulnerabilities-Presented-at-Pwn2Own-432912.shtml

29. March 18, SC Magazine – (International) $30 RAT, WinSpy, involved in two phishing campaigns. FireEye researchers identified two phishing campaigns utilizing the WinSpy remote access trojan (RAT) and the GimmeRAT Android malware that comes packaged with the first RAT. One campaign used spear phishing emails targeting U.S. financial institutions while a second was an indiscriminate spam campaign. Source: http://www.scmagazine.com/30-rat-winspy-involved-in-two-phishing-campaigns/article/338770/

For another story, see item 5 above in the Financial Services Sector

Communications Sector

30. March 19, Erie Times-News– (Pennsylvania) Erie’s WQLN goes out Tuesday night, more outages likely. Erie’s public broadcasting affiliate WQLN-TV 54 experienced an over-the-air transmission outage March 18 due to a transmission problem. Officials reported that additional outages were expected March 19-20 while a replacement part is installed. Source: http://www.goerie.com/article/20140319/NEWS02/303199908/Erie's-WQLN-goes-out-Tuesday-night-more-outages-likely