Tuesday, April 8, 2014




Complete DHS Report for April 8, 2014

Daily Report

Details

 • Ford announced the recall of around 386,000 model year 2001-2004 Escape vehicles due to the potential for subframe rusting caused by road salt, and the recall of about 49,000 model year 2013 and 2014 Ford Fusion, Escape, and C-MAX, and Lincoln MKZ vehicles due to improperly welded seat back frames. – Associated Press

3. April 7, Associated Press – (National) Ford recalls nearly 435,000 vehicles. Ford announced two recalls, the first of around 386,000 model year 2001-2004 Escape vehicles due to the potential for subframe rusting caused by road salt, which could cause control arm separation and impaired steering control. The second recall involves 49,000 model year 2013 and 2014 Ford Fusion, Escape, and C-MAX, and Lincoln MKZ vehicles due to improperly welded seat back frames. Source: http://abcnews.go.com/Business/wireStory/ford-recalls-435000-vehicles-23224770

 • The Virginia Department of Public Health advised residents to avoid recreational use of a section of the Pigg River after about 30,000 gallons of cow manure wastewater spilled into a tributary of the river in Franklin County April 3. – Associated Press

20. April 7, Associated Press – (Virginia) Manure spill in Franklin Co. river. The Virginia Department of Public Health advised residents to avoid recreational use of a section of the Pigg River after about 30,000 gallons of cow manure wastewater spilled into a tributary of the river in Franklin County April 3. Source: http://wfirnews.com/local-news/manure-spill-in-franklin-co-river

 • Los Angeles County officials reported April 3 that the number of victims impacted by a medical data breach rose by 170,200 totaling 338,700 victims, after a February theft of 8 computers at a Sutherland Healthcare Solutions office. – Los Angeles Times (See item 23)

23. April 3, Los Angeles Times – (California) Medical data breach involves more than 170,000 additional victims. Los Angeles County officials reported April 3 that the number of victims impacted by a medical data breach rose by 170,200, totaling 338,700 victims, after a February theft of 8 computers during a break-in at the Torrance office of Sutherland Healthcare Solutions. The computers contained personal and medical data, as well as Social Security numbers and billing information. Source: http://www.latimes.com/local/lanow/la-me-ln-sutherland-data-breach-20140403,0,7636728.story

 • Violence broke out at an Isla Vista, California street party, dubbed Deltopia, April 5 after at least 18 people were arrested in connection with the disturbance and more than two dozen people were injured, including 6 police officers. – CNN

37. April 7, CNN – (California) 'Deltopia' party in California turns violent; dozens arrested. Violence broke out at an Isla Vista street party, dubbed Deltopia, April 5 after a police officer was hit in the head with a backpack containing bottles. At least 18 people were arrested in connection with the disturbance and more than two dozen people were injured, including 5 police officers. Source: http://www.cnn.com/2014/04/06/us/california-street-party-melee/

Financial Services Sector

4. April 5, Softpedia – (International) Farm supply store Rural King hacked, attackers access financial information. The Matton, Illinois-based Rural King farm supply store began notifying customers that it experienced a data breach where attackers may have stolen names, payment card numbers, verification codes, phone numbers, addresses, and other information. The breach began February 6, was detected March 7, and attackers were completely blocked out by March 12. Source: http://news.softpedia.com/news/Farm-Supply-Store-Rural-King-Hacked-Attackers-Access-Financial-Information-436039.shtml

5. April 4, Chicago Sun-Times – (Illinois) ‘Shady Bandit’ nabbed for North Side bank robbery. A suspect known as the “Shady Bandit” was arrested April 1 and charged with the robbery of a TCF Bank branch in Chicago February 11. The woman is also suspected of robbing two other TCF Bank branches in May and November 2013. Source: http://chicago.cbslocal.com/2014/04/04/shady-bandit-nabbed-for-north-side-bank-robbery/

6. April 4, Reuters – (New Jersey) SEC charges trading firm owner, others in ‘spoofing’ case. The U.S. Securities and Exchange Commission charged a co-owner of New Jersey-based Visionary Trading LLC with engaging in rapidly placing orders to create the illusion of demand, known as spoofing. The co-founder agreed to pay $1.9 million in a settlement, and three other co-owners who were also charged in relation to the case through involvement with Lightspeed Trading LLC will collectively pay around $3 million to settle charges. Source: http://www.chicagotribune.com/business/sns-rt-us-sec-enforcement-spoofing-20140404,0,5299376.story

7. April 4, Fort Lauderdale Sun-Sentinel – (Florida) Delray man accused of stealing debit card information at ATMs. A Delray Beach man was arrested April 1 for allegedly working with another individual to place skimmers on several ATMs at Publix stores in Delray Beach and Boca Raton. The man then allegedly used stolen payment card data to purchase gift cards. Source: http://www.sun-sentinel.com/news/palm-beach/boca-raton/fl-delray-boca-skimmer-arrest-20140404,0,6488993.story

For additional stories, see item 32 below in the Information Technology Sector and item 36 below in the Communications Sector

Information Technology Sector

31. April 5, Softpedia – (International) DDoS attack enabled by persistent XSS vulnerability on top video content provider’s site. Incapsula reported that they mitigated an application layer distributed denial of service (DDoS) attack against a client which utilized a cross-site scripting (XSS) vulnerability in a popular video content provider’s Web site. Malicious JavaScript code was injected into a tag associated with users’ profiles, which executed whenever a legitimate user accessed the page Source: http://news.softpedia.com/news/DDOS-Attack-Enabled-by-Persistent-XSS-Vulnerability-on-Top-Video-Content-Provider-s-Site-436029.shtml

32. April 4, Softpedia – (International) Upatre downloader distributed via banking-themed spam campaign. Researchers at Trend Micro detected a spam campaign using banking-themed emails to distribute the Upatre downloader, which in a sample downloaded the Zeus trojan and the Necurs security-disabling malware. Source: http://news.softpedia.com/news/Upatre-Downloader-Distributed-via-Banking-Themed-Spam-Campaign-435975.shtml

33. April 4, The Register – (International) Five-year-old discovers Xbox password bug, hacks dad’s Live account. A San Diego boy identified and reported a vulnerability in Microsoft’s Xbox Live service that can allow access to a user’s account by repeatedly entering ‘space’ characters and then hitting ‘submit’ when prompted for a password. Microsoft closed the vulnerability after it was reported. Source: http://www.theregister.co.uk/2014/04/04/five_year_olds_xbox_live_password_hack/

34. April 4, Softpedia – (International) 85% of links spotted in cyberattacks in 2013 led to compromised legitimate sites. Websense Security Labs released their 2014 Threat Report, detailing threats and trends during the past year. The report found that 85 percent of malicious links in email and Web attacks were directed at legitimate sites that were compromised by attackers, among other findings. Source: http://news.softpedia.com/news/85-of-Links-Spotted-in-Cyberattacks-in-2013-Led-to-Compromised-Legitimate-Sites-435939.shtml

Communications Sector

35. April 5, Glens Falls Post-Star – (New York) 911 service restored after logging truck accident. Land line service, including calls to 9-1-1, was interrupted for about 3,500 Frontier Communications customers April 4 in areas of Luzerne, Stony Creek, Hadley, and Corinth after a semi-truck carrying logs on Route 9N pulled down some aerial cables, which caused Frontier’s fiber optic cable to be severed. Service was restored April 5 Source: http://poststar.com/news/local/warren-county-sheriff-s-office-restores-service/article_79a56d78-bcef-11e3-8f85-0019bb2963f4.html

36. April 4, U.S. Attorney’s Office, Southern District of Florida – (Florida) Eight defendants charged in identity theft fraud scheme involving personal identifying information from AT&T customer files. Eight individuals were indicted on 22 counts of identity theft and fraud after a defendant working for a company contracted by AT&T to handle direct sales and customer inquiries used customers’ personal identifying information to fraudulently add the co-conspirators as authorized users to AT&T victims’ accounts, allowing them to make unauthorized wire transfers and obtain unauthorized credit and debit cards. Source: http://www.justice.gov/usao/fls/PressReleases/140404-03.html