Daily Report
Top Stories
• Wolverine Packing Company issued a recall
May 19 for about 1.8 million pounds of ground beef products due to possible E.
coli O157:H7 contamination linked to 11 illnesses in 4 States between April 22
and May 2. – U.S. Department of Agriculture
11.
May 19, U.S. Department of Agriculture –
(National) Michigan firm recalls ground beef products due to possible E.
coli O157:H7. The Food Safety and Inspection Service (FSIS) announced May
19 that Wolverine Packing Company of Detroit issued a recall for approximately
1.8 million pounds of ground beef products due to possible E. coli O157:H7
contamination. An investigation by the FSIS determined that there is a link
between the ground beef products and 11 E. coli O157:H7 illnesses identified in
4 States between April 22 and May 2. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2014/recall-030-2014
• Kraft Foods Group issued a recall May 17 for
1.2 million cases of cottage cheese when ingredients used in nearly 3 dozen
products were not properly stored at a Kraft facility in California. – CNN
Money
12.
May 18, CNN Money – (National) Kraft
recalls cottage cheese citing illness risk. Kraft Foods Group issued a
recall May 17 for 1.2 million cases of Knudsen, Breakstone, Simply Kraft, and
Daily Chef branded cottage cheese when ingredients used in nearly 3 dozen
products were found to have not been properly stored at a Kraft facility in
California. Officials halted production of the affected products and are
working to resolve the issue at the facility. Source: http://money.cnn.com/2014/05/18/news/kraft-cottage-cheese-recall/
• An employee was arrested and charged for
allegedly stealing around 2,500 prescription pills from Stoll’s Pharmacy in
Waterbury, Connecticut, after an audit found that around 20,000 pills were
missing from the pharmacy. – WVIT 30 New Britain
19.
May 16, WVIT 30 New Britain –
(Connecticut) Pharmacy tech stole thousands of pills: Police. A Stoll’s
Pharmacy employee was arrested and charged for allegedly stealing around 2,500
prescription pills from the Waterbury pharmacy. An audit found that around
20,000 pills were missing from the pharmacy and surveillance videos captured
the technician stealing bottles of pills from a safe. Source: http://www.nbcconnecticut.com/news/local/Pharmacy-Tech-Stole-Thousands-of-Pills-Police-259539161.html
• The U.S. Department of Justice announced
criminal charges May 19 against five members of the Chinese military’s Unit
61398 for allegedly conducting cyber espionage against U.S. solar power,
nuclear power, and metals manufacturing companies for the purpose of stealing
trade secrets. – NBC News; Reuters See item 22
below in the Information Technology
Sector
Financial Services Sector
3. May 19, The Register – (International) LifeLock snaps shut Wallet mobile app
over credit card leak fears. LifeLock removed its Wallet app from application
markets and deleted user data as a precaution due to undisclosed elements of
the app being incompatible with the payment card industry’s Data Security
Standard (PCI DSS), according to a company statement. Source: http://www.theregister.co.uk/2014/05/19/lifelock_yanks_mobile_app/
4. May 17, WHTM 27 Harrisburg – (National) Bank robberies linked to serial bandit. Police
stated that the suspect in the April 4 robbery of a Union Community Bank branch
in Columbia, Pennsylvania, may be responsible for at least eight other
robberies in Pennsylvania and New Jersey since November 19, 2013. Police also
believe that the suspect could be responsible for additional bank robberies in
Delaware, Maryland, and New York. Source: http://www.abc27.com/story/25539606/bank-robberies-linked-to-serial-bandit
5. May 16, SC Magazine – (Pennsylvania) Hackers exploit vulnerability to breach
Pennsylvania payroll company. Pennsylvania-based payroll processing company
Paytime Inc., stated that an undisclosed number of clients may have had their
personal and payment information exposed when attackers exploited a
vulnerability in the company’s Client Service Center. Paytime learned of the
breach April 30 and found that the breach began April 7. Source: http://www.scmagazine.com/hackers-exploit-vulnerability-to-breach-pennsylvania-payroll-company/article/347371/
Information Technology Sector
22. May 19, NBC News; Reuters – (International) U.S. charges China with cyber-spying
on American firms. The U.S. Department of Justice announced criminal
charges May 19 against five members of the Chinese military’s Unit 61398 for
allegedly conducting cyberespionage against U.S. solar power, nuclear power,
and metals manufacturing companies for the purpose of stealing trade secrets.
Source: http://www.nbcnews.com/news/us-news/u-s-charges-china-cyber-spying-american-firms-n108706
23. May 19, Softpedia – (International) 81 people arrested in international
operation against BlackShades RAT users. Law enforcement agencies in 13
countries arrested 81 people the week of May 12 for allegedly being involved in
the creation, sale, or use of the BlackShades remote access trojan (RAT). The
BlackShades RAT can be used to hijack webcams, log keystrokes, steal files, and
launch denial of service (DoS) attacks and is sold on underweb markets. Source:
http://news.softpedia.com/news/81-People-Arrested-in-International-Operation-Against-BlackShades-RAT-Users-442833.shtml
24. May 19, Help Net Security – (International) Record month for Linux trojans. Researchers
at Dr. Web identified a record-high number of trojans for the Linux operating
system thus far in the month of May, with variants of three separate trojans
appearing to be created by the same author. The majority of the trojans are
designed to carry out distributed denial of service (DDoS) attacks and can
infect Linux desktop, server, and ARM distributions. Source: http://www.net-security.org/malware_news.php?id=2768
25. May 19, Softpedia – (International) XSS vulnerability affected comments
section of hundreds of Yahoo pages. A researcher identified and reported a
cross-site scripting (XSS) vulnerability affecting hundreds of Yahoo pages via
the pages’ comment sections that could be used to perform a persistent XSS
attack that would affect all visitors or a self-XSS attack that would only
affect users if the comment with the malicious code was a popular or recent
comment. Yahoo closed the vulnerability after being notified. Source: http://news.softpedia.com/news/XSS-Vulnerability-Affected-Comments-Section-of-Hundreds-of-Yahoo-Pages-442754.shtml
26. May 19, Softpedia – (International) Yahoo, Microsoft and Orange domains
affected by same remote code injection flaw. A researcher identified and
reported a remote code injection vulnerability affecting several subdomains
belonging to Yahoo, Microsoft, Orange, and others that could allow an attacker
to access an administrator panel without login credentials. The vulnerability
appears to be connected to an astrology content delivery network, and Yahoo,
Orange, and Microsoft closed the vulnerabilities once informed. Source: http://news.softpedia.com/news/Yahoo-Microsoft-and-Orange-Domains-Affected-by-Same-Remote-Code-Injection-Flaw-442776.shtml
27. May 16, SC Magazine – (International) Critical info on modems, load
balancer, exposed via SNMP community string. Researchers at Rapid7 reported
that information disclosure vulnerabilities were identified in Brocade
ServerIron ADX 1016-2-PREM TrafficWork application load balancers and Ambit
U10C019, Ubee DDW3611, and Netopia 3347 modems. The vulnerability can be
exploited by the Simple Network Management Protocol (SNMP) public community string
and can disclose Management Information Base (MIB) tables that contain device
and configuration information. Source: http://www.scmagazine.com/critical-info-on-modems-load-balancer-exposed-via-snmp-community-string/article/347393/
Communications Sector
28.
May 16, Olney Daily Mail – (Illinois) Friday
Internet outage affects Frontier customers. Frontier Communications
representatives stated that a configuration issue with a router in a company
office was resolved and Internet service was restored to customers in Olney,
Illinois, after a 4-hour outage May 16. Source: http://www.olneydailymail.com/article/20140516/NEWS/140519457/10054/NEWS