Tuesday, August 5, 2014




Complete DHS Report for August 5, 2014

Daily Report

Top Stories

 · A mechanical failure likely caused two explosions at a Pharmachem Laboratories Inc. food laboratory in Totowa, New Jersey, August 2, injuring two workers and causing millions of dollars in damage to the structure. – Newark Star-Ledger 

14. August 3, Newark Star-Ledger – (New Jersey) N.J. eggnog blast blamed on mechanical failure. A mechanical failure likely caused two explosions at a Pharmachem Laboratories Inc. food laboratory in Totowa August 2, injuring two workers and causing millions of dollars in damage to the structure. Authorities believe the first explosion originated in a heat exchange unit that was heating a vat of eggnog flavoring and the second blast was the result of a pocket of hot air or gas that built up inside the vat. Source: http://www.dailyrecord.com/story/news/local/new-jersey/2014/08/04/official-mechanical-failure-caused-totowa-food-lab-blast/13579857/

 · The mayor of Toledo, Ohio, lifted a tap water ban affecting as many as 400,000 people in Toledo and four municipalities in Michigan August 4 after test results returned nondetectable levels of an algae-related toxin. – CNN 

20. August 4, CNN – (Ohio; Michigan) ‘Our water is safe,’ Toledo mayor says in lifting ban. The mayor of Toledo, Ohio, lifted a tap water ban affecting as many as 400,000 people in Toledo and four municipalities in Michigan August 4 after test results returned nondetectable levels of an algae-related toxin. The tap water ban went into effect August 1 after the microcystin toxin was found in Lake Erie due to a harmful algae bloom. Source: http://www.cnn.com/2014/08/04/us/toledo-water-warning/index.html

 · Fire crews worked August 4 to contain several wildfires burning in California, Oregon, and Washington, which combined have burned more than 150 square miles, destroyed more than a dozen homes and structures, and prompted the evacuation of hundreds of residences. – Associated Press

21. August 4, Associated Press – (California; Washington; Oregon) Homes destroyed, hospital evacuated due to northern California wildfires. Fire crews worked August 4 to contain several wildfires burning in the Lassen National Forest in California, in Siskiyou County bordering Oregon, and near Ellensburg, Washington, which combined have burned more than 150 square miles, destroyed more than a dozen homes and structures, prompted the evacuation of hundreds of residences, and caused the Mayer Memorial Hospital in Burney to evacuate and transfer patients to another hospital. Source: http://www.foxnews.com/us/2014/08/04/homes-destroyed-hospital-evacuated-due-to-northern-california-wildfires/

 · Crews worked to reach 500 children and adults trapped at the Forest Home church camp following a mudslide caused by torrential rain that swept across San Bernardino County, California, August 3. – CNN 

28. August 4, CNN – (California) Campers being rescued after mudslide traps them in southern California. Crews used bulldozers August 4 to remove heavy mud and up to 8 feet of rock on roadways in Forest Falls in an effort to reach 500 children and adults trapped at the Forest Home church camp following a mudslide caused by torrential rain that swept across San Bernardino County August 3. About 1,500 people are also stranded in Oak Glen due to flash flooding caused by the storms, and one motorist was found dead inside a vehicle that was swept off a roadway and into a creek by floodwater. Source: http://www.cnn.com/2014/08/03/us/california-mudslides/index.html

Financial Services Sector

6. August 4, Associated Press – (National) PF Chang’s names 33 restaurants in data breach. Restaurant chain P.F. Chang’s provided the locations of 33 restaurants that were compromised in a data breach uncovered in June, which included restaurants in Baltimore; Pittsburgh; St. Louis; Austin, Texas; and Charlotte, North Carolina. An investigation into the breach is continuing. Source: http://www.cnbc.com/id/101884120

7. August 1, Threatpost – (International) Citadel malware variant allows attackers remote access, even after removal. Researchers at IBM identified a new variant of the Citadel banking malware that uses Windows shell commands to create a new local user with a non-expiring password in order to circumvent the removal of the malware and maintain remote control over the affected system. Source: http://threatpost.com/citadel-malware-variant-allows-attackers-remote-access-even-after-removal

8. August 1, U.S. Securities and Exchange Commission – (National) SEC obtains nearly $70 million judgment against Richmond, Va.-based firms and CEO found liable for defrauding investors. The U.S. Securities and Exchange Commission obtained a nearly $70 million final judgment August 1 against Richmond, Virginia-based AIC Inc., Community Bankers Securities LLC, and the companies’ CEO following an SEC complaint that the companies and CEO defrauded investors in several States by misrepresenting or omitting material information on the companies’ investment products. The companies were never profitable and funds were used to pay back principle and returns to existing investors. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542590856

9. July 31, KNSD 39 San Diego – (California) ‘Risky Business Bandit’ tied to 4 bank robberies. The FBI is seeking a suspect known as the “Risky Business Bandit” in connection with four bank robberies in San Diego County. The suspect’s most recent robbery occurred at a San Diego County Credit Union branch July 25. Source: http://www.nbcsandiego.com/news/local/San-Diego-FBI-Risky-Business-Bank-Bandit-269464561.html

Information Technology Sector

23. August 4, Softpedia – (International) Registry-residing malware creates no file for antivirus to scan. A researcher with GData published details of a new type of malware dubbed Poweliks that can avoid detection by antivirus programs by not creating any file on the disk, performing its functions instead in the system memory, and making the registry key unavailable to the Registry Editor. Source: http://news.softpedia.com/news/Registry-Residing-Malware-Creates-No-File-for-Antivirus-To-Scan-453374.shtml

24. August 4, Securityweek – (International) Remote code execution flaw patched in Samba 4. The developers of open source software suite Samba released a patch August 1 that closes a vulnerability present in all versions of Samba 4 that could allow an attacker to generate a remote code execution vulnerability as the root superuser. Source: http://www.securityweek.com/remote-code-execution-flaw-patched-samba-4

25. August 4, Help Net Security – (International) Thousands of Mozilla developers’ emails, passwords exposed. Mozilla stated August 1 that around 76,000 Mozilla Developer Network email addresses and around 4,000 hashed and salted passwords were left publicly accessible for about 30 days due to a failed data sanitation process. Developers were advised to change their passwords as a precaution. Source: http://www.net-security.org/secworld.php?id=17201

26. August 4, The Register – (International) Cisco patches OSPF bug that sends traffic into black holes. Cisco released a patch for a flaw in its Open Shortest Path First (OSPF) routing implementation that could allow an attacker to take control of the OSPF Autonomous System domain routing table, intercept traffic, or blackhole traffic. The issue affects all unpatched versions of Cisco IOS Software, IOS XE Software, ASA Software, PIX Software, and FWSM Software. Source: http://www.theregister.co.uk/2014/08/04/cisco_patches_ospf_bug/

27. August 4, Help Net Security – (International) Synology NAS users hit with Cryptolocker variant. Users of Synology’s network-attached storage (NAS) devices reported having devices infected with a variant of the Cryptolocker ransomware beginning over the weekend of August 2 that encrypts files and demands a ransom to decrypt them. The method by which the malware is infecting NAS devices is currently unknown and users were advised to backup their files and unplug the devices until the infection vector is identified. Source: http://www.net-security.org/malware_news.php?id=2827

For another story, see item 7 above in the Financial Services Sector

Communications Sector

Nothing to report