Daily Report
Top Stories
· A mechanical
failure likely caused two explosions at a Pharmachem Laboratories Inc. food
laboratory in Totowa, New Jersey, August 2, injuring two workers and causing
millions of dollars in damage to the structure. – Newark Star-Ledger
14. August 3, Newark Star-Ledger – (New Jersey) N.J. eggnog blast blamed on mechanical
failure. A mechanical failure likely caused two explosions at a Pharmachem
Laboratories Inc. food laboratory in Totowa August 2, injuring two workers and
causing millions of dollars in damage to the structure. Authorities believe the
first explosion originated in a heat exchange unit that was heating a vat of
eggnog flavoring and the second blast was the result of a pocket of hot air or
gas that built up inside the vat. Source: http://www.dailyrecord.com/story/news/local/new-jersey/2014/08/04/official-mechanical-failure-caused-totowa-food-lab-blast/13579857/
· The mayor of
Toledo, Ohio, lifted a tap water ban affecting as many as 400,000 people in
Toledo and four municipalities in Michigan August 4 after test results returned
nondetectable levels of an algae-related toxin. – CNN
20.
August 4, CNN – (Ohio; Michigan) ‘Our
water is safe,’ Toledo mayor says in lifting ban. The mayor of Toledo,
Ohio, lifted a tap water ban affecting as many as 400,000 people in Toledo and
four municipalities in Michigan August 4 after test results returned
nondetectable levels of an algae-related toxin. The tap water ban went into
effect August 1 after the microcystin toxin was found in Lake Erie due to a
harmful algae bloom. Source: http://www.cnn.com/2014/08/04/us/toledo-water-warning/index.html
· Fire crews
worked August 4 to contain several wildfires burning in California, Oregon, and
Washington, which combined have burned more than 150 square miles, destroyed
more than a dozen homes and structures, and prompted the evacuation of hundreds
of residences. – Associated Press
21.
August 4, Associated Press –
(California; Washington; Oregon) Homes destroyed, hospital evacuated due to
northern California wildfires. Fire crews worked August 4 to contain
several wildfires burning in the Lassen National Forest in California, in
Siskiyou County bordering Oregon, and near Ellensburg, Washington, which
combined have burned more than 150 square miles, destroyed more than a dozen
homes and structures, prompted the evacuation of hundreds of residences, and
caused the Mayer Memorial Hospital in Burney to evacuate and transfer patients
to another hospital. Source: http://www.foxnews.com/us/2014/08/04/homes-destroyed-hospital-evacuated-due-to-northern-california-wildfires/
· Crews worked
to reach 500 children and adults trapped at the Forest Home church camp
following a mudslide caused by torrential rain that swept across San Bernardino
County, California, August 3. – CNN
28.
August 4, CNN – (California) Campers
being rescued after mudslide traps them in southern California. Crews used
bulldozers August 4 to remove heavy mud and up to 8 feet of rock on roadways in
Forest Falls in an effort to reach 500 children and adults trapped at the
Forest Home church camp following a mudslide caused by torrential rain that
swept across San Bernardino County August 3. About 1,500 people are also
stranded in Oak Glen due to flash flooding caused by the storms, and one
motorist was found dead inside a vehicle that was swept off a roadway and into
a creek by floodwater. Source: http://www.cnn.com/2014/08/03/us/california-mudslides/index.html
Financial Services Sector
6. August 4, Associated Press – (National) PF Chang’s names 33 restaurants in data
breach. Restaurant chain P.F. Chang’s provided the locations of 33
restaurants that were compromised in a data breach uncovered in June, which
included restaurants in Baltimore; Pittsburgh; St. Louis; Austin, Texas; and
Charlotte, North Carolina. An investigation into the breach is continuing.
Source: http://www.cnbc.com/id/101884120
7. August 1, Threatpost – (International) Citadel malware variant allows
attackers remote access, even after removal. Researchers at IBM identified
a new variant of the Citadel banking malware that uses Windows shell commands
to create a new local user with a non-expiring password in order to circumvent
the removal of the malware and maintain remote control over the affected
system. Source: http://threatpost.com/citadel-malware-variant-allows-attackers-remote-access-even-after-removal
8. August 1, U.S. Securities and
Exchange Commission – (National) SEC obtains nearly
$70 million judgment against Richmond, Va.-based firms and CEO found liable for
defrauding investors. The U.S. Securities and Exchange Commission obtained
a nearly $70 million final judgment August 1 against Richmond, Virginia-based
AIC Inc., Community Bankers Securities LLC, and the companies’ CEO following an
SEC complaint that the companies and CEO defrauded investors in several States
by misrepresenting or omitting material information on the companies’
investment products. The companies were never profitable and funds were used to
pay back principle and returns to existing investors. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542590856
9. July 31, KNSD 39 San Diego – (California) ‘Risky Business Bandit’ tied to 4 bank
robberies. The FBI is seeking a suspect known as the “Risky Business
Bandit” in connection with four bank robberies in San Diego County. The
suspect’s most recent robbery occurred at a San Diego County Credit Union
branch July 25. Source: http://www.nbcsandiego.com/news/local/San-Diego-FBI-Risky-Business-Bank-Bandit-269464561.html
Information Technology Sector
23. August 4, Softpedia – (International) Registry-residing malware creates no
file for antivirus to scan. A researcher with GData published details of a
new type of malware dubbed Poweliks that can avoid detection by antivirus
programs by not creating any file on the disk, performing its functions instead
in the system memory, and making the registry key unavailable to the Registry
Editor. Source: http://news.softpedia.com/news/Registry-Residing-Malware-Creates-No-File-for-Antivirus-To-Scan-453374.shtml
24. August 4, Securityweek – (International) Remote code execution flaw patched in
Samba 4. The developers of open source software suite Samba released a
patch August 1 that closes a vulnerability present in all versions of Samba 4
that could allow an attacker to generate a remote code execution vulnerability
as the root superuser. Source: http://www.securityweek.com/remote-code-execution-flaw-patched-samba-4
25. August 4, Help Net Security – (International) Thousands of Mozilla developers’
emails, passwords exposed. Mozilla stated August 1 that around 76,000
Mozilla Developer Network email addresses and around 4,000 hashed and salted
passwords were left publicly accessible for about 30 days due to a failed data
sanitation process. Developers were advised to change their passwords as a
precaution. Source: http://www.net-security.org/secworld.php?id=17201
26. August 4, The Register – (International) Cisco patches OSPF bug that sends
traffic into black holes. Cisco released a patch for a flaw in its Open
Shortest Path First (OSPF) routing implementation that could allow an attacker
to take control of the OSPF Autonomous System domain routing table, intercept
traffic, or blackhole traffic. The issue affects all unpatched versions of
Cisco IOS Software, IOS XE Software, ASA Software, PIX Software, and FWSM
Software. Source: http://www.theregister.co.uk/2014/08/04/cisco_patches_ospf_bug/
27. August 4, Help Net Security – (International) Synology NAS users hit with
Cryptolocker variant. Users of Synology’s network-attached storage (NAS)
devices reported having devices infected with a variant of the Cryptolocker
ransomware beginning over the weekend of August 2 that encrypts files and
demands a ransom to decrypt them. The method by which the malware is infecting
NAS devices is currently unknown and users were advised to backup their files
and unplug the devices until the infection vector is identified. Source: http://www.net-security.org/malware_news.php?id=2827
For another story, see item 7 above in the Financial Services Sector
Communications Sector
Nothing
to report