Tuesday, August 12, 2014

Complete DHS Report for August 12, 2014

Daily Report

Top Stories

 · State offices closed August 8 as Tropical Storm Iselle hit Hawaii. – Los Angeles Times  

2. August 8, Los Angeles Times – (Hawaii) Iselle hits Hawaii: Heavy rain damages homes; roads blocked. About 21,000 customers lost power August 8 due to Tropical Storm Iselle, which caused heavy rains and strong winds prompting the closure of several roads and highways on the Big Island and Maui, as well as the cancellation of flights into and out of the island. Public schools, universities, beach parks, and national parks were closed while all Hawaii State government offices were closed through August 11. Source: http://www.latimes.com/nation/nationnow/la-na-nn-hawaii-storm-iselle-juliio-20140808-story.html
· Police in Brea, California, arrested an Anaheim man believed to be the “Quad Bandit” August 7, a suspect linked to 10 bank robberies in Los Angeles and Orange counties. – KCBS 2 Los Angeles See item 9 below in the Financial Services Sector
· A 100,000-gallon water tower in Shelby County, Kentucky, collapsed, wiping out a shed and causing significant damage a post office and a church. – WAVE 3 Louisville

19. August 10, WAVE 3 Louisville – (Kentucky) Water tower collapse damages church, utility lines in Shelby County. A 100,000-gallon water tower in Shelby County collapsed, wiping out a shed and causing significant damage a post office and the Waddy Baptist Church. Source: http://www.wave3.com/story/26240839/water-tower-collapse-damages-church-utility-lines-in-shelby-county
· Police in Cobb County, Georgia, arrested a woman who allegedly stole a police car, led police on a chase that closed Interstate 75, and then crashed and injured several people August 10. – Atlanta Journal-Constitution

24. August 10, Atlanta Journal-Constitution – (Georgia) Police: Cobb patrol car stolen, officer hurt during chase on I-75. Police in Cobb County arrested a woman who allegedly stole a police car during a traffic stop and led officers on a high-speed chase on Interstate 75 August 10. The suspect crashed the patrol car, injuring a number of people which prompted the closure of Interstate 75/85 southbound for several hours. Source: http://www.ajc.com/news/news/breaking-news/cobb-police-woman-steals-patrol-car-wrecks-near-do/ngywn/

Financial Services Sector

9. August 8, KCBS 2 Los Angeles – (California) Man in custody as ‘Quad Bandit’ after 10th bank robbery. Police in Brea arrested an Anaheim man believed to be the “Quad Bandit” August 7, a suspect linked to 10 bank robberies in Los Angeles and Orange counties. The suspect was arrested following the robbery of a Bank of the West branch in Brea. Source: http://losangeles.cbslocal.com/2014/08/08/quad-bandit-suspect-in-custody-following-tenth-bank-robbery-in-brea/

10. August 8, U.S. Securities and Exchange Commission – (International) SEC charges Bahamas-based brokerage firm and president with facilitating fraudulent scheme by hedge fund manager. The U.S. Securities and Exchange Commission announced charges August 8 against Bahamas-based Alliance Investment Management Limited (AIM) and its president for allegedly working with a man charged with defrauding investors in order to misrepresent the assets and performance of the man’s investment scheme. AIM and its president allegedly allowed the man to misappropriate at least $45 million in investor funds and received over $5 million in return for their assistance. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542613185#.U-jMsPldVKA

11. August 8, U.S. Securities and Exchange Commission – (National) SEC obtains final judgments against all defendants and relief defendants, securing permanent injunctions and nearly $70 million in disgorgement, prejudgment interest, and civil penalties. The U.S. Securities and Exchange Commission obtained final judgments August 1 against AIC Inc., Community Bankers Securities LLC, and their founder and CEO, as well as against several relief defendants, ordering them to pay almost $70 million in disgorgement and other penalties for running an offering fraud scheme that operated between 2006 and 2009 and defrauded investors in several States. Source: http://www.sec.gov/litigation/litreleases/2014/lr23062.htm

For another story, see item 35 below from the Commercial Facilities Sector

35. August 8, Crain’s Chicago Business – (Illinois) Chicago Yacht Club hacked. The Chicago Yacht Club notified its members July 31 that a computer firm confirmed that malware was installed between April 26 and May 22 onto a server that hosts the club’s membership database, allowing hackers to access members’ personal information, including name, address, and payment card information. Source: http://www.chicagobusiness.com/article/20140808/BLOGS03/140809804

Information Technology Sector

27. August 11, Help Net Security – (International) Critical 0-days found in CPE WAN Management Protocol. Check Point researchers reported finding several zero-day vulnerabilities in CPE WAN Management Protocol (CWMP/TR-069) deployments used by major Internet service providers (ISPs) to control home and business Internet equipment which could allow large-scale malware infections able to compromise privacy, steal information, or cause service disruptions. Check Point reported the vulnerabilities to ISPs and assisted in closing them before reporting their findings publicly. Source: http://www.net-security.org/secworld.php?id=17237

28. August 11, Help Net Security – (International) Smart Nest thermostat easily turned into spying device. An independent researcher and two researchers from the University of Central Florida presenting at the 2014 Black Hat conference demonstrated how Nest smart thermostats can be compromised quickly using a USB flash drive, potentially allowing attackers to obtain information on a victim’s habits as well as network information such as WiFi credentials. Compromised thermostats could also be used to connect to the Internet and be used in a variety of malicious tasks. Source: http://www.net-security.org/secworld.php?id=17239

29. August 9, Softpedia – (International) 10,000 impacted by resurging Facebook color changing app scam. Researchers at Cheetah Mobile reported that a resurgence of a scam that purports to change the color scheme of Facebook has affected 10,000 users recently. The campaign steals users’ Access Tokens and then attempts to install a malicious fake antivirus program or video player. Source: http://news.softpedia.com/news/10-000-Impacted-by-Resurging-Facebook-Color-Changing-App-Scam-454306.shtml

30. August 8, The Register – (International) Oracle Database 12c’s data redaction security smashed live on stage. A researcher with Datacomm TSS presenting at the Defcon 22 conference demonstrated how a remote attacker could inject SQL queries to access redacted information in Oracle Database 12c due to several coding flaws. Source: http://www.theregister.co.uk/2014/08/08/oracle_database_12c_redaction_is_totally_borked_by_bad_code/

Communications Sector

Nothing to report