Tuesday, August 19, 2014




Complete DHS Report for August 19, 2014

Daily Report

Top Stories

 · Supervalu Inc. reported that payment card data from customers at 180 of its grocery stores in several States between June 22 and July 17 may have been compromised after the company experienced a breach of its systems. – Computerworld See item 4 below in the Financial Services Sector

 · The FBI stated that the man that robbed a Chase Bank branch in Northlake, Michigan, August 15 was a suspect known as the “No Boundaries Bandit” responsible for 10 bank robberies in the Chicago area. – WLS 7 Chicago See item 5 below in the Financial Services Sector

 · Two people were killed and two were injured in Hoxie, Arkansas, when two Union Pacific freight trains carrying hazardous materials collided head-on and caught fire prompting the closure of U.S. Highways 67 and 63 and the evacuation of about 500 nearby residents for nearly 7 hours August 17. – Associated Press 

7. August 17, Associated Press – (Arkansas) 2 dead, 2 hurt in Arkansas freight train collision. Two people were killed and two were injured in Hoxie August 17 when two Union Pacific freight trains carrying hazardous materials collided head-on and caught fire. Authorities closed a nearby section of U.S. Highways 67 and 63 for several hours August 17 and evacuated about 500 nearby residents for nearly 7 hours until the fire was extinguished. Source: http://news.msn.com/us/2-dead-2-hurt-in-arkansas-freight-train-collision

 · A state of emergency was declared in New Hampshire August 14 in response to 44 reported overdoses linked to Smacked, a synthetic marijuana-like product sold in convenience stores as officials investigate stores and quarantine the product. – Reuters 

33. August 16, Reuters – (New Hampshire) New Hampshire declares state of emergency over synthetic drug. The governor of New Hampshire declared a state of emergency August 14 in response to 44 reported overdoses linked to Smacked, a synthetic marijuana-like product sold as potpourri in convenience stores, authorizing officials to investigate stores and quarantine the product. Three Manchester-area convenience stores’ business licenses were revoked after investigators found the product on their shelves. Source: http://news.msn.com/us/new-hampshire-declares-state-of-emergency-over-synthetic-drug

Financial Services Sector

3. August 18, U.S. Securities and Exchange Commission – (Massachusetts) SEC charges former bank executive and friend with insider trading ahead of acquisition. The U.S. Securities and Exchange Commission filed charges August 18 against a former senior vice president at Eastern Bank in Massachusetts and a friend of the former senior vice president for allegedly engaging in insider trading ahead of Eastern Bank’s acquisition of Wainwright Bank & Trust Company, generating illicit profits of around $300,000. Criminal charges were also announced by the U.S. Attorney’s Office for the District of Massachusetts in a parallel action. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542670374

4. August 15, Computerworld – (National) Grocery stores in multiple states hit by data breach. Supervalu Inc. reported that payment card data from customers at 180 of its grocery stores in several States between June 22 and July 17 may have been compromised after the company experienced a breach of its systems. Supervalu operates or provides IT services to several grocery store brands including Hornbacher’s Shop ‘n Save, Farm Fresh, Albertsons, ACME, Jewel-Osco, Cub Foods, and other brands. Source: http://www.computerworld.com/s/article/9250402/Grocery_stores_in_multiple_states_hit_by_data_breach

5. August 15, WLS 7 Chicago – (Illinois) ‘No Boundaries Bandit’ robbed Chase Bank in Northlake, FBI says. The FBI stated that the man that robbed a Chase Bank branch in Northlake August 15 was a suspect known as the “No Boundaries Bandit” responsible for a total of 10 bank robberies in the Chicago area. Source: http://abc7chicago.com/news/fbi-no-boundaries-bandit-strikes-again-in-northlake/264677/

For another story, see item 25 below in the Information Technology Sector

Information Technology Sector

22. August 18, Securityweek – (International) Windows security update causing system crash. Microsoft removed the download links to a Windows security update and is investigating after several users reported their systems crashing upon startup after applying the update. The “blue screen of death” (BSoD) issue was found to be incorrect handling of the Windows font cache file in specific circumstances, according to a Sophos researcher. Source: http://www.securityweek.com/windows-security-update-causing-system-crash

23. August 18, Softpedia – (International) New TorrentLocker ransomware uses CryptoLocker and CryptoWall components. Researchers with iSIGHT Partners identified a new piece of ransomware known as TorrentLocker that uses elements of the CryptoLocker and CryptoWall ransomware to encrypt victims’ files and demand a ransom. The ransomware is spread by spam emails and uses the Rijndael encryption algorithm. Source: http://news.softpedia.com/news/New-TorrentLocker-Ransomware-Uses-CryptoLocker-and-CryptoWall-Components-455390.shtml

24. August 18, Help Net Security – (International) Gyroscopes on Android devices can be used to eavesdrop on users’ conversations. Researchers published a paper showing how the gyroscope sensors in Android devices can be combined with a speech recognition algorithm to eavesdrop on conversations due to Android gyroscopes using a sampling rate that is within a range of human voice frequency. The researchers stated that the initial results did not present a significant eavesdropping threat currently, but that it could become a vulnerability with further refinements in the speech recognition algorithm. Source: http://www.net-security.org/secworld.php?id=17266

25. August 17, Securityweek – (International) Average peak size of DDoS attacks spiked in Q2: Verisign. Verisign released its second quarter (Q2) 2014 distributed denial of service (DDoS) attack report, which found that the size of DDoS attacks increased by 216 percent compared to the first quarter of the year and that 65 percent of attacks exceeded 1 Gbps, among other findings. The report stated that the entertainment and media industry was the most attacked during Q2, followed by IT services. Source: http://www.securityweek.com/average-peak-size-ddos-attacks-spiked-q2-verisign

Communications Sector

26. August 17, Martinez Gazette – (California) County offices, law enforcement experiences non-critical phone, Internet outage. Phone and Internet services were down for many AT&T customers in Martinez, California, August 12 for almost 24 hours due to a damaged cable and affected the County Sheriff’s Office, schools, sanitary districts, and California Highway Patrol offices. 9-1-1 emergency lines were not affected. Source: http://martinezgazette.com/archives/16875

27. August 15, WIBW 13 Topeka – (Kansas) Hackers crash Clay Co. phones during Relay for Life fundraiser. Voice over IP (VoIP) communication services were disrupted for about 2 hours for Eagle Communications customers in the Clay Center, Kansas area August 15 when hackers caused a phone outage by making hundreds of millions of calls into the network and making the system unusable Source: http://www.wibw.com/home/headlines/Hackers-Behind-Phone-Outage-In-Clay-County-271463051.html

Wednesday, August 20, 2014




Complete DHS Report for August 20, 2014

Daily Report

Top Stories

 · Nearly 8,000 gallons of oil spilled out of Duke Energy’s W.C. Beckjord power station near Cincinnati, Ohio, August 18 when a secondary unit failed to contain the fuel causing it to spill into the Ohio River and prompting authorities to close a 15-mile stretch of the river. – WCPO 9 Cincinnati

1. August 19, WCPO 9 Cincinnati – (Ohio; Kentucky) Mayor: Our drinking water is safe after Duke Energy diesel spill in Ohio River. Between 5,000 to 8,000 gallons of oil spilled out of Duke Energy’s W.C. Beckjord power station near Cincinnati August 18 when a secondary unit failed to contain the fuel when it was released due to an open valve causing it to spill into the Ohio River. A 15-mile stretch of the river was closed to vessel traffic as well as three Cincinnati Waterworks and Northern Kentucky Waterworks intakes. Source: http://www.wcpo.com/news/local-news/diesel-spill-at-duke-energy-plant-leaks-diesel-fuel-into-ohio-river

 · Community Health Systems announced August 18 that the personal information of nearly 4.5 million patients was stolen in April and June by China-based hackers who used sophisticated malware to attack the company’s systems. – CNN; WREG 3 
Memphis

14. August 18, CNN; WREG 3 Memphis – (International) Tennessee-based hospital network hacked, 4.5 million records stolen. Community Health Systems, which operates 206 hospitals in 28 States, announced August 18 that the personal information, including Social Security numbers, of 4.5 million patients was stolen in April and June by China-based hackers who used sophisticated malware. The company cleared their computer systems of the malware and implemented protections against future breaches. Source: http://wreg.com/2014/08/18/tennessee-based-hospital-network-hacked-4-5-million-records-stolen/

 · Carondelet Health Network, based out of Tucson, Arizona, agreed to pay $35 million August 18 in a settlement with the U.S. Department of Justice and a whistle-blower for violating the False Claims Act by charging health care agencies for inpatient rehabilitation services that were not reimbursable.– Arizona Republic

15. August 18, Arizona Republic – (Arizona) Tucson hospitals pay $35 million in fraud settlement. Tucson-based Carondelet Health Network agreed to pay $35 million August 18 in a settlement with the U.S. Department of Justice and a woman for violating the False Claims Act by charging State and federal health-care agencies for inpatient rehabilitation services that were not reimbursable from 2004 to 2011. Source: http://www.azcentral.com/story/news/arizona/investigations/2014/08/19/tucson-hospitals-pay-million-fraud-settlement/14271947/

 · A 1,200-acre wildfire burning near the southern entrance to Yosemite National Park August 19 threatened about 500 homes in Madera County, California, and prompted authorities to order mandatory evacuations for 13,000 individuals. – San Francisco Chronicle

16. August 19, San Francisco Chronicle – (California) 13,000 asked to evacuate as wildfire near Yosemite grows. The California Department of Forestry and Fire Protection reported August 19 that the 1,200-acre Junction Fire burning near the southern entrance to Yosemite National Park threatened about 500 homes in Madera County and prompted authorities to order mandatory evacuations for 13,000 individuals after the fire consumed 8 structures and forced the closure of Highway 41 in both directions in Oakhurst. Source: http://www.sfgate.com/bayarea/article/13-000-asked-to-evacuate-as-wildfire-near-5697807.php

Financial Services Sector

5. August 19, Bloomberg News – (International) Ex-Rabobank employee pleads guilty in Libor-rigging probe. A former senior trader at Rabobank Groep’s London office pleaded guilty August 18 in New York City to conspiring with others to manipulate the London Interbank Offered Rate (LIBOR) lending benchmark to benefit his and others’ trading positions. Source: http://www.businessweek.com/news/2014-08-18/ex-rabobank-employee-pleads-guilty-in-libor-rigging-probe

Information Technology Sector

23. August 18, Threatpost – (International) New attack binds malware in parallel to software downloads. Researchers at Ruhr University developed a proof-of-concept attack that can inject malicious code into a legitimate download that runs parallel to the original and does not modify the code, taking advantage of security deficiencies present in some free and open source software. An attacker using the attack would need to control an intermediate network node between the client and the download server, such as compromising a router, using a network redirection attack, or compromising an insider through social engineering. Source: http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-downloads

24. August 18, Securityweek – (International) Four-year old flaw exploited by Stuxnet still targeted. Kaspersky Lab researchers found that vulnerability CVE-2010-2568 leveraged in the Stuxnet attacks was still present on many systems 4 years after it was patched, with tens of millions of exploits targeting the vulnerability observed between November 2013 and June 2014. The researchers also found that other older vulnerabilities are still frequently targeted, and that around 53 percent of 15.06 million detected exploits targeted Java vulnerabilities. Source: http://www.securityweek.com/four-year-old-flaw-exploited-stuxnet-still-targeted

Communications Sector

25. August 18, Hesperia Star – (California) Verizon FiOS service interrupted. Amn unknown number of Verizon FiOS customers in Hesperia experienced an outage affecting their ability to use the Internet and utilize FiOS TV services. Service was expected to resume August 19. Source: http://www.hesperiastar.com/article/20140818/NEWS/140819791