Wednesday, August 27, 2014




Complete DHS Report for August 27, 2014

Daily Report

Top Stories

 · An Arrow Water LLC-owned pipeline near the town of Mandaree, North Dakota on the Fort Berthold Indian Reservation leaked 3,000 barrels of brine August 22. – Associated Press

1. August 25, Associated Press – (North Dakota) 3,000 barrels of brine spills on Fort Berthold reservation. The North Dakota Industrial Commission and the State Department of Health announced August 25 that an Arrow Water LLC-owned pipeline near the town of Mandaree on the Fort Berthold Indian Reservation leaked 3,000 barrels of brine August 22. Authorities isolated the spill and cleanup efforts were underway. Source: http://bismarcktribune.com/bakken/barrels-of-brine-spills-on-north-dakota-reservation/article_e44f74fe-2c91-11e4-8281-001a4bcf887a.html

 · Two Columbus, Ohio men were indicted in federal court for allegedly engaging in a conspiracy to commit mail and wire fraud by sending counterfeit money orders and cashier’s checks as payment for goods advertised on Craigslist, causing over $4.6 million in damages. – Columbus Telegram See item 5 below in the Financial Services Sector

 · Police in Atlanta, Georgia, are searching for suspects who broke into Brown Middle School and stole 91 computers worth over $200,000 August 17. – WGCL 46 Atlanta

20. August 25, WGCL 46 Atlanta – (Georgia) Crooks swipe nearly 100 laptops worth more than $200k from Atlanta school. Police in Atlanta are searching for a group of men who broke into Brown Middle School and stole 91 desktop computers and laptops worth over $200,000 August 17. Authorities released security video August 25 showing four young men walking out with several laptops. Source: http://www.cbs46.com/story/26362906/crooks-swipe-100-laptops-from-atlanta-school

 · The personal information of more than 74,000 Comcast customers in California who had paid to have their details remain unlisted, including names, addresses, and phone numbers, was exposed due to a fault in an agreement with a third party that distributes and publishes Comcast residential directories. – Softpedia See item 26 below in the Communications Sector

Financial Services Sector

5. August 26, Columbus Telegram – (National) Two city men indicted in $4M fraud scheme. Two Columbus, Ohio men were indicted in federal court for allegedly engaging in a conspiracy to commit mail and wire fraud by sending counterfeit money orders and cashier’s checks as payment for goods advertised on Craigslist, causing over $4.6 million in damages. The two men sent the counterfeit payments to Craigslist sellers around the country for amounts in excess of the goods purchased, and then directed victims to deposit the payments and return the excess money to the accused’s bank accounts. Source: http://columbustelegram.com/news/local/crime-and-courts/two-city-men-indicted-in-m-fraud-scam/article_f3921881-ec39-5062-9746-f9cc9cdf932a.html

6. August 26, Softpedia – (International) Backoff PoS malware has at least eight variants. Researchers at Symantec conducted an analysis of the Backoff point-of-sale (PoS) malware and identified eight variants, with differences in registry entries and values, command and control servers, and the variants’ installation paths. Source: http://news.softpedia.com/news/Backoff-PoS-Malware-Has-At-Least-Eight-Variants-456433.shtml

Information Technology Sector

23. August 26, Softpedia – (International) Hardcoded password in Netis, Netcore routers offers backdoor to devices. Trend Micro researchers found that some routers sold under the Netis brand in the U.S. and other countries, and under the Netcore brand in China, contain a backdoor that can be accessed if the routers provide external access. The researchers also found a hardcoded password in the devices that can allow anyone with the password to access the router. Source: http://news.softpedia.com/news/Hardcoded-Password-in-Netis-Netcore-Routers-Offers-Backdoor-to-Device-456394.shtml

24. August 26, Threatpost – (International) 50 security flaws fixed in Google Chrome. Google released an update for its Chrome browser, addressing 50 security issues, including a series of critical vulnerability that could be exploited to execute arbitrary code outside of the Chrome sandbox. Source: http://threatpost.com/50-security-flaws-fixed-in-google-chrome

25. August 25, Help Net Security – (International) Researchers exploit flaw to tie Secret users to their secrets. Researchers from Rhino Security Labs demonstrated a proof-of-concept attack against the Secret app that could allow a user to deduce the identity behind a posting on the anonymous social network. The attack method was previously reported to Secret and closed before the researchers’ demonstration. Source: http://www.net-security.org/secworld.php?id=17291

For another story, see item 6 above in the Financial Services Sector

Communications Sector

26. August 26, Softpedia – (California) Unlisted Comcast customer details exposed by the thousands. The personal information of more than 74,000 Comcast customers in California who had paid to have their details remain unlisted, including names, addresses, and phone numbers, was exposed due to a fault in an agreement with a third party that distributes and publishes Comcast residential directories. The company stated that the leak appeared to occur between July 2010 and December 2012, and affected customers were offered refunds and in some cases additional remediation actions. Source: http://news.softpedia.com/news/Unlisted-Comcast-Customer-Details-Exposed-by-the-Thousands-456369.shtml