Thursday, September 4, 2014




Complete DHS Report for September 4, 2014

Daily Report

Top Stories

 ·  An explosion inside a boiler room at the Whitlock Packaging Corp. facility in Lakeland, Florida, September 2 sent a 60,000-pound boiler tank through a wall of the plant, prompting the indefinite closure of the facility. – Lakeland Ledger

14. September 3, Lakeland Ledger – (Florida) Natural gas explosion blows boiler through wall at Lakeland packaging facility. A natural gas explosion inside a boiler room at the Whitlock Packaging Corp. bottling facility in Lakeland, Florida, September 2 sent a 60,000-pound boiler tank through a wall of the plant and onto nearby train tracks, prompting the evacuation of employees and indefinite closure of the facility until crews can assess the damage. Source: http://www.theledger.com/article/20140902/news/140909911

· About 100,000 Prince George’s County residents were placed under a 48-hour boil water advisory due to a water main break in Laurel, Maryland. – WTTG 5 Washington, D.C.

17. September 3, WTTG 5 Washington, D.C. – (Maryland) Boil water advisory issued for parts of Prince George’s County. About 100,000 Prince George’s County residents were placed under a 48-hour boil water advisory due to a water main break in Laurel. Source: http://www.myfoxdc.com/story/26431714/boil-water-advisory-for-parts-of-prince-georges-county

· A gunman shot and injured a police officer after opening fire at the Greenville County Law Enforcement Center in South Carolina September 1, before turning the gun on himself and committing suicide. – WYFF 4 Greenville

26. September 2, WYFF 4 Greenville – (South Carolina) Man killed, officer wounded in shooting at Greenville LEC. A gunman shot and injured a police officer after opening fire at the Greenville County Law Enforcement Center in South Carolina September 1, before turning the gun on himself and committing suicide. Authorities believe the gunman was also connected to the homicide of his stepfather prior to opening fire at the center. Source: http://www.wyff4.com/news/coroner-one-dead-after-shooitng-at-greenville-county-law-enforcement-center/27830136

· Goodwill Industries International representatives reported September 2 that a July payment card breach was the result of hackers using an unidentified piece of malware to breach the systems of a third-party vendor that processes payments for some members. – Securityweek

32. September 3, SecurityWeek – (International) Goodwill blames credit card breach on third-party vendor. Goodwill Industries International representatives reported September 2 that a payment card breach which was detected in July was the result of hackers using an unidentified piece of malware to breach the systems of a third-party vendor that processes payments for some Goodwill members between February 2013 and August 2014. Servers at 20 Goodwill stores across several States were compromised during the breach, and the personal information, including name and payment card information, of the stores’ customers was accessed. Source: http://www.securityweek.com/goodwill-blames-credit-card-breach-third-party-vendor

Financial Services Sector

4. September 3, Help Net Security – (International) Cybercriminals love PayPal, financial phishing on the rise. Kaspersky Lab researchers released statistics on spam and phishing emails for the month of July, which found that phishing emails targeting financial services increased 7.9 percent during the month, with PayPal being the most targeted company. The researchers also found that the overall share of spam in all email traffic increased 2.2 percent to a total of 67 percent during July, among other findings. Source: http://www.net-security.org/secworld.php?id=17320

5. September 2, U.S. Attorney’s Office, District of New Jersey – (New Jersey) Belleville man admits role in $15 million mortgage fraud scheme. A Belleville man pleaded guilty September 2 to his role in a $15 million mortgage fraud scheme that involved overbuilt condominiums in North Wildwood. The man served as a straw buyer in the scheme and is 1 of 11 defendants charged in connection to the fraud. Source: http://www.fbi.gov/newark/press-releases/2014/belleville-man-admits-role-in-15-million-mortgage-fraud-scheme

6. September 2, St. Louis Post-Dispatch – (Missouri) Bethalto bank employee admits embezzlement, fraud. A former U.S. Bank employee pleaded guilty to embezzlement and fraud while she worked at the bank’s Bethalto Airport branch in St. Louis, causing damages totaling $105,827. The former employee made unauthorized debits on customers’ accounts while working as a universal banker at the branch. Source: http://www.stltoday.com/news/local/crime-and-courts/employee-s-fraud-costs-bank/article_bfc86ab2-2370-5a8b-8655-fb6f1fafe080.html

For additional stories, see items 32 and 33 below from the Commercial Facilities Sector

32. September 3, SecurityWeek – (International) Goodwill blames credit card breach on third-party vendor. Goodwill Industries International representatives reported September 2 that a payment card breach which was detected in July was the result of hackers using an unidentified piece of malware to breach the systems of a third-party vendor that processes payments for some Goodwill members between February 2013 and August 2014. Servers at 20 Goodwill stores across several States were compromised during the breach, and the personal information, including name and payment card information, of the stores’ customers was accessed. Source: http://www.securityweek.com/goodwill-blames-credit-card-breach-third-party-vendor

33. September 2, Los Angeles Times – (International) Home Depot probing possible hacking; customer data may be at risk. Home Depot representatives announced September 2 that the company is investigating a potential security breach and are working with law enforcement and banking institutions to investigate reported unusual activity. Source: http://www.latimes.com/business/la-fi-home-depot-hack-20140902-story.html

Information Technology Sector

29. September 3, Help Net Security – (International) Linux systems infiltrated and controlled in a DDoS botnet. Researchers at Akamai Technologies reported that Linux systems could be at risk of infections using IptabLes and IptabLex to compromise systems and use them in distributed denial of service (DDoS) attacks. The researchers reported that the infections appeared to be caused by a large number of Linux-based Web servers being compromised via Apache Struts, Tomcat, and Elasticsearch vulnerabilities. Source: http://www.net-security.org/secworld.php?id=17322

30. September 3, The Register – (International) Firefox 32 moves to kill MITM attacks. The Mozilla Foundation released version 32 of its Firefox browser, which adds new features including public key pinning to help protect users against man-in-the-middle (MitM) attacks. Source: http://www.theregister.co.uk/2014/09/03/firefox_32_moves_to_kill_mitm_attacks/

31. September 2, Threatpost – (International) Apple fixes glitch in Find My iPhone app connected to celebrity photo leak. A security issue in Apple’s Find My iPhone app that researchers demonstrated could be exploited in brute force attacks was fixed by the company. Apple stated that a recent breach of celebrities’ personal photos stored in its iCloud service was not the result of the researchers’ findings, but instead involved targeted attacks on the individuals’ accounts. Source: http://threatpost.com/apple-fixes-glitch-in-find-my-iphone-app-connected-to-celbrity-photo-leak

For another story, see item 4 above in the Financial Services Sector

Communications Sector

Nothing to report