Tuesday, September 23, 2014



Complete DHS Report for September 23, 2014

Daily Report

Top Stories

 · Two women were killed and several others were injured after a tour bus overturned on Delaware Route 1 in New Castle as it was going through a curve on an off-ramp September 21. – Associated Press

11. September 22, Associated Press – (Delaware) Del. authorities: Bus overturns, 2 dead, injuries. Two women were killed and several others were injured after a bus on a 3-day sightseeing tour from New York to Washington, D.C., overturned on Delaware Route 1 in New Castle as it was going through a curve on an off-ramp September 21. No other vehicles were involved and authorities are investigating the accident. Source: http://news.msn.com/us/del-authorities-bus-overturns-2-dead-injuries

 · One man was killed and 2 others were injured in a shooting September 20 between 2 rival motorcycle gangs that prompted the 15-hour closure of the 15 Freeway near Corona, California, while authorities investigated. – KTLA 5 Los Angeles

12. September 21, KTLA 5 Los Angeles – (California) 1 dead, 2 injured in 15 Freeway shooting reportedly involving motorcycle gangs. One man was killed and 2 others were injured in a shooting September 20 between 2 rival motorcycle gangs that prompted the 15-hour closure of the 15 Freeway near Corona while authorities investigated. Source: http://ktla.com/2014/09/21/1-dead-2-injured-in-shooting-on-15-freeway-near-corona/

 · Approximately 460,000 gallons of sewage leaked into White Oak Creek near Clayton in North Carolina after a private contractor allegedly damaged the municipal sewer line. – Raleigh News & Observer

26. September 18, Raleigh News & Observer – (North Carolina) Broken pipe leaks 460,000 gallons of sewage into creek near Clayton. Approximately 460,000 gallons of sewage leaked into White Oak Creek near Clayton in Johnston County after a private contractor allegedly damaged the municipal sewer line. County officials learned of the spill September 17 and repaired the damaged line while they continue to monitor the water levels. Source: http://www.newsobserver.com/2014/09/18/4161297_broken-pipe-leaks-460000-gallons.html

 · Viator representatives confirmed September 19 that its network was breached and the encrypted personal and financial information of about 1.4 million customers may have been compromised. – Help Net Security

36. September 22, Help Net Security – (International) Payment card info of 880k Viator customers compromised. Viator representatives confirmed September 19 that the company was made aware September 2 that its network was breached and the encrypted personal and financial information of about 1.4 million customers may have been compromised. Customers were advised to update their Viator online account information, including passwords. Source: http://www.net-security.org/secworld.php?id=17391

Financial Services Sector

8. September 20, San Gabriel Valley Tribune – (California) ‘Cold Blooded Bandit’ is responsible for Whittier bank heist, FBI says. The FBI asked for the public’s help in identifying a suspect known as the “Cold Blooded Bandit” after determining that the suspect was responsible for the September 17 robbery of a Whittier Union Bank branch located in a Ralphs grocery store, the third bank robbery linked to the suspect. Source: http://www.whittierdailynews.com/general-news/20140919/cold-blooded-bandit-is-responsible-for-whittier-bank-heist-fbi-says

9. September 19, Reuters – (National) U.S judge awards $40.7 million in SEC case over bitcoin Ponzi scheme. A federal judge ruled September 18 that a Texas man who operated Bitcoin Savings and Trust operated a Ponzi scheme that defrauded investors and ordered the man to pay $40.7 million following U.S. Securities and Exchange Commission charges of investment fraud. The scheme raised investments using the Bitcoin virtual currency between February 2011 and August 2012 on the promise of weekly returns but the funds were instead used for the owner’s personal expenses. Source: http://www.reuters.com/article/2014/09/19/us-sec-bitcoin-fraud-idUSKBN0HE1Z820140919

10. September 19, U.S. Securities and Exchange Commission – (New York) SEC charges Brooklyn man for facilitating insider trading scheme via post-it notes at Grand Central Terminal. The U.S. Securities and Exchange Commission charged a Brooklyn man September 19 for allegedly serving as a middleman to facilitate a $5.6 million insider trading scheme. The man allegedly conveyed information between a law firm managing clerk and a stockbroker in order to trade on nonpublic information for the benefit of the three parties. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542993471

For another story, see item 36 below from the Commercial Facilities Sector

36. September 22, Help Net Security – (International) Payment card info of 880k Viator customers compromised. Viator representatives confirmed September 19 that the company was made aware September 2 that its network was breached and the encrypted personal and financial information of about 1.4 million customers may have been compromised. Customers were advised to update their Viator online account information, including passwords. Source: http://www.net-security.org/secworld.php?id=17391

Information Technology Sector

32. September 22, Softpedia – (International) Hackers target Destiny and Call of Duty servers with DDoS attack. Several servers for online games Destiny and Call of Duty: Ghost went down during the weekend of September 20 due to a distributed denial of service (DDoS) attack that affected PlayStation and Xbox users. Attackers claiming affiliation with the Lizard Squad group claimed responsibility for the attacks. Source: http://news.softpedia.com/news/Hackers-Target-Destiny-and-Call-of-Duty-Servers-with-DDoS-Attack-459494.shtml

33. September 22, The Register – (International) Exercise-tracking app not QUITE fit for purpose. A researcher identified and reported a direct object reference vulnerability in the MyFitnessPal app that allowed users’ personal information, including location and dates of birth, to be accessed by any user. The vulnerability was closed 2 days after being reported. Source: http://www.theregister.co.uk/2014/09/22/exercise_tracking_app_not_quite_fit_for_purpose/

34. September 22, Securityweek – (International) Yahoo fixes RCE flaw leading to root server access. A researcher identified and reported a series of vulnerabilities in a Yahoo domain which led to a remote code execution vulnerability that was leveraged to gain root access to a Yahoo server. The vulnerability was reported September 5 and closed September 7. Source: http://www.securityweek.com/yahoo-fixes-rce-flaw-leading-root-server-access

Communications Sector

35. September 22, Tulsa World – (Oklahoma) Phone, fax service at Tulsa World disrupted Sunday. Telephone and fax services were restored at the Tulsa World after a 5-hour September 21 due to a fault breaker. Source: http://www.tulsaworld.com/homepagelatest/phone-fax-service-at-tulsa-world-disrupted-sunday/article_2e6c6dce-f901-5e35-b0d1-eada23b5478e.html