Tuesday, September 30, 2014



Complete DHS Report for September 30, 2014

Daily Report

Top Stories

 · An air traffic control facility in Aurora, Illinois, is expected to be restored to full service by October 13 following a September 26 fire that prompted the cancelation of about 3,800 flights across the U.S. between September 26 and September 28. – Reuters 

10. September 28, Reuters – (Illinois) FAA wants to restore Chicago air traffic site by mid-October. Federal Aviation Administration officials reported September 28 that a regional air traffic control facility in Aurora, is expected to be restored to full service by October 13 after crews complete repairs and replace the central communications network in the building following a fire that was intentionally set by a field technician September 26. An estimated 3,800 flights were canceled across the U.S. between September 26 and September 28 as a result of the incident. Source: http://news.yahoo.com/faa-wants-restore-chicago-air-traffic-mid-october-001045762--finance.html

 · A water-boil alert in Mercer Island, Washington, was lifted September 29 after E. coli was detected in water samples from the city’s distribution system September 26 which prompted the closure of area schools and 62 businesses. – Seattle Times

21. September 29, Seattle Times – (Washington) Mercer Island lifts water-boil alert Monday morning; schools closed. Officials lifted a water-boil alert in Mercer Island September 29 and advised residents to flush pipes and clear ice makers after water samples tested negative for E. coli following detection of the bacteria in water samples from the city’s distribution system September 26. Mercer Island School district was closed September 29 to sanitize the schools’ facilities and 62 businesses were ordered closed until the boil-water advisory was lifted. Source: http://blogs.seattletimes.com/today/2014/09/tests-improve-but-water-boil-alert-remains-for-mercer-island/

 · An accident involving a North Central Texas College bus left 4 students dead and 12 others injured when the bus was hit by a semi-truck on Interstate 35 in Oklahoma September 26. – CNN

27. September 27, CNN – (Oklahoma) 4 killed when semi hits bus carrying Texas college softball team in Oklahoma. An accident involving a North Central Texas College bus left 4 students dead and 12 others injured when the bus was hit by a semi-truck on Interstate 35 in Oklahoma September 26. Source: http://www.cnn.com/2014/09/27/us/oklahoma-school-bus-accident/

 · Signature Systems reported September 26 that the breach of its point-of-sales system may have compromised the systems of an additional 108 independent restaurants across the U.S. that utilizes its payment products. – IDG News Service

38. September 26, IDG News Service – (International) Credit card breach that hit Jimmy John's is larger than originally thought. Signature Systems reported September 26 that the breach of its point-of-sales system that affected 216 Jimmy John’s sandwich shop locations also may have compromised the systems an additional 108 independent restaurants across the U.S. that use its payment products. The intrusion is believed to have started June 16 when hackers used stolen credentials to remotely install malware onto stores’ payment terminals that is capable of stealing customers’ payment card information. Source: http://www.networkworld.com/article/2688453/security/credit-card-breach-that-hit-jimmy-johns-is-larger-than-originally-thought.html

Financial Services Sector

38. September 26, IDG News Service – (International) Credit card breach that hit Jimmy John's is larger than originally thought. Signature Systems reported September 26 that the breach of its point-of-sales system that affected 216 Jimmy John’s sandwich shop locations also may have compromised the systems an additional 108 independent restaurants across the U.S. that use its payment products. The intrusion is believed to have started June 16 when hackers used stolen credentials to remotely install malware onto stores’ payment terminals that is capable of stealing customers’ payment card information. Source: http://www.networkworld.com/article/2688453/security/credit-card-breach-that-hit-jimmy-johns-is-larger-than-originally-thought.html

Information Technology Sector

30. September 29, Softpedia – (International) New remote code execution flaws found in Shellshock-patched Bash. Researchers found four additional vulnerabilities with the Bash command interpreter for Linux, Shellshock, two of which were unofficially patched after new changes to the code. The two new bugs that remain could be exploited remotely and in an easier way due to the rare use of address space layout randomization (ASLR) when compiling Bash. Source: http://news.softpedia.com/news/New-Remote-Code-Execution-Flaws-Found-In-Shellshock-Patched-Bash-460348.shtml

31. September 29, Softpedia – (International) Ello social network recovers after DDoS attack. Administrators with Ello, a social networking site, announced they blocked a bad IP address that was responsible for sending junk traffic after reporting the site was under an apparent distributed denial of service (DDoS) attack. Source: http://news.softpedia.com/news/Ello-Social-Network-Recovers-After-DDoS-Attack-460324.shtml

32. September 29, Softpedia – (International) Cisco lists 31 products vulnerable to the Shellshock vulnerability. Cisco released a list of 31 products vulnerable to the Shellshock glitch which included connection routing, network management, and media content delivery and encoding, among others. Oracle also released a list of 32 products vulnerable to attack by the Bash bug after the company changed its initial list and appended new products. Source: http://news.softpedia.com/news/Cisco-Lists-31-Products-Vulnerable-To-the-Shellshock-Vulnerability-460303.shtml

33. September 26, SC Magazine – (International) iThemes users asked to change passwords following attack. The CEO if iThemes, a WordPress themes, plugins, and training provider, advised 60,000 past and current users to reset their passwords following an attack on its membership database that may have compromised usernames, email addresses, passwords, names, IP addresses, and purchase information. Source: http://www.scmagazine.com/ithemes-users-asked-to-change-passwords-following-attack/article/373939/

Communications Sector

34. September 25, U.S. Department of Labor – (Kansas) Wireless Horizon tower collapse results in deaths of 2 cell tower workers. The Occupational Safety and Health Administration cited Wireless Horizon, Inc., September 25 for 2 willful and 4 serious safety violations and placed the company in the Severe Violator Enforcement Program following the March 25 death of 2 workers from the collapse of a cell tower they were dismantling in Kansas. Proposed fines total $134,400. Source: https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=NEWS_RELEASES&p_id=26781