Daily Report
Top Stories
· About 500,000
gallons of wastewater was discharged into Joe’s Creek in St. Petersburg,
Florida, September 27 when an underground pipe ruptured due to heavy rain and
continued to spill between 250-500 gallons per minute. – Bay News 9 Tampa
12. September 29, Bay News 9 Tampa – (Florida) Ruptured sewage line spills 500,000 gallons
of wastewater. An estimated 500,000 gallons of wastewater was discharged into
Joe’s Creek in St. Petersburg September 27 when an underground pipe ruptured
due to excessive rain and continued to spill between 250-500 gallons per
minute. The spill forced the nearby Northside Christian School to delay start
times for the next several days as crews work to repair the sewage line.
Source: http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2014/9/29/sewer_leak_in_st_pet.html
· A Spokane
County Fire District 8 official reported September 29 that a suspected arsonist
is believed to have ignited 23 fires in 3 weeks in Washington, destroying 2
homes since September 9. – Reuters
16. September 29, Reuters – (Washington) Arsonist suspected in up to 23 blazes in
Washington state. The assistant fire chief of Spokane County Fire District
8 reported September 29 that a suspected arsonist is believed to have ignited
23 fires in 3 weeks in Washington, destroying 2 homes since September 9.
Officials found the fires were all set in a similar distinct pattern. Source: http://www.reuters.com/article/2014/09/29/us-usa-arson-washington-idUSKCN0HO1VB20140929
· Thirty-eight
people were treated after chemical fumes were released into classrooms in the
Health Sciences Center at Eastern Florida State College’s Cocoa campus
prompting an evacuation and the cancellation of classes September 29. – Florida
Today
19.
September 29, Florida Today –
(Florida) 7 taken to hospital after evacuation at EFSC. Thirty-one
people were treated at the scene while 7 others were transported to area
hospitals after chemical fumes were released into classrooms in the Health
Sciences Center at Eastern Florida State College’s Cocoa campus prompting an evacuation
and the cancellation of classes September 29. School officials believe an
individual poured a chemical into a sink in a room used to develop X-rays,
causing the chemical vapors to waft throughout the building. Source: http://www.floridatoday.com/story/news/education/2014/09/29/efsc-building-on-cocoa-campus-evacuation/16426111/
· Supervalu
officials reported September 29 that hackers installed a piece of malware on
the company’s network that may have captured customers’ payment card
information from the payment processing systems of several Cub Foods and
Albertson’s stores across the U.S. between August and September. – Securityweek
28.
September 30, Securityweek –
(International) New data breaches hit Supervalu, Albertson's. Supervalu
officials reported a second incident September 29 where hackers installed a
different piece of malware on the company’s computer system that potentially
captured customers’ payment card information from the payment processing
systems of four Cub Foods stores in Minnesota and several Albertson’s grocery
stores across the U.S. between August and September. Source: http://www.securityweek.com/new-data-breaches-hit-supervalu-albertsons
Financial Services Sector
3. September
30, Softpedia – (International) Variant of Upatre malware dropper
seen in bank emails. A security researcher reported finding a new variant
of the Upatre malware dropper attached to emails purporting to be from
financial institutions. The new variant is distributed as a download through a
link in the malicious emails and has a low VirusTotal detection rate. Source: http://news.softpedia.com/news/Variant-of-Upatre-Malware-Dropper-Seen-In-Bank-Emails-460463.shtml
4. September
29, U.S. Securities and Exchange Commission – (National) SEC
charges two Florida men with defrauding investors in purported television
network. The U.S. Securities and Exchange Commission filed charges
September 29 against the Florida-based former CEO of Vision Broadcast Network
and a consultant for allegedly raising at least $5.7 million from investors
nationwide based on misrepresentations of the company’s ownership of television
stations and broadcast licenses. The U.S. Attorney’s Office for the Eastern
District of Pennsylvania also filed parallel criminal charges against the two
individuals September 29. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543063872
5. September
29, Federal Deposit Insurance Corporation – (Utah) FDIC announces
settlement with Merrick Bank, South Jordan, Utah, for unfair and deceptive
practices. The Federal Deposit Insurance Corporation (FDIC) announced
September 29 that Merrick Bank located in South Jordan, Utah, reached a
settlement with the FDIC over charges that the bank engaged in unfair and
deceptive practices relating to the marketing and servicing of “add-on
products.” The bank agreed to pay a $1.1 million penalty and to pay around $15
million in restitution to affected customers. Source: https://www.fdic.gov/news/news/press/2014/pr14080.html
For another story, see item 28 above
in Top Stories
Information Technology Sector
21. September 30, Help Net Security – (International) Apple patches Shellshock bug in OS X. Apple
released a security update for its OS X operating system that closes two
remotely exploitable vulnerabilities in the GNU Bash UNIX shell known as
Shellshock. Source: http://www.net-security.org/secworld.php?id=17430
22. September 30, Securityweek – (International) ‘Shellshock’ attacks could already top
1 billion: Report. Incapsula researchers reported that the company’s Web
application firewall deflected over 217,000 attempted exploitations of the
Shellshock vulnerability in GNU Bash during the 4 days after the vulnerability
was disclosed and estimated that the total number of attacks attempting to
exploit the flaw could reach 1 billion. Source: http://www.securityweek.com/shellshock-attacks-could-already-top-1-billion-report
23. September 30, Softpedia – (International) Seller of StealthGenie mobile spyware
app indicted and arrested. The CEO of InvoCode was arrested September 27 in
Los Angeles for allegedly selling and advertising the StealthGenie mobile
spyware. The Pakistani national allegedly worked with others to develop and
market the spyware that is compatible with major mobile operating systems such
as Android, Blackberry, and iOS. Source: http://news.softpedia.com/news/Seller-of-StealthGenie-Mobile-Spyware-App-Indicted-And-Arrested-460448.shtml
24. September 29, Softpedia – (International) Signed CryptoWall delivered via
malvertising campaign on top-ranked websites. Researchers with Barracuda
Labs identified a variant of the CryptoWall ransomware signed with a valid
digital certificate from DigiCert and spread through malicious ads on the Zedo
ad network to several popular Web sites. As of September 29, the CryptoWall
variant was detected by 12 of 55 security solutions on VirusTotal. Source: http://news.softpedia.com/news/CryptoWall-Delivered-Via-Malvertising-Campaign-on-Top-Ranked-Websites-460375.shtml
25. September 29, Threatpost – (International) RadEditor web editor vulnerable to XSS
attacks. A researcher identified and reported a cross-site scripting (XSS)
vulnerability in the RadEditor text editor used in several Microsoft products
that could allow attackers to inject malicious script and obtain private data.
The vulnerability was closed by Telerik September 24. Source: http://threatpost.com/radeditor-web-editor-vulnerable-to-xss-attacks
26. September 29, Softpedia – (International) All CloudFlare customers benefit from
Universal SSL. CloudFlare announced September 29 that it was providing all
customers with SSL certificates under its Universal SSL service to enhance
security. Source: http://news.softpedia.com/news/All-CloudFlare-Customers-Benefit-from-Universal-SSL-460374.shtml
Communications Sector
Nothing
to report