Friday, October 3, 2014



Complete DHS Report for October 3, 2014

Daily Report

Top Stories

 · An October 1 fire at Deerfield Farms in Moore County, North Carolina, caused an estimated $600,000 in damage to a nursery building and killed 4,200 hogs worth about $400,000. – WRAL 5 Raleigh

9. October 2, WRAL 5 Raleigh – (North Carolina) Fire at Moore County farm kills 4,200 hogs. A fire that broke out October 1 in a nursery building of Deerfield Farms in Moore County destroyed the structure and killed 4,200 hogs worth about $400,000. Officials estimated that the building sustained about $600,000 in damage. Source: http://www.wral.com/4-200-hogs-killed-in-fire-at-moore-county-farm/14036325/

 · Cedars-Sinai Medical Center in Los Angeles notified 33,136 patients September 11 that their personal and health information may have been accessed after an employee laptop was stolen in June, an increase from the hospital’s initial report in August that the theft affected 500 patients. – Los Angeles Times

16. October 1, Los Angeles Times – (California) Cedars-Sinai says number of patient files in data breach much higher. Cedars-Sinai Medical Center in Los Angeles notified 33,136 patients September 11 that their personal and health information may have been accessed after a password-protected, unencrypted laptop was stolen from an employee’s home during a June burglary. The hospital previously reported the theft to 500 patients in August, but forensic analysis determined the laptop contained information for thousands of additional patients, including about 1,500 Social Security numbers. Source: http://www.latimes.com/business/la-fi-cedars-data-breach-20141002-story.html

 · Three executives pleaded guilty October 1 in a bribery scheme to grant U.S. National Guard contracts incorrectly by bribing National Guard officials with money to award them marketing and advertising contracts worth $14.6 million. – Reuters

19. October 1, Reuters – (National) Six charged with bribery in grant U.S. National Guard contracts. Three executives from Arlington, Virginia-based National Guard Bureau, Financial Solutions, Inc. of Fredericksburg, and Mil-Team Consulting of Minnesota pleaded guilty October 1 in a bribery scheme to grant U.S. National Guard contracts incorrectly by bribing National Guard officials with money to award them marketing and advertising contracts worth $14.6 million. Three others were also charged in the scheme which involved the distribution of federal funds by the National Guard Bureau to the Army National Guard and its State units. Source: http://www.reuters.com/article/2014/10/01/us-usa-crime-nationalguard-idUSKCN0HQ5D020141001

 · An October 1 power outage at the Rochdale Village housing complex in New York City stranded about 80 people in elevators and on construction scaffolding, and prompted an evacuation of residents from about 20 buildings. – WCBS 2 New York City

35. October 1, WCBS 2 New York City – (New York) FDNY: 54 workers removed from scaffolding after power outage hits Rochdale Village in Jamaica. An October 1 power outage at a privately owned power plant at the Rochdale Village housing complex in the Jamaica, Queens area of New York City stranded about 25 people in elevators and 54 workers on construction scaffolding, and prompted an evacuation of residents from about 20 buildings in the complex. Four individuals were injured during the incident and power was restored to the complex after more than 3 hours. Source: http://newyork.cbslocal.com/2014/10/01/power-outage-hits-numerous-buildings-at-rochdale-village-in-jamaica-queens/

Financial Services Sector

4. October 1, Las Vegas Review-Journal – (Nevada; Florida; South Dakota) Ex-LV chiropractor arrested in $34M fraud scheme. A former chiropractor in Las Vegas was arrested by FBI agents for allegedly working with a South Dakota man to funnel money from a Florida-based hedge fund that caused the fund to go bankrupt and led to millions in investor losses. The charges against the two men stem from 2010 U.S. Securities and Exchange Commission charges against the two men and six others, with federal prosecutors seeking to recover $44.8 million from the Las Vegas and South Dakota defendants. Source: http://www.reviewjournal.com/news/las-vegas/ex-lv-chiropractor-arrested-34m-fraud-scheme

For another story, see item 33 below from the Commercial Facilities Sector

33. October 2, Softpedia – (International) Data breach on Flinn Scientific server lasted for four months. Flinn Scientific officials notified October 2 customers that made at least one purchase through its online store since May 2 that their financial information, including payment card number and card verification code, may have been compromised after malware was planted on the company’s Web based payment system. The breach was discovered September 8 and the company removed the malicious software from its network. Source: http://news.softpedia.com/news/Data-Breach-on-Flinn-Scientific-Server-Lasted-for-Four-Months-460794.shtm

Information Technology Sector

25. October 2, Softpedia – (International) Major security flaw in Xen hypervisor disclosed. The developers of the Xen hypervisor released a patch after a security vulnerability was disclosed October 1 that could allow an attacker to use a malicious hardware virtual machine to read data from other virtual machines or crash the host machine. Source: http://news.softpedia.com/news/Major-Security-Flaw-in-Xen-Hypervisor-Disclosed-460746.shtml

26. October 2, Softpedia – (International) OS X botnet malware uses Reddit to get IPs of control servers. Researchers with Doctor Web found that a piece of botnet malware for OS X known as iWorm uses the search function on Reddit to access a list of command and control (C&C) servers used to receive instructions. Over 17,000 unique IP addresses are associated with systems infected by iWorm and the C&C server addresses are disguised on Reddit by purporting to be addresses for Minecraft servers. Source: http://news.softpedia.com/news/OS-X-Botnet-Malware-Uses-Reddit-to-Get-IPs-of-Control-Servers-460766.shtml

27. October 2, Securityweek – (International) VMware releases software updates to fix ShellShock bug. VMware released patches for several of its products in order to close the Shellshock vulnerability in GNU Bash. Source: http://www.securityweek.com/vmware-releases-software-updates-fix-shellshock-bug

28. October 2, The Register – (International) Researchers bypass Redmond’s EMET, again. Researchers with Offensive Security reported that they were able to bypass the fifth version of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) security tool on several versions of the Windows operating system. Source: http://www.theregister.co.uk/2014/10/02/researchers_bypass_redmonds_emet_again/

29. October 1, The Register – (International) Bash bug flung against NAS boxes. FireEye researchers warned that attackers are attempting to exploit the Shellshock vulnerability in GNU Bash in order to compromise Network Attached Storage (NAS) systems before the systems can be patched. The researchers reported that NAS systems made by QNAP were especially targeted and that attackers were seeking to install backdoors. Source: http://www.theregister.co.uk/2014/10/01/sheelshock_nas_attack/

30. October 1, Threatpost – (International) Joomla re-issues security update after patches glitch. The developers of Joomla released a second version of a security update October 1 after an initial update designed to close critical vulnerabilities created some technical issues with users. Source: http://threatpost.com/joomla-re-issues-security-update-after-patches-glitch

Communications Sector

31. September 30, Kansas City Star – (Missouri) Sprint says its Blue Springs service is restored after disruption at one tower. Wireless service to Sprint customers in Blue Springs was restored September 30 after being disrupted September 29. Source: http://www.kansascity.com/news/business/technology/article2354752.html

For another story, see item 3 below from the Critical Manufacturing Sector

3. October 1, Threatpost – (International) Schneider Electric fixes remotely exploitable flaw in 22 different products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory to operators of 22 different Schneider Electric industrial control systems products after a researcher identified a remotely exploitable directory traversal vulnerability that could allow attackers to bypass Web server authentication and gain administrator access and control over devices. Schneider Electric released a firmware update to close the vulnerability in the products deployed in the manufacturing, energy, water, communications, and other sectors. Source: http://threatpost.com/schneider-electric-fixes-remotely-exploitable-flaw-in-22-different-products