Wednesday, November 12, 2014



Complete DHS Report for November 12, 2014

Daily Report

Top Stories
 
 · The U.S. Postal Service announced November 10 that the personal information of more than 800,000 employees and customers were potentially accessed in a cyberattack. – Reuters

8. November 10, Reuters – (National) U.S. Postal Service says data breach hits employees, call center. The U.S. Postal Service (USPS) announced November 10 that the personal information, including Social Security numbers, of more than 800,000 employees and customers who called the Postal Service Customer Care Center between January and August 16 was potentially accessed in a cyberattack. The USPS is investigating and reported that the intrusion is limited in scope and operations are functioning normally. Source: http://www.reuters.com/article/2014/11/10/us-cybersecurity-usps-idUSKCN0IU1P420141110
 
 · Thousands of food products worth more than $3 million were scattered all over the roadway following an accident on Interstate 24 east near Monteagle, Tennessee, shutting down the interstate for more than 4 hours November 9. – Chattanooga Times Free Press

9. November 10, Chattanooga Times Free Press – (Tennessee) Meat, eggs and cheese only casualties of I-24 pileup on Monteagle. Thousands of eggs, cheese, and boxes of meat worth more than $3 million collectively were scattered all over the roadway following an accident between 3 semi-trucks and 2 cars on Interstate 24 east near Monteagle, shutting down the interstate for more than 4 hours November 9 while crews cleared the scene. One driver was injured in the incident. Source: http://www.timesfreepress.com/news/2014/nov/10/meat-eggs-and-cheese-only-casualties-of-i-24/

  · Researchers identified an advanced persistent threat (APT) group dubbed Darkhotel APT that has targeted travelers in the Asia-Pacific region using malicious hotel WiFi networks, spear phishing, and malicious torrent files. – Securityweek See item 26 below in the Information Technology Sector
 
 · About 5,000 people were evacuated from office buildings or told to shelter-in-place in San Jose, California, November 7 – November 8 while crews worked to repair a 4 inch natural gas pipeline that was inadvertently struck. – San Jose Mercury News

35. November 8, San Jose Mercury News – (California) San Jose: All-clear given after downtown natural-gas leak. About 2,500 people were evacuated from office buildings in downtown San Jose and around 2,500 additional people were ordered to shelter-in-place November 7 while crews worked to repair a 4 inch natural gas pipeline that was inadvertently struck by a construction crew working in the area. The scene was cleared November 8 after HAZMAT crews tested buildings for possible pockets of gas that could be trapped inside, and service was expected to be restored to the 40 affected businesses by November 10. Source: http://www.mercurynews.com/bay-area-news/ci_26898555/san-jose-bus-lines-resume-normal-service-after

Financial Services Sector

4. November 7, WSB 750 AM Atlanta – (Georgia) Massive credit card scam found in Paulding Co. Authorities in Paulding County arrested a Kennesaw man for allegedly operating a payment card forgery operation after police were contacted by the owner of an office building who had discovered suspicious items while cleaning out the office space of an evicted tenant. Police found 1,154 payment cards as well as card embossing devices and several fraudulent driver’s licenses from various States. Source: http://www.wsbradio.com/news/news/local/massive-credit-card-scam-found-paulding-co/nh3C3/

5. November 7, Amarillo Globe-News – (Texas) Troopers seize nearly $200k in fake credit cards, cash. Texas Department of Public Safety troopers arrested two Romanian nationals after they found 69 fraudulent payment cards valued at $172,000 and 29 fraudulent ID cards from Iowa during a traffic stop in Carson County November 4. Troopers stated that they believed the contraband and $18,000 in cash was being transported from California to Tennessee. Source: http://amarillo.com/news/local-news/2014-11-07/troopers-seize-nearly-200k-fake-credit-cards-cash

6. November 7, KIRO 7 Seattle – (Washington) ‘Roscoe Bandit’ strikes Olympia bank. A suspect known as the “Roscoe Bandit” linked to two bank robberies in Seattle was also linked to an October 30 robbery of Timberland Bank in Olympia. The previous Seattle robberies occurred July 29 at a Wells Fargo Bank branch and July 28 at a HomeStreet Bank branch. Source: http://www.kirotv.com/news/news/roscoe-bandit-strikes-olympia-bank/nh3SQ/

7. November 7, Chicago Sun-Times – (Illinois) ‘Bully Bandit’ suspected of three more bank robberies. The FBI is offering a reward for information on the “Bully Bandit” after the suspect was linked to 3 additional robberies in the Chicago area, bringing the suspect’s total to 15 bank robberies since 2012. The most recent bank robbery occurred November 5 at a Chase Bank branch in Chicago. Source: http://www.myfoxchicago.com/story/27326638/bully-bandit-suspected-of-three-more-bank-robberies

Information Technology Sector

26. November 10, Securityweek – (International) Darkhotel attackers target business travelers via hotel networks. Kaspersky Lab researchers identified an advanced persistent threat (APT) group dubbed Darkhotel APT that has targeted travelers in the Asia-Pacific region in addition to the U.S. using malicious hotel WiFi networks, spear phishing, and malicious torrent files. The group’s hotel attacks involve prompting users with a software update notice that installs a backdoor, and the group has targeted guests associated with industries and sectors including government organizations, the defense industry, energy industry, pharmaceutical industry, electronics manufacturers, medical providers, and non-governmental organizations. Source: http://www.securityweek.com/darkhotel-attackers-target-business-travelers-hotel-networks

27. November 10, The Register – (International) BrowserStack HACK ATTACK: Service still suspended after rogue email. Browser testing service BrowserStack stated that it was temporarily suspending service to recover after an attacker managed to gain access to a list of email addresses and the company’s official email account, using it to send out a fake message to developers. Source: http://www.theregister.co.uk/2014/11/10/browserstack_hack_attack_service_still_suspended_after_rogue_email/

28. November 10, The Register – (International) Emoticons blast three security holes in Pidgin :-(. Researchers at Cisco reported that the instant messaging client Pidgin contained three security vulnerabilities that could have allowed attackers to overwrite files or cause a denial of service (DoS) situation. The vulnerabilities have since been patched. Source: http://www.theregister.co.uk/2014/11/10/cisco_security_bods_hunt_pidgin/

 Communications Sector

29. November 10, Lancaster Online – (Pennsylvania) 579 people in Lancaster County lose phone service after vehicle crash. Approximately 579 Frontier Communications customers from Quarryville to Caernarvon Township in Lancaster County were without phone service for several hours November 9 after a vehicle struck and damaged a pole at the intersection of Routes 340 and 772. Source: http://lancasteronline.com/news/local/people-in-lancaster-county-lose-phone-service-after-vehicle-crash/article_d50be6ba-6834-11e4-8ea5-338b6a11f59f.html

30. November 8, Honolulu Star-Advertiser – (Hawaii) 140 Hawaiian Telecom customers now without service in Kaimuki. A phone and high-speed Internet service disruption October 21 continued for 140 Hawaiian Telecom customers in the Kaimuki and Maunalani Heights areas of east Honolulu November 8 following a break in a 12 inch water main that pushed several feet of asphalt, debris, and rocks into an open manhole covering underground cables. Crews continued work to remove the debris in order to restore service. Source: http://www.staradvertiser.com/news/breaking/20141108_140_Hawaiian_Telcom_customers_now_without_service_in_Kaimuki.html?id=282056391