Thursday, November 20, 2014



Complete DHS Report for November 20, 2014

Daily Report

Top Stories
 
 • A fire and explosion at Santa Clara Waste Water Co. in Santa Paula, California, November 18 shut down all lanes of Highway 126 for several hours, sent at least 46 people to hospitals for symptoms, and shut down 2 schools when approximately 1,000 gallons of an unknown chemical spilled and released a vapor cloud after a vacuum truck exploded at the facility.– Ventura County Star
18. November 18, Ventura County Star – (California) Santa Paula chemical explosion causes injuries, evacuations, road closures. A fire and explosion at Santa Clara Waste Water Co., in Santa Paula shut down all lanes of Highway 126 between Peck and Well roads for several hours November 18, sent at least 46 people to hospitals for symptoms, and shut down 2 schools when approximately 1,000 gallons of an unknown type of organic peroxide spilled and released a vapor cloud after a vacuum truck exploded at the facility. A mandatory evacuation was ordered for residents and businesses within a mile of the scene. Source: http://www.vcstar.com/news/local-news/ventura/officials-working-to-decontaminate-people-at-vcmc-exposed-to-substance-in-santa-paula-explosion_29956958

 • Two individuals were indicted by the U.S. Attorney’s office November 17 for allegedly stealing the identities of roughly 1,400 Detroit patients while employed at Henry Ford West Bloomfield Hospital and DMC Harper Hospital and using the patients’ personal information to file about $489,000 in fake tax refunds. – Detroit Free Press (See item 21)
21. November 18, Detroit Free Press – (Michigan) Feds: Identity thieves hit 2 metro Detroit hospitals. The U.S. Attorney’s office unsealed an indictment November 17 charging 2 individuals for allegedly stealing the identities of roughly 1,400 Detroit patients while employed at Henry Ford West Bloomfield Hospital and DMC Harper Hospital, and using the patients’ personal information to file about $489,000 in fake tax refunds. The pair lived together in Farmington Hills and authorities found bank records, credit cards, and hospital patient records at the home in January. Source: http://www.freep.com/story/news/local/michigan/2014/11/18/hospital-identity-theft-metro-detroit/19239853/

 • Microsoft released an out-of-band patch November 18 to close a vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to domain administrator privileges. – See item 28 below in the Information Technology Sector

 • A 4-alarm fire broke at the Columbus Farmers Market in Springfield Township, New Jersey, inside Building No. 4 November 18 and destroyed at least 10 businesses and caused substantial damage to the structure. – Times of Trenton
35. November 18, Times of Trenton – (New Jersey) Four-alarm blaze destroys building at historic Columbus Farmers Market in Burlington. A 4-alarm fire inside Building No. 4 at the Columbus Farmers Market in Springfield Township November 18 destroyed at least 10 businesses housed within the structure. The market was closed at the time of the fire and employees were safely evacuated. Source: http://www.nj.com/mercer/index.ssf/2014/11/four-alarm_blaze_destroys_building_at_historic_columbus_farmers_market_in_burlington_county.html


Financial Services Sector

5. November 19, WNBC 4 New York City – (New Jersey) Man stopped for stealing $17 worth of gas caught with 205 fake credit cards. A Brooklyn, New York man who was pulled over by New Jersey State Troopers in Woodbridge Township, New Jersey, on suspicion of gasoline theft was found in possession of 205 fraudulent payment cards with a value of around $100,000 November 11 after a search of his vehicle. The man was later charged with possession and use of a fraudulent credit card and theft of services. Source: http://www.nbcnewyork.com/news/local/Fake-Credit-Card-Gas-Station-Theft-Gianni-Simon-New-Jersey-New-York-283087031.html

6. November 18, Bloomberg News – (New York) Broker pleads guilty in IBM acquisition insider scheme. A former stockbroker pleaded guilty November 18 to his role in an insider trading scheme that originated in a tip from a New York law firm over the acquisition of SPSS Inc., by International Business Machines Corp. The stockbroker was charged with making around $300,000 in illicit profits from the scheme that involved three others who have pleaded guilty and one other who was allegedly involved. Source: http://www.businessweek.com/news/2014-11-18/broker-pleads-guilty-to-role-in-ibm-acquisition-insider-scheme

7. November 18, KXTV 10 Sacramento – (California) FBI seeks ‘Bad Breath Bandit’ in Northern California. The FBI is seeking information related to the suspect known as the “Bad Breath Bandit” believed to be responsible for three bank robberies in the northern California region. The suspect’s most recent robbery occurred November 13 at a Tri Counties Bank branch in Durham, while the previous robberies occurred September 25 and June 17. Source: http://www.news10.net/story/news/local/california/2014/11/18/fbi-seeks-bad-breath-bandit-in-northern-california/19231739/

8. November 18, U.S. Attorney’s Office, Southern District of Florida – (Florida) Seventeen charged today in connection with stolen identity tax refund fraud scheme involving student financial services accounts. Federal authorities arrested 17 individuals November 18 for their alleged involvement in a stolen identity tax refund fraud scheme that used services provided by Higher One Inc., to Miami Dade College students in Florida and resulted in total intended losses of $1.9 million. The alleged organizers of the scheme also sought to use students’ Higher One accounts to commit federal benefit fraud, including Social Security fraud. Source: http://www.fbi.gov/miami/press-releases/2014/charged-today-in-connection-with-stolen-identity-tax-refund-fraud-scheme-involving-student-financial-services-accounts

For another story, see item 21 above in Top Stories

Information Technology Sector

27. November 19, Securityweek – (International) Advanced variant of “NotCompatible” Android malware a threat to enterprises. Researchers with Lookout identified a new variant of the NotCompatible trojan for Android dubbed NotCompatible.C which includes several changes to avoid detection by security software, including encrypted communications and geographically distributed command and control (C&C) servers. The malware is being spread by spam emails and compromised Web sites and acts as a proxy on infected systems. Source: http://www.securityweek.com/advanced-variant-notcompatible-android-malware-threat-enterprises

28. November 18, Securityweek – (International) Microsoft fixes critical Kerberos flaw under attack with out-of-band patch. Microsoft released an out-of-band patch November 18 to close a vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to domain administrator privileges. The vulnerability has been exploited in limited, targeted attacks and users were advised to apply the patch as soon as possible due to the critical nature of the vulnerability. Source: http://www.securityweek.com/microsoft-fixes-critical-kerberos-flaw-under-attack-out-band-patch

29. November 18, SC Magazine – (International) Apple releases OS X Yosemite and iOS updates. Apple released updates November 18 for its OS X Yosemite operating system and iOS 8 mobile operating system, adding improvements and closing an unlimited passcode attempt vulnerability in iOS 8. Source: http://www.scmagazine.com/apple-releases-updates-for-os-x-and-ios/article/383995/

30. November 18, Securityweek – (International) Flashpack exploit kit uses ad networks to deliver Cryptowall, Dofoil malware. Trend Micro researchers identified a malicious advertisement campaign that uses free ads to attempt to redirect users to a page hosting the Flashpack exploit kit, which then attempts to serve a variant of the Dofoil trojan or the Cryptowall ransomware. Source: http://www.securityweek.com/flashpack-exploit-kit-uses-ad-networks-deliver-cryptowall-dofoil-malware

31. November 18, Softpedia – (International) Legit Windows Phone apps can be replaced by malicious ones through copy/paste. A researcher reported that rogue versions of legitimate apps can be installed onto Windows Phone mobile devices after the installation of the legitimate app by replacing the files with the rogue app files. Source: http://news.softpedia.com/news/Legit-Windows-Phone-Apps-Can-Be-Replaced-By-Malicious-Ones-Through-Copy-Paste-465311.shtml

Communications Sector

32. November 19, Kennewick Tri-City Herald – (Washington) Investigators probe Kennewick radio transmitter arson, offer $10,000 reward. Authorities are searching for the suspects responsible for November 15 arson fire at a radio transmitter station in Kennewick that caused more than $100,000 in damages, destroyed equipment, and knocked three local radio stations off the air. One station remains off air indefinitely while authorities continue to investigate the incident. Source: http://www.tri-cityherald.com/2014/11/18/3266962/investigators-probe-kennewick.html