Thursday, April 30, 2015



Complete DHS Report for April 30, 2015

Daily Report

Top Stories

 · Miller County, Arkansas officials announced April 28 that an oil spill caused by a leak in a line covering 40 to 60 acres of an area in the county could take 1-2 weeks to clean up. – KSLA 12 Shreveport

1. April 28, KSLA 12 Shreveport – (Arkansas) Oil spill in Miller County could take weeks to clean up. Miller County officials announced April 28 that an oil spill covering 40 to 60 acres of an area in the county could take 1-2 weeks to clean up. Crews used oil booms to clean up the spill that was reportedly caused by a leak in one of the lines. Source: http://www.ksla.com/story/28923049/hazmat-crews-on-scene-of-oil-spill-in-miller-county

 · American Airlines reported that a software application problem with iPads used by pilots forced the airline to ground about two dozen flights April 28. – USA Today

8. April 29, USA Today – (National) Travelers scramble after iPad issues delay American Airlines flights. American Airlines reported that a software application problem with iPads used by pilots forced the airline to ground about two dozen flights April 28. Source: http://www.usatoday.com/story/news/nation/2015/04/29/ipad-issues-ground-american-airlines-flights/26565621/

 · A garbage truck rear-ended a New Britain Public Schools bus in Glastonbury, Connecticut, April 28 causing 33 students from John Barry School to be transported to area hospitals with injuries. – WFSB 3 Hartford

17. April 28, WFSB 3 Hartford – (Connecticut) School bus crash sends students to hospital as a precaution. A garbage truck rear-ended a New Britain Public Schools bus in Glastonbury April 28 causing 33 students from John Barry School to be transported to area hospitals with injuries. Source: http://www.wfsb.com/story/28918167/students-taken-to-hospital-as-precaution-after-school-bus-crash-in-glastonbury

 · A Major League Baseball game scheduled to be played at Oriole Park at Camden Yards in Baltimore April 29 was closed to the public following a wave of looting and riots around the ballpark after protests in the city April 27 – April 28. – WRC 4 Washington, D.C.

24. April 29, WRC 4 Washington, D.C. – (Maryland) Orioles to play at empty stadium Wednesday in riot-ravaged Baltimore. A Major League Baseball game scheduled to be played at Oriole Park at Camden Yards in Baltimore April 29 was closed to the public following a wave of looting and riots around the ballpark after protests in the city April 27 – April 28. Games at the ballpark were postponed April 27 – April 28 due to safety concerns. Source: http://www.nbcwashington.com/news/local/Orioles-Postponed-Again-in-Riot-Ravaged-Baltimore-301564421.html

Financial Services Sector

4. April 28, Columbus Dispatch – (Ohio) Reward increased for ‘Buckeye Bandit.’ The FBI and Central Ohio Crime Stoppers offered an increased reward of up to $10,000 for information leading to the arrest of the bank robbery suspect dubbed the ‘Buckeye Bandit’ after he allegedly robbed the Cooper State Bank branch in Columbus April 26. The suspect is believed to have committed 24 bank and store robberies dating back to 2013. Source: http://www.dispatch.com/content/stories/local/2015/04/28/reward-for-bank-robber.html

5. April 28, Softpedia – (International) Malware delivered via malicious macro in Word document embedded in PDF. Security researchers at Avast discovered that cybercriminals are employing a new malware delivery technique in which they embed Microsoft Word documents with malicious macros into seemingly legitimate Adobe Portable Document Files (PDFs). Once the document is opened and macros are enabled, a script downloads a variant of the Dridex banking trojan to steal banking credentials and Google and Microsoft login information. Source: http://news.softpedia.com/news/Malware-Delivered-via-Malicious-Macro-in-Word-Document-Embedded-in-PDF-479593.shtml

Information Technology Sector

19. April 29, Securityweek – (International) InFocus projectors plagued by authentication flaws: Core Security. Security researchers at Core Security identified an authentication bypass vulnerability in InFocus network-connected projectors in which an unauthenticated user could bypass the login page and access the projector’s Web interface as an administrator by navigating to the “main.html” page. Once logged in, the unauthenticated user would have the ability to access and modify private network and WiFi configuration information. Source: http://www.securityweek.com/infocus-projectors-plagued-authentication-flaws-core-security

20. April 29, Softpedia – (International) Routers built with RealTek SDK affected by remote command-injection bug. A security researcher at HP’s Zero Day Initiative discovered a vulnerability in version 1.3 of the RealTek Software Development Kit (SDK) used in the development of D-Link and Trendnet broadband routers in which attackers can exploit a flaw in the simple object access protocol (SOAP) service to execute arbitrary code on the devices. Source: http://news.softpedia.com/news/Routers-Built-with-RealTek-SDK-Affected-by-Remote-Command-Injection-Bug-479660.shtml

21. April 29, Help Net Security – (International) Threats on government networks remain undetected for 16 days. Findings from a report by MeriTalk and Splunk on the state of cyber security in Federal, State, and local government agencies revealed that cyber threats exist on government networks for an average of 16 days without detection, and that 68 percent of respondents reported that their organizations are overwhelmed by the volume of security data they must analyze. Respondents also reported the benefits of big data in analytics and the challenges they face due to lack of skill or time, among other findings. Source: http://www.net-security.org/secworld.php?id=18323

22. April 29, Help Net Security – (International) Hacker exploits Android devices with self-implanted NFC chip. A security researcher at APA Wireless demonstrated that he could implant himself with a near field communication (NFC) chip that is undetectable by body scanners and could be used to infiltrate and compromise devices in high-security locations. The chip would ping nearby Android devices with links to malicious files that, once run and installed, would allow for further exploits from a remote computer. Source: http://www.net-security.org/secworld.php?id=18324

23. April 28, Threatpost – (International) WordPress zero-day vulnerability. WordPress patched a critical stored cross-site scripting (XSS) zero-day vulnerability in its release of version 4.2.1. The vulnerability affected tens of millions of WordPress sites and allowed attackers to store malicious JavaScript in the comment fields of WordPress sites that would be executed server-side once the comments are viewed. Source: https://threatpost.com/wordpress-patches-zero-day-vulnerability/112455

For another story, see item 5 above in the Financial Services Sector

Communications Sector

See item 22 above in the Information Technology Sector

Wednesday, April 29, 2015



Complete DHS Report for April 29, 2015

Daily Report

Top Stories

 · The governor of Louisiana declared a state of emergency April 27 after storms knocked out power to the New Orleans International Airport, derailed several train cars off an elevated track on a bridge, and left nearly 238,000 customers without electricity. – Reuters

8. April 28, Reuters – (Louisiana) Storm knocks out power to New Orleans airport for hours. The governor of Louisiana declared a state of emergency April 27 due to a band of storms that knocked out power to the New Orleans International Airport, sent several freight train cars on an elevated track of the Huey P. Long Bridge off the bridge, and left nearly 238,000 customers without electricity. Several New Orleans schools canceled classes due to flood damage and loss of power. Source: http://uk.reuters.com/article/2015/04/27/us-usa-louisiana-weather-idUKKBN0NI22P20150427

 · Officials in Topeka, Kansas, reported April 27 that a power failure at a city pump station caused about 3 million gallons of raw sewage to discharge into the Kansas River. – Topeka Capital-Journal

16. April 27, Topeka Capital-Journal – (Kansas) 3 million gallons of sewage leak into Kansas River after pump station power outage. Topeka officials reported April 27 that a power failure at a city pump station caused about 3 million gallons of raw sewage to discharge into the Kansas River April 24 through April 26. The city continues to sample and monitor the river’s bacterial count while working to implement long-term corrections to the pump station. Source: http://cjonline.com/news/2015-04-27/3-million-gallons-sewage-leak-kansas-river-after-pump-station-power-outage

 · Romanian authorities raided 42 locations in 6 countries and detained 25 individuals April 26 in connection to their roles in a group who allegedly cloned cards to steal over $15 million from financial institutions in the U.S. and worldwide. – Softpedia See item 22 below in the Information Technology Sector

 · The governor of Maryland declared a state of emergency April 27 in Baltimore after at least 20 businesses were burned, police officers were injured, and hundreds of arrests were made due to riots that broke out in the city. – USA Today

25. April 28, USA Today – (Maryland) Baltimore braces as protests heat up again. The governor of Maryland declared a state of emergency and deployed a couple thousand National Guard members to Baltimore when riots broke out following a protest in the city April 27, resulting in at least 20 businesses being burned, damage to more than 140 vehicles, and the injury of over 20 police officers. More than 200 arrests were made in connection to the riots, while schools and several businesses were closed April 28, including the Security Square Mall. Source: http://www.usatoday.com/story/news/nation/2015/04/28/baltimore-state-of-emergency/26496241/

Financial Services Sector

6. April 27, West Hollywood Patch – (California) West Hollywood ‘Purse Packing Bandit’ pleads to series of bank robberies. An individual pleaded no contest April 27 to charges alleging that she robbed 9 banks and attempted to rob 2 others in Beverly Hills, Los Angeles, and West Hollywood as the “Purse Packing Bandit.” Authorities arrested the woman in August 2014 as she fled a bank robbery in Beverly Hills. Source: http://patch.com/california/westhollywood/west-hollywood-purse-packing-bandit-pleads-series-bank-robberies

For another story, see item 23 below in the Information Technology Sector

Information Technology Sector

22. April 28, Softpedia – (International) Cyber gang stealing $15 million from banks dismantled by Romanian authorities. Romanian authorities raided 42 locations in 6 countries and detained 25 individuals April 26 in connection to their roles in a group of over 52 suspects who allegedly cloned cards with information from banks’ computer systems to steal over $15 million from financial institutions in the U.S. and worldwide. The thieves supposedly made 34,000 cash withdrawals from ATMs in 24 countries from February – December 2013. Source: http://news.softpedia.com/news/Cyber-Gang-Stealing-15-Million-from-Banks-Dismantled-by-Romanian-Authorities-479523.shtml

23. April 28, Computer Business Review – (International) US plays host to largest number of phishing sites. Findings from a report by Webroot’s 2015 Threat Brief revealed that the U.S. hosts over 75 percent of phishing sites and 31 percent of internet protocol (IP) addresses, and that technology companies and financial institutions were the most frequent targets. Source: http://www.cbronline.com/news/cybersecurity/data/us-plays-host-to-largest-number-of-phishing-sites-4563482

24. April 28, Help Net Security – (International) Email delivery service SendGrid confirms data breach. SendGrid email and delivery service officials reported April 27 that a hacker had accessed internal systems containing account login information, email lists, and contact details of company employees and customers in three separate attacks in February and March that compromised a Bitcoin-related customer’s account and used it to send phishing emails. SendGrid announced the release of new security features and forced password resets for all customers. Source: http://www.net-security.org/secworld.php?id=18319

For another story, see item 5 below from the Critical Manufacturing Sector

5. April 27, Securityweek – (National) Hackers tricked AT&T, Network Solutions employees in Tesla attack. Tesla Motors reported that the company’s official Web site and Twitter accounts were hacked over the weekend of April 25 via a domain name system (DNS) hijack attack that remains under investigation. Hackers supposedly social engineered employees of AT&T and Network Solutions by forwarding calls to an illegitimate phone number in order to gain administrator privileges to the company’s domain administrator account. Source: http://www.securityweek.com/hackers-tricked-att-network-solutions-employees-tesla-attack

Communications Sector

See item 5 above from the Critical Manufacturing Sector