Monday, March 30, 2015



Complete DHS Report for  March 30, 2015

Daily Report

Top Stories

 · The U.S. Department of State announced rewards totaling $3 million March 26 for information leading to the arrest of 2 Russian nationals believed to be key members in the Carder.su financial and identity fraud scheme that has caused losses of at least $50 million. – Securityweek See item 6 below in the Financial Services Sector

 · Interstate 35 in Salado, Texas, reopened March 27 after it was closed for nearly 18 hours when a semi-truck crashed into a highway bridge and two beams fell onto the interstate hitting several vehicles March 26. – KWTX 10 Waco

8. March 27, KWTX 10 Waco – (Texas) I-35 reopens after fiery 18-wheeler crash kills 1, injures 3. Interstate 35 at Farm-to-market Road 2484 in Salado reopened in both directions March 27 after it was closed for nearly 18 hours when an oversized semi-truck crashed into a highway bridge and dislodged two beams that fell onto the interstate hitting several vehicles March 26. One individual was killed and 3 others were injured during the incident that remains under investigation. Source: http://www.kwtx.com/home/headlines/Major-Crash-On-Interstate-35-Shuts-Down-Highway-297669591.html

 · Authorities are investigating after 34 cars of a Union Pacific train derailed along the Nevada Subdivision in Lovelock March 25, prompting the delay of 33 trains that were rerouted around the scene. – Reno Gazette-Journal

12. March 26, Reno Gazette-Journal – (Nevada) Derailed Nevada train delays 33 others. Authorities are investigating after 34 cars of a 51-car Union Pacific train derailed along the Nevada Subdivision in Lovelock March 25. The derailment delayed 30 freight trains and 3 Amtrak trains that were rerouted around the scene where wreckage was strewn for hundreds of yards. Source: http://www.rgj.com/story/news/2015/03/26/derailed-car-train-delays-trains-churchill-co/70492756/

 · An apparent gas explosion March 26 destroyed 4 New York City apartment buildings, displacing residents from about 49 units, and injuring 19 individuals while 2 others were reportedly missing. – Reuters

25. March 27, Reuters – (New York) Police seek two people reportedly missing after New York explosion. An apparent gas explosion March 26 caused 2 apartment buildings to collapse and 2 adjacent apartment buildings to catch fire in the Manhattan area of New York City, displacing residents from about 49 units. Nineteen individuals were injured during the blast and 2 others were reportedly missing, while firefighters remained at the scene March 27 to search the rubble and extinguish smoldering debris. Source: http://www.reuters.com/article/2015/03/27/us-usa-new-york-collapse-missing-idUSKBN0MN1OO20150327

Financial Services Sector

6. March 27, Securityweek – (International) U.S. offers $3 million reward for alleged Russian cybercriminals. The U.S. Department of State announced rewards totaling $3 million March 26 for information leading to the arrest or conviction of 2 Russian nationals believed to be key members in the Carder.su operation, in which participants created and trafficked identification documents and payment cards and perpetrated financial fraud and identity theft, causing losses of at least $50 million. Thirty members involved in the operation have been convicted and 25 remaining are fugitives or pending trial. Source: http://www.securityweek.com/us-offers-3-million-reward-alleged-russian-cybercriminals

7. March 26, Associated Press – (New York) FINRA fines Oppenheimer $3.75M in employee fraud case. The Financial Industry Regulatory Authority issued a $3.75 million fine to Oppenheimer & Co., for failing to supervise and stop an employee from transferring $2.9 million of client funds to his own accounts or for use in excessive trades while he was under investigation for other fraud accusations, including a 2012 scheme in which he allegedly scammed a New York City Broadway show’s producers out of $20,000 after promising to raise $4.5 million from phony investors. Source: http://www.newsobserver.com/entertainment/celebrities/article16389836.html

For another story, see item 23 below in the Information Technology Sector

Information Technology Sector

20. March 27, Softpedia – (International) GitHub has been under a continuous DDoS attack in the last 24 hours. The GitHub Web site suffered a minor service outage March 26 and has been mitigating a sustained distributed denial-of-service (DDoS) attack on its servers that has lasted over 24 hours. Administrators reported that that connectivity resumed to normal after the attack was amplified March 27, and are continuing to monitor for any abnormalities. Source: http://news.softpedia.com/news/GitHub-Has-Been-Under-a-Continuous-DDoS-Attack-in-the-Last-24-Hours-476902.shtml

21. March 26, Threatpost – (International) GE fixes buffer overflow bug in DTM library. General Electric released a patch for a vulnerability in device type management (DTM) libraries affecting five Highway Addressable Remote Transducer (HART) digital communication devices deployed in various critical infrastructure areas, including one manufactured by MACTek. The vulnerability allows an attacker to execute arbitrary code by causing a buffer overflow in the product’s DTM and crashing the Field Device Tool (FDT) Frame Application. Source: https://threatpost.com/ge-fixes-buffer-overflow-bug-in-dtm-library/111817

22. March 27, CSO Online – (International) DDOS attacks less frequent last year, more dangerous. San Francisco-based Black Lotus Communications released a report which found that the total number of distributed denial-of-service (DDoS) attacks declined steadily in 2014, but increased in packet size by 3.4 times in the third quarter, and average attack size by 12.1 gigabits per second (Gbps) in the fourth quarter. The report also identified an increase in complex, hybrid network and application-layer attacks. Source: http://www.csoonline.com/article/2902309/network-security/ddos-attacks-less-frequent-last-year-more-dangerous.html#tk.rss_news

23. March 26, Securityweek – (International) Thousands of hijacked WordPress sites redirect users to exploit kits. Security researchers at Germany’s Computer Emergency Response Team (CERT-Bund) discovered that at least 3,000 Web sites have been compromised by a local file inclusion (LFI) vulnerability in the Slider Revolution WordPress plugin that allows attackers to take control of sites by accessing and downloading files from the affected server. Many victims are directed to exploit kit landing pages including Angler and Fiesta which can inject various ransomware, fraud malware, and trojan malware into affected systems. Source: http://www.securityweek.com/thousands-hijacked-wordpress-sites-redirect-users-exploit-kits

For additional stories, see items 6 above in the Financial Services Sector and 26 below from the Commercial Facilities Sector

26. March 26, SC Magazine – (International) Vulnerability found in popular hotel routers. Cylance researchers discovered an authentication flaw in the firmware of several models of InnGate routers that are commonly used by hotels and convention centers that can be exploited to distribute malware to guests, monitor and record data sent over the network, and possibly gain access to a hotel’s reservation and keycard system. The vulnerability was detected in 277 devices in 29 countries, including more than 100 devices located in the U.S. Source: http://www.scmagazine.com/vulnerability-discovered-in-inngate-routers/article/405708/

Communications Sector

24. March 27, Natchez Democrat – (Mississippi) Cut fiber optic line disables local Cable One Internet. A Cable ONE fiber optic cable was cut by Media 3 crews that were attempting to run their own cable March 26, causing service outages for 100 percent of Internet and phone customers and approximately 15 percent of cable customers in the Natchez area. Service was expected to be restored more than 6 hours after the line was severed. Source: http://www.natchezdemocrat.com/2015/03/27/cut-fiber-optic-line-disables-local-cable-one-internet/