Complete DHS Report for April
7, 2015
Daily Report
Top Stories
· Duke
Energy agreed to pay Virginia $2.5 million in an April 3 settlement for its
February 2014 coal ash spill where a retired power plant in Eden dumped up to
39,000 tons of ash into the Dan River. – Charlotte Observer
3. April
3, Charlotte Observer – (Virginia) Duke Energy to pay Virginia
$2.5 million for Dan River spill. The Virginia Department of Environmental
Quality announced April 3 that Duke Energy agreed to pay Virginia $2.5 million in
a settlement for its February 2014 coal ash spill into the Dan River where a
retired power plant in Eden dumped up to 39,000 tons of ash into the river.
Authorities are continuing to monitor water quality and any potential long-term
effects. Source: http://www.charlotteobserver.com/news/local/article17313746.html
· The
White River bridge on Highway 410 in Washington was closed April 4 for
emergency repairs lasting several days following a routine inspection that
revealed damage to an overhead support structure. – Seattle Times
13. April
4, Seattle Times – (Washington) Structural damage closes White
River bridge. The White River bridge on Highway 410 between Enumclaw and
Buckley was closed for emergency repairs April 4 following a routine inspection
by the Washington Department of Transportation that revealed damage to an
overhead support structure caused when it was struck by an oversized load. The
closure was expected to last several days and repairs are estimated to cost
about $200,000. Source: http://www.seattletimes.com/seattle-news/transportation/structural-damage-closes-white-river-bridge/
· Heavy
rain and melting snow led to a discharge of an estimated 90,000 gallons of untreated
sewage into the Silver Lake Outlet from a sewage treatment plant in Perry, New
York, April 4. – WXXI 21 Rochester
21. April 5, WXXI 21 Rochester – (New
York) Sewage overflow in Perry Ends. Heavy rain and melting snow led to a
discharge of an estimated 90,000 gallons of untreated sewage into the Silver
Lake Outlet from the sewage treatment plant in Perry, New York, April 4.
Officials reported to the site to evaluate the extent of the damage. Source: http://wxxinews.org/post/sewage-overflow-perry-ends
· Auburn
University in Alabama announced April 3 that the personal information of about
370,000 current, former, and prospective students may have been exposed after
the university learned that some information stored on the school’s servers
inadvertently became accessible online. – Al.com
24. April 3, Al.com – (Alabama) 370,000 current,
former Auburn students had personal data exposed on website, university says. Auburn
University in Alabama announced April 3 that the personal information of about
370,000 current, former, and prospective students may have been exposed after
the university learned March 2 that some information stored on the school’s
servers inadvertently became accessible online between September 1, 2014 and
March 2, 2015. Officials reported that there was no evidence that the
information was misused and that corrective actions were taken to secure the
information. Source: http://www.al.com/news/index.ssf/2015/04/370000_current_former_students.html
Financial Services Sector
7. April 6,
Softpedia – (California) American Express card info exposed to
cybercriminals. A law enforcement investigation revealed that financial and
personal information, including the Social Security numbers of at least 500
California residents was revealed to unauthorized persons. The company notified
affected account holders while authorities investigate the circumstances
surrounding the breach. Source: http://news.softpedia.com/news/American-Express-Card-Info-Exposed-to-Cybercriminals-477550.shtml
8. April 4,
Norfolk Virginian-Pilot – (Virginia) Va. Beach employee had
accidental access to millions. The city of Virginia Beach revealed a
potential security breach April 3 in which Bank of America gave a city employee
setting up a petty cash and small expenses account access to nine municipal
bank accounts containing millions of dollars for 5 – 6 years. Authorities do
not suspect that any of the accounts were compromised. Source: http://hamptonroads.com/2015/04/va-beach-reports-banks-security-breach
9. April 4,
Associated Press – (Rhode Island) Police: Men stole more than $65,000 from ATM. Warwick
police arrested 2 suspects April 4 who allegedly skimmed more than $65,000 from
a Greenwood Credit Union ATM in March affecting more than 125 credit union
customers. Authorities believe that the pair may have skimmed other East Coast
ATMs. Source: http://www.boston.com/news/local/rhode-island/2015/04/04/warwick-police-arrest-from-nyc-atm-skimming-case/HC1buCj3BTQDglmvut72sJ/story.html
10. April 3,
KTVB 7 Boise – (Idaho) Boise police see flurry of credit card and retail
fraud cases. Boise police reported April 3 that 7 suspects from 4 different
traveling credit fraud groups were arrested beginning March 27. Investigators
recovered over $33,000 in illegally obtained merchandise and approximately 156
fraudulent credit cards after retail employees reported suspicious activity to
authorities. Source: http://www.ktvb.com/story/news/crime/2015/04/03/boise-police-see-flurry-of-credit-card-and-retail-fraud-cases/25274561/
Information Technology Sector
29. April 6,
Softpedia – (International) Google certificate expires, email clients
return security warnings. An expired intermediate certificate signed by
Google Internet Authority G2 for simple mail transport protocol (SMTP) in
Google’s Gmail resulted in users receiving error messages on outgoing email
activity for over 2 hours April 4. The company renewed the certificate through
December 2015. Source: http://news.softpedia.com/news/Google-Certificate-Expires-Email-Clients-Return-Security-Warnings-477700.shtml
30. April 6,
Securityweek – (International) Flaw in Schneider Electric vamp software
allows arbitrary code execution. The Industrial Control Systems Cyber
Emergency Response Team (ICS-CERT) released an advisory stating that Schneider
Electric’s VAMPSET software is vulnerable to stack-based and heap-based buffer
overflow attacks that can be exploited to execute arbitrary code via malformed
VAMPSET disturbance recording files on the affected systems. The company
released an update fixing the issue and advised organizations that use the
software to leverage User Access Control (UAC) features and employ best
security practices. Source: http://www.securityweek.com/flaw-schneider-electric-vamp-software-allows-arbitrary-code-execution
31. April 4,
Softpedia – (International) WordPress, Joomla sites infected with
malicious Flash file. Security researchers at Sucuri discovered that
several hundred Web sites running WordPress or Joomla content management
systems (CMS) have been attacked since November 2014 with malicious
one-pixel-large small web format (SWF) files containing hidden iframe code that
directs users to Web sites hosting malware such as exploit kits. Source: http://news.softpedia.com/news/WordPress-Joomla-Sites-Infected-with-Malicious-Flash-File-477597.shtml
32. April 3,
Softpedia – (International) New MS Word exploit kit adds statistics tool
to track success of the campaign. Security researchers at FireEye
discovered a Web-based tool called MWISTAT released in December 2014 that
allows cybercriminals using the Microsoft Word Intruder (MWI) exploit kit to
track details about rigged Microsoft Word documents including Internet Protocol
(IP) addresses and user-agents of victims, payloads requested and served, and
the version of Microsoft Word used to open the file. The malware has reportedly
affected over 1400 users worldwide in 2 separate spam campaigns. Source: http://news.softpedia.com/news/New-MS-Word-Exploit-Kit-Adds-Statistics-Tool-to-Track-Success-of-the-Campaign-477568.shtml
Communications Sector
33. April 3, Associated
Press; Washington Times – (New Mexico) Cable cut partially
interrupts phone service in Gallup area. Telephone, cell phone, and
Internet service was restored to an unspecified number of CenturyLink and
Sacred Wind Communications customers near Gallup, New Mexico, after a driver
struck an above-ground fiber-optic cable and knocked out service for about 8
hours April 3. Technicians were dispatched to splice and repair the severed
cable. Source: http://www.washingtontimes.com/news/2015/apr/3/cable-cut-partially-interrupts-phone-service-in-ga/
34. April 3, KRDO 13 Colorado
Springs – (Colorado) Phone, Internet outage affects hundreds of
Pueblo customers, city departments. Phone and Internet service for hundreds
of CenturyLink customers in the City of Pueblo was down April 3 after a
contractor inadvertently drilled a hole into fiber cables that service
CenturyLink and the city’s fiber infrastructure network. Full restoration of
services was expected to take several days while crews work to resolve the
problem. Source: http://www.chieftain.com/business/localbusiness/3486640-120/departments-phone-accident-affected