Wednesday, October 30, 2013



Complete DHS Daily Report for October 30, 2013

Daily Report

Top Stories

 • The city of Gatesville, Texas, issued a mandatory water-conservation order October 29 and alerted 20,000 residents and businesses of a possible 24-36 water outage. – Killeen Daily Herald

15. October 29, Killeen Daily Herald – (Texas) 20,000 customers in Gatesville without water. The city of Gatesville issued a mandatory water-conservation order October 29 and alerted 20,000 residents and businesses of a possible 24-36 hour water outage after a faulty cable at an intake structure prevented electrical power from being restored following an October 27 power outage. Source: http://kdhnews.com/news/customers-in-gatesville-without-water/article_65c2e5bc-3ff2-11e3-9d2f-001a4bcf6878.html

 • Authorities are trying to determine the identity of a body and cause of death after multiple body parts turned up at two county sewage plants in San Gabriel Valley, California, October 26. – USA Today

18. October 28, USA Today – (California) Mangled body of woman turns up in L.A. sewage plants. Authorities are trying to identify a dead woman and determine the cause of death after body parts they believe are from the same body turned up at two county sewage plants in San Gabriel Valley October 26. The death is being treated as a homicide. Source: http://www.usatoday.com/story/news/2013/10/28/body-in-sewer-plants/3292857/

 • Authorities recaptured two of the four Caddo County Jail inmates who escaped through the ceiling in the shower at the jail in Anadarko, Oklahoma, October 27. – Columbus Dispatch

29. October 28, CNN – (Oklahoma) 2 of 4 Oklahoma jail shower escapees captured, sheriff says. Authorities recaptured two of the four Caddo County Jail inmates who escaped through the ceiling in the shower at the jail in Anadarko October 27. Officials are still searching for the remaining two inmates who are considered armed and dangerous. Source: http://www.cnn.com/2013/10/28/justice/oklahoma-shower-jailbreak/index.html?hpt=us_c1

 • Adobe confirmed that a recent data breach impacted at least 38 million users, with Adobe ID usernames and hashed passwords obtained by attackers. – Krebs on Security See item 30 below in the Information Technology Sector

Details

Banking and Finance Sector

6. October 28, U.S. Attorney’s Office, District of New Jersey – (New Jersey) Co-owner of company that originated $30 million in fraudulent mortgages pleads guilty. The former co-owner of Premier Mortgage Services pleaded guilty to taking part in a mortgage fraud scheme in New Jersey that caused losses of more than $30 million. Source: http://www.fbi.gov/newark/press-releases/2013/co-owner-of-company-that-originated-30-million-in-fraudulent-mortgages-pleads-guilty

7. October 28, Dallas Morning News – (Texas; Ohio) Dallas identity thief convicted after eating debit card to conceal tax fraud. A Dallas man arrested in Ohio in 2011 was convicted October 25 of 16 counts of fraud in a scheme where he used stolen identities to fraudulently file income tax returns and collect millions of dollars. Four accomplices pleaded guilty to related charges. Source: http://crimeblog.dallasnews.com/2013/10/dallas-identity-thief-convicted-after-eating-debit-card-to-conceal-tax-fraud.html/

Information Technology Sector

30. October 29, Krebs on Security – (International) Adobe breach impacted at least 38 million users. Adobe confirmed that a recent data breach impacted at least 38 million users, with Adobe ID usernames and hashed passwords obtained by attackers. The company also confirmed that the attackers obtained at least some of the source code for Photoshop, as well as previously reported access to the source code of Acrobat, Reader, and ColdFusion. Source: http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/

31. October 29, Softpedia – (International) Hackers can hijack Facebook accounts by exploiting flaw in Android apps. A researcher at Attack Secure found and reported two vulnerabilities in Facebook applications for Android that could allow an attacker to steal access tokens and hijack accounts. Source: http://news.softpedia.com/news/Hackers-Can-Hijack-Facebook-Accounts-by-Exploiting-Flaw-in-Android-Apps-Video-395206.shtml

32. October 29, Softpedia – (International) Dun & Bradstreet starts notifying customers of data breach. Dun & Bradstreet began notifying customers that business information was potentially exposed during an attack in March and April 2013 on their commercial information databases. Source: http://news.softpedia.com/news/Dun-Bradstreet-Starts-Notifying-Customers-of-Data-Breach-395124.shtml

33. October 29, The Register – (International) Syrian Electronic Army claims U.S. President social media hijacking. Members of the Syrian Electronic Army hacktivist group briefly compromised the Twitter and Facebook account of the U.S. President October 28 and sent out links to the group’s Web site. The group obtained access by compromising URL shortening service ShortSwitch and Organizing for Action staff email accounts. Source: http://www.theregister.co.uk/2013/10/29/sea_hijack_obama_twitter_facebook_hack/

34. October 28, Threatpost – (International) Scan shows 65% of ReadyNAS boxes on Web vulnerable to critical bug. A scan by a Rapid7 researcher found that 65 percent of the Netgear ReadyNAS storage devices exposed to the Internet are still vulnerable to a critical remotely exploitable vulnerability despite a patch being issued for it in July. Source: http://threatpost.com/scan-shows-65-of-readynas-boxes-on-web-vulnerable-to-critical-bug/102706

For another story, see item 24 below:

24. October 28, Help Net Security – (International) U.K. man indicted for hacking U.S. govt networks, stealing confidential data. The New Jersey U.S. Attorney’s Office charged a man in the U.K. for allegedly breaching thousands of U.S. government computer systems and stealing confidential data. The man and others allegedly broke into the computer systems of several federal agencies and placed backdoors in their networks that were later used to steal the data. Source: http://www.net-security.org/secworld.php?id=15840

Communications Sector

Nothing to report