Tuesday, December 3, 2013



Complete DHS Daily Report for December 3, 2013

Daily Report

 • The Metro-North Railroad’s Hudson line train derailed while rounding a bend in the Bronx, New York, killing four and injuring more than 60 people December 1. – Associated Press

5. December 2, Associated Press – (New York) NTSB: 2nd data recorder found in derailed NY train. The Metro-North Railroad’s Hudson line train derailed while rounding a bend in the Bronx, killing four and injuring more than 60 people December 1. Officials continue to investigate the cause after finding two data recorders from the train. Source: http://www.washingtonpost.com/business/nyc-train-derailment-kills-4-hurts-more-than-60/2013/12/01/fb8e3a0e-5ae8-11e3-801f-1f90bf692c9b_story.html

 • Nine empty BNSF Railway oil tanker cars derailed December 1 after being hit by a truck in Bismarck, North Dakota, causing a line closure that was expected to reopen by December 2. – Associated Press 

9. December 1, Associated Press – (North Dakota) 9 empty oil tank cars derail in North Dakota. Nine empty BNSF Railway oil tanker cars derailed December 1 after being hit by a truck in Bismarck, causing a line closure that was expected to reopen by December 2. Source: http://newsok.com/article/feed/623333

 • Approximately 22,500 gallons of sewage spilled December 1 into the San Diego River prompting the closure of Ocean Beach and South Mission Beach in California. – U-T San Diego 

16. December 1, U-T San Diego – (California) Sewage spill closes beaches. Approximately 22,500 gallons of sewage spilled December 1 into the San Diego River near Interstate 15 after it was carried downstream prompting the closure of Ocean Beach and South Mission Beach until testing determines the water is safe. Source: http://www.utsandiego.com/news/2013/dec/01/sewage-spill-closes-beaches/

 • The University of Washington Medicine notified about 90,000 patients that their medical information was stolen during a malware attack October 2, which may have included Social Security numbers in 15,000 cases. – Seattle Times 

17. November 29, Seattle Times – (Washington) UW Medicine alerts 90,000 patients on stolen data. The University of Washington Medicine notified about 90,000 patients that their medical information was stolen during a malware attack October 2, which may have included the Social Security numbers in 15,000 cases. Officials spent over a month analyzing the activity after they discovered an employee opened an email attachment containing malicious software. Source: http://seattletimes.com/html/localnews/2022364831_uwmalwarexml.html

Details

Financial Services Sector

3. November 29, Lincoln Journal Star – (Nebraska) Ex-Pinnacle Bank manager fined, banned from banking. The former manager of Pinnacle Bank’s Madison branch in Nebraska was fined by the Federal Deposit Insurance Corp., for $250,000 and permanently banned from banking after he was accused of engaging in an improper loan scheme causing the bank to incur losses of about $400,000. Source: http://journalstar.com/business/local/ex-pinnacle-bank-manager-fined-banned-from-banking/article_72378762-803a-5c7e-9664-74732e737760.html?comment_form=true

For another story, see item 25 below in the Information Technology Sector

Information Technology Sector

24. December 2, Softpedia – (International) D-Link patches security holes in DI-524, DI-524UP, DIR-100 and DIR-120 routers. D-Link released new firmware for various router models addressing a vulnerability that could be leveraged by hackers to gain control of the device after details of a vulnerability were presented in October by Tactical Network Solutions. Source: http://news.softpedia.com/news/D-Link-Patches-Security-Holes-in-DI-524-DI-524UP-DIR-100-and-DIR-120-Routers-405159.shtml

25. December 2, Softpedia – (International) Hackers target Bitcoin Talk via vulnerability in AnoymousSpeech registrar. A Bitcoin talk administrator announced December 1 that they were targeted in a man-in-the-middle attack that leveraged a vulnerability in the forum’s AnonymousSpeech registrar, allowing the Web site to be served through CloudFlare. The attacker may have intercepted encrypted communications, including passwords and private messages. Source: http://news.softpedia.com/news/Hackers-Target-Bitcoin-Talk-via-Vulnerability-in-AnonymousSpeech-Registrar-405123.shtml

26. November 30, Softpedia – (International) PayPal “Limited Account Access” emails used for phishing. A phishing scheme that is sending emails claiming to be issued by PayPal online payment service asks users for their account login details along with other personal information in order to gain access into their accounts. Users are led into a fake PayPal site that is linked in the email and used to steal their information. Source: http://news.softpedia.com/news/PayPal-Limited-Account-Access-Emails-Used-for-Phishing-404863.shtml

27. November 29, Softpedia – (International) JPEGS leveraged for targeted attacks. Researchers at Trend Micro discovered that some cyberattacks rely on malicious crafted JPEG files to perform updates on themselves or to deploy new threats. The image files contain encrypted data containing configuration files and binaries. Source: http://news.softpedia.com/news/JPEGs-Leveraged-for-Targeted-Attacks-404784.shtml

28. November 29, SC Magazine – (International) Virus takes user’s photo via webcam. Researchers from Webroot warned that a malware family, made to look like an anti-virus product, disables users’ computers and claims to have detected viruses and demands money to purchase the full version of the product to remove the threats. If the user does not respond, the program takes a picture via webcam and warns the user of the infection and potential theft of personal information. Source: http://www.scmagazineuk.com/virus-takes-users-photo-via-webcam/article/323028/

Communications Sector 

Nothing to report