Complete DHS Daily Report for December 3, 2013
Daily Report
• The Metro-North Railroad’s Hudson line train
derailed while rounding a bend in the Bronx, New York, killing four and
injuring more than 60 people December 1. – Associated Press
5.
December 2, Associated Press – (New York) NTSB: 2nd data recorder
found in derailed NY train. The Metro-North Railroad’s Hudson line train
derailed while rounding a bend in the Bronx, killing four and injuring more
than 60 people December 1. Officials continue to investigate the cause after
finding two data recorders from the train. Source: http://www.washingtonpost.com/business/nyc-train-derailment-kills-4-hurts-more-than-60/2013/12/01/fb8e3a0e-5ae8-11e3-801f-1f90bf692c9b_story.html
• Nine empty BNSF Railway oil tanker cars
derailed December 1 after being hit by a truck in Bismarck, North Dakota,
causing a line closure that was expected to reopen by December 2. – Associated
Press
9.
December 1, Associated Press – (North Dakota) 9 empty oil tank cars
derail in North Dakota. Nine empty BNSF Railway oil tanker cars derailed
December 1 after being hit by a truck in Bismarck, causing a line closure that
was expected to reopen by December 2. Source: http://newsok.com/article/feed/623333
• Approximately 22,500 gallons of sewage
spilled December 1 into the San Diego River prompting the closure of Ocean
Beach and South Mission Beach in California. – U-T San Diego
16.
December 1, U-T San Diego – (California) Sewage spill closes beaches.
Approximately 22,500 gallons of sewage spilled December 1 into the San
Diego River near Interstate 15 after it was carried downstream prompting the
closure of Ocean Beach and South Mission Beach until testing determines the
water is safe. Source: http://www.utsandiego.com/news/2013/dec/01/sewage-spill-closes-beaches/
• The University of Washington Medicine
notified about 90,000 patients that their medical information was stolen during
a malware attack October 2, which may have included Social Security numbers in
15,000 cases. – Seattle Times
17.
November 29, Seattle Times – (Washington) UW Medicine alerts 90,000
patients on stolen data. The University of Washington Medicine notified
about 90,000 patients that their medical information was stolen during a
malware attack October 2, which may have included the Social Security numbers
in 15,000 cases. Officials spent over a month analyzing the activity after they
discovered an employee opened an email attachment containing malicious
software. Source: http://seattletimes.com/html/localnews/2022364831_uwmalwarexml.html
Details
Financial Services Sector
3. November 29,
Lincoln Journal Star – (Nebraska) Ex-Pinnacle Bank manager fined, banned
from banking. The former manager of Pinnacle Bank’s Madison branch in
Nebraska was fined by the Federal Deposit Insurance Corp., for $250,000 and
permanently banned from banking after he was accused of engaging in an improper
loan scheme causing the bank to incur losses of about $400,000. Source: http://journalstar.com/business/local/ex-pinnacle-bank-manager-fined-banned-from-banking/article_72378762-803a-5c7e-9664-74732e737760.html?comment_form=true
For another story,
see item 25 below in the Information
Technology Sector
Information Technology Sector
24. December 2,
Softpedia – (International) D-Link patches security holes in DI-524, DI-524UP,
DIR-100 and DIR-120 routers. D-Link released new firmware for various
router models addressing a vulnerability that could be leveraged by hackers to
gain control of the device after details of a vulnerability were presented in
October by Tactical Network Solutions. Source: http://news.softpedia.com/news/D-Link-Patches-Security-Holes-in-DI-524-DI-524UP-DIR-100-and-DIR-120-Routers-405159.shtml
25. December 2, Softpedia
– (International) Hackers target Bitcoin Talk via vulnerability in
AnoymousSpeech registrar. A Bitcoin talk administrator announced December 1
that they were targeted in a man-in-the-middle attack that leveraged a
vulnerability in the forum’s AnonymousSpeech registrar, allowing the Web site
to be served through CloudFlare. The attacker may have intercepted encrypted
communications, including passwords and private messages. Source: http://news.softpedia.com/news/Hackers-Target-Bitcoin-Talk-via-Vulnerability-in-AnonymousSpeech-Registrar-405123.shtml
26. November 30,
Softpedia – (International) PayPal “Limited Account Access” emails used
for phishing. A phishing scheme that is sending emails claiming to be
issued by PayPal online payment service asks users for their account login
details along with other personal information in order to gain access into
their accounts. Users are led into a fake PayPal site that is linked in the
email and used to steal their information. Source: http://news.softpedia.com/news/PayPal-Limited-Account-Access-Emails-Used-for-Phishing-404863.shtml
27. November 29,
Softpedia – (International) JPEGS leveraged for targeted attacks. Researchers
at Trend Micro discovered that some cyberattacks rely on malicious crafted JPEG
files to perform updates on themselves or to deploy new threats. The image
files contain encrypted data containing configuration files and binaries.
Source: http://news.softpedia.com/news/JPEGs-Leveraged-for-Targeted-Attacks-404784.shtml
28. November 29, SC
Magazine – (International) Virus takes user’s photo via webcam. Researchers
from Webroot warned that a malware family, made to look like an anti-virus
product, disables users’ computers and claims to have detected viruses and
demands money to purchase the full version of the product to remove the
threats. If the user does not respond, the program takes a picture via webcam
and warns the user of the infection and potential theft of personal
information. Source: http://www.scmagazineuk.com/virus-takes-users-photo-via-webcam/article/323028/
Communications Sector
Nothing to
report