Complete DHS Daily Report for December 4, 2013
Daily Report
• Data recovered from two event recorders
showed that a Metro-North train that derailed in New York City, which killed 4
passengers and injured 63 others, was speeding at 82 miles per hour when the
accident occurred. – Associated Press
8.
December 3, Associated Press; Middletown Times Herald-Record – (New
York) Train speed was 82 mph prior to wreck. The National Transportation
Safety Board investigators reported that the Metro-North Hudson line commuter
train that derailed in the Bronx area of New York City December 1, killing 4
passengers and injuring 63 others, was speeding at 82 miles per hour when the
accident occurred. The preliminary findings are based on data recovered from
the train's two event recorders. Source: http://www.recordonline.com/apps/pbcs.dll/article?AID=/20131203/NEWS/312030333
• The U.S. Food and Drug Administration shut
down Alfred Louie Inc., operations following the discovery of Listeria in
sprouts processed and distributed at the facility. – KERO 23 Bakersfield
16.
December 2, KERO 23 Bakersfield – (California) Alfred Louie,
Bakersfield soybean sprout company, shut down by FDA. Alfred Louie Inc., of
Bakersfield was told to shut down operations by the U.S. Food and Drug
Administration following the April discovery of Listeria in sprouts processed
and distributed at the facility. Source: http://www.turnto23.com/news/local-news/alfred-louie-bakersfield-soybean-sprout-company-shut-down-by-fda-120213
• A gas leak at Princeton University prompted
the evacuation of about 500 people and 11 university buildings for more than 2
hours. – WCBS 2 New York City
26.
December 2, Associated Press; WCBS 2 New York City – (New Jersey) Gas
leak prompts evacuation at Princeton University. Eleven Princeton
University buildings were evacuated for more than 2 hours December 2 due to a
gas leak after a backhoe struck a gas line near the McCosh Health Center.
Source: http://newyork.cbslocal.com/2013/12/02/gas-leak-prompts-evacuation-at-princeton-university/
• Microsoft stated that a recently discovered
zero-day vulnerability affecting Windows XP and Windows Server 2003 was being
actively exploited.– SC Magazine See item 33 below in the Information Technology Sector
Details
Financial Services Sector
6. December 2, Las
Vegas Review-Journal – (Nevada) Company owners plead guilty in scheme to
clear credit histories. Five people, out of 10 charged, pleaded guilty to
their role in running a Las Vegas-based credit score forgery scheme that used
fake police documents and other methods to falsely improve the credit scores of
customers. Source: http://www.reviewjournal.com/news/company-owners-plead-guilty-scheme-clear-credit-histories
7. December 2,
WNYT 13 Albany – (New York) Fifth arrest made after credit card skimming
in Glenmont. A New York City man was charged along with four employees of
the Golden Town Buffet in Glenmont with allegedly running a $55,000 payment
card skimming scheme at the restaurant. Source: http://wnyt.com/article/stories/S3232957.shtml?cat=300
For another story,
see item 30 below in the Information
Technology Sector
Information Technology Sector
28. December 3,
Softpedia – (International) Flaw in Android 4.3 can be exploited to
remove device locks with rogue apps. Researchers at Curesec identified a
vulnerability in Android 4.3 that can be exploited using a rogue app to disable
a device’s security features such as PINs and passwords. The researchers
produced a proof-of-concept app demonstrating the issue. Source: http://news.softpedia.com/news/Flaw-in-Android-4-3-Can-Be-Exploited-to-Remove-Device-Locks-with-Rogue-Apps-405536.shtml
29. December 3, Help
Net Security – (International) Huge quantity of Bitcoins stolen from
Sheep Marketplace. The administrators of the Sheep Marketplace underweb
market reported to their users that a vendor allegedly broke into the market
and stole 5,400 Bitcoins. Source: http://www.net-security.org/secworld.php?id=16037
30. December 3,
Softpedia – (International) 706 domains used to sell counterfeit items
seized by international law enforcement. U.S., European Union, and Hong
Kong authorities seized a total of 706 domain names used to advertise and sell
counterfeit goods. Source: http://news.softpedia.com/news/706-Domains-Used-to-Sell-Counterfeit-Items-Seized-by-International-Law-Enforcement-405611.shtml
31. December 3,
Threatpost – (International) Acoustical mesh network used to infect
air-gapped computers. Researchers published a paper demonstrating how
acoustic devices such as speakers and microphones can be used to send data
between computers that are ‘air-gapped’ and not connected to the Internet or a
network. Source: http://threatpost.com/acoustical-mesh-network-used-to-infect-air-gapped-computers/103079
32. December 3, Dark
Reading – (International) Study: 340,000 new malicious websites detected
in past 30 days. A study conducted by Commtouch found that the number of
malicious Web sites is growing quickly, with an average of 11,500 new threats
identified each day. Malware sites made up the majority of malicious sites,
followed by phishing and spam sites. Source: http://www.darkreading.com/study-340000-new-malicious-websites-dete/240164387
33. December 2, SC
Magazine – (International) Windows XP zero-day under active attack. Microsoft
stated that a recently discovered zero-day vulnerability affecting Windows XP
and Windows Server 2003 has been observed being exploited in targeted attacks.
The vulnerability can allow privilege escalation, kernel mode code execution,
and administrator account creation. Source: http://www.scmagazine.com/windows-xp-zero-day-under-active-attack/article/323303/
34. December 2, Help
Net Security – (International) Legitimate apps bundled up with secret
Bitcoin miner. Malwarebytes researchers identified a Bitcoin miner added to
Mutual Public’s YourFreeProxy software that can drain users’ system resources
and strain hardware. Source: http://www.net-security.org/malware_news.php?id=2639
35. December 2, SC
Magazine – (International) Popular Bitcoin forum targeted in DNS and
DDoS attack. The administrators of the BitcoinTalk forum advised their
users to avoid logging in for a time December 2 after the site was hit by
domain name system (DNS) redirection and distributed denial of service (DDoS)
attacks. Source: http://www.scmagazine.com//popular-bitcoin-forum-targeted-in-dns-and-ddos-attack/article/323311/
Communications Sector
Nothing to
report