Friday, December 6, 2013

Complete DHS Daily Report for December 6, 2013

Daily Report

 • Four suspects were charged with stealing copper from the Trixie Mine in Utah, causing more than $1.5 million in damages. – Salt Lake Tribune

8. December 4, Salt Lake Tribune – (Utah) Metal thieves hit Utah copper mine, do $1.5 million in damage. Four suspects were charged with allegedly stealing copper from the Trixie Mine copper, gold, and silver mine near Eureka, Utah, between December 24, 2012 and October 25, causing more than $1.5 million in damage. Source:

 • JPMorgan Chase warned approximately 465,000 prepaid UCard debit card holders that their unencrypted personal information may have been compromised following a July cyberattack. – Reuters See item 10 below in the Financial Services Sector

 • IntelCrawler researchers identified a point-of-sale botnet named StarDust that has compromised more than 20,000 payment cards since August. – Ars Technica See item 13 below in the Financial Services Sector

 • An electrical issue in a BART train caused a brake issue that injured 20 and prompted an evacuation of approximately 700 people from the train in Orinda, California. – KGO-TV 7 San Francisco

19. December 4, KGO-TV 7 San Francisco – (California) BART train brake problem prompts evacuations. An electrical short in a BART train caused the brakes to disable and filled some of the cars with smoke at the Berkeley Hills Tunnel in Orinda December 4, trapping approximately 700 people on the train for about 1 hour before it was evacuated. Twenty people were treated or taken to area hospitals. Source:


Financial Services Sector

10. December 5, Reuters – (International) JPMorgan warns 465,000 card users on data loss after cyberattack. JPMorgan Chase notified around 465,000 holders of prepaid UCard debit cards that their unencrypted personal information may have been obtained by hackers during a July data breach. The cards were issued to corporations to pay employees and to government agencies to pay benefits and tax refunds. Source:

11. December 5, Softpedia – (International) Personal and financial details compromised in Maple Grove Farms of Vermont hack. B&G Foods North America notified customers that a November 16 cyberattack on the Maple Grove Farms of Vermont Web site may have revealed personal information and payment card numbers. Source:

12. December 5, Softpedia – (International) International payment card fraud ring based in Latvia shut down. European Union authorities arrested eight suspects in an alleged international payment card fraud organization based in Latvia that stole hundreds of thousands of Euros and used stolen card data to make payments in the U.S. and other countries. Source:

13. December 4, Ars Technica – (International) Credit card fraud comes of age with advances in point-of-sale botnets. Researchers at IntelCrawler identified one of the first known point-of-sale (PoS) botnets, a botnet run by a variant of Dexter dubbed StarDust. The botnet is active and has compromised more than 20,000 payment cards since August. Source:

14. December 4, U.S. Department of Justice – (California) Federal agents arrest operators of loan modification scam that targeted struggling homeowners. Federal agents arrested two California men December 3 for allegedly running a fraudulent loan modification scheme under the names Rodis Law Group and America’s Law Group that defrauded homeowners of at least $12 million. Source:

Information Technology Sector

31. December 5, Softpedia – (International) Cybercriminals hijack WP sties with backdoored SEO plugin. Researchers at Sucuri identified a cyberattack that lures owners of WordPress Web sites with a malicious version of a legitimate search engine optimization (SEO) plugin that adds a backdoor to the user’s site and can direct visitors to spam or malicious Web sites. Source:

32. December 4, Threatpost – (International) VMware patches privilege escalation vulnerability. VMware published updates for certain versions of its Workstation, Fusion, ESXi, and ESX products, closing a vulnerability that could allow privilege escalation in older versions of Windows. Source:

33. December 4, IDG News Service – (International) Passwords reset after ‘Pony’ botnet stole 2 million credentials. Online services affected by the Pony botnet’s disclosure of login credentials, including Twitter, Facebook, ADP, and LinkedIn, reset users’ passwords to prevent unauthorized access. Source:

For another story, see item 13 above in the Financial Services Sector

Communications Sector

Nothing to report