Monday, December 9, 2013

Complete DHS Daily Report for December 9, 2013
Daily Report

 • Ice storms throughout Texas caused the cancellation of the Dallas Marathon and shut off power to nearly 267,000 people. – Associated Press

2. December 6, Associated Press – (Texas) Sunday's Dallas Marathon canceled due to ice storm. An ice storm in parts of Texas December 6 prompted the cancellation of the Dallas Marathon and left nearly 268,000 customers in the Dallas-Fort Worth area without power. Source:

 • Cold, ice, and snow throughout the U.S. caused hundreds of flight delays and prompted at least 5 States to declare states of emergency – Associated Press; NBC News; Reuters

9. December 6, Associated Press; NBC News; Reuters – (National) Frozen nation: Cold, ice and snow grip US, threatening roads and power. Freezing winter storms and weather across the U.S. caused the delay of hundreds of flights December 6, including more than 500 flight delays at the Dallas-Fort Worth airport, left an estimated 250,000 people without power, and prompted at least 5 State governors to declare states of emergency. Source:

 • The U.S. FDA is investigating robotic surgery systems used at three Maine hospitals following a manufacturer’s recall in November 11 due to potential issues with units stalling during procedures. – Bangor Daily News

16. December 6, Bangor Daily News – (International) FDA investigating surgical robots used at three Maine hospitals. Intuitive Surgical Inc., the maker of the $1.5 million da Vinci robotic surgery system, issued a recall November 11 alerting customers of potential issues with the medical device affecting up to 1,386 of the instrument arms worldwide. The U.S. Food and Drug Administration is investigating the surgical robot used by three Maine hospitals following reports that the units may stall during procedures. Source:

 • Microsoft teamed up with the FBI, Interpol, Europol, and industry partners to disrupt the ZeroAccess click-fraud botnet. – The Register See item 24 below in the Information Technology Sector


Financial Services Sector

5. December 6, IDG News Service – (International) PayPal DDoS attackers plead guilty, some may walk free. Fourteen defendants accused of participating in a distributed denial of service (DDoS) attack against PayPal in 2010 pleaded guilty in U.S. District Court in California to related charges December 5. Source:

6. December 6, Softpedia – (International) Citadel malware variant captures screenshots of Bitcoin-related websites. Trusteer researchers identified a variant of the Citadel malware that is capable of capturing screenshots when a user accesses Web sites associated with buying, storing, or trading Bitcoins. Source:

7. December 5, Softpedia – (International) Researchers analyze Dexter and Project Hook PoS malware campaigns. Researchers at the Arbor Security Engineering and Research Team published a paper analyzing point-of-sale (PoS) malware campaigns utilizing the Dexter and Project Hook malware. The paper identified three variants of Dexter, one of which is capable of stealing data via FTP, among other findings. Source:

Information Technology Sector

24. December 6, The Register – (International) Microsoft teams up with Feds, Interpol in ZeroAccess botnet zombie hunt. Microsoft, in cooperation with the FBI, Interpol, Europol, and industry partners, launched an effort to disrupt the ZeroAccess click-fraud botnet using sinkholing and other means. The click-fraud operations run by the botnet cost advertisers an estimated $2.7 million per month. Source:

25. December 6, The Register – (International) Fiendish CryptoLocker ransomware survives hacktivists’ takedown. Members affiliated with hacktivist group Malware Must Die attempted to disable command and control servers associated with the CryptoLocker ransomware, suspending 138 targeted domains but failing to eliminate the operation. Source:

26. December 6, Threatpost – (International) Siemens patches authentication bypass flaw in SINAMICS ICS software. Siemens issued a patch that addresses a serious remotely exploitable vulnerability in its SINAMICS S/G industrial control systems (ICS) software that could allow unauthenticated arbitrary actions to be performed. SINAMICS S/G products with firmware versions prior to 4.6.11 are affected. Source:

27. December 5, IDG News Service – (International) Android flashlight app developer settles FTC charges of sharing geolocation data. Goldenshores Technologies agreed to a settlement with the U.S. Federal Trade Commission over the company’s Brightest Flashlight Free app for Android devices that shared its users’ geolocation data with advertising networks without users’ consent. Source:

For additional stories, see items 5, 6, and 7 above in the Financial Services Sector

Communications Sector

28. December 6, FierceTelecom – (National) FCC’s Connect America Fund to expand broadband to nearly 400,000 rural homes and businesses in 41 States. The Federal Communications Commission December 6 authorized $255 million in funding to provide broadband Internet access to rural areas in 41 States. Source:

29. December 5, U.S. Department of Labor – (Mississippi) Louisiana cellular tower company cited by US Department of Labor's OSHA following worker fatality. The U.S. Department of Labor's Occupational Safety and Health Administration proposed penalties totaling $50,400 and cited Custom Tower LLC of Scott, Louisiana, for one willful safety violation following the death of a worker who fell approximately 125 feet while attempting to install a microwave dish on a cellular tower along Highway 149 in Louise. Source: