Complete DHS Daily Report for December
20, 2013
Daily Report
• A large fire that broke out at a recycling
facility located on a U.S. Environmental Protection Agency Superfund site in
Hickman County, Tennessee, caused officials to evacuate surrounding schools and
homes. – Associated Press
2.
December 19, Associated Press – (Tennessee) Fire crews make progress
in Tenn. industrial fire. A large fire that broke out December 18 at a
plastics and metals recycling facility located on a U.S. Environmental
Protection Agency Superfund site in Hickman County caused officials to evacuate
students from four surrounding schools and nearby residents from homes due to
concerns over two 1000-pound propane tanks on the property. Source: http://abcnews.go.com/US/wireStory/crews-evacuate-fire-tenn-superfund-site-21265135
• Target confirmed reports that criminals
stole the payment card information of around 40 million customers at stores
across the U.S. – IDG News Service See item 4 below in the Financial Services Sector
• A suspect known as the “Ball Cap Bandit”
pleaded guilty to committing 11 bank robberies in north Alabama and Tennessee
between February 2012 and March 2013. – AL.com See item 8
below in the Financial Services Sector
• Researchers developed an attack method that
can extract full 4096-bit RSA keys by using a microphone or cell phone to
listen to the sound generated by a computer’s CPU operations. – Softpedia See item 22
below in the Information Technology
Sector
Details
Financial Services Sector
4. December 19, IDG News Service – (National) Target
says hackers likely accessed 40 million cards. Target confirmed December 18
reports that criminals stole the payment card information of around 40 million
customers at stores across the U.S., possibly by tampering with card swiping
machines. Investigators found that the breach may have lasted from November 28
to December 15. Source: http://www.computerworld.com/s/article/9244891/Target_says_hackers_likely_accessed_40_million_cards
5. December 19, Beaumont Enterprise – (Texas) Beaumont
jury convicts man found with 158 fraudulent credit cards. An Ohio man was
convicted of credit card fraud in Beaumont, Texas, December 18 after he was
found in possession of 158 fraudulent credit cards and a card encoder during a
traffic stop. Source: http://www.beaumontenterprise.com/news/article/Beaumont-jury-convicts-man-found-with-158-5078389.php
6. December 19, Softpedia – (International) ZeuS trojan
variant targets accounts of BTC China customers. Trusteer researchers
discovered a variant of the Zeus banking trojan that is designed to steal the
login and one-time password information from customers of BTC China and other
Bitcoin exchanges. Source: http://news.softpedia.com/news/ZeuS-Trojan-Variant-Targets-Accounts-of-BTC-China-Customers-410680.shtml
7. December 18, Reuters – (New Jersey) New Jersey sues
Credit Suisse over mortgage securities. The attorney general of New Jersey
filed a lawsuit December 18 against Credit Suisse, accusing it of
misrepresenting the risk involved in more than $10 billion of residential mortgage-backed
securities. Source: http://www.reuters.com/article/2013/12/18/us-creditsuisse-lawsuit-idUSBRE9BH0VO20131218
8. December 18, AL.com – (Alabama; Tennessee) ‘Ball Cap
Bandit’ pleads guilty to 11 bank robberies in north Alabama, Tennessee during
yearlong spree. A suspect known as the “Ball Cap Bandit” pleaded guilty
December 18 to committing 11 bank robberies in north Alabama and Tennessee
between February 2012 and March 2013, stealing more than $63,000. Source: http://blog.al.com/breaking/2013/12/ball_cap_bandit_pleads_guilty.html
9. December 18, Westerly Sun – (Rhode Island) First
arrest made in credit card scam at Westerly restaurant. Police in Norwich
reported that a woman was charged in connection with reports of payment card
skimming at a restaurant in Norwich connected to at least 34 incidents of
fraud. Police suspect that others were involved in a broader skimming
operation. Source: http://www.thewesterlysun.com/news/policecourts/3177578-129/first-arrest-made-in-credit-card-scam-at-westerly-restaurant.html
Information Technology Sector
21. December 19, Help Net Security – (International) OpenX/Revive
Adserver zero-day actively exploited in the wild. A researcher discovered a
zero-day vulnerability in open-source advertising server OpenX Source that
could allow an attacker to gain back-end access. The researcher reported that
the vulnerability is being actively exploited in the wild. Source: http://www.net-security.org/secworld.php?id=16136
22. December 19, Softpedia – (International) Full
4096-bit RSA keys extracted by listening to the sound made by computers. Researchers
reported in a paper that they developed an attack method that can extract full
4096-bit RSA keys by listening to the sound generated by a computer’s CPU
operations. The sound can be picked up by dedicated microphones or by a phone.
Source: http://news.softpedia.com/news/Full-4096-bit-RSA-Keys-Extracted-by-Listening-to-the-Sound-Made-by-Computers-410710.shtml
23. December 19, The Register – (International) Macbook
webcams CAN spy on you – and you simply CAN’T TELL. Researchers confirmed
that the webcams in MacBooks can be used to spy on users without an LED warning
light being turned on. The researchers released a proof-of-concept
demonstrating how the hardware interlock that normally ties camera and LED
activation together can be disabled to allow independent operation of either.
Source: http://www.theregister.co.uk/2013/12/19/apple_isight_webcam_led_hack/
24. December 18, Dark Reading – (International) Washington
Post servers infiltrated, employee credentials stolen. The Washington Post
confirmed that some of its servers were compromised by attackers who were able
to access encrypted employee usernames and passwords. Source: http://www.darkreading.com/attacks-breaches/washington-post-servers-infiltrated-empl/240164882
Communications Sector
Nothing to
report