Complete DHS Report for February 20, 2014
Daily Report
Details
• The North Carolina Division of Water Resources
ordered Duke Energy to stop the flow of contaminated water at its Eden power
plant February 18, after learning that groundwater containing unsafe levels of
arsenic is still pouring into the Dan River. – Associated Press
1.
February 19, Associated Press – (North Carolina) Toxins leaking from
second pipe at N.C. coal ash dump. The North Carolina Division of Water
Resources ordered Duke Energy to stop the flow of contaminated water coming out
of a pipe that runs under a coal ash dump at its Eden power plant February 18,
after learning that the groundwater containing unsafe levels of arsenic is
still pouring into the Dan River. Source: http://www.bdtonline.com/apnational/x1783679477/Toxins-leaking-from-second-pipe-at-N-C-coal-ash-dump
• Halliburton Energy Services was fined $1.8
million by the Pennsylvania Department of Environmental Protection for
violating record keeping requirements about 255 times between 1999 and 2011. – Pittsburgh
Post-Gazette
2.
February 18, Pittsburgh Post-Gazette – (Pennsylvania) Halliburton
fined $1.8 million over disposal. Halliburton Energy Services was fined
$1.8 million by the Pennsylvania Department of Environmental Protection for
transporting, processing, and disposing of hydrochloric acid without
classifying it as a hazardous substance, violating record keeping requirements
about 255 times between 1999 and 2011. Source: http://www.post-gazette.com/business/2014/02/18/State-fines-Hallibutron-1-8-million-for/stories/201402180151
• California health officials stated February
18 that 10 communities are at acute risk of running out of drinking water and
well water is at risk of being concentrated with contaminants due to a severe
drought in the State. – Reuters
18.
February 19, Reuters – (California) Water contamination feared from
California drought. California health officials stated February 18 that 10
communities are at acute risk of running out of drinking water in 60 days due
to a severe drought in the State, and well water in rural communities are at
particular risk of becoming more concentrated with contaminants due to less
water available to dilute them. Source: http://news.msn.com/us/water-contamination-feared-from-california-drought
• Researchers believe the medical records and payment
information documents that they found on a Web site was posted by individuals
who gained access to SigmaCare software, designed by eHealth Solutions Inc. – Wall
Street Journal
20.
February 18, Wall Street Journal – (National) Nursing homes are
exposed to hacker attacks. Two cybersecurity firms found a Web site
containing documents that could allow hackers to potentially obtain electronic
medical records and payment information from health care providers. Researchers
believe the information was posted by individuals who gained access to
SigmaCare software, designed by eHealth Solutions Inc., although the company is
unaware of how the files were accessed. Source: http://online.wsj.com/news/articles/SB10001424052702304899704579389171658671940
Financial Services Sector
5.
February 18, Softpedia – (National) Bank of the West job applicants
told that hackers might have stolen their details. Bank of the West began
notifying employment applicants in February that its Web site was breached and
any personal information submitted may have been stolen by hackers. Source: http://news.softpedia.com/news/Bank-of-the-West-Job-Applicants-Told-That-Hackers-Might-Have-Stolen-Their-Details-427708.shtml
6.
February 18, SC Magazine – (International) New variant of Zeus
banking trojan concealed in JPG images. Researchers identified a new
variant of the Zeus banking trojan, ZeusVM, that is concealed in a JPG image
file to avoid detection by security software. The JPG image files contain the
malware configuration files that are needed to launch man-in-the-middle and
man-in-the-browser attacks and allow attackers to collect personal information
and perform online transactions. Source: http://www.scmagazine.com/new-variant-of-zeus-banking-trojan-concealed-in-jpg-images/article/334477/
Information Technology Sector
29. February 19, V3.co.uk – (International) Microsoft
crash reports reveal Houdini hack campaign hitting firms. A security
researcher from Websense found a new hack campaign utilizing the Houdini remote
access trojan (RAT) targeting a mobile network operator and government body
while cross-referencing Microsoft application and software crash reports.
Source: http://www.v3.co.uk/v3-uk/news/2329562/microsoft-crash-reports-reveal-houdini-hack-campaign-hitting-firms
30. February 19, Network World – (International) Zeus
malware-botnet variant spotted ‘crawling’ Salesforce.com. Adallom
researchers found that the Zeus trojan, malware known to steal banking
credentials, was targeting Windows-based computers in order to swipe business
data from the SalesForce Web site through a kind of Web-crawling action.
Source: http://www.networkworld.com/news/2014/021914-zeus-malware-278711.html
31. February 19, Softpedia – (International) Two
different cybercriminal groups are using IE 10 zero-day in their operations. Security
experts believe that two different cybercriminal groups are responsible for an
attack on the U.S. Veterans of Foreign Wars Web site and an attack involving
the French aerospace industries association, but both groups utilized the same
IE zero-day exploit. Source: http://news.softpedia.com/news/Two-Different-Cybercriminal-Groups-Are-Using-IE-10-Zero-Day-in-Their-Operations-427949.shtml
32. February 19, Softpedia – (International) DoS, XSS,
and data injection flaws fixed in Rails 4.0.3, 3.2.17 and 4.1.0.beta2. Ruby
on Rails released fixes to address three vulnerabilities, including a data
injection flaw impacting Active Record, a cross-site scripting (XSS)
vulnerability, and a denial-of-service (DoS) issue in Action View. Source: http://news.softpedia.com/news/DOS-XSS-and-Data-Injection-Flaws-Fixed-in-Rails-4-0-3-3-2-17-and-4-1-0-beta2-428015.shtml
33. February 19, Help Net Security – (International) US
businesses suffered 660,000 internal security breaches. Researchers at IS
Decisions found that in the last 12 months, over 660,000 internal security
breaches took place in U.S. businesses, and only about 17 percent of
information technology managers consider insider threats to be a top priority
for their organization. Source: http://www.net-security.org/secworld.php?id=16379
34. February 18, Softpedia – (International) Hackers
posted details of 300,000 accounts on Pastebin in the last 12 months. Researchers
discovered that in the last 12 months, over 300,000 accounts’ credentials were
published on Pastebin through two main sources of information leaks including,
insecure Web applications and compromised user machines with installed trojans.
Source: http://news.softpedia.com/news/Hackers-Posted-Details-of-300-000-Accounts-on-Pastebin-in-the-Last-12-Months-427658.shtml
For another story, see item 6 above in the Financial Services Sector
Communications Sector
Nothing to
report
No comments:
Post a Comment