Wednesday, April 30, 2014




Complete DHS Report for April 30, 2014

Daily Report

Details

 • A former employee of a FedEx facility in Kennesaw, Georgia, entered the facility with a firearm April 29, shot and injured six people before shooting himself at the facility’s loading dock. – WXIA 11 Atlanta

12. April 29, WXIA 11 Atlanta – (Georgia) 3 critical after Kennesaw FedEx shooting; “Rambo” suspect dead. A former employee of a FedEx facility in Kennesaw entered the facility with a firearm April 29 and injured six people before shooting himself at the FedEx facility’s loading dock. Three victims were reported in critical condition and police had not confirmed a motive. Source: http://www.11alive.com/story/news/local/kennesaw/2014/04/29/kennesaw-fedex-shooting/8448813/

 • Crews continued working to extinguish a fire in a 700-foot-long railroad tunnel in Pike County, Kentucky, that began pouring out heavy smoke and fumes April 26 due to the tunnel’s timbers being treated with creosote. – WYMT 57 Hazard

13. April 29, WYMT 57 Hazard – (Kentucky) Fire inside railroad tunnel causing concern in Pike County. Crews continued working to extinguish a fire in a 700-foot-long railroad tunnel in Pike County, Kentucky, that began pouring out heavy smoke and fumes April 26 due to the tunnel’s timbers being treated with creosote. Some schools were closed in the area April 28-29 due to the smoke. Source: http://www.wkyt.com/wymt/home/headlines/Railroad-tunnel-fire-causing-concern-in-Pike-County-257086571.html

 • Adobe released updates for it Flash Player for Windows, Mac, and Linux following the discovery of a new zero-day vulnerability that is being actively exploited in the wild, and advised users to update immediately. – Help Net Security See item 35 below in the Information Technology Sector

 • Six people were injured and 1 person was killed when a driver lost control of his vehicle, struck a fence, and drove into a line of people waiting to enter Farrell’s Ice Cream Parlour in Buena Park, California, April 25. – Associated Press

40. April 27, Associated Press – (California) SUV rams people at ice cream shop; 1 dead, 6 hurt. Six people were injured and 1 person was killed when a driver lost control of his vehicle, struck a fence, and drove into a line of people waiting to enter Farrell’s Ice Cream Parlour in Buena Park April 25. Source: http://news.msn.com/us/suv-rams-people-at-ice-cream-shop-1-dead-6-hurt

Financial Services Sector

10. April 28, Woodland Daily Democrat – (California) Former Woodland loan officer involved in mortgage fraud scheme. A former Delta Homes and Lending loan officer and branch manager from Woodland was charged along with four others for allegedly participating in a mortgage fraud scheme that involved over $10 million in properties and defrauded lenders of at least $4 million. A Sacramento real estate agent pleaded guilty April 28 to running the scheme. Source: http://www.dailydemocrat.com/breakingnews/ci_25655706/former-woodland-loan-officer-involved-mortgage-fraud-scheme

For additional stories, see items 33 and 36 below in the Information Technology Sector

Information Technology Sector

30. April 29, Help Net Security – (International) AOL breach confirmed, bigger than initially thought. AOL confirmed April 28 that attackers breached the company’s systems and networks, leading to a significant increase in spoofed email spam from AOL Mail accounts. Around 500,000 users had their email addresses, postal addresses, address book contacts, encrypted passwords, and encrypted security questions compromised in the breach. Source: http://www.net-security.org/secworld.php?id=16758

31. April 29, Softpedia – (International) Siemens patches Heartbleed bug in industrial products. Siemens published an advisory and updates for several of its industrial control systems (ICS) programs that address the Heartbleed vulnerability in OpenSSL. Some Siemens ICS software remain unpatched, and the company advised users to apply workarounds until a full patch is made available. Source: http://news.softpedia.com/news/Siemens-Patches-Heartbleed-Bug-in-Industrial-Products-439837.shtml

32. April 29, Softpedia – (International) Apple fixes vulnerability that granted anyone access to personal details of developers. Apple closed a vulnerability in its Developer Center’s Radar application that could have been exploited to obtain the contact information of Apple retail and corporate employees and iOS, Mac, and Safari developers. A proof-of-concept was revealed by the researcher who discovered the vulnerability after Apple closed the vulnerability. Source: http://news.softpedia.com/news/Apple-Fixes-Vulnerability-That-Granted-Anyone-Access-to-Personal-Details-of-Developers-439812.shtml

33. April 29, Softpedia – (International) Phishers abuse Microsoft Azure to target PayPal, Apple, and Visa customers. Researchers at Netcraft reported that cybercriminals are making use of 30-day trials of Microsoft’s Azure cloud service to host phishing Web sites. The researchers identified several Azure-hosted phishing pages targeting Apple, Comcast, PayPal, Visa, American Express, and Cielo customers. Source: http://news.softpedia.com/news/Phishers-Abuse-Microsoft-Azure-to-Target-PayPal-Apple-and-Visa-Customers-439800.shtml

34. April 29, The Register – (International) Researchers warn of resurgent Sefnit malware. Researchers at Facebook reported that the Sefnit malware has been seen in use again, but without the use of a Tor client. The malware instead establishes direct connections to one or more command and control servers using a secure Plink connection. Source: http://www.theregister.co.uk/2014/04/29/researchers_warn_of_resurgent_sefnit_malware/

35. April 28, Help Net Security – (International) Flash 0-day exploited in watering hole attacks, Adobe provides patch. Adobe released updates for it Flash Player for Windows, Mac, and Linux following the discovery of a new zero-day vulnerability that is being actively exploited in the wild. Users were advised to update immediately. Source: http://www.net-security.org/secworld.php?id=16750

36. April 28, CNET News – (International) Stop using Microsoft’s IE browser until bug is fixed, US and UK warn. The U.S. Computer Emergency Readiness Team (US-CERT) advised users to stop using the Internet Explorer browser until Microsoft can develop a patch for a recently-disclosed vulnerability that can allow attackers to run malicious code. The vulnerability is currently being used in attacks against U.S. defense and financial organizations, according to FireEye researchers. Source: http://www.cnet.com/news/stop-using-ie-until-bug-is-fixed-says-us/

Communications Sector

37. April 29, Peninsula Daily News – (Washington) KONP-AM signal expected back today after repairs. KONP’s 1450 AM signal was disrupted April 25 after the transmitter’s primary and backup power modules failed, effectively causing the radio station to rely solely on its FM frequency until replacement parts for the transmitter arrived April 29. Source: http://www.peninsuladailynews.com/article/20140429/news/304299979/konp-am-signal-expected-back-today-after-repairs

Tuesday, April 29, 2014




Complete DHS Report for April 29, 2014

Daily Report

Details

 • Authorities are investigating a plane crash over the San Francisco Bay April 27, in which 2 small planes collided in the air sending 1 plane crashing into the bay while the other plane landed later at Eagle’s Nest Airport in Ione, California. – Associated Press

5. April 28, Associated Press – (California) Pilot missing after 2 planes collide in California. The Federal Aviation Administration is investigating a plane crash over the San Francisco Bay April 27, in which 2 small planes collided in the air, sending 1 plane crashing into the bay while the other plane with 2 onboard landed 40 minutes later at Eagle’s Nest Airport in Ione, California. Source: http://news.msn.com/us/2-planes-collide-over-northern-san-francisco-bay

 • Interstate 15 in Beaver County, Utah, was shut down for several hours April 27 after a suspect kidnapped a child and started a high-speed chase, eventually barricading himself and the child in the vehicle for hours before giving up peacefully. – KSL 102.7 FM Salt Lake City

6. April 27, KSL 102.7 FM Salt Lake City – (Utah) I-15 standoff ends as a man holding child hostage surrenders. Interstate 15 in Beaver County, Utah, was shut down for several hours April 27 after a suspect in a homicide investigation in Louisiana kidnapped a 2-year-old child and started a high-speed chase, eventually barricading himself and the child in the vehicle for hours before giving up peacefully. Source: http://www.ksl.com/?sid=29660803&nid=148
 • Authorities arrested 5 nurses of Prime Health LLC in Plaquemine, Louisiana, April 24 in connection to accepting money in exchange for obtaining fake prescriptions for drugs used to make a recreational drug mixture. – Baton Rouge Advocate
15. April 27, Baton Rouge Advocate – (Louisiana) Five booked in ‘purple drank’ investigation. Authorities arrested 5 current and former nurses of Prime Health LLC in Plaquemine April 24 in connection to accepting money during the past 6 months in exchange for obtaining fake prescriptions for drugs used to make a recreational drug mixture consisting of prescription-strength cough syrup. Officials stated that more arrests are expected in the investigation. Source: http://theadvocate.com/home/8994791-125/five-booked-in-purple-drank

 • Microsoft warned users of its Internet Explorer (IE) browser after researchers discovered a critical zero day vulnerability that affects IE 6 through IE 11 and could allow an attacker to use a Flash exploitation technique to remotely execute code. – V3.co.uk See item 19 below in the Information Technology Sector
Financial Services Sector
3. April 25, Atlanta Journal-Constitution – (Georgia) FDIC sues directors and officers of failed Bartow bank. The Federal Deposit Insurance Corporation (FDIC) filed a lawsuit against the former directors and officers of the failed Bartow County Bank in Georgia for allegedly making risky loans and not adhering to the bank’s loan policies, which led to the bank’s collapse and cost the FDIC around $69.5 million. Source: http://www.ajc.com/news/business/fdic-sues-directors-and-officers-of-failed-bartow-/nfhjS/

4. April 25, Associated Press – (National) Ex-Islanders partial owner admits investment fraud. A former partial owner of the New York Islanders pleaded guilty to participating in a 13-year investment fraud scheme that enabled him to misappropriate $50.7 million from investors. The fraud scheme involved securities businesses in Connecticut and California and misappropriated hundreds of millions of dollars from accounts belonging to clients, including university foundations and pension plans. Source: http://abcnews.go.com/Sports/wireStory/islanders-partial-owner-admits-investment-fraud-23471790

Information Technology Sector

19. April 28, V3.co.uk – (International) Critical Microsoft Internet Explorer flaw leaves one in four web users vulnerable. Microsoft warned users of its Internet Explorer (IE) browser after FireEye researchers discovered a critical zero day vulnerability that affects IE 6 through IE 11 and could allow an attacker to use a Flash exploitation technique to remotely execute code. FireEye researchers spotted attacks using the vulnerability targeting IE 9 through IE 11, representing about a quarter of total browser users. Source: http://www.v3.co.uk/v3-uk/news/2341834/critical-microsoft-internet-explorer-flaw-leaves-one-in-four-web-users-vulnerable

20. April 28, Softpedia – (International) 4 vulnerabilities and 38 bugs fixed with the release of MyBB 1.6.13. The latest version of MyBB was released for download, closing 4 security vulnerabilities and addressing 38 functionality bugs. Source: http://news.softpedia.com/news/4-Vulnerabilities-and-38-Bugs-Fixed-With-the-Release-of-MyBB-1-6-13-439653.shtml

21. April 28, Softpedia – (International) Apache Struts 2.3.16.2 released to properly fix zero-day vulnerability. The Apache Software Foundation released an update for its Apache Struts open-source framework, addressing an issue with a previous update that included a fix for a zero day vulnerability that was not efficient. Source: http://news.softpedia.com/news/Apache-Struts-2-3-16-2-Released-to-Properly-Fix-Zero-Day-Vulnerability-439621.shtml

22. April 28, Softpedia – (International) XSS vulnerability in Sohu.com leveraged for large-scale DDoS attacks. The source of a distributed denial of service (DDoS) attack on a client of Incapsula early in April that involved 20 million GET requests was found to be Sohu.com, a popular Chinese Web portal. Incapsula informed Sohu.com of the issue and the site was able to close a cross-site scripting (XSS) vulnerability that was used to power the attack. Source: http://news.softpedia.com/news/XSS-Vulnerability-in-Sohu-com-Leveraged-for-Large-Scale-DDOS-Attacks-439606.shtml

23. April 25, Softpedia – (International) Security patches released for IP.Board 3.3.x and 3.4.x. Invision Power Services released security patches for its IP.Board 3.3.x and 3.4.x products, addressing three file inclusion issues and a cross-site scripting (XSS) vulnerability. Source: http://news.softpedia.com/news/Security-Patches-Released-for-IP-Board-3-3-x-and-3-4-x-439416.shtml

24. April 25, Threatpost – (International) Exploiting Facebook Notes to launch DDoS. A security researcher discovered and reported a method that can be used to launch distributed denial of service (DDoS) attacks through the Facebook Notes feature by using random GET parameters for HTML tags. Facebook stated that they acknowledged the issue but would not change the method the tags are handled because it would degrade user functionality. Source: http://threatpost.com/exploiting-facebook-notes-to-launch-ddos/105701
 
Communications Sector

Nothing to report

Monday, April 28, 2014




Complete DHS Report for April 28, 2014

Daily Report

Details

 • Approximately 8,000 residents in Louisville, Kentucky, were placed under a boil-water advisory after water service was restored and crews continued to repair a 48-inch water main break that spilled millions of gallons and caused several other water mains to burst and flood streets April 24. – WLKY 32 Louisville

11. April 25, WLKY 32 Louisville – (Kentucky) Repair work continues after Highlands water main break. Approximately 8,000 residents in Louisville were placed under a boil-water advisory after water service was restored and crews continued to repair a 48-inch water main break that spilled millions of gallons and caused several other water mains to burst and flood streets and Tyler Park April 24. Repairs to the pipe and roads were expected to take several days. Source: http://www.wlky.com/news/water-main-breaks-near-tyler-park/25640954

 • An April 24 fire at the Mid-Atlantic Family Practice near Lewes, Delaware, left an estimated $1 million in damage and one firefighter injured. – Wilmington News Journal

13. April 25, Wilmington News Journal – (Delaware) Fire destroys medical office near Lewes. An April 24 fire at the Mid-Atlantic Family Practice near Lewes left an estimated $1 million in damage and one firefighter injured, and closed nearby John J. Williams Highway (Delaware 24) for several hours while crews from 11 Sussex County fire companies responded. The fire was caused by a burning cigarette dropped into a disposal unit by the front door. Source: http://www.delawareonline.com/story/news/crime/2014/04/24/fire-destroys-medical-office-near-lewes/8135381/

 • Police are searching for individuals that stole about 200 feet of fiber optic cable from power poles in Snohomish County, Washington, causing roughly 20,000 Comcast residential and business customers to lose Internet, television, and phone service April 24. – KIRO 7 Seattle See item 24 below in the Communications Sector

 • A natural gas explosion at a strip mall in North Bend, Washington, destroyed three buildings and damaged several nearby businesses April 24. – KIRO 7 Seattle

25. April 25, KIRO 7 Seattle – (Washington) 3 buildings destroyed in massive North Bend explosion. A natural gas explosion at a strip mall in North Bend destroyed three buildings and damaged several nearby businesses April 24. Nearby apartments were evacuated due to concerns of additional gas explosions, while Puget Sound Energy crews worked to contain the leak. Source: http://www.kirotv.com/news/news/explosion-fire-reported-north-bend/nfhXz/

Financial Services Sector

3. April 25, Softpedia – (International) Nine members of cybercrime ring sentenced to a total of 24 years for attacks on banks. Nine men found guilty of stealing around $2.1 million from Barclays and Santander banks were sentenced by a U.K. court to serve a total of 24 years and 9 months. The group used keyboard, video, mouse (KVM) switches to transfer money from the banks, and also intercepted around one million letters to obtain payment cards that were then used to make fraudulent purchases. Source: http://news.softpedia.com/news/Nine-Members-of-Cybercrime-Ring-Sentenced-to-a-Total-of-24-Years-for-Attacks-on-Banks-439394.shtml

Information Technology Sector

19. April 25, Softpedia – (International) Heartbleed bug patched on all US government websites. Trend Micro researchers reported that less than 10 percent of Web sites remain vulnerable to the Heartbleed flaw in OpenSSL, with all U.S. government Web sites patched. Distil Networks researchers also reported that 84 percent of the top 10,000 global Web sites have applied patches to close the vulnerability. Source: http://news.softpedia.com/news/Heartbleed-Bug-patched-on-All-US-Government-Websites-439271.shtml

20. April 24, Threatpost – (International) Apache warns of faulty zero day patch for Struts. The Apache Software Foundation (ASF) released an advisory April 24 stating that a patch issued in March to close a zero day vulnerability in Apache Struts did not completely close the vulnerability. The advisory stated that a new patch would likely be released within 72 hours, and ASF provided a temporary mitigation for users to apply until then. Source: http://threatpost.com/apache-warns-of-faulty-zero-day-patch-for-struts/105691

21. April 24, SC Magazine – (International) No encryption means easy compromise of Viber location data, communications. Researchers with the University of New Haven Cyber Forensics Research & Education Group reported that the Viber text message and voice over IP (VoIP) service manages data in an unencrypted form that could allow attackers and service providers to intercept data being sent and stored. Source: http://www.scmagazine.com/no-encryption-means-easy-compromise-of-viber-location-data-communications/article/344109/

22. April 24, Threatpost – (International) NetSupport Manager vulnerability could lead to data leakage. A researcher at SpiderLabs reported finding a vulnerability in NetSupport Manager that could allow an attacker to bypass Windows and Domain credentials and remotely connect to and compromise hosts. Source: http://threatpost.com/netsupport-manager-vulnerability-could-lead-to-data-leakage/105682

23. April 24, Softpedia – (International) Spammers use non-Latin characters to evade spam filters. Kaspersky Lab researchers found that spammers have recently started replacing regular characters in spam emails with similar-looking non-Latin characters in an attempt to evade spam filters. Source: http://news.softpedia.com/news/Spammers-Use-Non-Latin-Characters-to-Evade-Spam-Filters-439215.shtml

Communications Sector

24. April 24, KIRO 7 Seattle – (Washington) Police: Wire thieves cut service to 20,000 Comcast customers. Police are searching for individuals that stole about 200 feet of fiber optic cable from power poles in Snohomish County, causing roughly 20,000 Comcast residential and business customers to lose Internet, television, and phone service April 24 until crews completed repairs. Source: http://www.kirotv.com/news/news/police-wire-thieves-cut-service-20000-comcast-cust/nfhSR/