Tuesday, September 30, 2014



Complete DHS Report for September 30, 2014

Daily Report

Top Stories

 · An air traffic control facility in Aurora, Illinois, is expected to be restored to full service by October 13 following a September 26 fire that prompted the cancelation of about 3,800 flights across the U.S. between September 26 and September 28. – Reuters 

10. September 28, Reuters – (Illinois) FAA wants to restore Chicago air traffic site by mid-October. Federal Aviation Administration officials reported September 28 that a regional air traffic control facility in Aurora, is expected to be restored to full service by October 13 after crews complete repairs and replace the central communications network in the building following a fire that was intentionally set by a field technician September 26. An estimated 3,800 flights were canceled across the U.S. between September 26 and September 28 as a result of the incident. Source: http://news.yahoo.com/faa-wants-restore-chicago-air-traffic-mid-october-001045762--finance.html

 · A water-boil alert in Mercer Island, Washington, was lifted September 29 after E. coli was detected in water samples from the city’s distribution system September 26 which prompted the closure of area schools and 62 businesses. – Seattle Times

21. September 29, Seattle Times – (Washington) Mercer Island lifts water-boil alert Monday morning; schools closed. Officials lifted a water-boil alert in Mercer Island September 29 and advised residents to flush pipes and clear ice makers after water samples tested negative for E. coli following detection of the bacteria in water samples from the city’s distribution system September 26. Mercer Island School district was closed September 29 to sanitize the schools’ facilities and 62 businesses were ordered closed until the boil-water advisory was lifted. Source: http://blogs.seattletimes.com/today/2014/09/tests-improve-but-water-boil-alert-remains-for-mercer-island/

 · An accident involving a North Central Texas College bus left 4 students dead and 12 others injured when the bus was hit by a semi-truck on Interstate 35 in Oklahoma September 26. – CNN

27. September 27, CNN – (Oklahoma) 4 killed when semi hits bus carrying Texas college softball team in Oklahoma. An accident involving a North Central Texas College bus left 4 students dead and 12 others injured when the bus was hit by a semi-truck on Interstate 35 in Oklahoma September 26. Source: http://www.cnn.com/2014/09/27/us/oklahoma-school-bus-accident/

 · Signature Systems reported September 26 that the breach of its point-of-sales system may have compromised the systems of an additional 108 independent restaurants across the U.S. that utilizes its payment products. – IDG News Service

38. September 26, IDG News Service – (International) Credit card breach that hit Jimmy John's is larger than originally thought. Signature Systems reported September 26 that the breach of its point-of-sales system that affected 216 Jimmy John’s sandwich shop locations also may have compromised the systems an additional 108 independent restaurants across the U.S. that use its payment products. The intrusion is believed to have started June 16 when hackers used stolen credentials to remotely install malware onto stores’ payment terminals that is capable of stealing customers’ payment card information. Source: http://www.networkworld.com/article/2688453/security/credit-card-breach-that-hit-jimmy-johns-is-larger-than-originally-thought.html

Financial Services Sector

38. September 26, IDG News Service – (International) Credit card breach that hit Jimmy John's is larger than originally thought. Signature Systems reported September 26 that the breach of its point-of-sales system that affected 216 Jimmy John’s sandwich shop locations also may have compromised the systems an additional 108 independent restaurants across the U.S. that use its payment products. The intrusion is believed to have started June 16 when hackers used stolen credentials to remotely install malware onto stores’ payment terminals that is capable of stealing customers’ payment card information. Source: http://www.networkworld.com/article/2688453/security/credit-card-breach-that-hit-jimmy-johns-is-larger-than-originally-thought.html

Information Technology Sector

30. September 29, Softpedia – (International) New remote code execution flaws found in Shellshock-patched Bash. Researchers found four additional vulnerabilities with the Bash command interpreter for Linux, Shellshock, two of which were unofficially patched after new changes to the code. The two new bugs that remain could be exploited remotely and in an easier way due to the rare use of address space layout randomization (ASLR) when compiling Bash. Source: http://news.softpedia.com/news/New-Remote-Code-Execution-Flaws-Found-In-Shellshock-Patched-Bash-460348.shtml

31. September 29, Softpedia – (International) Ello social network recovers after DDoS attack. Administrators with Ello, a social networking site, announced they blocked a bad IP address that was responsible for sending junk traffic after reporting the site was under an apparent distributed denial of service (DDoS) attack. Source: http://news.softpedia.com/news/Ello-Social-Network-Recovers-After-DDoS-Attack-460324.shtml

32. September 29, Softpedia – (International) Cisco lists 31 products vulnerable to the Shellshock vulnerability. Cisco released a list of 31 products vulnerable to the Shellshock glitch which included connection routing, network management, and media content delivery and encoding, among others. Oracle also released a list of 32 products vulnerable to attack by the Bash bug after the company changed its initial list and appended new products. Source: http://news.softpedia.com/news/Cisco-Lists-31-Products-Vulnerable-To-the-Shellshock-Vulnerability-460303.shtml

33. September 26, SC Magazine – (International) iThemes users asked to change passwords following attack. The CEO if iThemes, a WordPress themes, plugins, and training provider, advised 60,000 past and current users to reset their passwords following an attack on its membership database that may have compromised usernames, email addresses, passwords, names, IP addresses, and purchase information. Source: http://www.scmagazine.com/ithemes-users-asked-to-change-passwords-following-attack/article/373939/

Communications Sector

34. September 25, U.S. Department of Labor – (Kansas) Wireless Horizon tower collapse results in deaths of 2 cell tower workers. The Occupational Safety and Health Administration cited Wireless Horizon, Inc., September 25 for 2 willful and 4 serious safety violations and placed the company in the Severe Violator Enforcement Program following the March 25 death of 2 workers from the collapse of a cell tower they were dismantling in Kansas. Proposed fines total $134,400. Source: https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=NEWS_RELEASES&p_id=26781

Monday, September 29, 2014



Complete DHS Report for September 29, 2014

Daily Report

Top Stories

 · Authorities arrested and charged 3 individuals for stealing, selling, and buying 6,000 Roxicodone pills worth $180,000 which were taken from a pharmacy in Monroe, North Carolina. – WSOC 9 Charlotte

26. September 24, WSOC 9 Charlotte – (North Carolina) Police: Man bought 6,000 stolen pills worth $180K. Authorities arrested and charged 3 individuals for stealing, selling, and buying 6,000 Roxicodone pills worth $180,000 which were taken from a pharmacy in Monroe. Police reported that one of the suspects stole bottles of pills for over a year while they were employed. Source: http://www.wsoctv.com/news/news/local/police-man-bought-6000-stolen-pills-worth-180k/nhTGz/

· Fifteen football players at Springbrook High School in Montgomery County, Maryland, suffered burns or rashes during practice September 16 when a cleaning agent was inadvertently sprayed on their football pads and helmets. – Associated Press

27. September 25, Associated Press – (Maryland) Springbrook High School football players suffer chemical burns from cleaning products. Fifteen football players at Springbrook High School in Montgomery County suffered first-and second-degree burns or rashes during practice September 16 when a cleaning agent was inadvertently sprayed on their football pads and helmets. A trainer had ordered for only the locker room to be cleaned with the chemical after a player was suspended due to a staph infection. Source: http://www.wjla.com/articles/2014/09/springbrook-high-school-football-player-suffer-chemical-burns-from-cleaning-products-107456.html

 · A researcher found a security vulnerability in the GNU Bourne Again Shell (Bash) command interpreter named Shellshock used in several Unix-based operating systems that poses the risk of remote code execution. – Softpedia See item 32 below in the Information Technology Sector

 · Jimmy John’s Gourmet Sandwiches officials confirmed September 24 that stolen credentials were used by an undisclosed party to remotely log into the point-of-sale systems of about 216 of the company’s stores nationwide. – Boulder Daily Camera

40. September 24, Boulder Daily Camera – (National) Jimmy John’s confirms data breach at 216 shops, including in Longmont, Broomfield. Jimmy John’s Gourmet Sandwiches officials confirmed September 24 that stolen credentials were used by an undisclosed party to remotely log into the point-of-sale systems of about 216 of the company’s stores nationwide between June 16 and September 5. Officials reported that breach affected transactions in which payment cards were swiped at the stores, and has since been contained. Source: http://www.dailycamera.com/boulder-business/ci_26596775/jimmy-johns-confirms-data-breach-at-216-shops

Financial Services Sector

10. September 25, Bucks County Courier Times – (Pennsylvania) FBI: New Britain bank robber has struck 3 times. The FBI asked for the public’s help in identifying a suspect after determining that the individual was responsible for the September 24 robbery of a New Britain Township Wells Fargo Bank branch, the third robbery linked to the suspect. During the September 24 robbery the suspect fired one shot from a handgun into the ceiling of the bank. Source: http://www.buckscountycouriertimes.com/news/local/fbi-new-britain-bank-robber-has-struck-times/article_d3c373b7-b94f-5979-a857-f47ef26ad058.html

11. September 23, Fort Lauderdale Sun-Sentinel – (Florida) Suspect wounded in bank shootout; 2 tellers injured. A Palm Beach County man was injured during a shootout with police after he opened fired while attempting to flee from a TD Bank branch in Palm Springs where he had assaulted two tellers during a robbery September 23. Police apprehended the suspect at the scene. Source: http://articles.sun-sentinel.com/2014-09-23/local/fl-palm-springs-shooting-20140923_1_td-bank-two-bank-employees-tellers

Information Technology Sector

32. September 25, Softpedia – (International) Bash bug “Shellshock” is as large as issue as Heartbleed. A researcher found a security vulnerability in the GNU Bourne Again Shell (Bash) command interpreter named Shellshock available through versions 1.14 and 4.3 and used in several Unix-based operating systems such as Linux and Mac OS X that poses the risk of remote code execution and can be executed in many ways by applications. A patch was issued for the vulnerability CVE-2014-6271 but remained incomplete, and a second vulnerability, CVE-2014-7169, that was issued as a result remains unpatched. Source: http://news.softpedia.com/news/Bash-Bug-Shellshock-Is-As-Large-An-Issue-As-Heartbleed-459913.shtml

33. September 25, Securityweek – (International) Critical signature forgery flaw found in Mozilla NSS crypto library. Mozilla released an update for its products and Google updated Chrome and Chrome OS to address the “BERserk” vulnerability exposed by two independent researchers from Intel Security Advanced Threat Research Team and INRIA Paris-Rocquencourt who found that the Mozilla Network Security Services (NSS) cryptographic library can be exploited for signature forgery acts. The hackers can leverage the flaw in the parsing of ASN.1 encoded messages which use Basic Encoding Rules (BER) by exploiting the fact that the length of a field in BER can be made to use many bytes of data. Source: http://www.securityweek.com/critical-signature-forgery-flaw-found-mozilla-nss-crypto-library

34. September 24, Threatpost – (International) More trouble for jQuery as second compromise reported. JQuery, an open source JavaScript library, worked to mitigate a second compromise after its site’s homepage was defaced. Representatives announced that the Web site was taken down and cleaned of infected files and that the company is working on re-securing its servers, and working to address vulnerabilities. Source: http://threatpost.com/more-trouble-for-jquery-as-second-compromise-reported/108510

35. September 24, Securityweek – (International) SMB employees targeted with fake termination emails: Bitdefender. Researchers at Bitdefender warned employees and IT administrators of small and medium-sized businesses about a rash of fake emails claiming false termination that is designed to distribute information-stealing malware using an ARJ file archiver. Once the attached file is decompressed and executed, the malware opens a clean rich text format (RTF) document which connects to attackers who execute instructions to the victim. Source: http://www.securityweek.com/smb-employees-targeted-fake-termination-emails-bitdefender

36. September 24, Network World – (International) Apple yanks buggy iOS 8 update. Apple pulled its iOS 8.0.1 update and is working on a patch after reports that the update was cutting off cell service and making the Touch ID fingerprint sensor inoperable. Source: http://www.networkworld.com/article/2687496/smartphones/apple-yanks-ios-8-update.html

Communications Sector

37. September 23, Redmond Reporter – (Washington) Frontier has restored 99 percent of customers’ FiOS services; no copper services have been restored. Nearly all television, telephone, high-speed Internet, FiOS broadband, and 9-1-1 services were restored September 23 after a construction crew working on the Redmond Way Stormwater Treatment Facility project cut through fiber and copper cables and disrupted Frontier Communications services for roughly 6,000 residential and business customers in Redmond September 20. Copper-wired services remained down with repair work expected to continue through the weekend of September 27. Source: http://www.redmond-reporter.com/news/276197281.html