Friday, October 31, 2014



Complete DHS Report for October 31, 2014

Daily Report

Top Stories

 · Superior Crude Gathering Inc., agreed October 29 to pay $1.6 million in penalties to settle alleged violations of the Clean Water Act stemming from a 92,400 gallon crude oil spill from tanks at the company’s oil storage facility in Ingleside, Texas, into an unnamed lake and wetlands in 2010. – U.S. Environmental Protection Agency

1. October 29, U.S. Environmental Protection Agency – (Texas) Texas company to pay $1.6M for oil spill violations. The U.S. Environmental Protection Agency and the U.S. Department of Justice reached a settlement with Texas-based Superior Crude Gathering Inc., (Superior Crude) October 29 for alleged violations of the Clean Water Act stemming from a 92,400 gallon crude oil spill from tanks at the company’s oil storage facility in Ingleside into an unnamed lake and wetlands in 2010. Superior Crude will pay a $1.6 million civil penalty. Source: http://yosemite.epa.gov/OPA/ADMPRESS.NSF/d0cf6618525a9efb85257359003fb69d/0bcc7b168f89d77f85257d8000674455

 · Developers warned that Drupal Web sites that were not patched within 7 hours of the disclosure of a critical SQL injection vulnerability October 15 should be considered compromised and advised admins to restore their sites. – The Register See item 24 below in the Information Technology Sector

 · The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning about an ongoing attack campaign targeting human machine interface (HMI) products used in industrial control systems. – Securityweek See item 28 below in the Information Technology Sector

 · The Chickamauga Lock was shut down and traffic on the Tennessee River stalled near Chattanooga, Tennessee, after the U.S. Army Corps of Engineers discovered an upper gate anchorage issue during a routine inspection October 27. – WBIR 10 Knoxville

35. October 28, WBIR 10 Knoxville – (Tennessee) Chickamauga Lock closed for repairs. The Chickamauga Lock was shut down and traffic on the Tennessee River stalled near Chattanooga after the U.S. Army Corps of Engineers discovered an upper gate anchorage issue during a routine inspection October 27 that requires immediate repair. The closure is expected to last approximately 3 weeks. Source: http://www.wbir.com/story/news/local/2014/10/28/chickaumaga-lock-closed-for-repairs/18064139/

Financial Services Sector

3. October 29, Reuters – (Illinois; Indiana) Twenty-nine charged in Chicago with ‘cracking cards’ bank fraud scheme. Prosecutors filed federal and State charges against 29 people in the Chicago area and in Hammond, Illinois, for allegedly running a bank fraud scheme that recruited individuals to hand over debit cards and then cash fraudulent checks to the accounts, causing bank losses of more than $1.7 million. Source: https://news.yahoo.com/twenty-nine-charged-chicago-cracking-cards-bank-fraud-181808332.html

4. October 29, IDG News Service – (International) Cybercriminals create platform for automating rogue credit card charges. Researchers with IntelCrawler reported that a Web-based application known as Voxis Platform that automates purchases from stolen payment card data has been sold on underweb markets since August. The application purports to use 32 different payment gateways and other methods to mimic normal card use and avoid detection. Source: http://www.networkworld.com/article/2840753/cybercriminals-create-platform-for-automating-rogue-credit-card-charges.html

For another story, see item 33 below from the Commercial Facilities Sector

33. October 30, Softpedia – (International) Mobile payment app contender CurrentC sees testers’ details stolen. Merchant Customer Exchange (MCX) notified adopters of CurrentC, a mobile payment app currently hosted in a trial phase, of an intrusion that revealed the email addresses of those with accounts for the testing program. The company reported that it is investigating and believes the intrusion was a result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml

Information Technology Sector

24. October 30, The Register – (International) Drupalocalypse! Devs say it’s best to assume your CMS is owned. The developers of the Drupal content management system (CMS) warned that Drupal Web sites that were not patched within 7 hours of the disclosure of a critical SQL injection vulnerability October 15 should be considered compromised due to the simplicity of the vulnerability and how quickly it was leveraged by attackers. The developers advised affected admins to restore their sites from backup since applying the patch would only close the vulnerability to future use, not remove any malware already in place. Source: http://www.theregister.co.uk/2014/10/30/drupal_sites_considered_hosed_if_sqli_hole_unclosed/

25. October 30, Threatpost – (International) Popular Science website infected, serving malware. Researchers from Websense Security Lab discovered and reported that the Web site of Popular Science magazine was compromised and injected with a malicious iFrame that redirects users to a site hosting the RIG Exploit Kit. Source: http://threatpost.com/popular-science-website-infected-serving-malware/109089

26. October 30, Securityweek – (International) “AirHopper” malware uses radio signals to steal data from isolated computers. Researchers at the Ben Gurion University created a proof-of-concept malware dubbed AirHopper that was used to demonstrate a data exfiltration attack against air gapped systems using radio signals produced by the target system’s graphics card. The attack requires adding the malware to the target system and installing malicious code onto a nearby mobile device in order to set up the channel for transmitting the data sent from the target system. Source: http://www.securityweek.com/airhopper-malware-uses-radio-signals-steal-data-isolated-computers

27. October 29, Softpedia – (International) Gmail drafts used to exfiltrate data and send malicious instructions. Shape Security researchers identified and reported a new variant of the IcoScript remote access trojan (RAT) that uses draft Gmail email messages to communicate with its operator and receive instructions in order to avoid detection. The researchers stated that the malware strain appears limited to use in targeted attacks. Source: http://news.softpedia.com/news/Gmail-Drafts-Used-to-Exfiltrate-Data-and-Send-Malicious-Instructions-463495.shtml

28. October 29, Securityweek – (International) ICS-CERT warns of ongoing attack campaign targeting industrial control systems. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning about an ongoing attack campaign targeting human machine interface (HMI) products used in industrial control systems including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC products. The campaign uses a variant of the BlackEnergy malware and shares the same command and control infrastructure as the Sandworm campaign team. Source: http://www.securityweek.com/ics-cert-warns-ongoing-attack-campaign-targeting-industrial-control-systems

29. October 29, Securityweek – (International) Microsoft releases Fix It tool to disable SSL 3.0 in IE to muzzle Poodle attack. Microsoft released a Fix It tool that allows users to disable SSL 3.0 in all supported versions of Internet Explorer, closing the vulnerability used in the POODLE attack. The company also announced that it will disable SSL 3.0 and fallback to SSL 3.0 by default in its products in the months ahead. Source: http://www.securityweek.com/microsoft-releases-fix-it-tool-disable-ssl-30-ie-muzzle-poodle-attack

For another story, see item 33 below from the Commercial Facilities Sector

33. October 30, Softpedia – (International) Mobile payment app contender CurrentC sees testers’ details stolen. Merchant Customer Exchange (MCX) notified adopters of CurrentC, a mobile payment app currently hosted in a trial phase, of an intrusion that revealed the email addresses of those with accounts for the testing program. The company reported that it is investigating and believes the intrusion was a result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml

Communications Sector

30. October 29, Detroit News – (Michigan) Auburn Hill man charged in cut to land line wire. An Auburn Hills man was indicted October 28 on charges related to cutting a fiber optic wire belonging to AT&T and Comcast and disrupting phone service to as many as 600 residents, preventing them from calling emergency services. Source: http://www.detroitnews.com/story/news/local/oakland-county/2014/10/29/auburn-hill-man-charged-cut-land-line-wire/18104543/

Thursday, October 30, 2014



Complete DHS Report for October 30, 2014

Daily Report

Top Stories

 · Mag-Plant in Attica, Kansas, will remain closed for several days following a fire that ignited in a cooling tower at the refinery October 28. – KWCH 12 Hutchinson

3. October 28, KWCH 12 Hutchinson – (Kansas) Large fire contained at Harper Co. plant. Officials reported that the Mag-Plant in Attica will remain closed for several days following a fire that ignited in a cooling tower at the refinery October 28. The plant was evacuated safely and authorities are investigating the incident. Source: http://www.kwch.com/news/local-news/large-fire-breaks-out-at-harper-co-plant/29392506

 · Federal authorities charged 28 people, including a former TCF Bank branch supervisor and former Central Bank teller in Minnesota, for allegedly running a bank fraud scheme that used around 1,500 counterfeit checks to steal or attempt to steal over $2 million from banks in several States. – Minneapolis Star Tribune See item 8 below in the Financial Services Sector

 · Two Philadelphia, Pennsylvania men were charged by federal authorities for allegedly conspiring to extort victims out of more than $5.8 million by threatening them into paying money onto MoneyPak prepaid debit cards, which the two men allegedly transferred to Green Dot Cards under their control. – Newark Star-Ledger See item 9 below in the Financial Services Sector

 · Comcast agreed to pay $16.7 million to subscribers in Philadelphia, Pennsylvania, and nearby counties and offer up to $33.33 million in services in a settlement for allegedly overcharging subscribers between 2003 and 2008. – Reuters See item 22 below in the Communications Sector

 Financial Services Sector

8. October 29, Minneapolis Star Tribune – (National) Minnesota bank supervisor, teller among 28 charged in massive check fraud, says U.S. attorney. Federal authorities charged 28 people, including a former TCF Bank branch supervisor and former Central Bank teller in Minnesota, for allegedly running a bank fraud scheme that used around 1,500 counterfeit checks to steal or attempt to steal over $2 million from banks in several States. Arrests were made in connection with the charges in Florida, Minnesota,North Dakota, and Oregon. Source: http://www.startribune.com/local/280683322.html

9. October 28, Newark Star Ledger – (New Jersey; Pennsylvania) 2 Philadelphia men charged in $5.8M debit card scheme. Two Philadelphia men were charged by federal authorities for allegedly conspiring to extort victims out of more than $5.8 million by threatening them into paying money onto MoneyPak prepaid debit cards, which the twomen allegedly transferred to Green Dot Cards under their control. The targets of the alleged scheme included a retail store in New Jersey where a bomb threat was sent demanding a ransom. Source: http://www.nj.com/news/index.ssf/2014/10/2_philadelphia_men_threatened_to_blow_up_nj_cvs_if_they_didnt_fill_up_5000_worth_of_debit_cards_repo.html
 
Information Technology Sector

21. October 29, Securityweek – (International) Vulnerability found in firmware update process of ASUS routers. A researcher identified and reported a vulnerability in ASUS RT-series routers that could have allowed attackers to use a man-in-the-middle (MitM) attack to trick users into downloading older, vulnerable firmware versions or potentially malicious code due to the firmware request being sent in HTTP instead of HTTPS. ASUS closed the vulnerability in its 3.0.0.4.367.1123 update. Source: http://www.securityweek.com/vulnerability-found-firmware-update-process-asus-routers
 
Communications Sector

22. October 29, Reuters – (Pennsylvania) Comcast settles lawsuit over overcharging cable TV subscribers. Comcast Corporation agreed to pay $16.7 million to current and former subscribers in Philadelphia and 4 nearby counties and offer subscribers as much as $33.33 million in services via a $15 bill credit, free Internet upgrades, or free movies in a $50 million settlement for allegedly overcharging cable television subscribers between 2003 and 2008. Source: http://www.reuters.com/article/2014/10/29/us-comcast-lawsuit-idUSKBN0II1N320141029?feedType=RSS&feedName=technologyNews

23. October 28, Eureka Times-Standard – (California) Phone, Internet service restored; no explanation yet on outages. Cellphone and Internet service for many Humboldt County residents and businesses was disrupted for most of the day October 27 due to a fiber issue that also affected the U.S. Coast Guard Sector Humboldt Bay Command Center’s and Arcata Police Department’s communication systems. The source of the outage remains unknown and it is not immediately clear how many customers were affected. Source: http://www.times-standard.com/News/ci_26820315/Phone-Internet-service-restored;-no-explanation-yet-on-outages

24. October 28, Los Angeles Times – (National) FTC sues AT&T over unlimited data plans. The Federal Trade Commission sued AT&T Inc. October 28 for allegedly misleading millions of wireless customers who had unlimited data plans by slowing the speed of their data usage if they exceeded a monthly threshold, a practice known as throttling, and for failing to adequately notify impacted customers. Source: http://www.latimes.com/business/la-fi-ftc-att-suit-20141029-story.html