Wednesday, January 29, 2014




Complete DHS Report for January 29, 2014

Daily Report

 • Richardson Highway in Alaska was forced to close for at least a week north of Thompson Pass due to an avalanche caused by a snow dam at Keystone Canyon January 27. – United Press International

14. January 27, United Press International – (Alaska) Avalanche closes Alaskan highway for ‘at least a week.’ Richardson Highway in Alaska was forced to close for at least a week north of Thompson Pass due to an avalanche caused by a snow dam at Keystone Canyon January 27. Source: http://www.upi.com/Top_News/US/2014/01/27/Avalanche-closes-Alaskan-highway-for-at-least-a-week/UPI-82001390851839/

 • The U.S. Department of Agriculture’s Food Safety and Inspection Service announced January 27 that Arkansas-based George’s Inc., recalled 1.25 million pounds of frozen par-fried chicken tenders due to undeclared wheat. – KPHO 5 Phoenix

17. January 27, KPHO 5 Phoenix – (National) Company recalls 1.25M pounds of frozen chicken. The U.S. Department of Agriculture’s Food Safety and Inspection Service announced January 27 that Arkansas-based George’s Inc., recalled 1.25 million pounds of frozen par-fried chicken tenders due to undeclared wheat. The products were sold to wholesale locations for nationwide distribution. Source: http://www.kpho.com/story/24559344/company-recalls-125m-pounds-of-frozen-chicken

 • Coca-Cola Co. announced January 24 that they recovered unencrypted company laptops containing the personal information of up to 74,000 U.S. and Canadian employees that were stolen from the company’s Atlanta headquarters by a former employee. – Wall Street Journal

21. January 24, Wall Street Journal – (International) Coca-Cola: Stolen laptops had personal information of 74,000. Coca-Cola Co. announced January 24 that unencrypted company laptops containing the personal information of up to 74,000 U.S. and Canadian employees were stolen from the company’s Atlanta headquarters by a former employee. The laptops were recovered by Coca-Cola, but the company cannot confirm if the information was misused. Source: http://online.wsj.com/news/articles/SB10001424052702304632204579341022959922200

 • A severe winter storm stretching from southern to northern U.S. States prompted the cancellation of nearly 3,000 flights and led officials to close schools in several districts January 28 due to the potential for ice and snow. – CNN

25. January 28, CNN – (National) The Deep South faces a deep freeze. A severe winter storm stretching from southern to northern U.S. States prompted the cancellation of nearly 3,000 flights and led officials to close schools in several districts January 28 due to the potential for ice and snow. Source: http://www.cnn.com/2014/01/28/us/winter-weather/index.html

Details

Financial Services Sector

8. January 27, Wired.com – (International) Bitcoin exchange CEO charged with laundering $1 million through Silk Road. The CEO of Bitcoin exchange BitInstant was arrested and charged January 26 with allegedly engaging in money laundering for working with another individual to sell more than $1 million of Bitcoins to users of the Silk Road underweb marketplace. The individual alleged to have worked with the CEO was also arrested in Florida January 27. Source: http://www.wired.com/threatlevel/2014/01/bitcoin-exchangers-arrested/

9. January 27, U.S. Securities and Exchange Commission – (California) SEC charges Legg Mason affiliate with defrauding clients. California-based investment advisor Western Asset Management Company agreed to pay $21 million to settle U.S. Securities and Exchange Commission charges that the company concealed investor losses caused by a coding error and engaged in an illegal form of cross-trading. The settlement also covers a related issue with the U.S. Department of Labor. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370540675955

Information Technology Sector

29. January 28, Softpedia – (International) Researchers discover first Android bootkit, 350,000 devices already infected. Researchers at Doctor Web discovered what is believed to be the first Android bootkit, dubbed Android.Oldboot, which infects Android devices and waits for commands from a server to perform actions such as the downloading, installation, or deletion of apps. Researchers believe it is being spread via modified firmware updates, with the majority of the 350,000 infected devices found in China. Source: http://news.softpedia.com/news/Researchers-Discover-First-Android-Bootkit-350-000-Devices-Already-Infected-421383.shtml

30. January 28, Softpedia – (International) NetSky worm spreads via email attachments. Researchers at Symantec identified a cybercriminal operation using a worm dubbed NetSky that sends several different phishing emails containing the worm to the same email addresses. If a user opens the attached files the worm sends a copy of itself by email to the user’s contacts. Source: http://news.softpedia.com/news/NetSky-Worm-Spreads-via-Email-Attachments-421279.shtml

31. January 28, Softpedia – (International) Foursquare flaw could have been exploited to obtain users’ email addresses. A researcher published findings related to a vulnerability in Foursquare that could have been used to obtain users’ email addresses by altering part of a URL used to accept friend requests. The issue was fixed in 2013 but the researchers’ findings were only recently disclosed. Source: http://news.softpedia.com/news/Foursquare-Flaw-Could-Have-Been-Exploited-to-Obtain-Users-Email-Addresses-421523.shtml

32. January 28, Softpedia – (International) Google Chrome 32.0.1700.102 fixes memory corruption bug in V8. Google released the latest update to its Chrome browser, including patches for 14 security issues, including a use-after-free error occurring with SVG images and a memory corruption vulnerability in the V8 JavaScript engine. Source: http://news.softpedia.com/news/Google-Chrome-32-0-1700-102-Fixes-Memory-Corruption-Bug-in-V8-421283.shtml

33. January 27, Dark Reading – (International) Air Force researchers plant rootkit in a PLC. Researchers with the U.S. Air Force Institute of Technology created a prototype rootkit that can be installed on programmable logic controllers (PLCs) via modified firmware, USB device, or connected laptop and disrupt operations. The rootkit exploits the lack of security and monitoring capability in most PLCs. Source: http://www.darkreading.com/attacks-breaches/air-force-researchers-plant-rootkit-on-a/240165715

34. January 27, Softpedia – (International) Cybercriminals steal FTP credentials with fake FileZilla. Avast researchers warned users of cybercriminals using a fake version of the FileZilla FTP client to steal users’ FTP credentials. The fake FileZilla client can then upload the credentials to a server for use in hosting malware or stealing data. Source: http://news.softpedia.com/news/Cybercriminals-Steal-FTP-Credentials-with-Fake-FileZilla-421070.shtml

Communications Sector

Nothing to report