Tuesday, February 11, 2014




Complete DHS Report for February 11, 2014

Daily Report

 • The Federal Energy Regulatory Commission used an emergency order instructing Enterprise Energy Partners to prioritize supplies on its line from the Gulf Coast to the Northeast due to a shortage of heating fuel impacting several States. – Reuters

2. February 7, Reuters – (National) U.S. orders priority propane supplies to ease shortage. The Federal Energy Regulatory Commission used an emergency order under the Interstate Commerce Act for the first time to order Enterprise Energy Partners to prioritize supplies on its line from the Gulf Coast to the Northeast due to the shortage of heating fuel impacting several States across the U.S. Source: http://kdal610.com/news/articles/2014/feb/07/senators-ask-white-house-for-propane-shortage-relief/

 • A Romanian national was extradited and charged in New Jersey February 7 with allegedly being the leader of an ATM skimming group that stole at least $5 million from bank customers in four States. – Associated Press See item 5 below in the Financial Services Sector

 • Rancho Feeding Corporation of Petaluma, California, recalled approximately 8,742,700 pounds of beef products because it processed diseased and unsound animals without the benefit of federal inspection. – U.S. Department of Agriculture

13. February 8, U.S. Department of Agriculture – (National) California firm recalls unwholesome meat products produced without the benefit of full inspection. The U.S. Department of Agriculture’s Food Safety and Inspection Service announced that Rancho Feeding Corporation of Petaluma, California, recalled approximately 8,742,700 pounds of beef products because it processed diseased and unsound animals without the benefit of federal inspection, leaving the products unfit for human consumption. The company also recalled more than 40,000 pounds of meat products in January. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2014

 • North Carolina’s environmental agency acknowledged February 9 that they initially misread test results February 4 and stated that water in the Dan River was safe after a massive coal ash spill when it was in fact unsafe. – Associated Press

14. February 10, Associated Press – (North Carolina) NC admits mistake, says arsenic topped safe level. North Carolina’s environmental agency acknowledged February 9 that they initially misread test results February 4 stating water in the Dan River was safe for people after a massive coal ash spill. A sample taken February 3 revealed arsenic levels were four times higher than the maximum level people should have contact with. Source: http://www.timesdispatch.com/news/national-world/ap/nc-admits-mistake-says-arsenic-topped-safe-level/article_3c7cca3e-9212-11e3-a5ed-0017a43b2370.html

Details

Financial Services Sector

4. February 10, Help Net Security – (International) Trojan steals Bitcoins and targets OS X. Researchers at SecureMac identified a new trojan dubbed OSX/CoinThief.A which infects systems running OS X and monitors Internet traffic in order to steal login credentials for Bitcoin wallets and exchanges. The trojan is disguised as an app called StealthBit used to send and receive Bitcoin payments. Source: http://www.net-security.org/malware_news.php?id=2702

5. February 7, Associated Press – (International) Romanian charged in NJ for alleged ATM ‘skimming.’ A Romanian national was charged in New Jersey February 7 with allegedly being the leader of an ATM skimming group that stole at least $5 million from bank customers in New Jersey, New York, Connecticut, and Florida. The accused was extradited from Sweden after he fled the U.S. following the arrest of 12 alleged co-conspirators. Source: http://www.washingtontimes.com/news/2014/feb/7/romanian-charged-in-nj-for-alleged-atm-skimming/

6. February 7, Softpedia – (National) Bank of America customers targeted in massive Bredo malware distribution campaign. Researchers at AppRiver identified a large spam campaign capable of avoiding filtering engines that is currently targeting Bank of America customers. Spam email messages carry a variant of the Bredo information-stealing malware that was identified by only 11 antivirus engines. Source: http://news.softpedia.com/news/Bank-of-America-Customers-Targeted-in-Massive-Bredo-Malware-Distribution-Campaign-425067.shtml

Information Technology Sector

26. February 10, Softpedia – (International) CSRF vulnerability in Instagram allowed hackers to make private profiles public. A researcher identified and reported a cross-site reference forgery (CSRF) vulnerability in Instagram that could have been used to make private profiles public. Facebook issued a patch in September 2013, and a second patch February 4 to fully address the issue. Source: http://news.softpedia.com/news/CSRF-Vulnerability-in-Instagram-Allowed-Hackers-to-Make-Private-Profiles-Public-425650.shtml

27. February 10, The Register – (International) Snapchat bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBE. A Telefonica security consultant identified a bug in Snapchat that allows authentication tokens to be reused, which could be exploited to spam users and cause a phone running iOS to freeze or make the app lock up on Android phones. Source: http://www.theregister.co.uk/2014/02/10/snapchat_token_bug_creates_dos_attack_for_ios_android/

28. February 9, The Register – (International) RoR Paperclip infested by content type spoofing bug. A Ruby on Rails developer identified a cross-site scripting (XSS) flaw in the Ruby on Rails Paperclip uploader that could be extended to allow remote code execution. A new version of Paperclip was released that addresses the vulnerability and users were advised to update to it. Source: http://www.theregister.co.uk/2014/02/09/content_type_spoofing_bug_in_ror_paperclip/

29. February 8, Softpedia – (International) Expert hacks private repositories on GitHub by combining 5 low-severity bugs. A researcher found and reported a way to gain access to private GitHub code repositories by combining five low-severity flaws to create a high-severity exploit. GitHub fixed the vulnerabilities and paid a $4,000 reward as part of its bug bounty program. Source: http://news.softpedia.com/news/Expert-Hacks-Private-Repositories-on-GitHub-by-Combining-5-Low-Severity-Bugs-425190.shtml

For additional stories, see items 4 and 6 above in the Financial Services Sector

Communications Sector

30. February 7, Greenfield Daily Reporter – (Indiana) Router problem disrupts NineStar Connect service. A faulty router at the Maxwell facility in Hancock County, Indiana, caused thousands of NineStar Connect customers to lose Internet, cable television, and phone service for about 2 hours February 7. Crews replaced a hardware chassis and restored services. Source: http://www.greenfieldreporter.com/view/local_story/Ninestar-crashes-customers-aff_1391797363