Wednesday, March 5, 2014




Complete DHS Report for March 5, 2014

Daily Report

Details

 • Officials are investigating after two miners were injured and then rescued after the roof of the D and F Mine in Schuylkill County, Pennsylvania, partially collapsed and trapped them March 3. – WNEP 16 Scranton

1. March 3, WNEP 16 Scranton – (Pennsylvania) Coal miners rescued in Schuylkill County. Officials are investigating after two miners were injured when the roof of the D and F Mine in Schuylkill County partially collapsed and trapped them March 3. The injured miners were rescued and transported on a medical helicopter. Source: http://wnep.com/2014/03/03/coal-miners-trapped-in-schuylkill-county/

 • Burlington Northern Santa Fe (BNSF) officials began bussing passengers around an avalanche that blocked BNSF railway tracks south of Glacier National Park in Montana March 2. – Montana Standard

8. March 4, Montana Standard – (Montana) Avalanche blocks BNSF line near Glacier Park. Burlington Northern Santa Fe (BNSF) officials began bussing passengers around an avalanche that blocked BNSF railway tracks south of Glacier National Park March Source: http://mtstandard.com/news/state-and-regional/avalanche-blocks-bnsf-line-near-glacier-park/article_a075c37c-a37b-11e3-b201-0019bb2963f4.html

 • Classes were cancelled and Trinity High School in Dickinson, North Dakota, was shut down indefinitely after a March 3 fire caused extensive damage to the building. – KXMC 13 Minot

17. March 4, KXMC 13 Minot – (North Dakota) Dickinson Trinity High School up in flames. Classes were cancelled and Trinity High School in Dickinson was shut down indefinitely after a March 3 fire caused extensive damage to the building. Authorities are investigating the cause of the fire while classes resume at nearby schools. Source: http://www.kxnet.com/story/24874871/trinity-high-school

 • Security researchers found that around 300,000 small office/home office routers have been compromised and had their DNS settings changed in order to allow them to perform man-in-the-middle attacks. – Help Net Security See item 21 below in the Information Technology Sector

Financial Services Sector

3. March 4, U.S. Securities and Exchange Commission – (Illinois) Federal grand jury indicts CEO of Chicago-area company accused of defrauding investors in multi-million dollar stock scam. A federal grand jury returned an indictment February 28 against the CEO and president of InfrAegis Inc., on charges of allegedly using false information to obtain more than $9 million from investors between 2007 and 2013. Source: http://www.sec.gov/litigation/litreleases/2014/lr22935.htm

4. March 4, Softpedia – (International) Bitcoin bank Flexcoin shuts down after hackers emptied hot wallet. Bitcoin bank Flexcoin announced March 4 that it was shutting down operations after attackers leveraged a vulnerability and withdrew all Bitcoins from the bank’s ‘hot’ wallet, around 900 Bitcoins worth over $600,000. Customers’ Bitcoins stored in offline ‘cold’ wallets were unaffected. Source: http://news.softpedia.com/news/Bitcoin-Bank-Flexcoin-Shuts-Down-After-Hackers-Emptied-Hot-Wallet-430469.shtml

5. March 3, Centre Daily Times – (Pennsylvania) Police: I-80 car search nets 116 fake credit cards hidden in cereal box. A New Jersey woman was arrested March 1 in Marion Township, Pennsylvania, after a traffic stop on Interstate 80 led police to discover 115 fraudulent credit cards sealed in a cereal box. Source: http://www.centredaily.com/2014/03/03/4065507/police-i-80-car-search-nets-116.html

Information Technology Sector

20. March 4, Dark Reading – (International) Researchers create legal botnet abusing free cloud service offers. Researchers presenting at the RSA Conference the week of February 24 demonstrated how they were able to create a botnet by abusing trial accounts for several platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) offers. The botnet was created by automating PaaS and IaaS trial sign-up processes and could be used to perform massive port scans, Bitcoin mining, and to manipulate sweepstakes, among other tasks. Source: http://www.darkreading.com/researchers-create-legal-botnet-abusing/240166428

21. March 4, Help Net Security – (International) 300,000 routers compromised in DNS hijacking campaign. Researchers with Team Cymru found that around 300,000 small office/home office routers have been compromised and had their DNS settings changed to two IP addresses in the U.K. in order to allow them to perform man-in-the-middle (MitM) attacks. The researchers found that the attack dates to at least mid-December 2013 and has mostly affected routers in Europe and Asia. Source: http://www.net-security.org/secworld.php?id=16473

22. March 4, Softpedia – (International) 19 security fixes included in latest Chrome 33 update. Google released an update for its Chrome browser, Chrome version 33.0.1750, which addresses 19 security issues. Source: http://news.softpedia.com/news/19-Security-Fixes-Included-in-Chrome-33-0-1750-146-Update-430494.shtml

23. March 3, Softpedia – (International) Flaw in Yahoo! Suggestions allowed hackers to delete 1.5 million posts and comments. A security researcher identified and reported an Insecure Direct Object Reference Vulnerability (IDORV) in Yahoo’s Suggestions Web site that could have allowed attackers to escalate their privileges and delete large amounts of posts and comments. Yahoo addressed the issue within 2 days. Source: http://news.softpedia.com/news/Flaw-in-Yahoo-Suggestions-Allowed-Hackers-to-Delete-1-5-Million-Posts-and-Comments-430303.shtml

24. March 3, Threatpost – (International) Four vulnerabilities found in Oracle Demantra. Researchers at Portcullis identified four vulnerabilities in Oracle’s Demantra business software that could allow attackers to steal sensitive information, carry out phishing attacks, modify application content, or perform other attacks. Source: http://threatpost.com/four-vulnerabilities-found-in-oracle-demantra/104574

Communications Sector

Nothing to report