Monday, March 10, 2014




Complete DHS Report for March 10, 2014

Daily Report

Details

 • About 430,000 North Carolina customers were without power March 7 while schools were closed or had delayed openings and streets and roadways were flooded after a winter storm brought heavy rain, snow, and sleet. – Charlotte Observer

1. March 7, Charlotte Observer – (North Carolina) More rain, flooding for Charlotte; 430,000 without power to north. About 430,000 North Carolina customers were without power March 7 while schools were closed or had delayed openings as streets and roadways flooded after a winter storm brought heavy rain and a mix of snow and sleet to the State. Source: http://www.charlotteobserver.com/2014/03/07/4748153/rain-flooding-for-charlotte-snow.html

 • An evacuation order for residents around a natural gas well in Acadia Parish, Louisiana, was lifted when workers capped the well March 6 after crews lost control while boring the well February 25. – Lafayette Daily Advertiser

2. March 6, Lafayette Daily Advertiser – (Louisiana) All clear given after Acadia Parish gas well finally capped. An evacuation order for residents around a Black Creek Drilling natural gas well in Acadia Parish was lifted when workers capped the well March 6 after crews lost control while boring the well February 25, resulting in process failure and the release of colorless and odorless gas into the atmosphere. Source: http://www.theadvertiser.com/article/20140306/NEWS01/303060020

 • Los Angeles County officials reported March 6 that computers containing the personal and billing information of around 168,500 customers of the county’s Department of Health and Human Services and Department of Public Health were stolen after an office was burglarized February 5. – Los Angeles Times

21. March 6, Los Angeles Times – (California) Computers with L.A. County patients’ personal data are stolen. Los Angeles County officials reported March 6 that 8 computers and 2 monitors were stolen after a Torrance office of Sutherland Healthcare Solutions, which handles billing and collections for the county’s Department of Health and Human Services and Department of Public Health, was burglarized February 5. The equipment included personal data and billing information for nearly 168,500 patients of county medical facilities. Source: http://www.latimes.com/local/la-me-patient-data-stolen-20140307,0,1463656.story#axzz2vHscBlwc

 • Researchers at Trend Micro discovered a cyberespionage campaign dubbed Siesta that is targeting several industries, including energy, financial services, healthcare, and defense. – Help Net Security See item 26 below in the Information Technology Sector

Financial Services Sector

8. March 7, KXTV 10 Sacramento – (California) FBI bust credit card fraud ring. FBI agents served arrest warrants at two homes and a trucking business in California after two men allegedly ran a payment card fraud scheme through the business and compromised around 23,000 American Express credit cards. A complaint stated that searches discovered over 50 academic reports from the San Juan Unified School District containing personal identifying information. Source: http://www.news10.net/story/news/crime/2014/03/07/credit-card-fraud-fbi-american-express/6156273/

9. March 6, United Press International – (International) SEC accuse five of facilitating $150 million phony bond offering. The U.S. Securities and Exchange Commission charged five executives of law firm Dewey & LeBoeuf with allegedly using accounting fraud to sell $150 million in bonds based on false financial information. Source: http://www.upi.com/Top_News/US/2014/03/06/SEC-accuses-five-of-facilitating-150-million-phony-bond-offering/UPI-27021394142667/

10. March 6, Baltimore Business Journal – (Maryland) FDIC files $7.4M lawsuit against former Bradford Bank CEO, others over bank collapse. The Federal Deposit Insurance Corporation filed a lawsuit seeking at least $7.4 million from the former CEO of now-defunct Rodgers Forge-based Bradford Bank and three other former executives for their alleged negligence prior to the bank’s failure in 2009. Source: http://www.bizjournals.com/baltimore/news/2014/03/06/fdic-bradford-bank-lawsuit-dallas-arthur.html?page=all

11. March 6, Chicago Tribune – (Illinois) ‘Shady Bandit’ strikes again on the North Side. A suspect known as the “Shady Bandit” robbed a TCF Bank branch in the Andersonville area of Chicago March 6, the fifth robbery she is suspected in. Source: http://www.chicagotribune.com/news/local/breaking/chi-shady-bandit-strikes-again-on-the-north-side-20140306,0,2899037.story

12. March 6, SC Magazine – (International) Bitcoin exchange, Poloniex, loses 12.3 percent of funds. Virtual currency exchange service Poloniex announced March 4 that attackers had stolen 12.3 percent of Bitcoins held by the service after leveraging a vulnerability in the service’s withdrawal protocol. Source: http://www.scmagazine.com/bitcoin-exchange-poloniex-loses-123-percent-of-funds/article/337183/

For another story, see item 26 below in the Information Technology Sector

Information Technology Sector

26. March 7, Help Net Security – (International) Siesta cyber espionage campaign targets many industries. Researchers at Trend Micro discovered a cyberespionage campaign dubbed Siesta that is targeting several industries, including energy, financial services, healthcare, and defense. The campaign uses malware that enters dormancy at regular intervals and when active, sends out spoofed emails to various companies containing a malicious link that drops both a legitimate .pdf file and a malicious executable file. Source: http://www.net-security.org/secworld.php?id=16490

27. March 7, Softpedia – (International) Over 40 bugs, including 4 security vulnerabilities, fixed in Joomla 3.2.3. The newest version of Joomla, Joomla 3.2.3, was released for download, closing four security vulnerabilities. Users were advised to update their installations immediately. Source: http://news.softpedia.com/news/Over-40-Bugs-Including-4-Security-Vulnerabilities-Fixed-in-Joomla-3-2-3-431030.shtml

28. March 7, The Register – (International) comiXology’s Phantom Zone breached by villainous Haxxor. E-comics service comiXology informed customers that attackers had breached its systems and accessed a database containing usernames, email addresses, and encrypted passwords. All customers were required to change their passwords as a precaution. Source: http://www.theregister.co.uk/2014/03/07/comixologys_phantom_zone_breached_by_evil_haxxor/

29. March 6, SC Magazine – (International) ‘Dendroid’ RAT trojanizes apps, enables compromise of Android devices. A researcher at Symantec reported discovering a new HTTPS remote access trojan (RAT) dubbed Dendroid for sale on underweb marketplaces. Dendroid allows attackers to add malicious code to legitimate Android apps in order to gain remote access to infected devices. Source: http://www.scmagazine.com/dendroid-rat-trojanizes-apps-enables-compromise-of-android-devices/article/337191/

Communications Sector

30. March 6, Beaufort Gazette – (South Carolina) ‘Significant’ Hargray outage blamed on cut cable. Hargray Communications customers were without Internet, television, and phone service for most of the day March 6 due to Cleland Site Prep workers accidentally cutting a fiber-optic cable that serves the Hargray community. Source: http://www.thestate.com/2014/03/06/3308838/significant-hargray-service-outage.html