Monday, March 17, 2014




Complete DHS Report for March 17, 2014

Daily Report

Details

 • Target Corp. stated March 13 that security software detected potentially malicious activity that led to the 2013 breach of 40 million payment card records but that its staff decided not to take immediate action. – Reuters See item 8 below in the Financial Services Sector

 • 149 passengers and 5 crew members were evacuated from a U.S. Airways flight at a Philadelphia airport by emergency chute after a tire blew and the nose gear collapsed during takeoff. – Reuters

13. March 14, Reuters – (Pennsylvania) Tire blows on plane about to take off from Philadelphia airport. 149 passengers and 5 crew members were evacuated from a U.S. Airways flight at a Philadelphia airport by emergency chute after a tire blew and the nose gear collapsed during takeoff and the pilot aborted takeoff. Two people were taken to a local hospital for minor injuries. Source: http://news.msn.com/us/tire-blows-on-plane-about-to-take-off-from-philadelphia-airport

 • John Adams Elementary School in Alexandria, Virginia, closed March 14 after about 230 students and staff members came down with a stomach illness. – WTOP 103.5 FM Washington D.C.

20. March 14, WTOP 103.5 FM Washington, D.C. – (Virginia) Stomach virus closes Alexandria school after 230 get sick. John Adams Elementary School in Alexandria closed March 14 after about 230 students and staff members came down with a stomach illness. The school was cleaned and disinfected and classes were scheduled to resume March 17. Source: http://www.wtop.com/134/3580889/Stomach-virus-closes-Alexandria-school-230-sick

 • Security researchers identified vulnerabilities in major Web browsers and other popular software during the two-day Pwn2Own 2014 computer security competition. – Help Net Security See item 23 below in the Information Technology Sector

Financial Services Sector

6. March 14, WTSP 10 St. Petersburg – (Florida) More than 330 credit cards compromised by skimmers at Wesley Chapel Hess gas station. The Pasco Sheriff’s Office reported finding skimming devices installed inside two gas pumps at a Hess gas station in Wesley Chapel which compromised 337 credit cards sometime during March 6-8. Detectives stated that the incident is connected to another skimming incident that occurred February 21 in Hernando. Source: http://www.wtsp.com/news/local/article/360199/8/More-than-330-credit-cards-compromised-by-skimmers-at-Pasco-gas-station

7. March 14, WRAL 5 Raleigh – (North Carolina) ‘Check Washing Bandit’ caught. A suspect known as the “Check Washing Bandit” was arrested in Fayetteville and held March 13 and charged with allegedly stealing checks and changing the payee name. The suspect allegedly stole at least $10,000 by cashing the altered checks. Source: http://www.wral.com/-check-washing-bandit-caught/13476935/

8. March 13, Reuters – (National) Target says it declined to act on early alert of cyber breach. Target Corp. stated March 13 that security software detected potentially malicious activity that led to the breach of 40 million payment card records and 70 million customer records but that its staff decided not to take immediate action. The company stated that it is investigating past practices to improve security. Source: http://www.reuters.com/article/2014/03/13/us-target-breach-idUSBREA2C14F20140313

9. March 13, Reuters – (National) Watchdog faults U.S. Justice Dept on mortgage fraud prosecutions. The U.S. Department of Justice’s Inspector General concluded that the department and FBI did not adequately prioritize mortgage fraud cases and found significant deficiencies in the department’s ability to accurately report its efforts to fight mortgage fraud. Source: http://www.reuters.com/article/2014/03/13/usa-justice-mortgagefraud-idUSL2N0MA0TB20140313

10. March 13, USA Today – (National) Lions Gate charged by SEC of misleading investors. Hollywood studio Lions Gate agreed to pay $7.5 million to settle U.S. Securities and Exchange Commission charges that the company improperly disclosed financial actions it used to ward off a takeover attempt by an investor in 2010. Source: http://www.usatoday.com/story/money/business/2014/03/13/lions-gate-sec-hunger-games/6370283/

11. March 13, Honolulu Star Advertiser – (Washington; Hawaii; California) Second alleged con man arrested in Waikiki scam. A Los Angeles man was arrested in Seattle March 11 on charges that he and another Californian allegedly used a skimming device in Waikiki, Hawaii, to collect users’ data from an ATM and cause financial losses exceeding $20,000. Source: http://www.staradvertiser.com/news/breaking/20140313_Second_con_man_arrested_for_Waikiki_ATM_skimming_scheme.html

Information Technology Sector

23. March 14, Help Net Security – (International) Pwn2Own 2014 ends, $850k distributed to successful hackers. The second day of the Pwn2Own 2014 security competition March 14 resulted in two vulnerabilities in Chrome being discovered, in addition to vulnerabilities in Internet Explorer, Firefox, Safari, and Adobe Flash that were revealed March 13. A total of $850,000 was awarded to security researchers over the course of the competition. Source: http://www.net-security.org/secworld.php?id=16524

24. March 13, IDG News Service – (International) Phishing campaign targets Google Docs, Drive users. Symantec researchers identified a phishing campaign targeting users of Google Drive that uses a fake login page hosted on Google servers and served over Secure Sockets Layer (SSL), making the campaign potentially more convincing than most phishing attempts. Source: http://www.computerworld.com/s/article/9246950/Phishing_campaign_targets_Google_Docs_Drive_users

25. March 13, IDG News Service – (International) Adobe patches a critical flaw in Shockwave Player. Adobe released a patch March 13 for its Shockwave Player to address a critical memory corruption vulnerability that could lead to arbitrary code execution. Source: http://www.computerworld.com/s/article/9246930/Adobe_patches_a_critical_flaw_in_Shockwave_Player

Communications Sector

Nothing to report