Thursday, April 3, 2014




Complete DHS Report for April 3, 2014

Daily Report

Details

 • Federal prosecutors charged Pacific Gas & Electric Co., April 1 with 12 felony violations of federal pipeline safety laws relating to a natural gas pipeline that ruptured, caused a fire, and destroyed 38 homes in San Bruno, California, in 2010. – Associated Press

1. April 2, Associated Press – (California) PG&E criminally charged in fatal pipeline blast. Federal prosecutors charged Pacific Gas & Electric Co., April 1 with 12 felony violations of federal pipeline safety laws, alleging that the company knowingly relied on erroneous and incomplete information when assessing the safety of a natural gas pipeline that ruptured, caused a fire, and destroyed 38 homes in San Bruno in 2010. Source: http://news.msn.com/crime-justice/pgande-criminally-charged-in-fatal-pipeline-blast

 • Chrysler announced a recall April 2 for around 644,000 model year 2011-2014 Jeep Grand Cherokee and Dodge Durango vehicles in the U.S. due to a potential brake booster issue. – New York Times

6. April 2, New York Times – (International) Chrysler recalls over 850,000 S.U.V.s. Chrysler announced a recall April 2 for over 850,000 model year 2011-2014 Jeep Grand Cherokee and Dodge Durango vehicles, around 644,000 located in the U.S., due to the potential for water to enter the vehicles’ brake boosters or a loss of vacuum that could make braking more difficult. Source: http://www.nytimes.com/2014/04/03/automobiles/chrysler-recalls-over-850000-suvs.html

 • Indiana transportation officials were forced to close U.S. 52 between Brookville and Cedar Grove for several weeks starting April 2 for emergency repairs after rapid deterioration of roadside slopes. – Associated Press

9. April 2, Associated Press – (Indiana) Sinking highway in SE Indiana prompts closure. Indiana transportation officials were forced to close U.S. 52 between Brookville and Cedar Grove for several weeks starting April 2 for emergency repairs after rapid deterioration of roadside slopes caused the pavement to sink up to 5 inches in some spots. Source: http://www.seattlepi.com/news/article/Sinking-highway-in-SE-Indiana-prompts-closure-5369700.php

 • Officials are investigating the cause of an April 1 fire at a 151-unit apartment building under construction in Rockville, Maryland, that caused estimated damages of upwards of $20 million. – WJLA 7 Washington D.C.

34. April 1, WJLA 7 Washington, D.C. – (Maryland) Rockville three-alarm fire burns unfinished apartment complex. Officials are investigating the cause of an April 1 fire at a 151-unit apartment building under construction in Rockville that prompted a response from more than 200 firefighters. Damage estimates could reach upwards of $20 million. Source: http://www.wjla.com/articles/2014/04/rockville-two-alarm-fire-burning-unfinished-apartment-complex-101717.html

Financial Services Sector

7. April 1, KGW 8 Portland – (Oregon) Duo arrested in Portland for fake credit cards. Two Florida men were arrested at the Portland International Airport March 29 after they were suspected of using counterfeit payment cards at several retailers in the area. The suspects were found with around 100 fraudulent payment cards in their possession, as well as $10,000 in gift cards, cash, and merchandise. Source: http://www.kgw.com/news/Duo-accused-of-using-counterfeit-credit-cards-in-Portland-253430371.html

8. April 1, KSL 5 Salt Lake City – (Utah) ‘Ski Bum Bandit’ arrested for serial bank robberies, police say. A suspect known as the “Ski Bum Bandit” was arrested March 31 in the Kaysville area and is suspected of robbing five banks in Salt Lake County. Source: http://www.ksl.com/?sid=29298917&nid=148

Information Technology Sector

22. April 2, Help Net Security – (International) Passwords, messages of 158k+ Boxee.tv users leaked. Attackers compromised the forum database for Web TV service Boxee.tv and posted the private information for over 158,000 users. The breach and subsequent leak contain email addresses, encrypted passwords, dates of birth, message histories, IP addresses, and other information. Source: http://www.net-security.org/secworld.php?id=16621

23. April 2, Softpedia – (International) Cybercriminals abuse security camera recorders and routers to mine for Bitcoins. A researcher at the SANS Technology Institute identified malware designed to infect security camera recorders and routers and use the devices to attempt to mine Bitcoin virtual currency. The malware is designed to run on ARM infrastructure and was spotted on Hikvision DVRs, which have a simple default root password that users often do not change. Source: http://news.softpedia.com/news/Cybercriminals-Abuse-Security-Camera-Recorders-and-Routers-to-Mine-for-Bitcoins-435427.shtml

24. April 2, Help Net Security – (International) Apple releases Safari 7.0.3, fixes security. Apple released version 7.0.3 of its Safari browser, fixing several security issues and adding compatibility and stability improvements. Source: http://www.net-security.org/secworld.php?id=16620

25. April 2, Softpedia – (International) SellHack deactivates plugin after cease and desist letter from LinkedIn. The makers of the SellHack browser plugin, which uses publicly visible data to help users obtain hidden email addresses of LinkedIn users, deactivated the plugin April 1 following a cease-and-desist letter from LinkedIn. Source: http://news.softpedia.com/news/SellHack-Deactivates-Plugin-After-Cease-and-Desist-Letter-from-LinkedIn-435315.shtml

26. April 2, Softpedia – (International) Oculus VR finds SQL injection flaw, asks Developer Center users to change passwords. Oculus VR advised users of its Oculus Developer Center to change their passwords as a precaution after the company identified a SQL injection vulnerability. The company reported that there was no indication that the vulnerability had been exploited. Source: http://news.softpedia.com/news/Oculus-VR-Finds-SQL-Injection-Flaw-Asks-Developer-Center-Users-to-Change-Passwords-435302.shtml

27. April 1, The Register – (International) Password bug lets me see shoppers’ credit cards in eBay ProStores, claims infosec bod. A security researcher from Securatary disclosed March 20 that he identified a vulnerability in eBay’s ProStores shops that could have allowed attackers to credit themselves with gift cards for ProStores and obtain customer payment card information. The vulnerability was reported in February and later fixed by eBay. Source: http://www.theregister.co.uk/2014/04/01/ebay_stores_vuln/

28. April 1, The Register – (International) Hotmail-gate: Windows 8 code leaker pleads guilty to theft of trade secrets. A former Microsoft employee pleaded guilty March 31 to stealing company trade secrets for sending unreleased updates for the RT operating system as well as a copy of the Microsoft Activation Server Software Development Kit to a blogger. Source: http://www.theregister.co.uk/2014/04/01/kibkalo_guilty_plea/

Communications Sector

29. April 1, Clarksville Leaf-Chronicle – (Tennessee) CDE Internet, phone service restored; thousands without service nearly nine hours. More than 11,000 Internet subscribers and 3,000 phone customers of CDE Lightband Communications in Clarksville lost service for nearly 9 hours April 1 for unknown reasons, according to a CDE spokesperson. Source: http://www.theleafchronicle.com/article/20140401/NEWS01/304010023/Internet-phones-still-out-for-thousands-of-CDE-customers-as-night-falls