Complete DHS Report for April 8, 2014
Daily Report
Details
• Ford announced
the recall of around 386,000 model year 2001-2004 Escape vehicles due to the
potential for subframe rusting caused by road salt, and the recall of about
49,000 model year 2013 and 2014 Ford Fusion, Escape, and C-MAX, and Lincoln MKZ
vehicles due to improperly welded seat back frames. – Associated Press
3. April 7, Associated Press – (National) Ford
recalls nearly 435,000 vehicles. Ford announced two recalls, the first of
around 386,000 model year 2001-2004 Escape vehicles due to the potential for
subframe rusting caused by road salt, which could cause control arm separation
and impaired steering control. The second recall involves 49,000 model year
2013 and 2014 Ford Fusion, Escape, and C-MAX, and Lincoln MKZ vehicles due to
improperly welded seat back frames. Source: http://abcnews.go.com/Business/wireStory/ford-recalls-435000-vehicles-23224770
• The Virginia
Department of Public Health advised residents to avoid recreational use of a
section of the Pigg River after about 30,000 gallons of cow manure wastewater
spilled into a tributary of the river in Franklin County April 3. – Associated
Press
20. April 7, Associated Press – (Virginia) Manure
spill in Franklin Co. river. The Virginia Department of Public Health
advised residents to avoid recreational use of a section of the Pigg River
after about 30,000 gallons of cow manure wastewater spilled into a tributary of
the river in Franklin County April 3. Source: http://wfirnews.com/local-news/manure-spill-in-franklin-co-river
• Los Angeles County officials reported April
3 that the number of victims impacted by a medical data breach rose by 170,200
totaling 338,700 victims, after a February theft of 8 computers at a Sutherland
Healthcare Solutions office. – Los Angeles Times (See item 23)
23. April 3, Los Angeles Times – (California) Medical
data breach involves more than 170,000 additional victims. Los Angeles
County officials reported April 3 that the number of victims impacted by a
medical data breach rose by 170,200, totaling 338,700 victims, after a February
theft of 8 computers during a break-in at the Torrance office of Sutherland
Healthcare Solutions. The computers contained personal and medical data, as
well as Social Security numbers and billing information. Source: http://www.latimes.com/local/lanow/la-me-ln-sutherland-data-breach-20140403,0,7636728.story
• Violence broke
out at an Isla Vista, California street party, dubbed Deltopia, April 5 after
at least 18 people were arrested in connection with the disturbance and more
than two dozen people were injured, including 6 police officers. – CNN
37. April 7, CNN – (California) 'Deltopia' party
in California turns violent; dozens arrested. Violence broke out at an Isla
Vista street party, dubbed Deltopia, April 5 after a police officer was hit in
the head with a backpack containing bottles. At least 18 people were arrested
in connection with the disturbance and more than two dozen people were injured,
including 5 police officers. Source: http://www.cnn.com/2014/04/06/us/california-street-party-melee/
Financial Services Sector
4. April
5, Softpedia – (International) Farm supply store Rural King
hacked, attackers access financial information. The Matton, Illinois-based
Rural King farm supply store began notifying customers that it experienced a
data breach where attackers may have stolen names, payment card numbers,
verification codes, phone numbers, addresses, and other information. The breach
began February 6, was detected March 7, and attackers were completely blocked
out by March 12. Source: http://news.softpedia.com/news/Farm-Supply-Store-Rural-King-Hacked-Attackers-Access-Financial-Information-436039.shtml
5. April
4, Chicago Sun-Times – (Illinois) ‘Shady Bandit’ nabbed for North
Side bank robbery. A suspect known as the “Shady Bandit” was arrested April
1 and charged with the robbery of a TCF Bank branch in Chicago February 11. The
woman is also suspected of robbing two other TCF Bank branches in May and
November 2013. Source: http://chicago.cbslocal.com/2014/04/04/shady-bandit-nabbed-for-north-side-bank-robbery/
6. April
4, Reuters – (New Jersey) SEC charges trading firm owner, others
in ‘spoofing’ case. The U.S. Securities and Exchange Commission charged a
co-owner of New Jersey-based Visionary Trading LLC with engaging in rapidly
placing orders to create the illusion of demand, known as spoofing. The
co-founder agreed to pay $1.9 million in a settlement, and three other co-owners
who were also charged in relation to the case through involvement with
Lightspeed Trading LLC will collectively pay around $3 million to settle
charges. Source: http://www.chicagotribune.com/business/sns-rt-us-sec-enforcement-spoofing-20140404,0,5299376.story
7. April
4, Fort Lauderdale Sun-Sentinel – (Florida) Delray man accused of
stealing debit card information at ATMs. A Delray Beach man was arrested
April 1 for allegedly working with another individual to place skimmers on
several ATMs at Publix stores in Delray Beach and Boca Raton. The man then
allegedly used stolen payment card data to purchase gift cards. Source: http://www.sun-sentinel.com/news/palm-beach/boca-raton/fl-delray-boca-skimmer-arrest-20140404,0,6488993.story
For additional stories, see item 32 below
in the Information Technology Sector and item 36 below
in the Communications Sector
Information Technology Sector
31. April 5, Softpedia – (International) DDoS attack enabled by persistent XSS
vulnerability on top video content provider’s site. Incapsula reported that
they mitigated an application layer distributed denial of service (DDoS) attack
against a client which utilized a cross-site scripting (XSS) vulnerability in a
popular video content provider’s Web site. Malicious JavaScript code was
injected into a tag associated with users’ profiles, which executed whenever a
legitimate user accessed the page Source: http://news.softpedia.com/news/DDOS-Attack-Enabled-by-Persistent-XSS-Vulnerability-on-Top-Video-Content-Provider-s-Site-436029.shtml
32. April 4, Softpedia – (International) Upatre downloader distributed via
banking-themed spam campaign. Researchers at Trend Micro detected a spam
campaign using banking-themed emails to distribute the Upatre downloader, which
in a sample downloaded the Zeus trojan and the Necurs security-disabling
malware. Source: http://news.softpedia.com/news/Upatre-Downloader-Distributed-via-Banking-Themed-Spam-Campaign-435975.shtml
33. April 4, The Register – (International) Five-year-old discovers Xbox password
bug, hacks dad’s Live account. A San Diego boy identified and reported a
vulnerability in Microsoft’s Xbox Live service that can allow access to a
user’s account by repeatedly entering ‘space’ characters and then hitting
‘submit’ when prompted for a password. Microsoft closed the vulnerability after
it was reported. Source: http://www.theregister.co.uk/2014/04/04/five_year_olds_xbox_live_password_hack/
34. April 4, Softpedia – (International) 85% of links spotted in cyberattacks
in 2013 led to compromised legitimate sites. Websense Security Labs
released their 2014 Threat Report, detailing threats and trends during the past
year. The report found that 85 percent of malicious links in email and Web
attacks were directed at legitimate sites that were compromised by attackers,
among other findings. Source: http://news.softpedia.com/news/85-of-Links-Spotted-in-Cyberattacks-in-2013-Led-to-Compromised-Legitimate-Sites-435939.shtml
Communications Sector
35.
April 5, Glens Falls Post-Star – (New
York) 911 service restored after logging truck accident. Land line
service, including calls to 9-1-1, was interrupted for about 3,500 Frontier
Communications customers April 4 in areas of Luzerne, Stony Creek, Hadley, and
Corinth after a semi-truck carrying logs on Route 9N pulled down some aerial
cables, which caused Frontier’s fiber optic cable to be severed. Service was
restored April 5 Source: http://poststar.com/news/local/warren-county-sheriff-s-office-restores-service/article_79a56d78-bcef-11e3-8f85-0019bb2963f4.html
36.
April 4, U.S. Attorney’s Office, Southern
District of Florida – (Florida) Eight defendants charged in
identity theft fraud scheme involving personal identifying information from
AT&T customer files. Eight individuals were indicted on 22 counts of
identity theft and fraud after a defendant working for a company contracted by
AT&T to handle direct sales and customer inquiries used customers’ personal
identifying information to fraudulently add the co-conspirators as authorized
users to AT&T victims’ accounts, allowing them to make unauthorized wire
transfers and obtain unauthorized credit and debit cards. Source: http://www.justice.gov/usao/fls/PressReleases/140404-03.html