Monday, April 28, 2014




Complete DHS Report for April 28, 2014

Daily Report

Details

 • Approximately 8,000 residents in Louisville, Kentucky, were placed under a boil-water advisory after water service was restored and crews continued to repair a 48-inch water main break that spilled millions of gallons and caused several other water mains to burst and flood streets April 24. – WLKY 32 Louisville

11. April 25, WLKY 32 Louisville – (Kentucky) Repair work continues after Highlands water main break. Approximately 8,000 residents in Louisville were placed under a boil-water advisory after water service was restored and crews continued to repair a 48-inch water main break that spilled millions of gallons and caused several other water mains to burst and flood streets and Tyler Park April 24. Repairs to the pipe and roads were expected to take several days. Source: http://www.wlky.com/news/water-main-breaks-near-tyler-park/25640954

 • An April 24 fire at the Mid-Atlantic Family Practice near Lewes, Delaware, left an estimated $1 million in damage and one firefighter injured. – Wilmington News Journal

13. April 25, Wilmington News Journal – (Delaware) Fire destroys medical office near Lewes. An April 24 fire at the Mid-Atlantic Family Practice near Lewes left an estimated $1 million in damage and one firefighter injured, and closed nearby John J. Williams Highway (Delaware 24) for several hours while crews from 11 Sussex County fire companies responded. The fire was caused by a burning cigarette dropped into a disposal unit by the front door. Source: http://www.delawareonline.com/story/news/crime/2014/04/24/fire-destroys-medical-office-near-lewes/8135381/

 • Police are searching for individuals that stole about 200 feet of fiber optic cable from power poles in Snohomish County, Washington, causing roughly 20,000 Comcast residential and business customers to lose Internet, television, and phone service April 24. – KIRO 7 Seattle See item 24 below in the Communications Sector

 • A natural gas explosion at a strip mall in North Bend, Washington, destroyed three buildings and damaged several nearby businesses April 24. – KIRO 7 Seattle

25. April 25, KIRO 7 Seattle – (Washington) 3 buildings destroyed in massive North Bend explosion. A natural gas explosion at a strip mall in North Bend destroyed three buildings and damaged several nearby businesses April 24. Nearby apartments were evacuated due to concerns of additional gas explosions, while Puget Sound Energy crews worked to contain the leak. Source: http://www.kirotv.com/news/news/explosion-fire-reported-north-bend/nfhXz/

Financial Services Sector

3. April 25, Softpedia – (International) Nine members of cybercrime ring sentenced to a total of 24 years for attacks on banks. Nine men found guilty of stealing around $2.1 million from Barclays and Santander banks were sentenced by a U.K. court to serve a total of 24 years and 9 months. The group used keyboard, video, mouse (KVM) switches to transfer money from the banks, and also intercepted around one million letters to obtain payment cards that were then used to make fraudulent purchases. Source: http://news.softpedia.com/news/Nine-Members-of-Cybercrime-Ring-Sentenced-to-a-Total-of-24-Years-for-Attacks-on-Banks-439394.shtml

Information Technology Sector

19. April 25, Softpedia – (International) Heartbleed bug patched on all US government websites. Trend Micro researchers reported that less than 10 percent of Web sites remain vulnerable to the Heartbleed flaw in OpenSSL, with all U.S. government Web sites patched. Distil Networks researchers also reported that 84 percent of the top 10,000 global Web sites have applied patches to close the vulnerability. Source: http://news.softpedia.com/news/Heartbleed-Bug-patched-on-All-US-Government-Websites-439271.shtml

20. April 24, Threatpost – (International) Apache warns of faulty zero day patch for Struts. The Apache Software Foundation (ASF) released an advisory April 24 stating that a patch issued in March to close a zero day vulnerability in Apache Struts did not completely close the vulnerability. The advisory stated that a new patch would likely be released within 72 hours, and ASF provided a temporary mitigation for users to apply until then. Source: http://threatpost.com/apache-warns-of-faulty-zero-day-patch-for-struts/105691

21. April 24, SC Magazine – (International) No encryption means easy compromise of Viber location data, communications. Researchers with the University of New Haven Cyber Forensics Research & Education Group reported that the Viber text message and voice over IP (VoIP) service manages data in an unencrypted form that could allow attackers and service providers to intercept data being sent and stored. Source: http://www.scmagazine.com/no-encryption-means-easy-compromise-of-viber-location-data-communications/article/344109/

22. April 24, Threatpost – (International) NetSupport Manager vulnerability could lead to data leakage. A researcher at SpiderLabs reported finding a vulnerability in NetSupport Manager that could allow an attacker to bypass Windows and Domain credentials and remotely connect to and compromise hosts. Source: http://threatpost.com/netsupport-manager-vulnerability-could-lead-to-data-leakage/105682

23. April 24, Softpedia – (International) Spammers use non-Latin characters to evade spam filters. Kaspersky Lab researchers found that spammers have recently started replacing regular characters in spam emails with similar-looking non-Latin characters in an attempt to evade spam filters. Source: http://news.softpedia.com/news/Spammers-Use-Non-Latin-Characters-to-Evade-Spam-Filters-439215.shtml

Communications Sector

24. April 24, KIRO 7 Seattle – (Washington) Police: Wire thieves cut service to 20,000 Comcast customers. Police are searching for individuals that stole about 200 feet of fiber optic cable from power poles in Snohomish County, causing roughly 20,000 Comcast residential and business customers to lose Internet, television, and phone service April 24 until crews completed repairs. Source: http://www.kirotv.com/news/news/police-wire-thieves-cut-service-20000-comcast-cust/nfhSR/