Tuesday, May 20, 2014




Complete DHS Report for May 20, 2014

Daily Report

Top Stories

 • Wolverine Packing Company issued a recall May 19 for about 1.8 million pounds of ground beef products due to possible E. coli O157:H7 contamination linked to 11 illnesses in 4 States between April 22 and May 2. – U.S. Department of Agriculture

11. May 19, U.S. Department of Agriculture – (National) Michigan firm recalls ground beef products due to possible E. coli O157:H7. The Food Safety and Inspection Service (FSIS) announced May 19 that Wolverine Packing Company of Detroit issued a recall for approximately 1.8 million pounds of ground beef products due to possible E. coli O157:H7 contamination. An investigation by the FSIS determined that there is a link between the ground beef products and 11 E. coli O157:H7 illnesses identified in 4 States between April 22 and May 2. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2014/recall-030-2014

 • Kraft Foods Group issued a recall May 17 for 1.2 million cases of cottage cheese when ingredients used in nearly 3 dozen products were not properly stored at a Kraft facility in California. – CNN Money

12. May 18, CNN Money – (National) Kraft recalls cottage cheese citing illness risk. Kraft Foods Group issued a recall May 17 for 1.2 million cases of Knudsen, Breakstone, Simply Kraft, and Daily Chef branded cottage cheese when ingredients used in nearly 3 dozen products were found to have not been properly stored at a Kraft facility in California. Officials halted production of the affected products and are working to resolve the issue at the facility. Source: http://money.cnn.com/2014/05/18/news/kraft-cottage-cheese-recall/

 • An employee was arrested and charged for allegedly stealing around 2,500 prescription pills from Stoll’s Pharmacy in Waterbury, Connecticut, after an audit found that around 20,000 pills were missing from the pharmacy. – WVIT 30 New Britain

19. May 16, WVIT 30 New Britain – (Connecticut) Pharmacy tech stole thousands of pills: Police. A Stoll’s Pharmacy employee was arrested and charged for allegedly stealing around 2,500 prescription pills from the Waterbury pharmacy. An audit found that around 20,000 pills were missing from the pharmacy and surveillance videos captured the technician stealing bottles of pills from a safe. Source: http://www.nbcconnecticut.com/news/local/Pharmacy-Tech-Stole-Thousands-of-Pills-Police-259539161.html

 • The U.S. Department of Justice announced criminal charges May 19 against five members of the Chinese military’s Unit 61398 for allegedly conducting cyber espionage against U.S. solar power, nuclear power, and metals manufacturing companies for the purpose of stealing trade secrets. – NBC News; Reuters See item 22 below in the Information Technology Sector


Financial Services Sector

3. May 19, The Register – (International) LifeLock snaps shut Wallet mobile app over credit card leak fears. LifeLock removed its Wallet app from application markets and deleted user data as a precaution due to undisclosed elements of the app being incompatible with the payment card industry’s Data Security Standard (PCI DSS), according to a company statement. Source: http://www.theregister.co.uk/2014/05/19/lifelock_yanks_mobile_app/

4. May 17, WHTM 27 Harrisburg – (National) Bank robberies linked to serial bandit. Police stated that the suspect in the April 4 robbery of a Union Community Bank branch in Columbia, Pennsylvania, may be responsible for at least eight other robberies in Pennsylvania and New Jersey since November 19, 2013. Police also believe that the suspect could be responsible for additional bank robberies in Delaware, Maryland, and New York. Source: http://www.abc27.com/story/25539606/bank-robberies-linked-to-serial-bandit

5. May 16, SC Magazine – (Pennsylvania) Hackers exploit vulnerability to breach Pennsylvania payroll company. Pennsylvania-based payroll processing company Paytime Inc., stated that an undisclosed number of clients may have had their personal and payment information exposed when attackers exploited a vulnerability in the company’s Client Service Center. Paytime learned of the breach April 30 and found that the breach began April 7. Source: http://www.scmagazine.com/hackers-exploit-vulnerability-to-breach-pennsylvania-payroll-company/article/347371/

Information Technology Sector

22. May 19, NBC News; Reuters – (International) U.S. charges China with cyber-spying on American firms. The U.S. Department of Justice announced criminal charges May 19 against five members of the Chinese military’s Unit 61398 for allegedly conducting cyberespionage against U.S. solar power, nuclear power, and metals manufacturing companies for the purpose of stealing trade secrets. Source: http://www.nbcnews.com/news/us-news/u-s-charges-china-cyber-spying-american-firms-n108706

23. May 19, Softpedia – (International) 81 people arrested in international operation against BlackShades RAT users. Law enforcement agencies in 13 countries arrested 81 people the week of May 12 for allegedly being involved in the creation, sale, or use of the BlackShades remote access trojan (RAT). The BlackShades RAT can be used to hijack webcams, log keystrokes, steal files, and launch denial of service (DoS) attacks and is sold on underweb markets. Source: http://news.softpedia.com/news/81-People-Arrested-in-International-Operation-Against-BlackShades-RAT-Users-442833.shtml

24. May 19, Help Net Security – (International) Record month for Linux trojans. Researchers at Dr. Web identified a record-high number of trojans for the Linux operating system thus far in the month of May, with variants of three separate trojans appearing to be created by the same author. The majority of the trojans are designed to carry out distributed denial of service (DDoS) attacks and can infect Linux desktop, server, and ARM distributions. Source: http://www.net-security.org/malware_news.php?id=2768

25. May 19, Softpedia – (International) XSS vulnerability affected comments section of hundreds of Yahoo pages. A researcher identified and reported a cross-site scripting (XSS) vulnerability affecting hundreds of Yahoo pages via the pages’ comment sections that could be used to perform a persistent XSS attack that would affect all visitors or a self-XSS attack that would only affect users if the comment with the malicious code was a popular or recent comment. Yahoo closed the vulnerability after being notified. Source: http://news.softpedia.com/news/XSS-Vulnerability-Affected-Comments-Section-of-Hundreds-of-Yahoo-Pages-442754.shtml

26. May 19, Softpedia – (International) Yahoo, Microsoft and Orange domains affected by same remote code injection flaw. A researcher identified and reported a remote code injection vulnerability affecting several subdomains belonging to Yahoo, Microsoft, Orange, and others that could allow an attacker to access an administrator panel without login credentials. The vulnerability appears to be connected to an astrology content delivery network, and Yahoo, Orange, and Microsoft closed the vulnerabilities once informed. Source: http://news.softpedia.com/news/Yahoo-Microsoft-and-Orange-Domains-Affected-by-Same-Remote-Code-Injection-Flaw-442776.shtml

27. May 16, SC Magazine – (International) Critical info on modems, load balancer, exposed via SNMP community string. Researchers at Rapid7 reported that information disclosure vulnerabilities were identified in Brocade ServerIron ADX 1016-2-PREM TrafficWork application load balancers and Ambit U10C019, Ubee DDW3611, and Netopia 3347 modems. The vulnerability can be exploited by the Simple Network Management Protocol (SNMP) public community string and can disclose Management Information Base (MIB) tables that contain device and configuration information. Source: http://www.scmagazine.com/critical-info-on-modems-load-balancer-exposed-via-snmp-community-string/article/347393/



Communications Sector

28. May 16, Olney Daily Mail – (Illinois) Friday Internet outage affects Frontier customers. Frontier Communications representatives stated that a configuration issue with a router in a company office was resolved and Internet service was restored to customers in Olney, Illinois, after a 4-hour outage May 16. Source: http://www.olneydailymail.com/article/20140516/NEWS/140519457/10054/NEWS