Tuesday, June 3, 2014




Complete DHS Report for June 3, 2014

Daily Report

Top Stories

 • Federal prosecutors charged four employees at Arch Coal’s Mountain Laurel mining complex in Logan County, West Virginia, for allegedly taking almost $2 million in bribes by requiring vendors to pay kickbacks to the employees in order to do business with the coal company. – Associated Press

3. May 30, Associated Press – (West Virginia) Feds: Arch Coal workers at West Virginia mine accused of taking $2M in kickbacks from vendors. Federal prosecutors charged four employees at Arch Coal’s Mountain Laurel mining complex in Logan County, West Virginia, for allegedly taking almost $2 million in bribes from 2007 to 2012 by requiring vendors to pay kickbacks to the employees in order to do business with the coal company. A total of 10 individuals, including vendors and contractors, were charged in the scheme. Source: http://www.570news.com/2014/05/30/feds-arch-coal-workers-at-west-virginia-mine-accused-of-taking-2m-in-kickbacks-from-vendors/

 • U.S. and European law enforcement authorities and several companies cooperatively seized servers and disrupted the operations of the GameOver Zeus financial fraud botnet May 30. – Threatpost See item 6 below in the Financial Services Sector

 • The U.S. Centers for Disease Control and Prevention reported an additional 66 cases related to an ongoing Salmonella outbreak linked to live poultry from Mt. Healthy Hatcheries in Springfield Township, Ohio, bringing the case count to 126 across 26 States. – Food Safety News

16. May 31, Food Safety News – (National) 126 sickened by Salmonella in live poultry outbreak. The U.S. Centers for Disease Control and Prevention reported an additional 66 cases related to an ongoing Salmonella outbreak linked to live poultry from Mt. Healthy Hatcheries in Springfield Township, Ohio, bringing the case count to 126 since the illnesses were first announced May 8. Sicknesses related to the outbreak began between February 4 and May 15 and span across 26 States. Source: http://www.foodsafetynews.com/2014/05/126-sick-with-salmonella-in-live-poultry-outbreak

 • A database used by the Arkansas State University was breached, potentially exposing the personal information of about 50,000 individuals. – Arkansas Business

27. May 30, Arkansas Business – (Arkansas) Arkansas State notified of data breach; up to 50,000 could be affected. Arkansas State University was notified by the Arkansas Department of Human Services May 28 that a database used by the College of Education and Behavioral Science’s Department of Childhood Services was breached, potentially exposing the personal information of about 50,000 individuals. The third-party site was taken offline and authorities are investigating the incident. Source: http://www.arkansasbusiness.com/article/99018/arkansas-state-notified-of-data-breach-up-to-50000-could-be-affected

Financial Services Sector

6. June 2, Threatpost – (International) FBI, European authorities go after GameOver Zeus botnet. U.S. and European law enforcement authorities and several companies cooperatively seized servers and disrupted the operations of the GameOver Zeus botnet May 30, and are seeking a Russian citizen allegedly connected to the operation of the peer-to-peer (P2P) botnet. The botnet is used to perform wire fraud by stealing financial credentials and then transferring money to accounts controlled by its operators. Source: http://threatpost.com/fbi-european-authorities-go-after-gameover-zeus-botnet

7. June 2, Security Week – (International) Middle East hackers target government departments, U.S. financial institution. FireEye researchers identified an attack campaign targeting an undisclosed U.S. financial institution as well as government agencies in several countries that attempts to drop remote access trojans (RATs) on targets’ systems. The researchers attributed the campaign to a Middle Eastern group known as “Operation Molerats” due to the location of the attack infrastructure and the variants of the Poison Ivy and Xtreme RATs used. Source: http://www.securityweek.com/middle-east-hackers-target-government-departments-us-financial-institution

8. May 30, SC Magazine – (International) Card Recon tool repurposed by attackers to sniff out payment card data. Researchers at Arbor Networks and Trend Micro reported finding the legitimate Card Recon compliance software being used by attackers to seek out payment card data in point-of-sale (PoS) infrastructure. The legitimate software seen was cracked for use by attackers and included in attack toolkits along with PoS malware. Source: http://www.scmagazine.com/card-recon-tool-repurposed-by-attackers-to-sniff-out-payment-card-data/article/349265/

9. May 30, U.S. Securities and Exchange Commission – (Texas) SEC charges accomplice in forex trading scheme. The U.S. Securities and Exchange Commission (SEC) filed charges in federal court in Texas against a man who allegedly provided substantial assistance to KGW Capital Management and its owner as part of a fraud scheme that raised around $7.4 million from investors between 2011 and 2013 through Revelation Forex, a foreign currency exchange trading entity. Source: http://www.sec.gov/litigation/litreleases/2014/lr23010.htm

Information Technology Sector

31. June 2, Security Week – (International) New Heartbleed attack vectors impact enterprise wireless, Android devices. A security researcher detailed new attack methods for using the Heartbleed vulnerability in OpenSSL which could allow attacks over the Extensible Authentication Protocol (EAP) used in wireless networks and peer-to-peer (P2P) connections. The new vectors can threaten enterprise wireless networks, Android devices, and other connections. Source: http://www.securityweek.com/new-heartbleed-attack-vectors-impact-enterprise-wireless-android-devices

32. June 2, The Register – (International) Flaws open gates to WordPress en-masse SEO beat-down. A patch was released June 1 for the popular All in One SEO Pack plugin for WordPress, closing vulnerabilities which could allow attackers to launch privilege escalation and cross-site scripting (XSS) attacks in sites using older versions of the plugin. Users were advised to update their installations. Source: http://www.theregister.co.uk/2014/06/02/flaws_open_gates_to_wordpress_enmasse_seo_beatdown/

33. May 30, Threatpost – (International) Apache patches DoS, information disclosure bugs in Tomcat. The Apache Software Foundation released a patch for Tomcat, closing three information disclosure vulnerabilities and one denial of service issue. Users were advised to apply the patches to their installations. Source: http://threatpost.com/apache-patches-dos-information-disclosure-bugs-in-tomcat

For another story, see item 6 above in the Financial Services Sector

Communications Sector

Nothing to report