Friday, June 6, 2014




Complete DHS Report for June 6, 2014

Daily Report

Top Stories

 • Officials said June 4 that a contractor who dumped a massive pile of dirt over several years next to an Interstate 495 bridge in Delaware may have caused the ground to shift underneath the bridge, causing structural columns to tilt, and prompting officials to shut the bridge down indefinitely. – Associated Press

10. June 4, Associated Press – (Delaware) Massive dirt pile may have led to bridge closure. Officials said June 4 that a contractor who dumped a massive pile of dirt about two stories high and 100 yards long over several years next to an Interstate 495 bridge in Delaware may have caused the ground to shift underneath the bridge, causing four structural columns to tilt and prompting officials to shut the bridge down indefinitely until repairs can be made. Source: http://www.seattlepi.com/news/us/article/Crucial-East-Coast-highway-bridge-remains-closed-5527088.php

 • A security researcher identified a remotely exploitable vulnerability in all versions of OpenSSL that could be used in a man-in-the-middle (MitM) attack to decrypt traffic between vulnerable clients and servers. – Threatpost See item 24 below in the Information Technology Sector

 • A 5-alarm fire broke out June 5 at an apartment building in New York City’s Staten Island, injuring at least 34 people, including 23 firefighters. – WNBC 4 New York City

26. June 5, WNBC 4 New York City – (New York) Father throws kids out window to escape Staten Island blaze; 34 hurt: FDNY. A 5-alarm fire broke out June 5 at an apartment building in the Rosebank neighborhood of New York City’s Staten Island, injuring at least 34 people, including 23 firefighters. The cause of the fire that rendered the 5-unit building uninhabitable is under investigation. Source: http://www.nbcnewyork.com/news/local/Fire-Rosebank-Staten-Island-4-Alarm-Injuries-261933161.html

 • Police are investigating after up to four suspects broke into Gold Dimensions in Puyallup, Washington, June 1, cut through a wall behind the store’s safe, and stole nearly $1 million in jewelry. – KING 5 Seattle

30. June 3, KING 5 Seattle – (Washington) "Professionals" steal $1 million in jewelry from Puyallup store. Police are investigating after up to four suspects broke into Gold Dimensions in Puyallup June 1, cut through a wall behind the store’s safe, and stole nearly $1 million in jewelry. Source: http://www.king5.com/news/local/Puyallup-jewelery-store-robbed-by-professionals-261779001.html

Financial Services Sector

3. June 5, Help Net Security – (California) American Express credit card data exposed. American Express announced June 2 that over 76,000 cardholders in California may have had their payment card information disclosed in a batch of payment card information exposed by a hacktivist group in March. Many of the cards in the larger March breach appeared to come from older leaks and not from a new breach. Source: http://www.net-security.org/article.php?id=2034

4. June 5, WYFF 4 Greenville – (South Carolina; Florida) Secret Service: Men recruited to set up ATM skimmers in Greenville. Police in Greenville, South Carolina, arrested two men who arrived in the area May 31 and were suspected of installing ATM skimming devices to collect payment card data from bank ATMs in Greenville and Spartanburg. The men admitted during an interview with U.S. Secret Service agents to being given a list of locations to target by a man from Miami who instructed them to place skimmers and pinhole cameras on the listed ATMs. Source: http://www.wyff4.com/news/secret-service-men-recruited-to-set-up-atm-skimmers-in-greenville/26342786

5. June 4, Bloomberg News – (International) Ex-ConvergEx trader charged with fraud over trade markups. A Bermuda-based former ex-ConvergEx trader appeared before a judge in New Jersey June 4 after being indicted for allegedly making false reports with fabricated details about trades, causing ConvergEx clients to lose over $5.1 million. Source: http://www.bloomberg.com/news/2014-06-04/ex-convergex-trader-charged-with-fraud-over-trade-markups.html

6. June 4, WCBS 2 New York City – (New York) FBI: ‘Gatsby Bandit’ arrested, charged in Manhattan bank robbery. FBI agents arrested a suspect known as the “Gatsby Bandit” June 3 and charged him with the robbery of an HSBC Bank branch May 27 in New York City. The suspect is also believed to be connected to three other bank robberies in the Queens area of the city. Source: http://newyork.cbslocal.com/2014/06/04/fbi-gatsby-bandit-arrested-charged-in-manhattan-bank-robbery/
 
Information Technology Sector

24. June 5, Threatpost – (International) New OpenSSL MitM flaw affects all clients, some server versions. A security researcher identified a remotely exploitable vulnerability in all versions of OpenSSL that could be used in a man-in-the-middle (MitM) attack to decrypt traffic between vulnerable clients and servers. The researcher reported that the vulnerability appears to have existed in OpenSSL’s code since 1998 Source: http://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions

25. June 5, Softpedia – (International) Skype users face security risk due to unencrypted data. Solutionary researchers reported in the company’s May Threat Report that Skype users’ personal information and chat transcripts could be vulnerable to attackers due to the data being kept in an unencrypted file on the local system in Windows and Linux. The files are hidden by default but could easily be found by an attacker. Source: http://news.softpedia.com/news/Skype-Users-Face-Security-Risk-Due-to-Unencrypted-Data-445414.shtml

For another story, see item 8 below from the Transportation Systems Sector

8. June 5, Nextgov – (National) Flaw lets hackers control electronic highway billboards. The U.S. Department of Homeland Security advised transportation operators June 4 of a hard-coded password vulnerability discovered in Daktronics Vanguard highway notification sign configuration software which could allow hackers to gain unauthorized access to the highway signs. The vendor was notified and is working to fix the issue. Source: http://www.nextgov.com/cybersecurity/2014/06/flaw-lets-hackers-control-electronic-highway-billboards/85849/

Communications Sector

Nothing to report