Thursday, June 12, 2014




Complete DHS Report for June 12, 2014

NOTE:  I am sure that most of you that follow my blog know that it is based on the DHS published report and that I am timely in publishing my blog.  Today is the first time that I have seen DHS publish its report after 6PM.  I am not sure what the problem was.  Do you?  If you do, please let me know at DHS@e-computer-security.com.

Daily Report

Top Stories

 • Authorities closed a section of beach in Gulfport, Mississippi, June 10 after an estimated 56,000 gallons of sewage spilled from a manhole cover on U.S. 90. – Biloxi Sun Herald

21. June 10, Biloxi Sun Herald – (Mississippi) Sewage spill closes central Gulfport beach waters. The Mississippi Department of Environmental Quality reported June 10 that an estimated 56,000 gallons of sewage spilled from a manhole cover on U.S. 90 into the Mississippi Sound, prompting officials to close a section of Central Beach in Gulfport until bacteria levels return to normal. The manhole was filled with concrete, causing the spill. Source: http://www.sunherald.com/2014/06/10/5640003/sewage-spill-closes-central-gulfport.html

 • An armed shooter was found dead in a bathroom at Reynolds High School in Troutdale, Oregon, June 10 in an apparent suicide after the suspect entered the high school, shot and killed a student, and injured a teacher. The school was evacuated while police investigated the incident. – Associated Press

24. June 10, Associated Press – (Oregon) Police ID victim of Oregon shooting as 14-year-old. An armed shooter was found dead in a bathroom at Reynolds High School in Troutdale, Oregon, June 10 in an apparent suicide after the suspect entered the high school, shot and killed a student, and injured a teacher. The school was evacuated while police investigated the incident. Source: http://news.msn.com/crime-justice/police-id-victim-of-oregon-shooting-as-14-year-old

 • Authorities in Savannah, Georgia, unsealed an indictment June 10 charging 54 individuals for allegedly being involved in the purchase of more than $18 million in government vouchers and food stamp benefits for cash. – Macon Telegraph 

25. June 10, Macon Telegraph – (Georgia) Macon, Byron residents indicted in huge food stamp fraud case. Authorities in Savannah unsealed an indictment June 10 charging 54 individuals for their alleged involvement in the purchase of more than $18 million in government vouchers and food stamp benefits for cash through several grocery stores set up across Georgia. An additional 34 defendants were charged separately for allegedly selling their Women, Infant and Children vouchers and food stamps for cash. Source: http://www.macon.com/2014/06/10/3142523/macon-byron-residents-indicted.html

 • Firefighters responded to the Oak Park Mall in Overland Park, Kansas, June 11 when a water flow alarm was triggered due to two water main breaks that flooded a portion of the mall with inches of water. – KCTV 5 Kansas City

35. June 11, KCTV 5 Kansas City – (Kansas) Water main break floods parts of Oak Park Mall. Firefighters responded to the Oak Park Mall in Overland Park June 11 when a water flow alarm was triggered due to two water main breaks that flooded a portion of the mall with inches of water. Thirteen stores and some kiosks suffered water damage but most were expected to reopen by the end of the day. Source: http://www.kctv5.com/story/25748003/water-main-break-affecting-stores-at-oak-park-mall

Financial Services Sector

8. June 11, IDG News Service – (National) Food chain, PF Chang’s, investigates possible card breach. Restaurant chain P.F. Chang’s reported that it is investigating a potential data breach after a large batch of stolen payment card information data was spotted by Hold Security researchers on the Rescator underweb marketplace and appeared to originate from the chain. Source: http://www.networkworld.com/article/2362008/security/food-chain-pf-changs-investigates-possible-card-breach.html

9. June 10, Bloomberg News – (International) Ex-Rabobank trader pleads guilty to Libor scheme, U.S. says. A former Rabobank Group trader pleaded guilty in U.S. court June 10 to charges of wire fraud and bank fraud for conspiring to manipulate the London interbank offered rate (LIBOR) used to determine benchmark interest rates. Rabobank previously agreed to a $325 million settlement with the U.S. to resolve charges that the bank was involved in LIBOR manipulation. Source: http://www.bloomberg.com/news/2014-06-10/ex-rabobank-trader-pleads-guilty-to-libor-scheme-u-s-says-1-.html

10. June 10, Hawaii Reporter – (Hawaii) Star Advertiser credit card breach could impact hundreds, if not thousands, of customers. Two women were charged in Hawaii with allegedly conspiring to steal a box of client records from the Honolulu Star Advertiser newspaper following a break-in for use in payment card fraud. Police stated that they believe the two women were acting as part of a larger payment card fraud ring. Source: http://www.hawaiireporter.com/star-advertiser-credit-card-breach-could-impact-thousands-of-customers/123

11. June 10, Securityweek – (International) New Zeus variant targeting online banking users in Canada. Security researchers at Trusteer identified a new variant of the Zeus banking trojan known as Zeus.Maple that has been in use since January 2014 and is primarily targeting major Canadian financial institutions. The variant improves on features from past versions but does not add new functionality. Source: http://www.securityweek.com/new-zeus-variant-targeting-online-banking-users-canada

For another story, see item 16 below from the Transportation Systems Sector

16. June 10, Fort Lauderdale Sun-Sentinel – (Florida) Ex-postal worker charged with stealing checks from the mail. A former U.S. Postal Service worker and a co-conspirator were charged June 10 with taking 20 checks worth $33,109 from mailed envelopes. The former U.S. Postal Service employee would allegedly steal the checks and visit ATM machines along with the co-conspirator in Broward and Miami-Dade counties and deposit them. Source: http://articles.sun-sentinel.com/2014-06-10/news/fl-postal-employee-check-theft-20140610_1_ex-postal-worker-checks-darden

Information Technology Sector

28. June 11, The Register – (International) Feedly DDoSed by ransom-threat crims: ‘We refused to give in.’ News aggregator service Feedly was knocked offline June 11 by a distributed denial of service (DDoS) attack after the company refused to pay attackers a ransom to stop the attack. Other entities were targeted by the same group, with Evernote reporting being knocked offline for a time by another DDoS attack. Source: http://www.theregister.co.uk/2014/06/11/feedly_ddos_ransom_attack/

29. June 10, Threatpost – (International) Microsoft patches IE8 zero day, critical Word bug. Microsoft released its June round of Patch Tuesday updates, with a total of seven updates. Included was a patch for a zero day vulnerability in Internet Explorer 8, as well as a vulnerability in Word 2007. Source: http://threatpost.com/microsoft-patches-ie8-zero-day-critical-word-bug

30. June 10, SC Magazine – (International) Online gambling site hit by five-vector DDoS attack peaking at 100Gbps. Incapsula reported that it responded to a distributed denial of service (DDoS) attack on a customer’s online gambling Web site June 6 that used five different vectors to create a 100 gigabits per second attack. Source: http://www.scmagazine.com/online-gambling-site-hit-by-five-vector-ddos-attack-peaking-at-100gbps/article/355020/

31. June 10, Dark Reading – (International) Zeus being used in DDoS, attacks on cloud providers. Researchers with the Prolexic Security Engineering and Response Team released a threat advisory that describes how the Zeus trojan and toolkit is being equipped with new payloads to perform attacks outside its usual use in banking fraud. Zeus was identified being used in a variety of attacks including distributed denial of service (DDoS), spam, virtual currency mining, and attacks on platform as a service (PaaS) and software as a service (SaaS) infrastructure. Source: http://www.darkreading.com/zeus-being-used-in-ddos-attacks-on-cloud-providers/d/d-id/1269554

For another story, see item 11 above from the Financial Services Sector

\Communications Sector

32. June 11, Mlive.com – (Michigan) Verizon Wireless, Sprint and AT&T customers in Jackson area without service, no timetable given for restoration. Cellular service for Verizon Wireless, AT&T, and Sprint customers in Jackson, Michigan, was down indefinitely June 10 due to an issue with a tower in Detroit. Source: http://www.mlive.com/news/jackson/index.ssf/2014/06/verizon_wireless_customers_in.html

33. June 10, Alexander City Outlook – (Alabama) Verizon customers without service after fiber cut. An AT&T fiber optic cable was cut due to storms near Sylacauga, Alabama, resulting in a loss of service for 22 cell towers in the area, which caused Windstream and Verizon Wireless customers to lose cellular service June 10. Crews worked to repair the damaged fiber optic cable. Source: http://www.alexcityoutlook.com/2014/06/10/breaking-verizon-customers-without-service-after-fiber-cut/