Daily Report
Top Stories
• A June 11 fire and propane tank explosion at
a Bailey Farms International hay plant in Tremonton, Utah, caused between $8
million and $10 million in damage. – KSL 5 Salt Lake City
8.
June 12, KSL 5 Salt Lake City – (Utah) $10M hay fire 'going to burn
for a long time,' fire marshal says. A fire broke out June 11 at a Bailey
Farms International hay plant in Tremonton and spread to a propane tank outside
the structure, causing an explosion that ignited piles of hay. Fire officials
stated that the fire caused between $8 million and $10 million in damage and
that it is unlikely a cause will be determined due to size and intensity of the
blaze. Source: http://www.ksl.com/?nid=148&sid=30280899
• Officials at St. Joseph Health of Sonoma
County in Santa Rosa, California, reported June 12 that a thumb drive
containing personal and medical information of 33,702 patients was stolen
during a burglary at an outpatient radiology facility June 2. – KPIX 5 San
Francisco
18.
June 12, KPIX 5 San Francisco – (California) Records of more than
33,000 patients stolen from Santa Rosa radiology facility. Officials at St.
Joseph Health of Sonoma County in Santa Rosa reported June 12 that a thumb
drive containing X-ray records of 33,702 patients was stolen during a burglary
at an outpatient radiology facility June 2. Patients’ personal information was
saved on the thumb drive which was taken from a staff member’s storage locker.
Source: http://sanfrancisco.cbslocal.com/2014/06/12/records-of-more-than-33000-patients-stolen-from-santa-rosa-radioligy-facility/
• A researcher discovered a new trojan,
Pandemiya, which contains about 25,000 lines of fresh code and has the ability
to steal data from forms, take screen shots to send back to the botmasters who
deploy it, and create fake web pages. – The Register See item 21
below in the Information Technology
Sector
• Time Warner Cable representatives reported
its Road Runner email service was down affecting 10 percent of its customers in
cities across the U.S. for several days, and stated that its engineers were
working to restore service. – WLTX 19 Columbia See item 25
below in the Communications Sector
Financial Services Sector
3. June 13, The Register – (International) Hacker claims
PayPal loophole generates FREE MONEY. A man turned white hat reported a
loophole in PayPal’s system that can be exploited to earn free money by
funneling cash into a mule account before filing for a transaction refund. The
company stated that the vulnerability is an issue with its protection policy and
did not give additional information about its ability to prevent one-off
instances of the scam. Source: http://www.theregister.co.uk/2014/06/13/hacker_claims_paypal_loophole_generates_free_money/
For another story, see item 22 below in the Information Technology Sector
Information Technology Sector
21. June 13, The Register – (International) Entirely new
trojan quietly wheeled into black hat forums. A researcher from RSA
reportedly discovered a new trojan, Pandemiya, which contains about 25,000
lines of fresh code and has the ability to steal data from forms, take screen
shots to send back to the botmasters who deploy it, and create fake web pages.
Pandemiya can be removed by tweaking registry and command line action. Source: http://www.theregister.co.uk/2014/06/13/pricey_ground_up_built_malware_constantly_infects_everything/
22. June 13, Vallejo Times Herald – (California; Utah) San
Jose: Utah woman indicted in embezzlement of $1.34 million from Mountain View
software firm. A federal grand jury indicted a former Symantec Corp.
employee June 11 on 26 charges of wire fraud and 10 counts of money laundering
for allegedly embezzling $1.34 million in funds from the California-based
company while working at its Lindon, Utah office between January 2010 and May
2012. The former employee allegedly charged unauthorized personal expenses to
company payment cards and made unapproved financial transfers to a shell
company used to reallocate funds into her personal bank account. Source: http://www.timesheraldonline.com/news/ci_25956029/san-jose-utah-woman-indicted-embezzlement-1-34
23. June 12, Securityweek – (International) Cisco fixes
XSS vulnerability in AsyncOS management interface. Cisco advised customers
to update their AsyncOS installations in order to address a cross-site
scripting (XSS) vulnerability impacting the Web management interface of the
operating system. The flaw affects Cisco Email Security Appliance (ESA) 8.0 and
earlier, Cisco Web Security Appliance (WSA) 8.0 and earlier, as well as Content
Security Management Appliance (SMA) 8.3 and earlier. Source: http://www.securityweek.com/cisco-fixes-xss-vulnerability-asyncos-management-interface
24. June 12, Securityweek – (International) Cybercriminals
targeting cloud-based PoS systems via browser attacks. IntelCrawler
researchers dubbed a form of malware, POSCLOUD, which targets vulnerabilities
in major Web browsers to compromise cloud-based PoS software typically used by
grocery stores, retailers, and other small businesses. The malware relies on
keylogging and screenshots to steal personal information and financial data.
Source: http://www.securityweek.com/attackers-targeting-cloud-based-pos-systems-browser-attacks
See Item 25 below in the Communications
Sector
Communications Sector
25.
June 12, WLTX 19 Columbia – (National) TWC’s Road Runner email
service trouble widespread. Time Warner Cable representatives reported its
Road Runner email service was down affecting 10 percent of its customers in
cities across the U.S. for several days. The company stated the issues were
intermittent and its engineers were working to restore service. Source: http://www.wltx.com/story/tech/2014/06/12/twcs-road-runner-email-service-trouble-widespread/10389201/