Daily Report
Top Stories
• Officials from Freedom Industries proposed
June 14 to double its runoff pumping capacity and indefinitely post contractors
at its chemical facility in Charleston, West Virginia, after regulators ordered
the company to fix a storm water collection trench that overflowed into the Elk
River June 12 and 13. – Charleston Gazette
4.
June 14, Charleston Gazette – (West Virginia) Freedom proposes runoff
control steps in face of DEP orders, water company criticism. Officials
from Freedom Industries proposed June 14 to double its runoff pumping capacity
and indefinitely post contractors at its chemical facility in Charleston, West
Virginia, after regulators ordered the company to fix a storm water collection
trench that overflowed into the Elk River June 12 and 13. Water company
officials reported that 6 samples taken after the overflow yielded no detection
of hazardous chemicals after the company closed 2 pumps for 3 hours as a
precaution. Source: http://www.wvgazette.com/article/20140614/GZ01/140619571
• The U.S. Securities and Exchange Commission
filed charges June 13 against four California men for allegedly engaging in
insider trading of Ross Stores stocks that resulted in $12 million in illicit
profits. – U.S. Securities and Exchange Commission See item 11 in
the Financial Services Sector
• Crews in Bakersfield, California, worked to
contain the 2,000-acre Shirley Fire June 15 while more than 1,000 threatened
residences were ordered to evacuate. – CBS News
27.
June 16, CBS News – (California) Race against time in battle vs.
California wildfire threatening more than 1,000 homes. Crews in
Bakersfield, California, worked to contain the 2,000-acre Shirley Fire June 15
while more than 1,000 threatened residences were ordered to evacuate. At least
2 structures near the Sequoia National Forest were destroyed by the fire.
Source: http://www.cbsnews.com/news/race-against-time-in-battle-vs-california-wildfire-threatening-more-than-1000-homes/
• Ball State University in Indiana announced
June 13 that the university was the victim of two investment fraud schemes
allegedly made by a former director of cash and investments that cost the
university $13.1 million. – Muncie Star Press
32.
June 13, Muncie Star Press – (Indiana; New York) Ball State reveals
second fraud case of $5 million. Ball State University in Indiana announced
June 13 that the university was the victim of two investment fraud schemes
allegedly made by a former director of cash and investments including an $8.1
million investment scandal reported to federal prosecutors in New York City and
a separate $5 million fraud investment. Source: http://www.thestarpress.com/article/20140614/NEWS01/306140015/Ball-State-University-fraud-financial-fraud
Financial Services Sector
7. June 16, Threatpost – (International) Dyreza banker
trojan seen bypassing SSL. Researchers identified a new banking trojan
known as Dyre or Dyreza that uses browser hooking to intercept traffic moving
between victims' systems and their intended Web site, allowing attackers to
bypass SSL protections and redirect traffic through the attackers' servers.
Researchers at CSIS Group found that the trojan is spread through spam messages
and then contacts command and control servers, some of which are located in
Latvia. Source: http://threatpost.com/dyreza-banker-trojan-seen-bypassing-ssl/106671
8. June 16, Financial Industry Regulatory Authority –
(National) FINRA fines Merrill Lynch $8 million; over $89 million repaid to
retirement accounts and charities overcharged for mutual funds. The
Financial Industry Regulatory Authority (FINRA) - stated June 16 that it fined Merrill Lynch $8 million for the company's
failure to waive mutual fund sales charges for some retirement accounts and
charities, and ordered the company to pay $24.4 million in restitutions.
Merrill Lynch previously repaid another $64.8 million to investors who were
overcharged. Source: http://www.finra.org/Newsroom/NewsReleases/2014/P530005
9. June
14, Krebs on Security – (National) P.F. Chang's confirms credit card
breach. P.F. Chang's Chinese Bistro stated June 14 that it had confirmed
that it was the victim of a customer payment card data breach affecting an
unknown number of customers. The company stated that it has temporarily
switched to manual payment card imprinting to process transactions while the
breach continues to be investigated. Source: http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/
10. June
14, DNAinfo Chicago – (Illinois) Man accused of skimming 200 Chase Bank
ATM cards: Prosecutors. A Romanian national was arrested June 12 in Chicago
and was charged for allegedly placing skimming devices on Chase Bank ATMs in
the city's North Side area, resulting in the theft of data from 200 cards.
Source: http://www.dnainfo.com/chicago/20140614/chicago/man-accused-of-skimming-200-chase-bank-atm-cards-prosecutors
11. June
13, U.S. Securities and Exchange Commission – (California) SEC charges
four California residents in $12 million insider trading scheme. The U.S.
Securities and Exchange Commission filed charges June 13 against four
California men for allegedly engaging in insider trading of Ross Stores stocks
that resulted in $12 million in illicit profits. One of the accused worked in
the finance department of Ross Stores headquarters and allegedly passed on
insider information to three others in order to trade on the nonpublic
information. Source: http://www.sec.gov/litigation/litreleases/2014/lr23022.htm
Information Technology Sector
34. June 16, Softpedia –
(International) NAS boxes "pwned" by crypto currency miner. Researchers
with Dell SecureWorks released a report which showed how an attacker was able
to utilize vulnerabilities in the DiskStation Manager (DSM) operating system
used in Synology network access storage (NAS) devices to plant the CPUMiner
crypto currency mining malware. The attacker used the malware to mine over
$600,000 in the Dogecoin crypto currency, though the vulnerabilities were later
patched by Synology. Source: http://news.softpedia.com/news/NAS-Boxes-Pwnwed-by-Crypto-Currency-Miner-446883.shtml
35. June 13, Threatpost –
(International) ISC patches critical DoS vulnerability in BIND. The
Internet Systems Consortium (ISC) reported June 11 that a vulnerability exists
in some BIND domain name system (DNS) servers that could allow attackers to
perform denial of service (DoS) attacks by sending a specially designed query.
The ISC advised users to update to the newest version of BIND, which is not
vulnerable. Source: http://threatpost.com/isc-patches-critical-dos-vulnerability-in-bind/106653
For another story, see item 7 above in the Financial Services Sector
Communications Sector
36.
June 13, Softpedia – (National) AT&T customer details accessed
without authorization. Some AT&T customers were informed by letter that
employees at one of the company's service providers may have accessed personal
identifiable information, including Social Security numbers, without
authorization somewhere between April 9 and April 21. Source: http://news.softpedia.com/news/AT-T-Customer-Details-Accessed-without-Authorization-446701.shtml
37.
June 13, KOVR 13 Sacramento – (California) Comcast, Verizon outage in
Vacaville, Fairfield caused by construction crews. Customers of Comcast and
Verizon in the Vacaville and Fairfield areas of California experienced outages
for several hours due to a construction crew cutting a fiber optic line that
serves both companies. Crews were on the scene making repairs. Source: http://sacramento.cbslocal.com/2014/06/13/major-comcast-outage-affecting-internet-customers-from-roseville-to-san-jose/