Thursday, July 21, 2014




Complete DHS Report for July 24, 2014

Daily Report

Top Stories



 · The Pennsylvania auditor general released a report stating that the Pennsylvania Department of Environmental Protection’s oil and gas program was lacking due to inconsistencies in several key tasks. – Pittsburgh Business Times



1. July 22, Pittsburgh Business Times – (Pennsylvania) Auditor general finds fault with DEP’s gas well oversight. The Pennsylvania auditor general released a report stating that the Pennsylvania Department of Environmental Protection’s oil and gas program was lacking due to inconsistencies with cleaning up impacted water supplies, an ineffective complaint-tracking system, and that the department could not provide assurances that shale-gas wells were inspected in a timely manner, among other findings. The department responded stating that recommendations presented in the audit were being implemented. Source: http://www.bizjournals.com/pittsburgh/blog/energy/2014/07/auditor-general-finds-fault-with-deps-gas-well.html

 · Health officials issued a warning July 22 to the public in Palolo Valley, Hawaii, to stay out of several bodies of water and surf sites after more than 103,000 gallons of raw sewage leaked into Palolo Steam from an intentionally clogged sewer line. – Honolulu Star-Advertiser

18. July 22, Honolulu Star-Advertiser – (Hawaii) ‘Maliciously’ clogged Palolo manhole sends sewage to ocean. Health officials issued a warning July 22 to the public in Palolo Valley to stay out of Palolo Stream, Ala Wai Canal, Magic Island, and surf sites Bamburas, Ala Moana Bowl, Rock pile, In Betweens, and Kaisers after more than 103,000 gallons of raw sewage leaked into Palolo Steam from an intentionally clogged sewer line. Authorities continued to unclog the manhole which was deliberately plugged with clothes and tricycle parts. Source: http://www.staradvertiser.com/news/breaking/20140722_Maliciously_clogged_Palolo_manhole_sends_sewage_to_ocean.html

  · A July 22 fire at the Animo South Los Angeles Charter High School in California caused extensive damage to the building after a partial roof collapse. – KTLA 5 Los Angeles

20. July 22, KTLA 5 Los Angeles – (California) Fire causes roof collapse at Charter school in south Los Angeles area. A July 22 fire at the Animo South Los Angeles Charter High School in California caused extensive damage to the building after a partial roof collapse. Green Dot Public Schools announced that a contingency plan would be in place once classes begin August 12. Source: http://ktla.com/2014/07/22/massive-fire-causes-roof-collapse-at-los-angeles-charter-school/

  · Data collected and analyzed by CloudPhysics found that 40 percent of organizations surveyed remain vulnerable to the Heartbleed vulnerability in OpenSSL. – Help Net Security See item 30 below in the Information Technology Sector


Financial Services Sector

6. July 22, WIVB 4 Buffalo – (New York; Pennsylvania) Three charged in $850K credit card scheme. Three individuals were charged with using information from 95 credit card accounts to allegedly make fraudulent purchases from retail stores in Pennsylvania and New York between July 2013 and February 2014, which cost financial institutions over $850,000. One of the accused allegedly solicited three other individuals previously charged to make the purchases. Source: http://wivb.com/2014/07/22/three-charged-in-850k-credit-card-scheme/

7. July 22, U.S. Securities and Exchange Commission – (International) Spanish trader agrees to pay disgorgement and a penalty to settle insider trading case. A Spanish citizen and former official at Banco Santander agreed to pay around $2 million to settle U.S. Securities and Exchange Commission charges that he traded on inside information ahead of the public announcement that the Banco Santander would advise and help underwrite BHP Billiton’s proposed acquisition of Potash Corporation. The settlement includes the disgorgement of $960,806 in illicit profits and a $960,806 in civil penalties. Source: http://www.sec.gov/litigation/litreleases/2014/lr23048.htm

Information Technology Sector

28. July 23, The Register – (International) Android ransomware demands 12x more cash, targets English-speakers. Researchers at ESET identified a new version of the Simplocker ransomware for Android that displays a fake law enforcement ransom note in English and demands a higher ransom than previous versions that were written in Russian and demanded payment in Ukrainian hryvnias. The new version of the ransomware contains additional features such as the encryption of more types of files on victims’ devices and actions that make it more difficult to remove. Source: http://www.theregister.co.uk/2014/07/23/android_ransomware_simplocker_revamp/

29. July 23, Securityweek – (International) Mozilla fixes 11 vulnerabilities with release of Firefox 31. Mozilla released new versions of its Firefox Web browser and Thunderbird email client July 22, closing 11 vulnerabilities, including 3 rated as critical. Source: http://www.securityweek.com/mozilla-fixes-11-vulnerabilities-release-firefox-31

30. July 23, Help Net Security – (International) 40% of orgs running VMware still susceptible to Heartbleed. Data collected and analyzed by CloudPhysics found that 57 percent of deployed VMware vCenter servers and 58 percent of ESXi hypervisor hosts remain vulnerable to the Heartbleed vulnerability in OpenSSL, affecting 40 percent of organizations in the CloudPhysics data set. Source: http://www.net-security.org/secworld.php?id=17159

31. July 23, Help Net Security – (International) Internet Explorer vulnerabilities increase 100%. An analysis by Bromium Labs surveyed vulnerabilities in popular Web browsers and common software and found that vulnerabilities in Internet Explorer increased by more than 100 percent in the first quarter of 2014. Other findings included that Action Script Sprays were leveraged in zero day attacks and that zero day vulnerabilities in Java have declined greatly in the first quarter of 2014 compared to 2013. Source: http://www.net-security.org/secworld.php?id=17158

Communications Sector

32. July 22, KQCD 7 Dickinson – (National) Internet outage affects Midcontinent customers. About 30,000 Midcontinent Communications business and residential customers experienced a 2-hour Internet outage July 22 due to a problem with one of the cards on a mid-ring that provides services to the network. Source: http://www.kqcd.com/story/26084497/internet-outage-affects-midcontinent-customers