Friday, July 25, 2014




Complete DHS Report for July 25, 2014

Daily Report

Top Stories

 · The New Jersey Board of Utilities approved a $102.5 million New Jersey Natural Gas project meant to harden its distribution and transmission system from damage caused by severe storms. – Asbury Park Press

2. July 23, Asbury Park Press – (New Jersey) Gas utility will spend $102.5M on improvements. The New Jersey Board of Utilities approved a $102.5 million New Jersey Natural Gas project meant to harden its distribution and transmission system from damage caused by severe storms. The 5-year project will consist of six targeted projects meant to help mitigate the number and duration of outages and improve the utility’s ability to respond and control service outages. Source: http://www.app.com/story/money/business/2014/07/23/gas-utility-will-spend-m-improvements/13059399/

· Six individuals were charged in connection with an alleged cybercrime ring that took over accounts on the online ticket marketplace StubHub, used victims’ payment cards to make purchases of around $1 million, and then launder the proceeds through accounts in several countries. – Help Net Security See item 6 below in the Financial Services Sector

· Route 5 in Camdenton, Missouri, was closed for 6 hours after a fatal accident on the Niangua Bridge that killed four people and injured a fifth July 23. – KRCG 13 Jefferson City

12. July 23, KRCG 13 Jefferson City – (Missouri) Fatal crash closes Niangua Bridge in Camden County. Route 5 in Camdenton was closed for 6 hours after a fatal accident on the Niangua Bridge that killed four people and injured a fifth July 23 when a dump truck crossed over the centerline and crashed into an oncoming vehicle. Officials determined that the dump truck’s tire went flat causing the driver to lose control. Source: http://www.connectmidmissouri.com/news/story.aspx?id=1073821
 
· The TerraMar Apartments complex under construction in Santa Rosa Beach, Florida, caught fire July 23, rendering the building a total loss and causing an estimated $2.75 million in damage. – Fort Walton Beach Daily News

33. July 23, Fort Walton Beach Daily News – (Florida) Fire destroys new apartment complex. The TerraMar Apartments complex under construction in Santa Rosa Beach caught fire July 23, rendering the building a total loss and causing an estimated $2.75 million in damage. The source of the fire was deemed undetermined, while fire officials ruled lightning, electrical, and natural gas as probable causes. Source: http://www.nwfdailynews.com/local/photos-fire-destroys-new-apartment-complex-1.349451

Financial Services Sector

6. July 24, Help Net Security – (International) Six men charged in StubHub cyber-theft case. Six individuals were charged in the U.S. in connection with an alleged cybercrime ring that took over accounts on online ticket marketplace StubHub, used victims’ credit cards to purchase tickets to various entertainment events in New York City, sell the tickets, and then launder the proceeds through PayPal accounts and bank accounts in the U.S., U.K., Canada, Germany, and Russia. The alleged fraud totaled around $1 million and affected over 1,000 user accounts. Source: http://www.net-security.org/secworld.php?id=17164

7. July 24, Associated Press – (Texas) Texan pleads guilty in oil, gas investment scam. A Fort Worth man pleaded guilty July 23 to running an investment scam by purporting to be the founder of a company called Blue Alpha Energy and soliciting around $5.8 million from around 45 investors that was then diverted to accounts and businesses he controlled. Source: http://www.brownsvilleherald.com/news/texas/article_580a2054-334f-54eb-98cf-d0479364bf70.html

For another story, see item 32 below from the Commercial Facilities Sector

32. July 23, Tampa Bay Times – (National) Tampa man accused of scamming Apple out of $309,768. U.S. Secret Service officials arrested and charged a Florida man for allegedly scamming Apple stores in 16 States out of a collective $309,768 by tricking clerks into accepting fake authorization codes to override a declined credit or debit card, a practice known as “forced sale”. The suspect is accused of running the scheme 42 times, as well as trying to defraud a car rental company and a Seattle hotel. Source: http://www.tampabay.com/news/courts/criminal/tampa-man-accused-of-scamming-apple-out-of-309768/2189776

Information Technology Sector

25. July 24, The Register – (International) 50,000 sites backdoored through shoddy WordPress plugin. A researcher with Sucuri reported that around 50,000 Web sites were vulnerable to malware injection, defacement, and spam due to a vulnerability in the MailPoet plugin for WordPress. The vulnerability can affect Web sites that do not run MailPoet if the vulnerable plugin is present elsewhere on the same server. Source: http://www.theregister.co.uk/2014/07/24/50000_sites_backdoored_through_shoddy_wordpress_plugin/

26. July 24, Softpedia – (International) Fake Googlebots used for layer 7 DDoS attacks. Incapsula issued a report that shows how malicious Web crawlers that mimic Googlebots to bypass security are being used for various malicious purposes. The majority of the fake crawlers were used for collecting marketing information while 23.5 percent were used for application layer distributed denial of service (DDoS) attacks. Source: http://news.softpedia.com/news/Fake-Googlebots-Used-for-Layer-7-DDoS-Attacks-451984.shtml

27. July 23, V3.co.uk – (International) DDoS attackers turn attention to SaaS and PaaS systems, Akamai reports. Akamai released its Q2 2014 Global DDoS Attack Report, which found a 22 percent increase in distributed denial of service (DDoS) attack activity in the second quarter of 2014. The report also found that around half of DDoS attacks targeted IT infrastructure, with vendors of cloud services such as Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) being common targets. Source: http://www.v3.co.uk/v3-uk/news/2356828/ddos-attackers-turn-attention-to-saas-and-paas-systems-akamai-reports

28. July 23, The Register – (International) Apple fanbois SCREAM as update BRICKS their Macbook Airs. Users of Apple’s 2011 Macbook Air reported experiencing nonresponsive systems after applying a version 2.9 EFI firmware update to their systems, while others reported difficulties installing the update. Source: http://www.theregister.co.uk/2014/07/23/apple_macbook_air_update_bricks_fanbois_machines/

29. July 23, Securityweek – (International) Metro News website compromised to serve malware. Researchers at Websense reported July 22 that the Web site of newspaper Metro.us was compromised and used to redirect visitors to a malicious Web site hosting the RIG exploit kit. The RIG exploit kit then attempts to exploit any present vulnerabilities in users’ software to install a piece of malware identified as Win32/Simda. Source: http://www.securityweek.com/metro-news-website-compromised-serve-malware-rig-exploit-kit

Communications Sector

30. July 23, Softpedia– (National) Wall Street Journal acknowledges system breach. The Wall Street Journal confirmed that its systems were compromised when an attacker gained access to news site’s graphics servers, but that an ongoing investigation did not reveal any signs of damage or tampering. An individual using the handle “w0rm” known for breaching the systems of CNET claimed responsibility and stated that they were willing to sell a database stolen in the breach for one Bitcoin. Source: http://news.softpedia.com/news/Wall-Street-Journal-Acknowledges-System-Breach-451796.shtml

31. July 22, Meadville Tribune – (Pennsylvania) Windstream to probe lines after major phone outage. At least 8,400 residences and businesses lost Windstream Communications phone service for approximately 12 hours July 22 when a City of Meadville crew cut a fiber optic cable while fixing a curb at an intersection. Windstream Communications officials are assessing the incident and the city’s configuration of the fiber optic line network infrastructure. Source: http://www.meadvilletribune.com/local/x1618740171/Windstream-to-probe-lines-after-major-phone-outage

For another story, see item 29 above in the Information Technology Sector