Tuesday, July 29, 2014


Complete DHS Report for July 29, 2014

Daily Report

Top Stories

 · Four doctors, an attorney, and several clinic employees were among the 11 allegedly involved in handing out prescription drugs for cash throughout clinics across several Indiana counties. – WTHR 13 Indianapolis
18. July 28, WTHR 13 Indianapolis – (Indiana) DEA serves search warrants at several Indiana clinics. Four doctors, an attorney, and several clinic employees were among the 11 allegedly involved in handing out prescription drugs for cash throughout clinics across several Indiana counties. The illegal drug operation was reportedly based in an office in Carmel and included four other sites where patients would receive prescriptions without any exams in exchange for cash. Source: http://www.wthr.com/story/26112815/2014/07/25/dea-serves-search-warrants-at-several-indiana-clinics

 · Crews reached 59 percent containment July 27 of the 250,514-acre Carlton Complex Fire which has destroyed an estimated 300 homes in Washington, and firefighters also reached 25 percent containment of the Chiwaukum Complex Fire in Chelan County, Washington, which has burned 12,320 acres. – KCPQ 13 Tacoma

19. July 27, KCPQ 13 Tacoma – (Washington) Carlton Complex fire burns 391 square miles, hundreds of homes. Crews reached 59 percent containment July 27 of the 250,514-acre Carlton Complex Fire which has destroyed an estimated 300 homes in north-central Washington. Firefighters also reached 25 percent containment of the Chiwaukum Complex Fire in Chelan County which has burned 12,320 acres. Source: http://q13fox.com/2014/07/26/300-homes-lost-in-carlton-complex-fire-now-59-contained-interactive-map/

 · A man from England was indicted July 24 for offenses that enabled him to access sensitive information belonging to more than 100,000 federal government employees by breaching the systems of several U.S. government entities. – Softpedia 

20. July 27, Softpedia – (International) Englishman indicted for stealing thousands of U.S. government employee records. A man from England was indicted July 24 in the Eastern District of Virginia for offenses that enabled him to access sensitive information belonging to more than 100,000 federal government employees by breaching the systems of the U.S. Department of Energy, the U.S. Sentencing Commission, FBI’s Regional Computer Forensics Laboratory, and Deltek, Inc., among several others. The man was able to exploit a security vulnerability in Adobe ColdFusion gaining administrator-level access to the networks using custom file managers. Source: http://news.softpedia.com/news/Englishman-Indicted-for-Stealing-Thousands-of-US-Government-Employee-Records-452280.shtml

 · One person was killed and at least 13 others were injured July 27 when a lightning bolt struck the water and beach at Venice Beach in Los Angeles, California. – CNN 

31. July 28, CNN – (California) One dead, 13 injured after lightning strikes at Southern California beach. One person was killed and at least 13 others were injured July 27 when a lightning bolt struck the water and beach at Venice Beach in Los Angeles. Lightning also struck near a golf course on Catalina Island, injuring one individual. Source: http://www.reuters.com/article/2014/07/28/us-usa-lightning-idUSKBN0FW0TJ20140728


Financial Services Sector

6. July 25, U.S. Securities and Exchange Commission – (National) Citigroup business unit charged with failing to protect confidential subscriber data while operating alternative trading system. New York-based LavaFlow Inc., agreed July 25 to pay $5 million to settle U.S. Securities and Exchange Commission charges that the Citigroup business unit failed to safeguard the confidential trading data of its subscribers when it allowed an affiliate to access the LavaFlow-operated alternative trading system (ATS). Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542371114#.U9Zy6fldVKI

For another story, see item 20 above in Top Stories

Information Technology Sector

24. July 28, Softpedia – (International) XSS flaw fixed in Barracuda Spam and Virus Firewall. Vulnerability Laboratory researchers discovered a non-persistent cross-site scripting (XSS) vulnerability in the Barracuda Spam and Virus Firewall web application affecting versions 5.1.3 and earlier that allowed a potential attacker to hijack session information or execute a non-persistent code. The vulnerability was patched July 15 after researchers notified the developer. Source: http://news.softpedia.com/news/XSS-Flaw-Fixed-in-Barracuda-Spam-and-Virus-Firewall-452377.shtml

25. July 26, Softpedia – (International) Remotely exploitable flaws fixed in Siemens SCADA system. Siemens patched 5 vulnerabilities discovered in its SIMATIC industrial automation system, four of them presenting remote exploitation risk, after an advisory by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) which explained that the flaws resided in the SIMATIC WinCC product which is a supervisory control and data acquisition (SCADA) system. Source: http://news.softpedia.com/news/Remotely-Exploitable-Flaws-Fixed-in-Siemens-SCADA-System-452219.shtml

26. July 25, Softpedia – (International) XML-RPC abused in brute-force attacks against WordPress sites. Sucuri researchers found new brute-force attacks delivered against WordPress Web sites leverage the XML-RPC protocol and the wp.getUersBlogs function have increased since July 4 with 2 million attempts originating from 17,000 different IP addresses. Source: http://news.softpedia.com/news/XML-RPC-Abused-In-Brute-Force-Attacks-Against-WordPress-Sites-452143.shtml

For another story, see item 20 above in Top Stories

Communications Sector

27. July 27, Juneau Empire – (Alaska) ACS restores service to southeast customers. Internet and cell phone service was restored July 26 to Alaska Communications customers in southeast Alaska after an underwater fiber optic cable was severed due to an earthquake July 25. Other network carriers were able to provide service to customers while crews continued work to repair the cable. AT&T cell service was also down due to the damaged cable that hindered service for several hours. Source: http://juneauempire.com/local/2014-07-25/acs-restores-service-southeast-customers