Monday, August 4, 2014



 
Complete DHS Report for August 4, 2014

Daily Report

Top Stories

 · A 12-inch water main ruptured in Hyattsville, Maryland, July 31 sending an estimated 6 million gallons of water gushing onto Route 1 and prompting a closure of the roadway through August 2 for repairs. – WJLA 7 Washington, D.C.
16. August 1, WJLA 7 Washington, D.C. – (Maryland) Huge water main break floods major Hyattsville road with 6 million gallons. A 12-inch water main ruptured in Hyattsville, Maryland, July 31 causing the road to buckle and sending an estimated 6 million gallons of water gushing onto Route 1. About 30 homes and businesses were without water as crews worked to repair the pipe closing a stretch of Rhode Island Avenue through the weekend of August 2. Source: http://www.wjla.com/articles/2014/07/huge-water-main-break-floods-roadway-in-hyattsville-md--105636.html

 · A boil water advisory was issued to roughly 5,000 residents in the Village of Ossining, New York, through August 3 after a water main break July 31 that left the water supply open to contamination. – WABC 7 New York City

17. August 1, WABC 7 New York City – (New York) Boil water advisory issued in Ossining after water main break. A boil water advisory was issued to roughly 5,000 residents in the Village of Ossining through August 3 after a water main break July 31 that left the water supply open to contamination. Source: http://7online.com/health/boil-water-advisory-issued-in-ossining/232302/

 · Authorities charged a DCM Erectors Inc. official July 31 with defrauding a government program of millions of dollars during work performed for the Port Authority of New York and New Jersey in the redevelopment of the World Trade Center. – Reuters

20. July 31, Reuters – (New York) World Trade Center contractor charged in multimillion-dollar fraud. The chief executive of DCM Erectors Inc., was charged by federal authorities July 31 with defrauding a government program intended to promote minority-and women-owned businesses during work performed for the Port Authority of New York and New Jersey in the redevelopment of the World Trade Center. The chief executive allegedly paid the owners of two contracting businesses to aid him in falsifying documents made to appear as though they had done work for the company. Source: http://www.reuters.com/article/2014/07/31/us-usa-crime-worldtradecenter-idUSKBN0G02ST20140731

 · Researchers from SRLabs reported developing a new piece of malware that can reprogram USB controller chips to spoof other devices, allowing an attacker to take control of a computer, steal data, and perform other actions. – Securityweek 

See item 23 below in the Information Technology Sector

Financial Services Sector

4. August 1, Softpedia – (International) New point-of-sale malware “Backoff” scrapes RAM for card data. The U.S. Computer Emergency Response Team (US CERT) published an advisory warning of a new family of malware known as “Backoff” that can compromise point-of-sale (PoS) systems by compromising remote desktop applications and then performing memory scraping to obtain payment card track data. The malware currently has very low rates of detection in most antivirus engines and contains various other capabilities including keystroke logging and injecting a malicious stub into explorer.exe to increase persistency. Source: http://news.softpedia.com/news/New-Point-of-Sale-Malware-Backoff-Scrapes-RAM-For-Card-Data-453051.shtml

5. July 31, Krebs on Security – (National) Sandwich chain Jimmy John’s investigating breach claims. Sandwich restaurant chain Jimmy John’s reported that it is working with authorities to investigate a possible breach of customer payment data. Source: https://krebsonsecurity.com/2014/07/sandwich-chain-jimmy-johns-investigating-breach-claims/

6. July 31, KUSA 9 Denver – (Colorado) ‘Good Grammar Bandit’ bank robber strikes again. The FBI believes that a suspect known as the “Good Grammar Bandit” was responsible for the robbery of a Chase Bank branch in Thornton July 29, the seventh robbery in the Denver area linked to the suspect. Source: http://www.wfmynews2.com/story/news/crime/2014/07/31/good-grammar-bandit/13442831/

Information Technology Sector

23. August 1, Securityweek – (International) USB device firmware can be reprogrammed to hide sophisticated malware. Researchers from SRLabs reported developing a new piece of malware that can reprogram USB controller chips to spoof other devices, allowing an attacker to take control of a computer, steal data, and perform other actions. The researchers plan to demonstrate the “BadUSB” malware at the upcoming Black Hat security conference. Source: http://www.securityweek.com/usb-device-firmware-can-be-reprogrammed-hide-sophisticated-malware

24. August 1, Softpedia – (International) Hackers steal video game source code. Dell SecureWorks’ Counter Threat Unit identified a group of attackers labeled Threat Group-3279 that has been observed targeting video game and entertainment companies to steal source code and create cracks or cheat codes for games. The group is believed to be associated with the China Cracking Group and leverages a variety of tools and pieces of malware, including ones created by the group. Source: http://news.softpedia.com/news/Hackers-Steal-Video-Game-Source-Code-453108.shtml

25. August 1, Securityweek – (International) “Pitty Tiger” threat actors possibly active since 2008: FireEye. Researchers at FireEye analyzed the “Pitty Tiger” advanced persistent threat group first identified by Airbus Defense & Space and found that the group may have been active since 2008. The Pitty Tiger campaign targeted a variety of sectors including the defense and telecoms industries, and is believed to be operating from China. Source: http://www.securityweek.com/pitty-tiger-threat-actors-possibly-active-2008-fireeye

26. August 1, Securityweek – (International) New ransomware uses GnuPG to encrypt files. Researchers at Symantec and Trend Micro analyzed a new piece of ransomware dubbed Trojan.Ransomcrypt.L or BAT_CRYPTOR.A that uses GNU Privacy Guard to encrypt files for ransom and can be easily updated by its controllers. Trend Micro also identified another new piece of ransomware dubbed Cryptoblocker which does not use RSA keys and appears to have been written by inexperienced writers. Source: http://www.securityweek.com/new-ransomware-uses-gnupg-encrypt-files

27. August 1, Softpedia – (International) Fiesta Exploit Kit delivers double payload. A Malwarebytes researcher reported that attackers have modified the way the Fiesta Exploit Kit delivers its malicious payload by delivering two malicious files at once to attempt to avoid antivirus detection for at least one file. Source: http://news.softpedia.com/news/Fiesta-Exploit-Kit-Delivers-Double-Payload-453143.shtml

For another story, see item 4 above in the Financial Services Sector

Communications Sector

28. July 31, U.S. Department of Labor – (West Virginia) Cell tower company cited by OSHA for safety hazards following fatality in Clarksburg, West Virginia, tower collapse in February 2014. Oklahoma-based S and S Communication Specialists Inc., was cited for two serious safety violations July 31 by the Occupational Safety and Health Administration following the February collapse of a communication tower in Clarksburg that killed two employees and a firefighter and injured two others. Proposed fines totaled $7,000. Source: https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=NEWS_RELEASES&p_id=26472

For another story, see item 25 above in the Information Technology Sector