Complete DHS Report for September 11, 2014

Daily Report

Top Stories

 · A chemical reaction at the Havilland Enterprises, Inc. chemical facility in Grand Rapids, Michigan, September 9 created a vapor release that produced a large gas cloud above the building and led to the evacuation of nearby homes and businesses for over 3 hours.– WOOD 8 Grand Rapids

2. September 9, WOOD 8 Grand Rapids – (Michigan) 2nd hazmat incident at Haviland this year. A chemical reaction at the Havilland Enterprises, Inc. chemical facility in Grand Rapids September 9 created a vapor release that triggered the plant’s sprinkler system and produced a large gas cloud above the building. An evacuation order for homes and businesses in the northwest area of the city was lifted over 3 hours later when authorities cleared the scene and determined the air quality to be safe. Source: http://woodtv.com/2014/09/09/grpd-hazmat-situation-at-haviland-industries/

· Six individuals and six corporate entities were indicted September 9 for allegedly laundering around $500 million in proceeds from fraudulent securities transactions involving more than 100 U.S. citizens and residents– U.S. Attorney’s Office, Eastern District of New York See item 4 below in the Financial Services Sector

 · One northbound lane of Highway 101 in Carpinteria, California, was closed for 9 hours for investigation September 9 when the driver of a pickup truck entered a lane that was closed for construction and crashed into a construction truck, killing the driver of the pickup.– KEYT 3 Santa Barbara

5. September 9, KEYT 3 Santa Barbara – (California) Santa Barbara man identified in fatal Highway 101 morning crash. One northbound lane of Highway 101 in Carpinteria was closed for 9 hours for investigation September 9 when the driver of a pickup truck entered a lane that was closed for construction and crashed into a Granite Construction truck, killing the driver of the pickup. Source: http://www.keyt.com/news/one-man-dead-after-early-morning-crash-in-carpinteria/27932506

· Sensys Networks, a company that manufactures sensor devices used in wireless traffic control systems, announced September 5 that it released software updates for its products to protect systems against attacks exploiting a lack of encryption or insufficient authentication methods.– Securityweek

7. September 9, Securityweek – (International) Vendor fixes vulnerabilities in wireless traffic sensors. Sensys Networks, a company that manufactures sensor devices used in wireless traffic control systems, announced September 5 that it released software updates for its products to address security vulnerabilities and protect systems against attacks caused by lack of encryption or sufficient authentication methods. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory stating that the issues affect Sensys Networks VSN240-F and VSN240-T systems and advised operators to update their software installations. Source: http://www.securityweek.com/vendor-fixes-vulnerabilities-wireless-traffic-sensors

Financial Services Sector

4. September 9, U.S. Attorney’s Office, Eastern District of New York – (International) Six corporate executives and six corporate entities indicted for orchestrating a $500 million offshore asset protection, securities fraud, and money laundering scheme. Six individuals from the U.S., Canada, Belize, and the Bahamas and six corporate entities were indicted September 9 for allegedly operating an elaborate scheme to enable U.S. citizens to circumvent and evade securities and tax laws by setting up fake companies to evade taxes and engage in money laundering. The alleged scheme laundered around $500 million between 2009 and 2014. Source: http://www.fbi.gov/newyork/press-releases/2014/six-corporate-executives-and-six-corporate-entities-indicted-for-orchestrating-a-500-million-offshore-asset-protection-securities-fraud-and-money-laundering-scheme

For additional stories, see items 27 and 28 below from the Commercial Facilities Sector

27. September 9, WTVT 13 Tampa – (Florida) Police: Beef O' Brady's electronic payment network hacked. Police reported that the electronic payment network of four Beef O’ Brady’s restaurants in Florida was breached and customers’ payment card information was stolen. The company has taken steps to ensure the security of the systems since the issue was identified. Source: http://www.myfoxtampabay.com/story/26486959/police-beef-o-bradys-electronic-payment-network-hacked

28. September 9, Softpedia – (International) Yandy.com hacked, financial information exposed. Yandy.com notified its customers that a Web-based database hosting customers’ information, including payment card data, was accessed by an unknown party at least four times between May 28 and August 18. The online retailer detected the breach August 18 and has implemented additional measures to secure its systems. Source: http://news.softpedia.com/news/Yandy-com-Hacked-Financial-Information-Exposed-458255.shtml

Information Technology Sector

19. September 9, IDG News Service – (International) Adobe fixes critical flaws in Flash Player, delays Reader and Acrobat updates. Adobe Systems released a critical security update for its Flash Player software, closing 12 security issues, 9 of which could lead to remote code execution. The company also delayed planned patches for Reader and Acrobat by 1 week due to issues identified during testing. Source: http://www.networkworld.com/article/2604961/adobe-fixes-critical-flaws-in-flash-player-delays-reader-and-acrobat-updates.html

20. September 9, Network World – (International) September Patch Tuesday: Microsoft closes door on IE zero day attacks. Microsoft released its monthly Patch Tuesday round of updates for September, with 4 bulletins closing 42 vulnerabilities in various Microsoft products. One bulletin for the Internet Explorer browser closes 37 vulnerabilities, 1 of which was a critical Internet Explorer zero-day vulnerability. Source: http://www.networkworld.com/article/2604465/microsoft-subnet/september-patch-tuesday-microsoft-closes-door-on-ie-zero-day-attacks.html

21. September 9, The Register – (International) Use home networking kit? DDoS bot is BACK…and it has EVOLVED. A researcher identified a new variant of the Lightaidra router-to-router malware that targets consumer-grade cable and DSL modems using default passwords in order to use them in distributed denial of service (DDoS) attacks. The new variant is able to reconfigure victims’ firewalls and requires Linux to be running on targeted devices in order to infect them. Source: http://www.theregister.co.uk/2014/09/09/linux_modem_bot/

22. September 9, Softpedia – (International) Apple beefs up security, sends iCloud access alert. Apple announced September 5 that within 2 weeks it would implement new security policies for its iCloud service following attacks that leaked personal photos belonging to celebrities. Some features have already been implemented, such as a notification when an iCloud account is accessed via a Web browser. Source: http://news.softpedia.com/news/Apple-Beefs-Up-Security-Sends-iCloud-Access-Alert-458282.shtml

23. September 9, The Register – (International) Phishing miscreants are THWARTING secure-sleuths with AES crypto. Researchers with Symantec identified what they believe was the first use of AES encryption to disguise fraudulent Web sites designed to steal users’ login credentials. The use of AES encryption allows attackers to make the analysis of phishing sites more difficult without affecting how the sites appear and function to users. Source: http://www.theregister.co.uk/2014/09/09/phishing_scam_uses_aes_crypto_to_hide/

For another story, see item 7 above in Top Stories

Communications Sector

24. September 8, KTVZ 21 Bend – (Oregon) BendBroadband restoring TV service after outage. Television service was disrupted for BendBroadband customers in Oregon September 8 for nearly 13 hours when one of the aggregation routers failed a routine boot, causing the outage. Source: http://www.ktvz.com/news/bendbroadband-hit-by-lengthy-tv-outage/27941216

25. September 9, Paris Beacon-News – (Illinois) Westville accident left Paris residents without cable, internet. Approximately 2,200 NewWave Communications customers in Paris, Illinois, experienced cable, phone, and Internet disruptions for 5 hours when a fiber vault was destroyed by a tractor. Source: http://www.parisbeacon.com/news/article_f169676c-3835-11e4-b44f-001a4bcf887a.html