Tuesday, September 16, 2014




Complete DHS Report for September 16, 2014

Daily Report

Top Stories



 · The cause of an accident during maintenance work on a Chevron Midstream Pipeline LLC-owned natural gas pipeline off the Louisiana coast September 13 is under investigation after a contractor was killed and two others were injured. – Associated Press



1. September 14, Associated Press – (Louisiana) 1 dead in gas accident on offshore La. platform. The cause of an accident during maintenance work on a Chevron Midstream Pipeline LLC-owned natural gas pipeline off the Louisiana coast September 13 is under investigation after a contractor was killed and two others were injured. The pipeline was shut-in after the incident. Source: http://www.fairfieldcitizenonline.com/news/us/article/Police-1-dead-in-gas-accident-on-La-oil-platform-5753748.php



 · A suspect known as the “El Chapparito Bandit” was believed to be responsible for the robbery of a Wells Fargo bank branch in San Diego September 13, the 15th robbery linked to the suspect. – KSWB 69 San Diego See item 5 below in the Financial Services Sector



 · A multi-vehicle accident involving 2 semi-trucks left 1 person dead and 15 others injured and caused the 10-hour closure of all northbound lanes of Interstate 95 in Brevard County, Florida, September 13. – Florida Today

11. September 15, Florida Today – (Florida) I-95 ramp reopens after fiery chain-reaction crash. A multi-vehicle accident involving 2 semi-trucks left 1 person dead and 15 others injured and caused the 10-hour closure of all northbound lanes of Interstate 95 in Brevard County September 13. The northbound interstate ramp at State Road 46 reopened September 15 after repairs. Source: http://www.floridatoday.com/story/news/local/2014/09/13/vehicle-fire-blocks-northbound/15599075/

 · One member of the Pennsylvania State Police was killed and another was seriously injured when a suspect or suspects shot them at the Blooming Grove Township barracks September 12 during a shift change. – New York Times

30. September 13, New York Times – (Pennsylvania) State Police officer dies in Pennsylvania ambush. One member of the Pennsylvania State Police was killed and another was seriously injured when a suspect or suspects shot them at the Blooming Grove Township barracks September 12 during a shift change. Police in New Jersey and New York were helping in the search for those responsible. Source: http://www.nytimes.com/2014/09/14/us/state-police-officer-dies-in-pennsylvania-ambush.html

Financial Services Sector

5. September 14, KSWB 69 San Diego – (California) ‘El Chapparito Bandit’ hits 15th bank. A suspect known as the “El Chapparito Bandit” was believed to be responsible for the robbery of a Wells Fargo bank branch in San Diego September 13, the 15th robbery linked to the suspect. Source: http://fox5sandiego.com/2014/09/14/el-chapparito-bandit-hits-15th-bank/

6. September 12, U.S. Attorney’s Office, Eastern District of New York – (New York) Importing company’s founder pleads guilty to securities fraud. A Syosset man who founded and ran Permapave Industries LLC and Permapave USA Corporation pleaded guilty September 12 to issuing fraudulent promissory notes to raise over $30 million in investments from more than 200 investors. The man and others used the fraudulent notes to run a Ponzi scheme between August 2006 and December 2010 and used the funds for personal use. Source: http://www.fbi.gov/newyork/press-releases/2014/importing-companys-founder-pleads-guilty-to-securities-fraud

7. September 12, Chicago Tribune – (Illinois) ‘Hooded Bandit’ bank robbery suspect embezzled $122K from Postal Service: records. The FBI stated that the suspect known as the “Hooded Bandit” was arrested September 11 following the robbery of a U.S. Bank branch in Wood Dale. The suspect admitted to being responsible for a total of eight bank robberies in the metro Chicago area. Source: http://www.chicagotribune.com/news/local/breaking/chi-fbi-hooded-bandit-serial-bank-robber-captured-20140912-story.html

8. September 12, WTXL 27 Tallahassee – (Georgia) 2 arrested in Lowndes County, deputies recover 160 fake credit cards. Lowndes County Sheriff’s deputies arrested two men during a car stop September 11 after 160 credit cards in the suspects’ names were found along with 11 payment card skimming devices. Source: http://www.wtxl.com/news/arrested-in-lowndes-county-deputies-recover-fake-credit-cards/article_9172b578-3aa3-11e4-8dbd-001a4bcf6878.html

Information Technology Sector

32. September 15, Softpedia – (International) Twitch chat malware spreads, wipes dry Steam accounts. Researchers at F-Secure identified a piece of malware known as Eskimo that is being spread through a fake raffle invitation in Twitch.tv’s chat feature. The page used for the fake raffle sign-up drops the Windows binary that can take screenshots as well as take control of the client for gaming service Steam to add friends, trade or sell items, and buy items if funds are available. Source: http://news.softpedia.com/news/Twitch-Chat-Malware-Spreads-Wipes-Dry-Steam-Accounts-458857.shtml

33. September 15, Help Net Security – (International) Freenode suffers breach, asks users to change their passwords. IRC network Freenode notified users that it experienced a security breach September 13 and advised all users to change their passwords as a precaution. Source: http://www.net-security.org/secworld.php?id=17362

34. September 15, Securityweek – (International) Vulnerabilities found in website of Google-owned Nest. A security researcher identified and reported several security vulnerabilities in the Web site of home automation company Nest, including a file upload vulnerability that could allow attackers to upload a shell and gain access to personal and financial details of Nest customers. Google stated that the issue was addressed by restricting access to the affected domain and redirecting visitors to a different domain. Source: http://www.securityweek.com/vulnerabilities-found-website-google-owned-nest

35. September 12, Threatpost – (International) Four vulnerabilities patched in IntegraXor SCADA. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory September 11 advising users of Ecava Sdn Bhd’s IntegraXor supervisory control and data acquisition (SCADA) server software to patch their systems after four remotely exploitable vulnerabilities were discovered. The software is primarily used for industrial automation in firms managing railways, sewage systems, telecommunications, and heavy engineering. Source: http://threatpost.com/four-vulnerabilities-patched-in-integraxor-scada-server

For another story, see item 24 below from the Healthcare and Public Health Sector

24. September 15, Help Net Security – (International) Dragonfly malware targeting pharmaceutical companies. Belden and RedHat Cyber researchers determined the Dragonfly (Havrex) malware is likely targeting pharmaceutical companies after findings uncovered that the malware contained an Industrial Protocol Scanner module that searched for devices often found in consumer packaged goods industries and that the Dragonfly attack is similar in nature to the Epic Turla campaign, among other findings. Source: http://www.net-security.org/malware_news.php?id=2865

Communications Sector

See item 35 above in the Information Technology Sector