Daily Report
Top Stories
· Authorities arrested and
charged 3 individuals for stealing, selling, and buying 6,000 Roxicodone pills
worth $180,000 which were taken from a pharmacy in Monroe, North Carolina. – WSOC
9 Charlotte
26. September
24, WSOC 9 Charlotte – (North Carolina) Police: Man bought 6,000
stolen pills worth $180K. Authorities arrested and charged 3 individuals
for stealing, selling, and buying 6,000 Roxicodone pills worth $180,000 which
were taken from a pharmacy in Monroe. Police reported that one of the suspects
stole bottles of pills for over a year while they were employed. Source: http://www.wsoctv.com/news/news/local/police-man-bought-6000-stolen-pills-worth-180k/nhTGz/
· Fifteen
football players at Springbrook High School in Montgomery County, Maryland,
suffered burns or rashes during practice September 16 when a cleaning agent was
inadvertently sprayed on their football pads and helmets. – Associated Press
27. September
25, Associated Press – (Maryland) Springbrook High School
football players suffer chemical burns from cleaning products. Fifteen
football players at Springbrook High School in Montgomery County suffered
first-and second-degree burns or rashes during practice September 16 when a
cleaning agent was inadvertently sprayed on their football pads and helmets. A
trainer had ordered for only the locker room to be cleaned with the chemical
after a player was suspended due to a staph infection. Source: http://www.wjla.com/articles/2014/09/springbrook-high-school-football-player-suffer-chemical-burns-from-cleaning-products-107456.html
· A
researcher found a security vulnerability in the GNU Bourne Again Shell (Bash)
command interpreter named Shellshock used in several Unix-based operating
systems that poses the risk of remote code execution. – Softpedia See item 32 below in the Information
Technology Sector
· Jimmy
John’s Gourmet Sandwiches officials confirmed September 24 that stolen
credentials were used by an undisclosed party to remotely log into the
point-of-sale systems of about 216 of the company’s stores nationwide. – Boulder
Daily Camera
40.
September 24, Boulder Daily Camera –
(National) Jimmy John’s confirms data breach at 216 shops, including in
Longmont, Broomfield. Jimmy John’s Gourmet Sandwiches officials confirmed
September 24 that stolen credentials were used by an undisclosed party to
remotely log into the point-of-sale systems of about 216 of the company’s
stores nationwide between June 16 and September 5. Officials reported that
breach affected transactions in which payment cards were swiped at the stores,
and has since been contained. Source: http://www.dailycamera.com/boulder-business/ci_26596775/jimmy-johns-confirms-data-breach-at-216-shops
Financial Services Sector
10. September
25, Bucks County Courier Times – (Pennsylvania) FBI: New Britain
bank robber has struck 3 times. The FBI asked for the public’s help in
identifying a suspect after determining that the individual was responsible for
the September 24 robbery of a New Britain Township Wells Fargo Bank branch, the
third robbery linked to the suspect. During the September 24 robbery the
suspect fired one shot from a handgun into the ceiling of the bank. Source: http://www.buckscountycouriertimes.com/news/local/fbi-new-britain-bank-robber-has-struck-times/article_d3c373b7-b94f-5979-a857-f47ef26ad058.html
11. September
23, Fort Lauderdale Sun-Sentinel – (Florida) Suspect wounded in
bank shootout; 2 tellers injured. A Palm Beach County man was injured
during a shootout with police after he opened fired while attempting to flee
from a TD Bank branch in Palm Springs where he had assaulted two tellers during
a robbery September 23. Police apprehended the suspect at the scene. Source: http://articles.sun-sentinel.com/2014-09-23/local/fl-palm-springs-shooting-20140923_1_td-bank-two-bank-employees-tellers
Information Technology Sector
32. September 25, Softpedia – (International) Bash bug “Shellshock” is as large as issue
as Heartbleed. A researcher found a security vulnerability in the GNU
Bourne Again Shell (Bash) command interpreter named Shellshock available
through versions 1.14 and 4.3 and used in several Unix-based operating systems
such as Linux and Mac OS X that poses the risk of remote code execution and can
be executed in many ways by applications. A patch was issued for the
vulnerability CVE-2014-6271 but remained incomplete, and a second
vulnerability, CVE-2014-7169, that was issued as a result remains unpatched.
Source: http://news.softpedia.com/news/Bash-Bug-Shellshock-Is-As-Large-An-Issue-As-Heartbleed-459913.shtml
33. September 25, Securityweek – (International) Critical signature forgery flaw found
in Mozilla NSS crypto library. Mozilla released an update for its products
and Google updated Chrome and Chrome OS to address the “BERserk” vulnerability
exposed by two independent researchers from Intel Security Advanced Threat
Research Team and INRIA Paris-Rocquencourt who found that the Mozilla Network
Security Services (NSS) cryptographic library can be exploited for signature
forgery acts. The hackers can leverage the flaw in the parsing of ASN.1 encoded
messages which use Basic Encoding Rules (BER) by exploiting the fact that the
length of a field in BER can be made to use many bytes of data. Source: http://www.securityweek.com/critical-signature-forgery-flaw-found-mozilla-nss-crypto-library
34. September 24, Threatpost – (International) More trouble for jQuery as second
compromise reported. JQuery, an open source JavaScript library, worked to
mitigate a second compromise after its site’s homepage was defaced.
Representatives announced that the Web site was taken down and cleaned of
infected files and that the company is working on re-securing its servers, and
working to address vulnerabilities. Source: http://threatpost.com/more-trouble-for-jquery-as-second-compromise-reported/108510
35. September 24, Securityweek – (International) SMB employees targeted with fake
termination emails: Bitdefender. Researchers at Bitdefender warned
employees and IT administrators of small and medium-sized businesses about a
rash of fake emails claiming false termination that is designed to distribute
information-stealing malware using an ARJ file archiver. Once the attached file
is decompressed and executed, the malware opens a clean rich text format (RTF)
document which connects to attackers who execute instructions to the victim.
Source: http://www.securityweek.com/smb-employees-targeted-fake-termination-emails-bitdefender
36. September 24, Network World – (International) Apple yanks buggy iOS 8 update. Apple
pulled its iOS 8.0.1 update and is working on a patch after reports that the
update was cutting off cell service and making the Touch ID fingerprint sensor
inoperable. Source: http://www.networkworld.com/article/2687496/smartphones/apple-yanks-ios-8-update.html
Communications Sector
37.
September 23, Redmond Reporter –
(Washington) Frontier has restored 99 percent of customers’ FiOS services;
no copper services have been restored. Nearly all television, telephone,
high-speed Internet, FiOS broadband, and 9-1-1 services were restored September
23 after a construction crew working on the Redmond Way Stormwater Treatment
Facility project cut through fiber and copper cables and disrupted Frontier
Communications services for roughly 6,000 residential and business customers in
Redmond September 20. Copper-wired services remained down with repair work
expected to continue through the weekend of September 27. Source: http://www.redmond-reporter.com/news/276197281.html