Wednesday, October 1, 2014



Complete DHS Report for October 1, 2014

Daily Report

Top Stories

 · About 500,000 gallons of wastewater was discharged into Joe’s Creek in St. Petersburg, Florida, September 27 when an underground pipe ruptured due to heavy rain and continued to spill between 250-500 gallons per minute. – Bay News 9 Tampa

12. September 29, Bay News 9 Tampa – (Florida) Ruptured sewage line spills 500,000 gallons of wastewater. An estimated 500,000 gallons of wastewater was discharged into Joe’s Creek in St. Petersburg September 27 when an underground pipe ruptured due to excessive rain and continued to spill between 250-500 gallons per minute. The spill forced the nearby Northside Christian School to delay start times for the next several days as crews work to repair the sewage line. Source: http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2014/9/29/sewer_leak_in_st_pet.html

 · A Spokane County Fire District 8 official reported September 29 that a suspected arsonist is believed to have ignited 23 fires in 3 weeks in Washington, destroying 2 homes since September 9. – Reuters

16. September 29, Reuters – (Washington) Arsonist suspected in up to 23 blazes in Washington state. The assistant fire chief of Spokane County Fire District 8 reported September 29 that a suspected arsonist is believed to have ignited 23 fires in 3 weeks in Washington, destroying 2 homes since September 9. Officials found the fires were all set in a similar distinct pattern. Source: http://www.reuters.com/article/2014/09/29/us-usa-arson-washington-idUSKCN0HO1VB20140929

 · Thirty-eight people were treated after chemical fumes were released into classrooms in the Health Sciences Center at Eastern Florida State College’s Cocoa campus prompting an evacuation and the cancellation of classes September 29. – Florida Today

19. September 29, Florida Today – (Florida) 7 taken to hospital after evacuation at EFSC. Thirty-one people were treated at the scene while 7 others were transported to area hospitals after chemical fumes were released into classrooms in the Health Sciences Center at Eastern Florida State College’s Cocoa campus prompting an evacuation and the cancellation of classes September 29. School officials believe an individual poured a chemical into a sink in a room used to develop X-rays, causing the chemical vapors to waft throughout the building. Source: http://www.floridatoday.com/story/news/education/2014/09/29/efsc-building-on-cocoa-campus-evacuation/16426111/

 · Supervalu officials reported September 29 that hackers installed a piece of malware on the company’s network that may have captured customers’ payment card information from the payment processing systems of several Cub Foods and Albertson’s stores across the U.S. between August and September. – Securityweek

28. September 30, Securityweek – (International) New data breaches hit Supervalu, Albertson's. Supervalu officials reported a second incident September 29 where hackers installed a different piece of malware on the company’s computer system that potentially captured customers’ payment card information from the payment processing systems of four Cub Foods stores in Minnesota and several Albertson’s grocery stores across the U.S. between August and September. Source: http://www.securityweek.com/new-data-breaches-hit-supervalu-albertsons

Financial Services Sector

3. September 30, Softpedia – (International) Variant of Upatre malware dropper seen in bank emails. A security researcher reported finding a new variant of the Upatre malware dropper attached to emails purporting to be from financial institutions. The new variant is distributed as a download through a link in the malicious emails and has a low VirusTotal detection rate. Source: http://news.softpedia.com/news/Variant-of-Upatre-Malware-Dropper-Seen-In-Bank-Emails-460463.shtml

4. September 29, U.S. Securities and Exchange Commission – (National) SEC charges two Florida men with defrauding investors in purported television network. The U.S. Securities and Exchange Commission filed charges September 29 against the Florida-based former CEO of Vision Broadcast Network and a consultant for allegedly raising at least $5.7 million from investors nationwide based on misrepresentations of the company’s ownership of television stations and broadcast licenses. The U.S. Attorney’s Office for the Eastern District of Pennsylvania also filed parallel criminal charges against the two individuals September 29. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543063872

5. September 29, Federal Deposit Insurance Corporation – (Utah) FDIC announces settlement with Merrick Bank, South Jordan, Utah, for unfair and deceptive practices. The Federal Deposit Insurance Corporation (FDIC) announced September 29 that Merrick Bank located in South Jordan, Utah, reached a settlement with the FDIC over charges that the bank engaged in unfair and deceptive practices relating to the marketing and servicing of “add-on products.” The bank agreed to pay a $1.1 million penalty and to pay around $15 million in restitution to affected customers. Source: https://www.fdic.gov/news/news/press/2014/pr14080.html

For another story, see item 28 above in Top Stories

Information Technology Sector

21. September 30, Help Net Security – (International) Apple patches Shellshock bug in OS X. Apple released a security update for its OS X operating system that closes two remotely exploitable vulnerabilities in the GNU Bash UNIX shell known as Shellshock. Source: http://www.net-security.org/secworld.php?id=17430

22. September 30, Securityweek – (International) ‘Shellshock’ attacks could already top 1 billion: Report. Incapsula researchers reported that the company’s Web application firewall deflected over 217,000 attempted exploitations of the Shellshock vulnerability in GNU Bash during the 4 days after the vulnerability was disclosed and estimated that the total number of attacks attempting to exploit the flaw could reach 1 billion. Source: http://www.securityweek.com/shellshock-attacks-could-already-top-1-billion-report

23. September 30, Softpedia – (International) Seller of StealthGenie mobile spyware app indicted and arrested. The CEO of InvoCode was arrested September 27 in Los Angeles for allegedly selling and advertising the StealthGenie mobile spyware. The Pakistani national allegedly worked with others to develop and market the spyware that is compatible with major mobile operating systems such as Android, Blackberry, and iOS. Source: http://news.softpedia.com/news/Seller-of-StealthGenie-Mobile-Spyware-App-Indicted-And-Arrested-460448.shtml

24. September 29, Softpedia – (International) Signed CryptoWall delivered via malvertising campaign on top-ranked websites. Researchers with Barracuda Labs identified a variant of the CryptoWall ransomware signed with a valid digital certificate from DigiCert and spread through malicious ads on the Zedo ad network to several popular Web sites. As of September 29, the CryptoWall variant was detected by 12 of 55 security solutions on VirusTotal. Source: http://news.softpedia.com/news/CryptoWall-Delivered-Via-Malvertising-Campaign-on-Top-Ranked-Websites-460375.shtml

25. September 29, Threatpost – (International) RadEditor web editor vulnerable to XSS attacks. A researcher identified and reported a cross-site scripting (XSS) vulnerability in the RadEditor text editor used in several Microsoft products that could allow attackers to inject malicious script and obtain private data. The vulnerability was closed by Telerik September 24. Source: http://threatpost.com/radeditor-web-editor-vulnerable-to-xss-attacks

26. September 29, Softpedia – (International) All CloudFlare customers benefit from Universal SSL. CloudFlare announced September 29 that it was providing all customers with SSL certificates under its Universal SSL service to enhance security. Source: http://news.softpedia.com/news/All-CloudFlare-Customers-Benefit-from-Universal-SSL-460374.shtml

Communications Sector

Nothing to report