Daily Report
Top Stories
· An October 1
fire at Deerfield Farms in Moore County, North Carolina, caused an estimated
$600,000 in damage to a nursery building and killed 4,200 hogs worth about
$400,000. – WRAL 5 Raleigh
9.
October 2, WRAL 5 Raleigh – (North
Carolina) Fire at Moore County farm kills 4,200 hogs. A fire that broke
out October 1 in a nursery building of Deerfield Farms in Moore County destroyed
the structure and killed 4,200 hogs worth about $400,000. Officials estimated
that the building sustained about $600,000 in damage. Source: http://www.wral.com/4-200-hogs-killed-in-fire-at-moore-county-farm/14036325/
· Cedars-Sinai
Medical Center in Los Angeles notified 33,136 patients September 11 that their
personal and health information may have been accessed after an employee laptop
was stolen in June, an increase from the hospital’s initial report in August
that the theft affected 500 patients. – Los Angeles Times
16. October 1, Los Angeles Times – (California) Cedars-Sinai says number of patient files
in data breach much higher. Cedars-Sinai Medical Center in Los Angeles
notified 33,136 patients September 11 that their personal and health
information may have been accessed after a password-protected, unencrypted
laptop was stolen from an employee’s home during a June burglary. The hospital
previously reported the theft to 500 patients in August, but forensic analysis
determined the laptop contained information for thousands of additional
patients, including about 1,500 Social Security numbers. Source: http://www.latimes.com/business/la-fi-cedars-data-breach-20141002-story.html
· Three
executives pleaded guilty October 1 in a bribery scheme to grant U.S. National
Guard contracts incorrectly by bribing National Guard officials with money to
award them marketing and advertising contracts worth $14.6 million. – Reuters
19.
October 1, Reuters – (National) Six
charged with bribery in grant U.S. National Guard contracts. Three
executives from Arlington, Virginia-based National Guard Bureau, Financial
Solutions, Inc. of Fredericksburg, and Mil-Team Consulting of Minnesota pleaded
guilty October 1 in a bribery scheme to grant U.S. National Guard contracts
incorrectly by bribing National Guard officials with money to award them
marketing and advertising contracts worth $14.6 million. Three others were also
charged in the scheme which involved the distribution of federal funds by the
National Guard Bureau to the Army National Guard and its State units. Source: http://www.reuters.com/article/2014/10/01/us-usa-crime-nationalguard-idUSKCN0HQ5D020141001
· An October 1
power outage at the Rochdale Village housing complex in New York City stranded
about 80 people in elevators and on construction scaffolding, and prompted an
evacuation of residents from about 20 buildings. – WCBS 2 New York City
35.
October 1, WCBS 2 New York City – (New
York) FDNY: 54 workers removed from scaffolding after power outage hits
Rochdale Village in Jamaica. An October 1 power outage at a privately owned
power plant at the Rochdale Village housing complex in the Jamaica, Queens area
of New York City stranded about 25 people in elevators and 54 workers on
construction scaffolding, and prompted an evacuation of residents from about 20
buildings in the complex. Four individuals were injured during the incident and
power was restored to the complex after more than 3 hours. Source: http://newyork.cbslocal.com/2014/10/01/power-outage-hits-numerous-buildings-at-rochdale-village-in-jamaica-queens/
Financial Services Sector
4. October
1, Las Vegas Review-Journal – (Nevada; Florida; South Dakota) Ex-LV
chiropractor arrested in $34M fraud scheme. A former chiropractor in Las
Vegas was arrested by FBI agents for allegedly working with a South Dakota man
to funnel money from a Florida-based hedge fund that caused the fund to go
bankrupt and led to millions in investor losses. The charges against the two
men stem from 2010 U.S. Securities and Exchange Commission charges against the
two men and six others, with federal prosecutors seeking to recover $44.8
million from the Las Vegas and South Dakota defendants. Source: http://www.reviewjournal.com/news/las-vegas/ex-lv-chiropractor-arrested-34m-fraud-scheme
For another story, see item 33 below
from the Commercial Facilities Sector
33. October 2, Softpedia – (International) Data breach on Flinn Scientific server lasted for four months. Flinn Scientific officials notified October 2 customers that made at least one purchase through its online store since May 2 that their financial information, including payment card number and card verification code, may have been compromised after malware was planted on the company’s Web based payment system. The breach was discovered September 8 and the company removed the malicious software from its network. Source: http://news.softpedia.com/news/Data-Breach-on-Flinn-Scientific-Server-Lasted-for-Four-Months-460794.shtm
Information Technology Sector
25. October 2, Softpedia – (International) Major security flaw in Xen hypervisor
disclosed. The developers of the Xen hypervisor released a patch after a security
vulnerability was disclosed October 1 that could allow an attacker to use a
malicious hardware virtual machine to read data from other virtual machines or
crash the host machine. Source: http://news.softpedia.com/news/Major-Security-Flaw-in-Xen-Hypervisor-Disclosed-460746.shtml
26. October 2, Softpedia – (International) OS X botnet malware uses Reddit to get
IPs of control servers. Researchers with Doctor Web found that a piece of
botnet malware for OS X known as iWorm uses the search function on Reddit to
access a list of command and control (C&C) servers used to receive
instructions. Over 17,000 unique IP addresses are associated with systems
infected by iWorm and the C&C server addresses are disguised on Reddit by
purporting to be addresses for Minecraft servers. Source: http://news.softpedia.com/news/OS-X-Botnet-Malware-Uses-Reddit-to-Get-IPs-of-Control-Servers-460766.shtml
27. October 2, Securityweek – (International) VMware releases software updates to
fix ShellShock bug. VMware released patches for several of its products in
order to close the Shellshock vulnerability in GNU Bash. Source: http://www.securityweek.com/vmware-releases-software-updates-fix-shellshock-bug
28. October 2, The Register – (International) Researchers bypass Redmond’s EMET,
again. Researchers with Offensive Security reported that they were able to
bypass the fifth version of Microsoft’s Enhanced Mitigation Experience Toolkit
(EMET) security tool on several versions of the Windows operating system.
Source: http://www.theregister.co.uk/2014/10/02/researchers_bypass_redmonds_emet_again/
29. October 1, The Register – (International) Bash bug flung against NAS boxes. FireEye
researchers warned that attackers are attempting to exploit the Shellshock
vulnerability in GNU Bash in order to compromise Network Attached Storage (NAS)
systems before the systems can be patched. The researchers reported that NAS
systems made by QNAP were especially targeted and that attackers were seeking
to install backdoors. Source: http://www.theregister.co.uk/2014/10/01/sheelshock_nas_attack/
30. October 1, Threatpost – (International) Joomla re-issues security update after
patches glitch. The developers of Joomla released a second version of a
security update October 1 after an initial update designed to close critical
vulnerabilities created some technical issues with users. Source: http://threatpost.com/joomla-re-issues-security-update-after-patches-glitch
Communications Sector
31. September 30, Kansas City Star – (Missouri) Sprint says its Blue Springs service is
restored after disruption at one tower. Wireless service to Sprint
customers in Blue Springs was restored September 30 after being disrupted
September 29. Source: http://www.kansascity.com/news/business/technology/article2354752.html
For another story, see item 3 below from the Critical Manufacturing
Sector
3. October 1, Threatpost – (International) Schneider Electric fixes remotely
exploitable flaw in 22 different products. The Industrial Control Systems
Cyber Emergency Response Team (ICS-CERT) issued an advisory to operators of 22
different Schneider Electric industrial control systems products after a
researcher identified a remotely exploitable directory traversal vulnerability
that could allow attackers to bypass Web server authentication and gain
administrator access and control over devices. Schneider Electric released a
firmware update to close the vulnerability in the products deployed in the
manufacturing, energy, water, communications, and other sectors. Source: http://threatpost.com/schneider-electric-fixes-remotely-exploitable-flaw-in-22-different-products