Thursday, October 23, 2014



Complete DHS Report for October 23, 2014

Daily Report

Top Stories

 · The U.S. National Highway Traffic Safety Administration October 22 expanded a recall affecting vehicles with airbags manufactured by Takata to a total of 7.8 million from 6.1 million that were announced October 21. – Reuters 

1. October 21, Associated Press – (Connecticut) US oversight increased at Millstone nuclear plant. The U.S. Nuclear Regulatory Commission announced October 21 that it was increasing oversight at the Millstone nuclear power plant in Waterford due to the length of time it took plant operators to address problems with a back-up cooling pump at the plant. Source: http://www.greenwichtime.com/news/article/US-oversight-increased-at-Millstone-nuclear-plant-5837614.php

 · Matson Terminals Inc. agreed to plead guilty to two violations of the Rivers and Harbors Act of 1899 and pay a $1 million penalty for illegally discharging more than 233,000 gallons of molasses into Honolulu Harbor in September 2013 after a pipe in its ship cracked, killing more than 25,000 fish. – KHON 2 Honolulu

11. October 21, KHON 2 Honolulu – (Hawaii) Matson to pay $1 million for Honolulu Harbor molasses spill. Matson Terminals Inc. agreed to plead guilty to two violations of the Rivers and Harbors Act of 1899 and pay a $1 million penalty for illegally discharging more than 233,000 gallons of molasses into Honolulu Harbor in September 2013 after a pipe in its ship cracked, killing more than 25,000 fish. Source: http://khon2.com/2014/10/21/matson-to-pay-1-million-for-honolulu-harbor-molasses-spill/

 · Two St. John the Baptist Parish Utilities Department employees were indicted October 20 for allegedly lying and falsifying data about a public water system infected with the deadly Naegleria fowleri amoeba. – New Orleans Times-Picayune 

18. October 20, New Orleans Times-Picayune – (Louisiana) Brain-eating amoeba inquiry yields charges that 2 St. John employees lied about water samples. Two St. John the Baptist Parish Utilities Department employees were charged October 20 with lying and falsifying data about a public water system infected with the deadly Naegleria fowleri amoeba. Authorities discovered the employees had lied about the amount and results of water samples that were collected at the Lions treatment plant in Reserve and the end of the system in Mount Airy after Louisiana health officials reported the presence of the amoeba in August. Source: http://www.nola.com/crime/index.ssf/2014/10/indictment_from_brain-eating_a.html

 · Microsoft disclosed a vulnerability affecting most current releases of Microsoft Windows that allows an attacker to perform remote code execution if a user opens a specially-crafted Microsoft Office file containing a malicious Object Linking and Embedding (OLE) object. – Securityweek See item 20 below in the Information Technology Sector
 
Financial Services Sector

3. October 21, Associated Press – (New Mexico) Belen woman pleads guilty to a bank fraud charge. A Belen woman pleaded guilty October 21 for making fraudulent withdrawals from Belen Railroad Employees Credit Union accounts causing around $118,376 in losses to her employer. Source: http://www.demingheadlight.com/deming-news/ci_26774959/belen-woman-pleads-guilty-bank-fraud-charge

4. October 21, U.S. Attorney’s Office, Eastern District of Virginia – (Virginia) Vienna investment advisor pleads guilty to defrauding numerous elderly and widowed clients. A Vienna, Virginia resident and former investment advisor for Apple Federal Credit Union affiliate Apple Financial Services pleaded guilty October 21 to using his position to misappropriate between around $1 million and $7 million from customers. Source: http://www.justice.gov/usao/vae/news/2014/10/20141021emasnr.html

Information Technology Sector

20. October 22, Securityweek – (International) Windows zero-day exploited in targeted attacks through PowerPoint. Microsoft reported that it has observed limited targeted attacks exploiting a zero-day vulnerability in the company’s Object Linking and Embedding (OLE) technology which could allow an attacker to perform remote code execution if a user opens a specially-crafted Microsoft Office file. The vulnerability affects all current Microsoft Windows releases except Windows Server 2003 and Microsoft advised users to apply a series of workarounds until a patch can be released. Source: http://www.securityweek.com/windows-zero-day-exploited-targeted-attacks-through-powerpoint

21. October 22, Help Net Security – (International) Koler worm spreads via SMS, holds phones for ransom. Researchers at AdaptiveMobile identified a new variant of the Koler worm for Android that spreads via a bitly link that directs users to a Dropbox page where the malware is disguised as an app. The malware then blocks infected devices’ screens with a fake law enforcement page and demands a ransom to be paid via Money Pak Voucher. Source: http://www.net-security.org/malware_news.php?id=2890

22. October 22, Help Net Security – (International) Attackers change home routers’ DNS settings via malicious code injected in ads. Sucuri Security researchers identified a malvertising campaign that embeds malicious code into an ad hosted on the googlesyndication.com network and attempts to change the DNS settings on users’ home routers in order to lead them to potentially malicious Web sites. Source: http://www.net-security.org/malware_news.php?id=2891

23. October 22, Help Net Security – (International) Malware directs stolen documents to Google Drive. Researchers with Trend Micro identified a new piece of information-stealing malware dubbed Drigo that uploads any .PDF, text, and Microsoft Word, Excel, and PowerPoint files to a Google Drive account. The researchers reported that the malware appears to be targeting government agencies and reported the Google Drive account associated with the malware to Google. Source: http://www.net-security.org/malware_news.php?id=2888

24. October 21, Securityweek – (International) Apple fixes security flaws with release of iOS 8.1. Apple released an update to its iOS 8 mobile operating system, closing several vulnerabilities and adding new features. Source: http://www.securityweek.com/apple-fixes-security-flaws-release-ios-81

Communications Sector

Nothing to report