Friday, October 24, 2014



Complete DHS Report for October 24, 2014

Daily Report

Top Stories

 · Power was restored and new motors installed at a wastewater treatment plant in Honolulu, Hawaii, October 22 after the plant was overwhelmed by 20 million gallons of untreated sludge and storm water from Hurricane Ana October 19. – Associated Press

16. October 23, Associated Press – (Hawaii) Honolulu restoring power to sewage plant damaged by 20 million gallons of untreated sludge. The City of Honolulu reported that crews installed new motors at the Sand Island Wastewater Treatment Plant October 22 after the plant was overwhelmed by sludge and storm water from Hurricane Ana October 19. The storm sent 20 million gallons of untreated sludge into the plant’s below-ground areas, cutting power to the plant as well as allowing around 5,000 gallons of sewage to flow into Honolulu Harbor. Source: http://www.dailyjournal.net/view/story/d256ec13b23b4fbeb70f647662645d0b/HI--Sewage-Plant/

 · Ventura County, California officials reported that around 68,000 gallons of raw sewage spilled in Moorpark due to a blockage during the October 18-19 weekend but was not reported until October 20. – Associated Press; Ventura County Star

17. October 23, Associated Press; Ventura County Star – (California) 68,000 gallons of raw sewage spill in Moorpark. Ventura County officials reported that around 68,000 gallons of raw sewage spilled in Moorpark due to a blockage during the October 18-19 weekend but was not reported until October 20. The area of the spill in the Arroyo Simi was sandbagged to isolate and clean the sewage and the blockage was cleared while residents were advised to avoid contact with the water for at least 72 hours Source: http://www.ktvu.com/news/ap/california/68000-gallons-of-raw-sewage-spill-in-moorpark/nhqTC/

 · Authorities are investigating after medical records including the personal information of 40,000 former and current patients of a Jersey City, New Jersey internist were stolen from a storage shed outside the doctor’s office. – Jersey Journal

20. October 22, Jersey Journal – (New Jersey) Medical records of 40,000 patients stolen from Jersey City doctor’s office, police say. Authorities are investigating after medical records including Social Security numbers and the personal information of 40,000 former and current patients of a Jersey City internist were stolen from a storage shed outside the doctor’s office the week of October 21. Source: http://www.nj.com/hudson/index.ssf/2014/10/medical_records_of_40000_patients_stolen_from_jersey_city_doctors_office_police_say.html

 · The FBI arrested and charged a National Weather Service employee working out of the Wilmington, Delaware office October 21 for allegedly hacking into the restricted U.S. Army Corps of Engineers’ National Inventory of Dams. – Dayton Daily News

25. October 21, Dayton Daily News – (National) FBI arrests Weather Service employee for alleged cyber hacking. The FBI arrested and charged a National Weather Service employee working out of the Wilmington office October 21 for allegedly hacking into the restricted U.S. Army Corps of Engineers’ National Inventory of Dams, which contains detailed information about dams nationwide, in May 2012 and downloading sensitive files from the inventory. Source: http://www.daytondailynews.com/news/news/fbi-arrests-weather-service-employee-for-alleged-c/nhpKt/

Financial Services Sector

Nothing to report

Information Technology Sector

27. October 23, Softpedia – (International) CryptoWall 2.0 delivered through malvertising on Yahoo and other large sites. Proofpoint researchers observed a recent campaign using malicious advertisements on Yahoo, 9gag, and other popular Web sites to deliver the CryptoWall 2.0 ransomware via the FlashPack Exploit Kit. The exploit kit exploits vulnerabilities in Adobe Flash Player to deliver the ransomware that encrypts users’ files and demands a ransom to decrypt them. Source: http://news.softpedia.com/news/CryptoWall-2-0-Delivered-Through-Malvertising-On-Yahoo-and-Other-Large-Sites-462970.shtml

28. October 23, Securityweek – (International) 1.2 million networking devices vulnerable due to NAT-PMP issues. A security researcher with Rapid7 reported October 21 that the company identified around 1.2 million Internet-connected devices that are vulnerable to various attacks due to poor implementation or configuration of the Network Address Translation – Port Mapping Protocol (NAT-PMP). The vulnerabilities could allow attackers to perform denial of service (DoS) attacks, intercept traffic, or perform other malicious actions. Source: http://www.securityweek.com/12-million-networking-devices-vulnerable-due-nat-pmp-issues

29. October 22, Softpedia – (International) Apple warns users of attack targeting iCloud site. Apple confirmed reports of man-in-the-middle (MitM) attacks against its iCloud service that employed an insecure certificate and advised users not to dismiss browser warnings regarding the security of content. The attacks trigger warnings in the Chrome and Firefox browsers but not in Qihoo, the most popular Web browser in China. Source: http://news.softpedia.com/news/Apple-Warns-Users-of-Attack-Targeting-iCloud-Site-462846.shtml

For another story, see item 21 below from the Government Facilities Sector

21. October 22, Securityweek – (International) ‘Operation Pawn Storm’ cyber-espionage campaign hits organizations. Trend Micro researchers identified a cyberespionage operation dubbed “Operation Pawn Storm” that uses targeted emails and compromised Web sites to infect users in government, military, and media organizations with the SEDNIT (also known as Sofacy) malware. Source: http://www.securityweek.com/operation-pawn-storm-cyber-espionage-campaign-hits-organizations

Communications Sector

30. October 22, KMA 960 AM Shenandoah – (Iowa) 911, Internet and cable service back in southwest Iowa. Internet, telephone, cable, and 9-1-1 services were restored to Mediacom customers across southwest Iowa after a fiber cable ruptured causing a widespread outage that affected Montgomery and Adams counties for several hours October 22. Source: http://www.kmaland.com/news/internet-and-cable-service-back-in-southwest-iowa/article_7a361bee-5a28-11e4-9f56-0017a43b2370.html

31. October 22, WEHT 25 Evansville – (Kentucky) Crews work to repair broken fiberoptic AT&T line. Crews spent 8-10 hours working to restore AT&T Internet, phone, and cable services in Daviess County after a construction crew hit a fiber optic line in the Hawesville area October 22. Source: http://www.tristatehomepage.com/story/d/story/crews-work-to-repair-broken-fiberoptic-att-line/80091/yUrjQV5v-k6BTwEpyuTYaQ

32. October 22, Scranton Times-Tribune – (Pennsylvania) The sound of radio silence: WARM transmitter fails, station off air. WARM 590 AM Scranton went off air September 15 and filed for a notice to suspend operations September 25 to the U.S. Federal Communications Commission due to a transmitter failure located near Falls. Engineers worked to identify the technical issue in order to bring the station back on air. Source: http://thetimes-tribune.com/news/the-sound-of-radio-silence-warm-transmitter-fails-station-off-air-1.1775261