· Several
school districts were closed while crews worked November 12 to restore power to
over 50,000 customers in Seattle after freezing temperatures and strong winds
knocked down trees and power lines November 11. – KIRO 7 Seattle; Associated
Press
1. November 12, KIRO 7
Seattle; Associated Press –
(Washington) Schools closed, thousands remain without power as freezing
temperatures arrive in western Washington. Utility crews continued work
November 12 to restore power to over 50,000 customers around southern King
County and Pierce County in Seattle after freezing temperatures and strong
winds knocked down trees and power lines November 11. Several school districts
were closed while Highway 164 was blocked due to debris from fallen trees.
Source: http://www.kirotv.com/news/news/strong-wind-leaves-damage-freezing-temperatures-ar/nh5Xz/
· Regulators
in the U.S., U.K., and Switzerland issued fines November 12 totaling $4.25
billion against JPMorgan Chase, Citigroup, HSBC, Royal Bank of Scotland, and
UBS for conspiring to manipulate foreign currency exchange markets to increase
bank profits. – New York Times See item 6
below in the Financial Services Sector
· Microsoft
released a patch November 11 for a data manipulation vulnerability that has
existed in Windows operating systems and could have been used by attackers to
gain control of affected systems for the last 18 years. – Softpedia See item 21
below in the Information Technology
Sector
· Authorities
reported that improperly discarded smoking materials were the source of a
November 10 fire that caused an estimated $1.25 million in damage to an
apartment building in Herndon, Virginia. – WUSA 9 Washington, D.C.
33. November 12, WUSA 9
Washington, D.C. –
(Virginia) Herndon apartment fire leaves $1.25 million in damage. Authorities
reported that improperly discarded smoking materials were the source of a
November 10 fire that caused an estimated $1.25 million in damage to an
apartment building in Herndon. Eighteen residents were displaced by the fire.
Source: http://www.wusa9.com/story/news/2014/11/12/herndon-apartment-fire-jefferson-park-drive/18905747/
Financial Services Sector
6. November
12, New York Times – (International) Big banks are fined $4.25
billion in foreign exchange scandal. Regulators in the U.S., U.K., and
Switzerland issued fines November 12 totaling $4.25 billion against JPMorgan
Chase, Citigroup, HSBC, Royal Bank of Scotland, and UBS for conspiring to
manipulate foreign currency exchange markets to increase bank profits. Source:
For additional stories, see item 10 below from the Transportation Systems Sector and 36 below from the Commercial
Facilities Sector
10. November
11, KWWL 7 Waterloo – (Iowa) Parking data breach at Eastern Iowa
Airport. The Eastern Iowa Airport in Cedar Rapids revealed November 11 a
data breach that may have compromised the information of an unknown amount of
customers who used credit or debit cards at the airport’s public parking
facilities between September 29 and October 29, after discovering that a server
was being mined for data. Authorities isolated the server and continue to investigate
the extent of the incident. Source: http://www.kwwl.com/story/27359520/2014/11/11/parking-data-breach-at-the-eastern-iowa-airport
36. November
11, Softpedia – (International) Hacker steals payment data from
One Love Organics website. One Love Organics notified consumers October 30
that the online beauty product company’s server was compromised and the
personal information, including payment card data, of customers who made
purchases between August 24 and October 15 may have been breached. A
representative reported that an attacker leveraged a vulnerability in the Web
site’s shopping cart feature to perform and SQL injection, and that the
vulnerability has since been closed. Source: http://news.softpedia.com/news/Hacker-Steals-Payment-Data-from-One-Love-Organics-Website-464725.shtml
Information Technology Sector
21. November
12, Softpedia – (International) 18-year-old remotely exploitable
vulnerability in Windows patched by Microsoft. Microsoft released a patch
November 11 for a data manipulation vulnerability that has existed in Windows
operating systems starting with Windows 95. Researchers with IBM’s X-Force
discovered and reported the vulnerability in May, which could have been used by
attackers to gain control of affected systems for the last 18 years. Source: http://news.softpedia.com/news/18-year-Old-Remotely-Expoitable-Vulnerabililty-in-Windows-Patched-By-Microsoft-464769.shtml
22. November
12, Help Net Security – (International) Microsoft patches Windows,
IE, Word, SharePoint and IIS. Microsoft released its monthly Patch Tuesday
round of updates for its products, which includes 14 bulletins including one
patching a zero-day vulnerability in the Windows OLE packager for Windows Vista
and newer Windows operating systems. Source: http://www.net-security.org/secworld.php?id=17627
23. November
12, Softpedia – (International) 18 critical vulnerabilities patched in Flash
Player 15.0.0.223. Adobe released a new version of its Flash Player
software, closing 18 critical security issues, 15 of which could allow an
attacker to execute arbitrary code. Source: http://news.softpedia.com/news/18-Critical-Vulnerabilities-Patched-in-Flash-Player-15-0-0-223-464731.shtml
24. November
12, Network World – (International) Google DoubleClick down, leaving sites
ad-free. The Google DoubleClick for Publishers service experienced an
outage November 12, preventing ads from being displayed on several Web sites.
Google stated that the company was working to resolve the issue. Source: http://www.networkworld.com/article/2846816/business-continuity/google-doubleclick-down-leaving-sites-ad-free.html
25. November
12, Softpedia – (International) Air-gapped systems targeted by Sednit
espionage group. Researchers with ESET stated that the Sednit espionage
group (also known as APT28 or Sofacy) have employed a tool known as
Win32/USBStealer since at least 2005 that can exfiltrate data from air gapped
systems. The tool is added to a compromised system connected to the Internet
and then plants the tool on any removable storage device, collects information
on the air gapped system, and then transmits it back to the attackers whenever
the storage device is next connected to an Internet-connected system. Source: http://news.softpedia.com/news/Air-Gapped-Systems-Targeted-by-Sednit-Espionage-Group-464734.shtml
26. November
11, Softpedia – (International) Uroburos espionage group is still active,
relies on new remote access trojan. G Data researchers found that the
Uroburos espionage group (also known as Turla or Snake) remains active and is
using two similar versions of a new remote access trojan (RAT) known as ComRAT
that includes increased obfuscation and anti-analysis capabilities. Source: http://news.softpedia.com/news/Uroburos-Espionage-Group-Is-Still-Active-Reles-on-New-Remote-Access-Trojan-464694.shtml
27. November 10,
Securityweek – (International) SQL injection vulnerability patched in
IP.Board forum software. Invision Power Services released patches for its
IP.Board forum software November 9, closing a SQL injection vulnerability
several hours after its discovery on versions 3.3.x and 3.4.x. Source: http://www.securityweek.com/sql-injection-vulnerability-patched-ipboard-forum-software
28. November
10, Securityweek – (International) iOS security issue allows attackers to swap
good apps for bad ones: FireEye. Researchers with FireEye identified a new attack
dubbed a Masque Attack that can allow attackers to replace a legitimate iOS app
with a malicious one if both applications use the same bundle identifier.
Victims targeted by the attack must be lured into installing the malicious app
which can then be replaced by the malicious app on jailbroken and
non-jailbroken iOS devices. Source: http://www.securityweek.com/ios-security-issue-allows-attackers-swap-good-apps-bad-ones-fireeye
Communications Sector
29. November 12, Washington
Post – (National) Weather Service issues expired tornado watches
in technical glitch. The National Weather Service’s Storm Prediction Center
experienced a glitch that caused expired and inaccurate tornado and severe
thunderstorm alerts to be delivered November 12 due to a data transmission
problem connected to a contractor. Official severed the faulty connection and
are investigating the incident. Source: http://www.washingtonpost.com/blogs/capital-weather-gang/wp/2014/11/12/weather-service-issues-expired-tornado-watches-in-technical-glitch/