Monday, December 8, 2014



Complete DHS Report for December 8, 2014

Daily Report

Top Stories

 · Otter Tail Power Company officials announced that the Coyote Station near Beulah, North Dakota, is closed until they can assess the amount of damage from a December 4 fire caused by a major mechanical failure at the plant. – Bismarck Tribune

1. December 4, Bismarck Tribune – (North Dakota) Mechanical failure shuts down power plant. Otter Tail Power Company energy officials announced that the Coyote Station near Beulah, North Dakota, is closed until they can assess the amount of damage from a December 4 fire caused by a major mechanical failure at the plant. Authorities determined that one of the power plant’s turbine-driven boiler pumps suffered a mechanical failure which prompted oil lines to rupture, causing a fire. Source: http://bismarcktribune.com/news/state-and-regional/mechanical-failure-shuts-down-power-plant/article_339b4092-7be8-11e4-bb8a-cb4d843b92d7.html

 · A Haverhill, Massachusetts man pleaded guilty to charges December 4 in connection to a scheme were he created fake prescriptions in order to obtain and distribute more than 10,000 oxycodone pills from 2012 to 2014. – Waltham Daily News Tribune

17. December 4, Waltham Daily News Tribune – (Massachusetts) Man charged in connection with alleged Waltham credit card fraud. A Haverhill man pleaded guilty to charges December 4 in connection to a scheme were he created hundreds of fake prescriptions in order to obtain and distribute more than 10,000 oxycodone pills after allegedly stealing prescription paper and using the names of physicians and authorization numbers to create the fraudulent documents from 2012 to 2014. The suspect and an accomplice employed at the Copper House Tavern in Waltham also stole customer’s credit card information and opened fraudulent credit cards. Source: http://waltham.wickedlocal.com/article/20141204/NEWS/141208245

 · A December 5 fire at an Augusta, Maine apartment building rendered the structure a total loss and prompted the rescue of at least 23 residents while 7 others were transported to an area hospital for minor injuries. – WMTW 8 Poland Spring

33. December 5, WMTW 8 Poland Spring – (Maine) More than 20 rescued from Augusta apartment building fire. A December 5 fire at an 18-unit apartment building in Augusta, Maine, caused a partial building collapse and rendered the structure a total loss. At least 23 residents were rescued from the building, and at least 7 residents were transported to an area hospital for minor injuries and smoke inhalation. Source: http://www.wmtw.com/news/fire-crews-fight-augusta-apartment-fire/30071600

 · Seven businesses at the Cove Shopping Center in Marin County, California, were closed December 4 due to flooding caused by an equipment failure at the county’s pumping station during heavy rains December 3. – KGO 7 San Francisco

34. December 4, KGO 7 San Francisco – (California) Cleanup underway after storm rocked Bay Area. Seven businesses at the Cove Shopping Center in Marin County were closed December 4 due to flooding caused by an equipment failure at the county’s pumping station during heavy rains December 3. Businesses in the Mission District of the county also suffered flood damage caused by the heavy rains and a water main rupture. Source: http://abc7news.com/weather/cleanup-underway-after-storm-rocked-bay-area-/422889/

Financial Services Sector

3. December 4, WPLG 10 Miami – (Florida) 4 Miami residents accused of bank fraud arrested. Four individuals from Miami, Florida, were arrested December 4 on charges that they allegedly operated a bank fraud and payment card fraud operation that defrauded financial institutions of more than $100,000. Source: http://www.local10.com/news/4-miami-residents-accused-of-bank-fraud-arrested/30055104

4. December 3, KCBS 2 Los Angeles – (California) 2 O.C. residents charged in $11M Ponzi scheme. The Orange County-based owner and operator of MBP Insurance Services Inc., and an agent at the company were charged December 3 for allegedly operating the company as a Ponzi scheme that defrauded victims of more than $11.3 million. Source: http://losangeles.cbslocal.com/2014/12/03/2-o-c-residents-charged-in-11m-ponzi-scheme/

5. December 3, Lexington Dispatch – (North Carolina; Alabama) Striped hoodie bandit arrested in Huntsville, Ala., on Tuesday. A suspect known as the “Striped Hoodie Bandit” wanted for three bank robberies in North Carolina was arrested in Huntsville, Alabama, December 2. The suspect was wanted in connection to bank robberies in High Point, Asheboro, and Huntersville in North Carolina as well as for a convenience store robbery in the State. Source: http://www.the-dispatch.com/article/20141203/NEWS/312039992/1005?Title=Striped-hoodie-bandit-arrested-in-Huntsville-Ala-on-Tuesday&tc=ar

For additional stories, see items 25 below in the Information Technology Sector and 32 below from the Commercial Facilities Sector

32. December 5, Krebs on Security – (International) Bebe stores confirms credit card breach. Officials from bebe stores inc., warned consumers December 4 that their personal information, including payment card data, may have been compromised after an investigation confirmed that hackers breached the company’s payment systems at stores in the U.S., Puerto Rico, and U.S. Virgin Islands between November 8 and November 26. The company has since blocked the attack and has added additional security features to its networks. Source: http://krebsonsecurity.com/2014/12/bebe-stores-confirms-credit-card-breach/

Information Technology Sector

25. December 5, The Register – (International) ‘Sign in with LinkedIn’ spoof allows baddies to penetrate Slashdot, NASDAQ.com and more. Researchers with IBM identified and reported a vulnerability that could have allowed attackers to gain access to Web sites that use MyDigiPass to enable logins using social media accounts due to LinkedIn and Amazon allowing the use of accounts without confirmed email addresses. The issue was closed before the findings were disclosed and affected Web sites including NASDAQ.com, Slashdot, Crowdfunder, and among many others. Source: http://www.theregister.co.uk/2014/12/05/top_sites_massive_potential_security_flaw_highlighted/

26. December 5, The Register – (International) VMware warns of vCenter cross-site-scripting bug. VMware released six patches for vulnerabilities in its vCenter Server Appliance, one of which could allow cross-site scripting (XSS) attacks if a user is logged-in to vCenter and is tricked into clicking a malicious link or visiting a malicious Web page. Source: http://www.theregister.co.uk/2014/12/05/vmware_warns_of_vcenter_crosssitescripting_bug/

27. December 4, Dark Reading – (International) ‘DeathRing’ malware found pre-installed on smartphones. Researchers with Lookout published a report that found that low-cost and counterfeit smartphones manufactured in Asia and Africa that come with a piece of pre-loaded malware known as DeathRing originates from China. The command and control server for the malware appears to be offline, and the malware could be used for SMS or browser phishing. Source: http://www.darkreading.com/mobile/deathring-malware-found-pre-installed-on-smartphones/d/d-id/1317901

28. December 4, Threatpost – (International) Details emerge on Sony wiper malware Destover. Kaspersky Lab researchers released a report analyzing the Destover wiper malware used in the recent attack on Sony Pictures Entertainment and stated that the malware appeared to use similar driver files and to have been developed on a similar timeline to the malware used in the Shamoon attack on Saudi Aramco and the DarkSeoul attack against South Korea in 2013. Source: http://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727

29. December 4, Threatpost – (International) Critical remote code execution flaw found in WordPress plugin. Researchers with Sucuri identified and reported a vulnerability in the WP Download Manager plugin for WordPress that could have allowed attackers to implant a backdoor or gain access to administrative accounts on vulnerable Web sites. The developers of WP Download Manager released an update to close the vulnerability the week of December 1. Source: http://threatpost.com/critical-remote-code-execution-flaw-found-in-wordpress-plugin/109720

Communications Sector

30. December 4, Morganton News Herald – (North Carolina) Radio station offline after copper theft wrecks transmitters. WCIS 760 AM Morganton, a radio station covering 7 counties across North Carolina, was knocked off the air after thieves damaged its transmitter building in Burke County December 4 stealing between 80 and 200 pounds of copper and causing an estimated $50,000 to $60,000 worth of property damage. The station is expected to resume operations the week of December 8. - Source: http://www.morganton.com/news/radio-station-offline-after-copper-theft-wrecks-transmitters/article_071d2412-7bf8-11e4-907c-af37597c4c49.html

31. December 4, Bluefield Daily Telegraph – (West Virginia) Police probe copper theft. Authorities are searching for suspects responsible for disrupting landline phone service to residents in the Davy area of McDowell County December 3 after an estimated 2,500 feet of Frontier Communications’ copper cables were stolen. Source: http://www.bdtonline.com/news/police-probe-copper-theft/article_977ae192-7b59-11e4-9539-d788ce4e7e47.html