Friday, December 19, 2014



Complete DHS Report for December 19, 2014

Daily Report

Top Stories

 · About 25 families in eastern Ohio remained displaced December 17 following a natural gas leak from a fracking well that prompted houses within a 1.5-mile radius to evacuate December 13. – Columbus Dispatch

1. December 17, Columbus Dispatch – (Ohio) Families flee out-of-control natural gas leak at eastern Ohio fracking well. About 25 families in eastern Ohio remained displaced December 17 due to a natural gas leak after crews resumed operations at a temporarily plugged fracking well in Monroe County that began to flow uncontrollably, prompting the evacuation of houses within a 1.5-mile radius of the well December 13. Source: http://www.dispatch.com/content/stories/local/2014/12/17/families-flee-out-of-control-natural-gas-leak.html

· New York based cosmetics company, Avon Products Inc., agreed to pay $67 million to settle criminal and civil charges by the U.S. Securities and Exchange Commission after its China division pleaded guilty December 17 to violating the Foreign Corrupt Practices Act (FCPA). – U.S. Securities and Exchange Commission See item 5 below in the Financial Services Sector

· Ten passengers on board a New Jersey Transit bus were injured following a multi-vehicle accident involving 3 semi-trucks December 17 that shut down northbound lanes of the New Jersey Turnpike near Linden for nearly 5 hours. – NJ.com

7. December 17, NJ.com – (New Jersey) 10 injured in NJ Transit bus, tractor-trailer crash on Turnpike in Linden. A 4- vehicle collision closed several lanes of the New Jersey Turnpike outer roadway near Linden for approximately 5 hours December 17 after a semi-truck attempted to change lanes and struck the rear of a NJ Transit bus with 61 passengers on board. Ten bus passengers were transported to an area hospital with injuries. Source: http://www.nj.com/union/index.ssf/2014/12/4_seriously_injuried_in_nj_transit_bus_tractor-trailer_crash_on_turnpike_in_linden.html

· A Chicago, Illinois businessman and his wife were convicted December 17 on more than one dozen counts including conspiracy, mail fraud, and money laundering for stealing $3.4 million in grants through the Illinois Department of Public Health for personal expenses. – Associated Press

16. December 17, Associated Press – (Illinois) Couple convicted of stealing grants. A Chicago businessman and his wife were convicted December 17 on more than a dozen counts including conspiracy, mail fraud, and money laundering for stealing $3.4 million in grants through the Illinois Department of Public Health intended for AIDS awareness and other health campaigns that they instead used for personal expenses. Source: http://www.nwherald.com/2014/12/18/couple-convicted-of-stealing-grants/axewh6/

Financial Services Sector

5. December 17, U.S. Securities and Exchange Commission – (International) SEC charges Avon Products, Inc. with Fcpa violations. Avon Products Inc. agreed to pay $67 million in disgorgement and interest to settle charges filed December 17 by the U.S. Securities and Exchange Commission accusing the beauty products company of violating the Foreign Corrupt Practices Act (FCPA) by failing to put in place controls that could have detected and prevented $8 million in payments to Chinese government officials by employees and consultants at the company’s Chinese subsidiary between 2004 and 2008. Source: http://www.sec.gov/litigation/litreleases/2014/lr23159.htm

6. December 16, Richmond Times-Dispatch – (Virginia) Data compromised at Union First Market Bank. Richmond-based Union First Market Bank stated that they shut off all ATM capabilities for their customers’ debit cards after discovering skimming activities that affected over 3,000 customers’ cards. Affected customers were being contacted by the bank and issued new debit cards Source: http://www.roanoke.com/business/news/union-first-market-data-breach-affects-more-than-debit-cards/article_93a64ccc-855e-5448-8021-cd70803622f3.html

Information Technology Sector

24. December 18, Securityweek – (International) Serious vulnerabilities found in Schneider Electric’s ProClima solution. An advisory from the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) December 16 warned that five vulnerabilities in the Schneider Electrica ProClima thermal management software were identified and reported by researchers and could be remotely exploited. The software is used in industries such as manufacturing, energy, and commercial facilities and affects ProClima versions 6.0.1 and earlier. Source: http://www.securityweek.com/serious-vulnerabilities-found-schneider-electrics-proclima-solution

25. December 18, Securityweek – (International) “USBdriveby” emulates mouse and keyboard to hijack computers. A researcher demonstrated an attack method known as USBdriveby that can use a USB-based microcontroller to emulate a mouse and keyboard to run several tasks including disabling security measures, opening backdoors, and changing DNS settings due to many systems trusting USB devices by default. The researcher tested the method on an OS X device but believes that it can be used on Windows and Unix operating systems, and the source code and operations for the attack were made public. Source: http://www.securityweek.com/usbdriveby-emulates-mouse-and-keyboard-hijack-computers

26. December 18, Help Net Security – (International) ICANN systems breached via spear-phishing emails. The Internet Corporation for Assigned Names and Numbers (ICANN) stated December 16 that it was compromised via spearphishing emails during November and attackers were potentially able to access Centralized Zone Data System (CZDS) files and salted and hashed user information and credentials. ICANN deactivated all CZDS passwords as a precaution and notified all potentially affected users. Source: http://www.net-security.org/secworld.php?id=17769

27. December 18, Softpedia – (International) Syrian Electronic Army hacks website of International Business Times. Hacktivists claiming affiliation with the Syrian Electronic Army group claimed responsibility for defacing the Web site of the International Business Times December 17. Source: http://news.softpedia.com/news/Syrian-Electronic-Army-Hacks-Website-of-International-Business-Times-467827.shtml

28. December 18, Help Net Security – (International) Researcher publishes JavaScript DoS tool. A researcher with WhiteHat Security published a prototype denial of service (DoS) attack script named FlashFlood written in JavaScript December 16. The code could be used by attackers in DoS attacks or to trick victims into executing the code. Source: http://www.net-security.org/secworld.php?id=17771

29. December 18, Help Net Security – (International) Ars Technica readers urged to change passwords in wake of hack. Ars Technica advised its registered readers to change their passwords as a precaution after an attacker briefly gained access to one of the site’s Web servers December 14. The site stated that the attacker may have been able to access hashed email addresses and passwords. Source: http://www.net-security.org/secworld.php?id=17768

30. December 17, Securityweek – (International) Backdoor found in Android phones manufactured by Coolpad: Research. Researchers with Palo Alto Networks reported that at least 24 models of Android devices manufactured by Coolpad contained a backdoor that could active applications, install unwanted applications, and upload device information and location data. Source: http://www.securityweek.com/backdoor-found-android-phones-manufactured-coolpad-research

31. December 17, Securityweek – (International) Xsser malware targeting iOS, Android devices. Researchers with Akamai identified a new mobile remote access trojan (mRAT) known as Xsser that is spread through phishing and man-in-the-middle (MitM) attacks and can steal credentials, execute code, and hijack browser sessions on Android and iOS devices. The researchers found that the mRAT is being used by an organized group currently targeting specific devices and software vendors, software-as-a-service (SaaS) providers, and Internet service providers mainly in Asia. Source: http://www.securityweek.com/xsser-malware-targeting-ios-android-devices

Communications Sector

32. December 18, The Register – (International) URL LOL: Delta splats web flight boarding pass snoop bug. Delta Airlines patched a security vulnerability in its paperless boarding pass system that allowed hackers to access information on unknown individuals’ flights by adjusting the URLs used to serve digital copies of boarding passes to smart phones that appear as QR codes which are scanned at the gate. Source: http://www.theregister.co.uk/2014/12/18/delta_fixes_flaw_that_allowed_hacker_pass_to_any_flight_anywhere_any_class/

33. December 17, WQAD 8 Quad Cities – (Illinois) Internet outage reported for some Mediacom Quad Cities-area customers. An equipment failure caused an Internet outage December 17 for Mediacom customers in four areas of Illinois. A Mediacom representative reported that a microchip was not functioning properly and was replaced to restore service. Source: http://wqad.com/2014/12/17/internet-outage-reported-for-some-mediacom-customers-in-milan-and-rock-island/

34. December 17, International Data Group – (National) US Agency sues Sprint for alleged unauthorized charges. The U.S. Consumer Financial Protection Bureau announced December 17 that it filed a lawsuit against Sprint for allegedly billing cellular phone customers for tens of millions of dollars in unauthorized services from third-parties. Related charges by the U.S. Federal Communications Commission are pending. Source: http://www.networkworld.com/article/2860774/us-agency-sues-sprint-for-alleged-unauthorized-charges.html

35. December 16, Scranton Times-Tribune – (Pennsylvania) WARM Radio back on the air, now with sports. WARM 590 AM Scranton returned to the air December 15 after going off air September 15 due to a failed transmitter caused by antiquated equipment. The equipment was updated and technical issues were resolved before operations were restored. Source: http://thetimes-tribune.com/news/warm-radio-back-on-the-air-now-with-sports-1.1803282