Complete DHS Report for January 15, 2015
Daily Report
Top Stories
· Law
enforcement officials in Evansville, Indiana, reported the arrest of 2
individuals accused of stealing and selling more than 70 pieces of farm
equipment worth an estimated $1.5 million. – WEHT 25 Evansville
12. January
13, WEHT 25 Evansville – (Indiana) E.P.D. and V.C.S.O. announce
$1.5M heavy equipment theft ring bust. Evansville Police and the
Vanderburgh County Sheriff’s Office reported the arrest of 2 individuals
accused of stealing and selling more than 70 pieces of farm equipment,
including excavators, tractors, and hydraulic equipment, worth an estimated
$1.5 million. Source: http://www.tristatehomepage.com/story/d/story/epd-and-vcso-announce-15m-heavy-equipment-theft-ri/39786/1pa0spB3bkCObyj-glpBnQ
· The
operator of the former Southfork Medical Clinic in Los Angeles and 4 clinic
employees were arrested January 13 in connection with an alleged scheme
involving the issuance and sale of more than 10,000 narcotic prescriptions and
supplying illegally-obtained prescription drugs to Texas. – Los Angeles
Times
20. January
14, Los Angeles Times – (California; Texas) L.A. doctor, 4 others
arrested in prescription drug ‘pill mill’ case. The operator of the former
Southfork Medical Clinic in Los Angeles and 4 clinic employees were arrested
January 13 in connection with an alleged scheme involving the issuance and sale
of more than 10,000 narcotic prescriptions at the clinic and supplying
illegally-obtained prescription drugs to Texas. Authorities are searching for
two other individuals involved in the case. Source: http://www.msn.com/en-us/news/crime/la-doctor-4-others-arrested-in-prescription-drug-pill-mill-case/ar-AA88rQu
·
Public health officials announced January 13 that more than 300 people may have
been exposed to a patient treated for measles at Colorado Springs, Colorado
hospital January 3 that was part of a multistate measles outbreak. – Colorado
Springs Gazette
21. January
14, Colorado Springs Gazette – (National) Several in El Paso
County quarantined due to measles exposure. El Paso County Public Health
announced January 13 that more than 300 people may have been exposed to a
patient treated for measles at Penrose Hospital in Colorado Springs January 3,
and recommended that unvaccinated individuals quarantine themselves at home
through January 24 following a multistate outbreak that began at 2 California
theme parks in December. Source: http://gazette.com/about-300-people-possibly-exposed-to-measles-via-colorado-springs-patient/article/1544540
· New York
City health officials stated January 13 that preliminary tests revealed the
presence of Legionella bacteria inside cooling towers at a 50,000-resident
apartment complex connected to a recent outbreak. – Associated Press
34. January
13, Associated Press – (New York) Legionella bacteria detected in
Bronx housing complex cooling towers. New York City health officials
reported January 13 that preliminary tests revealed the presence of Legionella
bacteria inside the cooling towers of the Co-Op City housing complex in the
Bronx where about 50,000 residents live, and that 8 of 12 recent cases of the
bacteria in the borough were diagnosed among the complex’s residents. The
cooling towers were taken out of service for cleaning and chlorination, while
River Bay Corporation, the complex’s property manager, began decontaminating
the cooling system January 10. Source: http://www.dailyjournal.net/view/story/44b50ee2632f4e18b425acdf5c9b1117/NY--Legionnaires-Disease-NYC/
Financial Services Sector
3. January
14, Softpedia – (International) Remote overlay attack toolkit
targets Brazilian bank customers. Researchers with Trusteer analyzed a
piece of remote desktop connection banking malware dubbed KL-Remote being
offered for sale on Brazilian underweb markets which includes the ability for
attackers to manually intervene and collect online banking information and
conduct transactions when users with infected systems visit banking Web sites.
Source: http://news.softpedia.com/news/Remote-Overlay-Attack-Toolkit-Targets-Brazilian-Bank-Customers-469973.shtml
4. January
14, Associated Press – (International) Minnesota woman charged in
$2M fake death insurance scam. A Plymouth, Minnesota woman and her son were
charged January 13 for allegedly conspiring with the woman’s ex-husband to fake
the ex-husband’s death in the country of Moldova, fraudulently collecting $2
million in life insurance, and transferring over $1.5 million of the money to
accounts in Moldova and Switzerland. Source: http://www.news8000.com/news/minnesota-woman-charged-in-2m-fake-death-insurance-scam/30689236
For another story, see item 7 below
from the Transportation Systems Sector
7. January
13, Milwaukee Journal Sentinel – (National) Park ‘N Fly airport
parking confirms data breach; company affiliated with two lots at General
Mitchell airport in Milwaukee. Airport parking lot operator Park ‘N Fly
confirmed a data breach January 13 that may have exposed card numbers, names,
billing addresses, card expiration dates, and CVV codes of customers who made
reservations through the company’s Web site. Atlanta-based Park ‘N Fly has
about 15 locations nationwide and several affiliates. Source: http://www.jsonline.com/blogs/news/288453361.html
Information Technology Sector
26. January
14, Securityweek – (International) Adobe updates Flash Player to fix 9
vulnerabilities. Adobe released updates for its Flash Player product
January 13, closing nine critical vulnerabilities, including vulnerabilities
that could be exploited to perform arbitrary code execution. Source: http://www.securityweek.com/adobe-updates-flash-player-fix-9-vulnerabilities
27. January
14, Softpedia – (International) Free tool searches GitHub for sensitive
company data. A researcher with SoundCloud created a tool dubbed GitRob
that can search companies’ GitHub code repositories to identify sensitive files
that may have been inadvertently added to GitHub. Source: http://news.softpedia.com/news/Free-Tool-Searches-GitHub-for-Sensitive-Company-Data-469944.shtml
28. January
14, Softpedia – (International) Apache patches Qpid message broker against
DoS condition. The developers of the Apache message broker software Qpid
released a patch January 13 that closes a denial of service (DoS) condition
that could be caused by unexpected protocol sequences leading to sudden
termination of Qpid processes. Source: http://news.softpedia.com/news/Apache-Patches-Qpid-Message-Broker-Against-DoS-Consdition-469987.shtml
29. January
14, Securityweek – (International) Mozilla fixes 9 vulnerabilities in Firefox
35. Mozilla released version 35 of its Firefox browser January 13, which
includes new features and functions as well as fixes for 9 security
vulnerabilities, 3 of which were rated as critical. Source: http://www.securityweek.com/mozilla-fixes-9-vulnerabilities-firefox-35
30. January
14, Softpedia – (International) Notepad++ releases “Je suis Charlie” edition,
website gets defaced. Attackers identifying as the Fallaga Team claimed
responsibility for defacing the Web site of open source text editor Notepad++.
Source: http://news.softpedia.com/news/Notepad-plus-plus-Releases-Je-suis-Charlie-Edition-Website-Gets-Defaced-469956.shtml
31. January
13, Securityweek – (International) Microsoft patches critical Windows security
vulnerability. Microsoft released its monthly round of Patch Tuesday
updates January 13, closing a critical security vulnerability in Windows’
Telnet Service that could allow an attacker to remotely execute code on
affected Windows servers, among seven other patches. Source: http://www.securityweek.com/microsoft-patches-critical-windows-security-vulnerability
32. January
13, Softpedia – (International) Siemens patches SIMATIC WinCC apps for iOS
against password-related flaws. Siemens released an update for the iOS
version of its SIMATIC WinCC Sm@rt Client product for industrial control systems
(ICS) which closes a vulnerability that could allow attackers to gain access to
sensitive information from the app. Source: http://news.softpedia.com/news/Siemens-Patches-SIMATIC-WinCC-Apps-for-iOS-Against-Password-Related-Flaws-469891.shtml
For another story, see item 3 above in the Financial Services Sector
Communications Sector
See item 25 below from the Emergency Services
Sector
25. January 14, WJW 8
Cleveland – (Ohio) AT&T: Services being restored after pipe
burst. Emergency 9-1-1 service in several counties including Summit, Medina,
Portage, and Stark was restored January 14 following an AT&T outage January
13 caused by a burst steam pipe in an Akron switching office that affected
wireless and wire line services. Crews continued work to restore service to the
remaining counties. Source: http://fox8.com/2015/01/13/police-911-systems-down-throughout-summit-co-due-to-power-outage-at-att-office-in-akron