Wednesday, January 28, 2015



Complete DHS Report for January 28, 2015

Daily Report

Top Stories

 · Nearly 8,000 flights throughout the U.S. were cancelled through January 29 due to a severe winter storm in the Northeast. – USA Today

11. January 27, USA Today – (National) Boston, coast take brunt of mighty Northeast storm. Nearly 8,000 flights throughout the U.S. were cancelled through January 29 due to a severe winter storm in the Northeast that prompted the evacuation of residents in Massachusetts, cancelled schools for millions of kids, knocked out power for thousands, shut down the New York subway system for several hours, and prompted driving bans for several States January 26. Source: http://www.usatoday.com/story/news/2015/01/27/bracing-for-blizzard-millions-hunker-down-across-northeast/22388241/

 · An estimated 46,000 gallons of sewage was dumped into Gwynns Falls in Maryland due to a clogged Baltimore City sewer line January 26. – Baltimore Brew

18. January 26, Baltimore Brew – (Maryland) Second sewer spill reported along the Gwynns Falls. An estimated 46,000 gallons of sewage was dumped into Gwynns Falls due to a clogged Baltimore City sewer line January 26. This is the second spill in Gwynns Falls following a January 15-16 spill that released an estimated 19,000 gallons of sewage due to blocked sewer pipes. Source: https://www.baltimorebrew.com/2015/01/26/second-sewer-spill-reported-along-the-gwynns-falls/

 · The U.S. Federal Communications Commission announced January 26 that Verizon will pay a $5 million penalty in a settlement after the company admitted that it failed to investigate whether its rural customers were able to receive long distance and wireless phone calls. – Ars Technica See item 31 below in the Communications Sector

 · Propel Braddock Hills High School in Pennsylvania was closed January 27 after the school went on lockdown January 26 while 2 students were arrested for allegedly bringing guns on campus. – WTAE 4 Pittsburgh

22. January 27, WTAE 4 Pittsburgh – (Pennsylvania) Guns found at Propel school in Braddock Hills; 2 students arrested. Propel Braddock Hills High School in Pennsylvania was closed January 27 after the school went on lockdown January 26 while 2 students were arrested for allegedly bringing guns on campus prompting a police response. Police recovered one loaded gun and a second unloaded gun after a search. Source: http://www.wtae.com/news/3-handcuffed-outside-propel-school-in-braddock-hills/30927490

Financial Services Sector

8. January 27, Baton Rouge Advocate – (National) Secret Service investigating ATM thefts along I-10 corridor. Whitney Bank Louisiana warned its customers and anyone who may have used their ATMs about a fraud scheme after it detected unauthorized activity at several ATM locations along the Interstate 10 corridor January 24 that may have also affected cities in Texas, Mississippi, Alabama, and Florida. The bank deactivated and will reissue approximately 7,100 debit cards as authorities are continue to investigate. Source: http://theadvocate.com/news/neworleans/neworleansnews/11434700-123/secret-service-investigating-atm-thefts

9. January 26, Bucks Local News – (Pennsylvania) Bucks County family accused of using massive insurance fraud scheme to finance life of luxury. A Buckingham Township woman, four members of her family, and two others were arrested and charged January 22 for allegedly conspiring to defraud insurance companies in excess of $20 million for personal use. Approximately $7 million in assets were seized as a result of an investigation that was initiated following an October 2013 fire at the family’s home, the third fire at the residence in 5 years. Source: http://www.buckslocalnews.com/articles/2015/01/26/bucks_news/doc54c25e7ecb11f863886711.txt?viewmode=fullstory

10. January 27, Philadelphia Business Journal – (Pennsylvania) Nifty Fifty’s accountant pleads guilty to tax fraud scheme. The accountant for the restaurant chain Nifty Fifty’s, pleaded guilty in federal court January 26 for his role in a conspiracy to commit tax evasion to avoid paying millions of dollars in personal and employment taxes by failing to properly account for more than $15 million gross receipts. Five individuals previously pleaded guilty to charges for their roles in the fraud scheme. Source: http://www.theintell.com/news/local/nifty-fifty-accountant-pleads-guilty-in-tax-fraud-scheme/article_277be81f-f089-56bb-9532-0d82407925ce.html

Information Technology Sector

27. January 27, Securityweek – (International) Super Bowl fans warned about vulnerable NFL mobile app. Researchers at Wandera, a mobile gateway company, reported a vulnerability in the official National Football League (NFL) mobile apps for iOS and Android that exposes users’ personal information immediately after the user signs into the mobile app in a secondary unencrypted API call, and can be intercepted through man-in-the-middle (MitM) attacks. Source: http://www.securityweek.com/super-bowl-fans-warned-about-vulnerable-nfl-mobile-app
28. January 27, Softpedia – (International) Regin cyber-espionage platform manned by the NSA. Researchers at Kaspersky Lab discovered a link in the keylogger dubbed QWERTY, a plugin for the WARRIORPRIDE malware framework, to be identical in functionality to Regin malware plugin 50251, responsible for kernel-mode hooking. The Regin platform targets telecommunication companies, government organizations and political entities, financial institutions, academia and specific individuals. Source: http://news.softpedia.com/news/Regin-Cyber-Espionage-Platform-Manned-by-the-NSA-471349.shtml
29. January 27, Help Net Security – (International) Supposedly clean Office documents download malware. Bitdefender is warning Microsoft Office users of a new spam campaign that resembles a tax return, a remittance, or form of bill from a bank and carries a Microsoft Word or Excel attachment that will automatically execute a piece of malware with a macro code disguised to bypass traditional antivirus if downloaded. Source: http://www.net-security.org/malware_news.php?id=2947
30. January 27, Help Net Security – (International) Android Wi-Fi Direct DoS vulnerability discovered. A researcher from the CoreLabs Team discovered a Denial of Service (DoS) vulnerability in some Android devices that could allow an attacker to send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class. The Android security team was informed of the flaw in September 2014. Source: http://www.net-security.org/secworld.php?id=17874

Communications Sector

31. January 26, Ars Technica – (National) Verizon punished for failing to investigate phone problems in rural areas. The U.S. Federal Communications Commissions announced January 26 that Verizon will pay a $5 million penalty in a settlement after the company admitted that it failed to investigate whether its rural customers were able to receive long distance and wireless phone calls. As part of the settlement, Verizon will pay a $2 million fine to the U.S. Department of the Treasury and commit another $3 million over the next 3 years to address the issue of rural call completion on a company and industry-wide basis. Source: http://arstechnica.com/business/2015/01/verizon-punished-for-failing-to-investigate-phone-problems-in-rural-areas/

For another story, see item 28 above in the Information Technology Sector