Tuesday, July 7, 2015




Complete DHS Report for July 7, 2015

Daily Report                                            

Top Stories

 · All lanes of Interstate 85 in Anderson County reopened July 3 after being shut down for nearly 9 hours while HAZMAT crews responded to the incident. – Anderson Independent-Mail

11. July 3, Anderson Independent-Mail – (South Carolina) Tanker wreck shuts down miles of Interstate 85 for hours. All lanes of Interstate 85 in Anderson County reopened July 3 after being shut down for nearly 9 hours while HAZMAT crews responded to an accident that involved a vehicle and a semi-truck carrying a flammable material called polyurethane, spilled onto the highway. No injuries were reported. Source: http://www.independentmail.com/news/wreck-involving-2-18-wheelers-has-i-85n-blocked

 · Orlando Health announced July 2 that about 3,200 patients’ records were compromised at Winnie Palmer Hospital for Women and Babies, Dr. P. Phillips Hospital, and Orlando Regional Medical Center . – Orlando Sentinel

15. July 2, Orlando Sentinel – (Florida) Orlando Health reports data breach for 3,200 patients. Orlando Health announced July 2 that about 3,200 patients’ records were compromised after a former employee improperly accessed insurance information for patients at Winnie Palmer Hospital for Women and Babies, Dr. P. Phillips Hospital, and Orlando Regional Medical Center between January 2014 --- May 2015. Officials say there is no evidence that the information has been misused. Source: http://www.orlandosentinel.com/business/brinkmann-on-business/os-orlando-health-data-breach-20150702-post.html

 · Officials reported July 5 that the Arizona State Prison Complex-Kingman brought in 96 members of its special tactical unit to restore order following several riots. – USA Today

18. July 5, USA Today – (Arizona) Ariz. sends special forces to quell Kingman prison riot. Officials reported July 5 that the Arizona Department of Corrections brought in 96 members of its special tactical unit to restore order after a series of disturbances and riots began from July 2 -- July 4 that injured 9 staff members and 7 inmates at the Arizona State Prison Complex-Kingman. The incident has been resolved and officials stated that 700 inmates will be transferred to other prisons. Source: http://www.usatoday.com/story/news/nation/2015/07/05/quell-kingman-prison-riot/29741193/

 · FireKeepers Casino Hotel in Battle Creek, Michigan reported July 3 that its main computer system was compromised and may have affected 85,000 customers’ credit and debit cards. – Battle Creek Enquirer

34. July 3, Battle Creek Enquirer – (Michigan) FireKeepers data breach affects about 85,000. FireKeepers Casino Hotel in Battle Creek, Michigan reported July 3 that its main computer system was compromised from September 2014 – April 2015, and may affect approximately 85,000 credit and debit cards, as well as private information on customers and employees. The casino replaced its point-of-sale (PoS) equipment and is offering credit monitoring and identity protection services to those affected. Source: http://www.wzzm13.com/story/news/local/2015/07/03/firekeepers-casino-confirms-data-breach/29669543/

Financial Services Sector

4. July 3, KTTV 11 Los Angeles; Cybercast News Service – (California) Fullerton ‘Bandit’ linked to six bank robberies in Orange County. FBI officials are searching for a suspect dubbed the “Big A Bandit” who allegedly robbed a Bank of the West in Fullerton, California July 2 and is believed to be linked to 5 other Orange County bank robberies since 2013. Source: http://www.myfoxla.com/story/29467560/fullerton-suspect-linked-to-six-bank-robberies-in-orange-county

5. July 2, St. Paul Pioneer Press – (Illinois) Developers accused in $16M mortgage fraud. Two Glenview real estate developers and 4 alleged co-conspirators were indicted July 1 on charges alleging that they caused over $16 million in losses to banks, mortgage lenders, Fannie Mae, and Freddie Mac by falsely promoting condominiums at “The Woods at Countryside” in Palatine by promising impossible financial incentives, and that they conspired to conceal and misrepresent facts from banks and mortgage lenders to approve nonconforming loans. Source: http://www.chicagotribune.com/suburbs/mundelein/news/ct-mun-mortgage-fraud-tl-0709-20150702-story.html

6. July 2, Associated Press – (New York) NYPD: 17 charged in counterfeit credit card scheme. New York Police Department officials reported July 2 that 17 suspects were charged in connection with an alleged credit card counterfeiting ring that used stolen debit and credit card information to encode blank cards, which would be used to purchase items in New York City stores. Source: http://www.washingtontimes.com/news/2015/jul/2/nypd-17-charged-in-counterfeit-credit-card-scheme/

For another story, see item 34 above in Top Stories

Information Technology Sector

20. July 6, Securityweek – (International) KINS malware toolkit leaked online. Security researchers from MalwareMustDie reported that version 2.0 of the KINS banking trojan toolkit was leaked and widely distributed on the Internet, and that the malware’s developers have integrated ZeusVM banking trojan technology in the newest release, including the use of stenography to conceal configuration data. Source: http://www.securityweek.com/source-code-kins-malware-toolkit-leaked-online

21. July 6, Softpedia – (International) Govt supplier of surveillance software gets hacked, 400GB of data leaked. The Italian surveillance software company, Hacking Team reported that its systems were hacked, and 400 gigabytes of corporate data was leaked to the public. The company developed products for government agencies worldwide, including the U.S. Drug Enforcement Agency and the FBI. Source: http://news.softpedia.com/news/supplier-of-govt-surveillance-software-gets-hacked-400gb-of-data-leaked-486099.shtml

22. July 4, Softpedia – (International) Matsnu backdoor uses RSA crypto on exfiltrated data. Security researchers from Check Point discovered malware dubbed Matsnu, also known as Androm backdoor and Boxed.DQH, which acts as a backdoor on compromised machines, and sends Rivest-Shamir-Andleman (RSA)-encrypted user and system information back to a command and control (C&C) server. Source: http://news.softpedia.com/news/matsnu-backdoor-uses-rsa-crypto-on-exfiltrated-data-486039.shtml

23. July 4, Softpedia – (International) TYPO3 Enterprise CMS update adds 7 security fixes. TYPO3 released an update for its Enterprise Content Management System (CMS) addressing 7 security fixes for cross-site scripting (XSS) and authentication vulnerabilities, as well as the addition of login protection against brute-force attacks. Source: http://news.softpedia.com/news/typo3-enterprise-cms-update-adds-7-security-fixes-486027.shtml

24. July 4, Softpedia – (International) Node.js fixes denial of service bug. Developers released an update for Node.js addressing a bug affecting all Buffer to Strings conversions in which a triggered out-of-band write in Google Chrome’s JavaScript runtime V8 engine UTF-8 decoder could lead to a denial of service (DoS) condition. Source: http://news.softpedia.com/news/node-js-fixes-denial-of-service-bug-486019.shtml

25. July 3, Softpedia – (International) Dungarees Web site hacked, card information exposed. Dungaree reported that the company’s Web site had been hacked, and that customers who placed orders from March 26 – June 5 may have had their card-related data compromised, including card verification values (CVV). Dungaree secured the Web site and is offering identity theft protection services to affected customers. Source: http://news.softpedia.com/news/dungarees-website-hacked-card-information-exposed-485993.shtml

26. July 3, Securityweek – (International) Mozilla patches critical vulnerabilities with release of Firefox 39. Mozilla released version 39 of Firefox addressing 24 issues, including 3 use-after-free vulnerabilities, 7 critical uninitialized memory, buffer overflow, unowned memory, poor validation issues, 3 critical memory safety browser engine bugs, and high-severity privilege escalation, and type confusion flaws. Source: http://www.securityweek.com/mozilla-patches-critical-vulnerabilities-release-firefox-39

27. July 3, Securityweek – (International) Ad fraud trojan Kovter patches Flash player, IE to keep other malware out. A security researcher from Kafeine reported that the Kovter ad fraud trojan has been updating Adobe Flash Player and Microsoft Internet Explorer on infected systems in an effort to exclude other malware platforms. Source: http://www.securityweek.com/ad-fraud-trojan-kovter-patches-flash-player-ie-keep-other-malware-out

Communications Sector

28. July 5, KXAS 5 Dallas-Fort Worth – (Texas) Nearly 800 without phone service, internet service in Seagoville. Nearly 800 Seagoville residents were without phone or Internet access after an accident on U.S. Highway 175 damaged an AT&T terminal box. AT&T is working to restore services and the cause of the accident remains unknown. Source: http://www.nbcdfw.com/news/local/Nearly-800-Without-Phone-Service---Outage-in-Seagoville-311675271.html