Friday, October 23, 2015



Complete DHS Report for October 23, 2015

Daily Report                                            

Top Stories

 • Four suspects were arrested October 21 among 8 charged for allegedly installing skimming devices inside gas pumps across southern California and Nevada. – Southern California City News Service

1. October 22, Southern California City News Service – (California; Nevada) Four suspected of ‘skimming’ credit card numbers at gas stations in Long Beach, elsewhere. The U.S. attorney in Los Angeles announced that 4 suspects were arrested October 21 among 8 charged for allegedly participating in a scheme in which they installed skimming devices inside pumps at gas stations across southern California and in Las Vegas, Nevada. The suspects reportedly used a large van to conceal the installation of the devices and would obtain consumer’s financial information via Bluetooth-equipped devices, such as cell phones and tablets.Source: http://www.presstelegram.com/general-news/20151021/four-suspected-of-skimming-credit-card-numbers-at-gas-stations-in-long-beach-elsewhere

 • San Jose County, California officials reported October 21 that the number of people sickened with Shigella increased to 80 cases, with 12 taken to intensive care units. – San Francisco Chronicle

13. October 21, San Francisco Chronicle – (California) Shigella outbreak linked to South Bay restaurant grows. San Jose County health authorities reported October 21 that the number of people sickened with Shigella increased to 80 cases, 12 of which were taken to intensive care units, after each person consumed food from the Mariscos San Juan restaurant following an October 18 outbreak that closed the establishment. The restaurant remains closed until health authorities deem it is safe for the public. Source: http://www.msn.com/en-us/news/us/shigella-outbreak-linked-to-south-bay-restaurant-grows/ar-BBmhMCa

 • U.S. military officials announced October 22 that a Marine Corps fighter pilot was killed October 21 when his aircraft crashed immediately after take-off from Royal Air Force Lakenheath station in England. – Associated Press

14. October 22, Associated Press – (International) US fighter pilot killed after jet crashes in England. U.S. military officials announced October 22 that a U.S. Marine Corps fighter pilot was killed October 21 when his F/A-18C Hornet aircraft crashed immediately after taking off from the Royal Air Force Lakenheath station in England. The plane was among six San Diego-based aircraft returning from a 6-month deployment in the Middle East.

 • Passaic County, New Jersey, officials reported that an 8-alarm fire at an apartment building displaced up to 400 people October 21 and injured 2 firefighters. – WPIX 11 New York City; Associated Press

22. October 22, WPIX 11 New York City; Associated Press – (New Jersey) 2 firefighters hurt in Passaic apartment fire; hundreds displaced. Passaic County officials reported that an 8-alarm fire at an apartment building displaced up to 400 people October 21 after the fire began on the top floor and spread to surrounding areas, injuring 2 firefighters. The incident was contained and the Red Cross is assisting displaced residents. Source: http://pix11.com/2015/10/21/firefighter-injured-battling-6-alarm-fire-in-passaic-apartment-building/

Financial Services Sector

5. October 21, WLS 7 Chicago – (Illinois) ‘North Center Bandit’ strikes bank again, FBI says. FBI officials are searching for a suspect dubbed the “North Center Bandit,” believed to be responsible for 4 robberies at Chase and PNC Bank branches in the Chicago area beginning August 21. The suspect’s most recent alleged robbery occurred at a Chase Bank branch in North Ashland October 20. Source: http://abc7chicago.com/news/north-center-bandit-strikes-bank-again-fbi-says/1044827/

For additional stories, see items 1 above in Top Stories and 2 below from the Energy Sector

2. October 22, WFOR 4 Miami – (Florida) Man charged in credit card skimming scheme. Police in Miami-Dade County arrested a man October 22 for allegedly installing skimming devices at gas stations across south Florida and for using the financial information to create counterfeit cards. Authorities believe the suspect obtained about 2,000 credit and debit card numbers. Source: http://miami.cbslocal.com/2015/10/22/man-charged-in-credit-card-skimming-scheme/

Information Technology Sector

18. October 22, Securityweek – (International) New NTP vulnerabilities put networks at risk. The Network Time Foundation’s NTP Project released an update addressing 13 denial-of-service (DoS), directory traversal, memory corruption, authentication bypass, and file overwrite vulnerabilities in the Network Time Protocol (NTP), as well as a “crypto-NAK” issue that could allow an unauthenticated off-path attacker to force Network Time Protocol daemon (ntpd) processes to peer with malicious time sources, eventually gaining the ability to bypass security mechanisms and change system time, among other activities. Source: http://www.securityweek.com/new-ntp-vulnerabilities-put-networks-risk

19. October 22, Softpedia – (International) Drupal releases version 7.41 to fix open redirect vulnerability. Drupal’s developers released update 7.41 addressing an open redirect vulnerability in the system’s Overlay module in which an attacker could redirect Drupal admins, logged into their admin panel, to a fake login page in order to harvest credentials. The vulnerability was previously addressed, but incompletely patched in version 7.38. Source: http://news.softpedia.com/news/drupal-releases-version-7-41-to-fix-open-redirect-vulnerability-495083.shtml

20. October 22, Softpedia – (International) New ransomware infects computers via Windows Remote Desktop Services. Researchers discovered a new strain of ransomware that hackers are manually installing by brute-forcing user account passwords onto Windows computers that have Remote Desktop or Terminal Services connections open. Once installed, the ransomware encrypts files with a 2048-bit RSA key and drops a file with information on how to pay the ransom. Source: http://news.softpedia.com/news/new-ransomware-infects-computers-via-windows-remote-desktop-services-495067.shtml

21. October 22, Securityweek – (International) Apple patches flaws in OS X, iOS, other products. Apple released OS X El Capitan v10.11.1 addressing 60 vulnerabilities that could be exploited for arbitrary code execution, denial-of-service (DoS), information disclosure, privilege elevation, overwriting arbitrary files, and bypassing restrictions, as well as a flaw that allowed malicious actors to exercise unused Extensible Firmware Interface (EFI) functions. The update also addresses two vulnerabilities used for jailbreaks and a lock screen issue. Source: http://www.securityweek.com/apple-patches-flaws-os-x-ios-other-products

Communications Sector

Nothing to report