Friday, June 10, 2016



Complete DHS Report for June 10, 2016

Daily Report                                            

Top Stories

•Severe storms in Pennsylvania June 8 knocked out power to approximately 89,500customers and forced Southeastern Pennsylvania Transportation Authority (SEPTA) to suspend service on certain lines until further notice. – WCAU 10 Philadelphia

1. June 8, WCAU 10 Philadelphia – (Pennsylvania) String of severe storms brings down wires, stops trains. A series of severe storms that moved across Pennsylvania June 8 knocked out power to approximately 89,500 customers, stopped 3 Amtrak trains, and forced Southeastern Pennsylvania Transportation Authority (SEPTA) to suspend service on its Chestnut Hill West and Trenton Regional Rail Lines until further notice. Source: http://www.nbcphiladelphia.com/weather/stories/Severe-thunderstorms-Philly-382237871.html

•Indictments unsealed June 7 revealed that 14 members of the Back Side and Team Side gangs were arrested and charged in Brooklyn, New York, after FBI agents intercepted a package belonging to the defendants that contained more than 1,300 fraudulent credit cards. – U.S. Attorney’s Office, Eastern District of New York See item 7 below in the Financial Services Sector

•The City of St. Pete Beach dumped nearly 300,000 gallons of water into the Boca Ciega Bay June 7 after rain caused sanitary sewers to overflow into city streets. – WFLA 8 Tampa

19. June 8, WFLA 8 Tampa – (Florida) St. Pete Beach dumps 300,000 gallons of sewage into Boca Ciega Bay. The City of St. Pete Beach dumped nearly 300,000 gallons of water into the Boca Ciega Bay June 7 after rain caused sanitary sewers to overflow into city streets. The overflow resumed June 8 despite earlier efforts to clean the spill, and officials issued water advisories urging residents to cease using water to help alleviate pressure on the sewer system. Source: http://wfla.com/2016/06/08/st-pete-beach-dumps-300000-gallons-of-sewage-into-tampa-bay/

•Facebook Inc., and Netflix began resetting their users’ passwords as a precaution after an attacker breached the Web sites of Tumblr and MySpace, among others and released over750 million user records online. – WeLiveSecurity.com See item 25 below in the Information Technology Sector

Financial Services Sector

5. June 8, Chicago Tribune – (Illinois) ‘North Center Bandit’ hits bank for first time in 6 months. Authorities offered a reward in exchange for information on a man dubbed the “North Center Bandit” who is suspected of robbing a Chase Bank branch in the Jefferson Park area of Illinois June 8. Officials stated the man is suspected of committing four other bank robberies in the Chicago area since August 2015. Source: http://www.chicagotribune.com/news/local/breaking/ct-north-center-bandit-new-bank-robbery-20160608-story.html

6. June 8, WJHL 11 Johnson City – (Virginia) Two arrested in southwest VA after traffic stop, search yields 99 fake credit cards. Two New York men were arrested and charged in southwest Virginia June 6 after police discovered around 99 counterfeit or forged credit cards in the duo’s vehicle during a routine traffic stop. Source: http://wjhl.com/2016/06/08/two-arrested-after-traffic-stop-search-yields-99-fake-credit-cards/

7. June 7, U.S. Attorney’s Office, Eastern District of New York – (New York) Fourteen defendants charged with drug trafficking and illegal weapons possession in the Cypress Hills Houses in Brooklyn. Indictments unsealed June 7 revealed that authorities arrested and charged 14 members of the Back Side and Team Side gangs in Brooklyn, New York, after FBI agents intercepted a package belonging to the defendants that contained more than 1,300 fraudulent credit cards. Authorities stated that a Federal investigation also revealed the gang members were trafficking weapons and drugs from the New York City Housing Authority’s Cyprus Hills Houses. Source: https://www.justice.gov/usao-edny/pr/fourteen-defendants-charged-drug-trafficking-and-illegal-weapons-possession-cypres

Information Technology Sector

22. June 9, Help Net Security – (International) Bug in Chrome’s PDF reader allows arbitrary code execution. A security researcher discovered that the PDFium, a default PDF reader in Google Chrome Web browser was susceptible to a heap-based buffer overflow vulnerability in OpenJPEG parsing library that can be exploited through a PDF file with an embedded jpeg2000 whose SIZ marker states 0 components. In addition, the vulnerability can be exploited to achieve arbitrary code execution on a victim’s system and cause disruption of service, unauthorized information disclosure, and modification. Source: https://www.helpnetsecurity.com/2016/06/09/bug-chromes-pdf-reader/

23. June 8, ComputerWorld; TorrentFreak.com; Softpedia – (International) uTorrent forums breached via software vendor, consider passwords compromised. The uTorrent team released a security advisory warning users of an intrusion into their IP.Board forum, provided by Invision Power Services, after a client experienced a breach when an attacker downloaded user information from the forum and accessed other Invision users. The attacker’s entry point was unknown, but Invision Power Services released a security update June 1 for its IP.Board forum platform. Source: http://www.computerworld.com/article/3081345/security/utorrent-forums-breached-via-software-vendor-consider-passwords-compromised.html

24. June 8, SecurityWeek – (International) RansomWeb attacks on the rise. Security researchers from High-Tech Bridge reported that RansomWeb attacks were increasing and have been targeting large organizations with business-critical Web applications by encrypting data on-the-fly before its insertion into the database, which can allow attackers to remain undetected and ensure that Web site backups are overwritten with encrypted content to prevent victims from decrypting the files.

25. June 8, WeLiveSecurity.com – (International) Mandatory password reset for some Facebook and Netflix users in wake of mega-branches. Facebook Inc., and Netflix began notifying its customers that as a precaution the companies have reset their users’ passwords after an attacker breached the Web sites of VK.com, Tumblr, MySpace, and LinkedIn and released over 750 million user records online. Source: http://www.welivesecurity.com/2016/06/08/password-reset-facebook-netflix/

Communications Sector

Nothing to report