Friday, November 29, 2013

Complete DHS Daily Report for November 29, 2013

Daily Report

Top Stories

 • A railcar tank containing a highly flammable liquid that developed a hole and spilled the chemical on CSX train tracks in Willard, Ohio, forced the evacuation of about 400 households within a half mile-radius of the spill. – WEWS 5 Cleveland

6. November 27, WEWS 5 Cleveland – (Ohio) Willard residents evacuated after dangerous chemical spill on CSX train tracks at North Main Street. A railcar tank containing a highly flammable liquid that developed a hole and spilled the chemical on CSX train tracks in Willard forced the evacuation of about 400 households within a half mile-radius of the spill for an undisclosed amount of time November 27. Source: http://www.newsnet5.com/dpp/news/local_news/oh_huron/numerous-willard-residents-evacuated-to-after-dangerous-chemical-spill-on-north-main-street

 • The last of 27 State and federal highways in Colorado damaged or destroyed by September floods reopened ahead of a December 1 deadline. – Denver Post

7. November 27, Denver Post – (Colorado) Last flood damaged Colorado road re-opens. Colorado 7 that links Allenspark to Lyons, the last of 27 State and federal highways in Colorado damaged or destroyed by September floods, reopened November 26 ahead of a December 1deadline. Source: http://www.denverpost.com/news/ci_24608437/last-flood-damaged-colorado-road-re-opens

 • Police arrested a suspect in a stabbing attack at the Ambulatory Surgical Center of Good Shepherd Medical Center in Longview, Texas that left one dead and four injured. – Associated Press

21. November 26, Associated Press – (Texas) Nurse killed in stabbing spree at Texas hospital. Police arrested and charged a suspect in a stabbing attack at the Ambulatory Surgical Center of Good Shepherd Medical Center in Longview that left one nurse dead and four others injured November 26. Source: http://news.msn.com/crime-justice/nurse-killed-in-stabbing-spree-at-texas-hospital

 • Carteret Community College in Morehead City, North Carolina, cancelled classes after it suffered extensive damage due to a tornado. – WITN 7 Washington

23. November 27, WITN 7 Washington – (North Carolina) Tornado damages hospital, community college in Morehead City. Carteret Community College cancelled classes November 27 after it suffered extensive damage due to a tornado that swept through North Carolina November 26. Crews worked to repair the damage to several of the college’s buildings. Source: http://www.witn.com/home/headlines/233575481.html

Details

Financial Services Sector 

See item 28 below in the Information Technology Sector

Information Technology Sector

28. November 27, Help Net Security – (International) Researchers track down members of Nigerian cyber gang. Researchers at TrendMicro released a report on a Nigeria-based cybercrime gang dubbed “Ice 419” that is reportedly using the Ice IX banking trojan to gather personal and banking information and using phishing to target users of Scottrade, Match.com, and a Korean search engine.  Source: http://www.net-security.org/secworld.php?id=16020

29. November 27, Softpedia – (International) Linux worm Darlloz targets routers, security cameras, and set-top boxes. Symantec researchers identified a Linux worm named Darlloz that exploits a previously-patched PHP vulnerability to infect computers and potentially spread to other devices, including security cameras, routers, set-top boxes, and industrial control systems (ICS) running Linux.  Source: http://news.softpedia.com/news/Linux-Worm-Darlloz-Targets-Routers-Security-Cameras-and-Set-Top-Boxes-404023.shtml

30. November 26, Softpedia – (International) VBScript malware deletes files from infected systems. Researchers at TrendMicro identified a piece of malware dubbed VBS_SOYSOS that creates copies of itself using the names of MP3, JPG, and DWG files, deleting the original files. The malware also disables access to the registry editor and task manager, necessitating the installation of alternatives in order to remove the malware.  Source: http://news.softpedia.com/news/VBScript-Malware-Deletes-Files-from-Infected-Systems-403721.shtml

31. November 26, Threatpost – (International) Ruby on Rails CookieStore vulnerability plagues prominent websites. A researcher found that around 2,000 Web sites using an older version of Ruby on Rails that depends on the CookieStore default cookie storage mechanism were vulnerable to having users’ login information stolen. CookieStore keeps users’ session hashes on the client side, allowing an attacker to use cross-site scripting (XSS) or session hijacking to steal the information.  Source: http://threatpost.com/ruby-on-rails-cookiestore-vulnerability-plagues-prominent-websites/103038

For another story, see item 32 below in the Communications Sector

Communications Sector

32. November 27, Wireless Week – (National) T-Mobile confirms software issue caused slower data speeds. T-Mobile confirmed November 26 that a minor infrastructure software issue contributed to slower data speeds for some of its customers and that a fix was in the works. Source: http://www.wirelessweek.com/news/2013/11/t-mobile-confirms-software-issue-caused-slower-data-speeds

Wednesday, November 27, 2013

HAPPY THANKSGIVING

Complete DHS Daily Report for November 27, 2013

Daily Report

Top Stories

 • Swiss-based oil services company Weatherford International Ltd., agreed to pay over $252 million to settle U.S. allegations that it bribed officials in several countries and violated sanctions. – Bloomberg News

1. November 26, Bloomberg News – (International) Weatherford International settles foreign bribery probes. The Swiss-based oil services company, Weatherford International Ltd., agreed to pay over $252 million to settle U.S. allegations that it bribed officials in several countries and violated sanctions by authorizing bribes intended for foreign officials from 2002 to July 2011 in order to obtain or retain business or for other benefits. Source: http://www.bloomberg.com/news/2013-11-26/weatherford-international-settles-u-s-foreign-bribery-probes.html

 • Ford initiated a recall of almost 140,000 model year 2013 Escape vehicles equipped with 1.6 liter engines that may experience engine fires. – Detroit News

3. November 26, Detroit News – (National) Ford recalling 2013 Escape SUVs for fire risks. Ford initiated a recall of almost 140,000 model year 2013 Escape vehicles equipped with 1.6 liter engines that may experience engine fires caused by engine cylinder head overheating, which can lead to cracking and oil leaks. Among the recalled vehicles, 9,469 are part of a second recall to fix a fuel leak issue that could also result in engine compartment fires. Source: http://www.detroitnews.com/article/20131126/AUTO0102/311260052/Ford-recalling-140-000-13-Escape-SUVs-fire-risks

 • A broken water main caused 8,000 residents and 2,000 businesses in Cayce, South Carolina, to be without water for several hours and forced the closure of 10 Cayce and West Columbia schools. – Columbia The State

18. November 25, Columbia The State – (South Carolina) Water restored in Cayce following 17-hour power outage. A 16-inch water main broke November 25 due to freezing old pipes and caused 8,000 residents and 2,000 businesses in Cayce to be without water for several hours while forcing the closure of 10 Cayce and West Columbia schools. Service workers restored the water and issued a 24-hour boil water advisory. Source: http://www.thestate.com/2013/11/25/3121520/water-break-thousands-of-students.html

 • Researchers identified a trojan called Shez that disguises itself as an AutoCAD component in order to allow attackers to steal files and plant additional malware at a later date. – Help Net Security See item 29 below in the Information Technology Sector

Details

Financial Services Sector

4. November 26, Softpedia – (International) Experts warn of new banking trojan Neverquest. Security researchers have observed thousands of attempts to infect computers using the Neverquest banking trojan, a relatively new trojan that injects a phishing page into sessions when users attempt to access banking Web sites. The trojan has integrated self-replication mechanisms and is distributed via trojan downloaders. Source: http://news.softpedia.com/news/Experts-Warn-of-New-Banking-Trojan-Neverquest-403685.shtml

5. November 26, U.S. Securities and Exchange Commission – (Texas) SEC announces charges against two Houston-based firms for engaging in thousands of undisclosed principal transactions. The U.S. Securities and Exchange Commission announced November 26 charges alleging that Houston-based Parallax Investments LLC, Tri-Star Advisors, and three of their executives engaged in thousands of principal transactions through their affiliated brokerage firm without informing their clients, collectively making more than $2 million on the trades. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370540414827

6. November 25, Newark Star-Ledger – (Florida; New Jersey) Feds charge ex-Monmouth County man with running $18m Ponzi scheme. A Miami man was arrested and charged by federal authorities with allegedly running an $18 million Ponzi scheme that defrauded 28 investors by claiming to invest their funds through his company, Fair Haven, New Jersey-based LJS Trading. Source: http://www.nj.com/business/index.ssf/2013/11/feds_charge_ex-monmouth_county.html

For additional stories, see items 1 above in Top Stories and 11 below:

11. November 25, New Hyde Park Patch – (New York) DA: More charges for accused LIRR scammers. The Nassau County District Attorney announced upgraded charges against four Romanian nationals arrested and charged with allegedly installing skimming devices on Long Island Railroad ticket machines. A fifth suspect was also charged in the alleged scheme, though he recently fled to the U.K. following the arrests of the other suspects. Source: http://newhydepark.patch.com/groups/police-and-fire/p/da-more-charges-for-accused-lirr-scammers

Information Technology Sector

28. November 26, Softpedia – (International) Atrax: Cybercrime kit capable of stealing data, launching DDoS, mining for Bitcoins. Security researchers at CSIS identified a new malware kit called Atrax being sold for $250 on underweb forums. Atrax uses The Onion Router (TOR) protocol to hide its communications and comes with several add-ons that allow it to steal data from forms and browsers, launch distributed denial of service (DDoS) attacks, and mine for Bitcoins and Litecoins. Source: http://news.softpedia.com/news/Atrax-Cybercrime-Kit-Capable-of-Stealing-Data-Launching-DDOS-Mining-for-Bitcoins-403632.shtml

29. November 26, Help Net Security – (International) AutoCAD malware paves the way for future attacks. TrendMicro researchers identified a trojan called Shez that disguises itself as an AutoCAD component in order to create a user account with administrative rights, allowing attackers to steal files and plant additional malware in the future. The trojan is either dropped by other malware or can be downloaded unknowingly from malicious sites. Source: http://www.net-security.org/malware_news.php?id=2635

30. November 26, Softpedia – (International) Experts warn of an increase in the usage of Blackshades RAT. Symantec researchers found that the Blackshades remote access trojan (RAT) has increased in use over the past 5 months. The researchers also found a link between Blackshades and the Cool Exploit Kit, where the latter is used to drop the former as well as other pieces of malware. Source: http://news.softpedia.com/news/Experts-Warn-of-an-Increase-in-the-Usage-of-Blackshades-RAT-403525.shtml

31. November 26, Threatpost – (International) Blackhole and Cool Exploit Kit nearly extinct. A security researcher monitoring the sale and use of exploit kits found that the use of Blackhole and Cool exploit kits have decreased significantly in the 6 weeks since their alleged creator was arrested. However, the Reveton gang malware group continues to use a custom version of Cool for the distribution of ransomware. Source: http://threatpost.com/blackhole-and-cool-exploit-kits-nearly-extinct

Communications Sector

32. November 25, Reuters – (National) New agreement gets Pentagon closer to clearing airwaves for sale. The U.S. Department of Defense reached an agreement with broadcasting industry officials to share some radio airwaves used for military systems in order to allow them to be auctioned off for use by the private sector. Source: http://www.globalpost.com/dispatch/news/thomson-reuters/131125/new-agreement-gets-pentagon-closer-clearing-airwaves-sale

Tuesday, November 26, 2013

Complete DHS Daily Report for November 26, 2013

Daily Report

Top Stories

 • Strong winds in the San Francisco area that knocked down power lines and trees left at least 2 people dead and more than 50,000 people without power. – Reuters

6. November 22, Reuters – (California) Severe winds leaves two dead, 50,000 without power in San Francisco area. Strong winds in the San Francisco area that knocked down power lines and trees November 21 left at least 2 people dead and more than 50,000 people without power. Source: http://news.yahoo.com/severe-winds-leaves-two-dead-50-000-without-091905056.html

 • A large winter storm that moved through the Southwest caused major transportation disruptions in several States. – Associated Press

14. November 25, Associated Press – (National) Wintry storm threatens Thanksgiving travels. A large winter storm that moved through the Southwest caused at least 8 deaths in several fatal traffic accidents, more than 300 cancelled flights at the Dallas-Fort Worth International Airport, cancellations of sporting events and parades across Arizona, and multiple road closures in several States November 24. Source: http://www.theeagle.com/news/texas/article_7272a5ec-5599-11e3-842d-001a4bcf887a.html

 • A former crime lab chemist in Massachusetts pleaded guilty to charges that she mishandled evidence affecting possibly thousands of criminal cases. – CNN

27. November 22, CNN – (Massachusetts) Ex-Massachusetts chemist gets 3 to 5 years in tampering case. A former crime lab chemist from the William A. Hinton State Laboratory in Massachusetts pleaded guilty November 22 to charges that she mishandled evidence affecting possibly thousands of criminal cases by visually identifying alleged drug samples in lieu of performing chemical tests. Source: http://www.cnn.com/2013/11/22/justice/massachusetts-chemist-plea/index.html

 • Suffolk, New York police arrested a teenager in connection with allegedly hacking into Sachem school district computers and posting personal data of thousands of students online. – Long Island Newsday

32. November 22, Long Island Newsday – (New York) Arrest in Sachem schools data breach. Suffolk police arrested a teenager in connection with allegedly hacking into Sachem school district computers and posting personal data of thousands of students online from July through November. Source: http://www.newsday.com/long-island/suffolk/arrest-in-sachem-schools-data-breach-1.6484286

Details

Financial Services Sector

11. November 25, Softpedia – (International) Bitcoin payment solutions provider BIPS hacked, 1,295 BTC stolen. Denmark-based Bitcoin payment solutions provider BIPS was attacked by cybercriminals November 15 and November 17 with distributed denial of service (DDoS) attacks, followed by an attack that stole 1,295 BTC, equivalent to $1,085,208. Source: http://news.softpedia.com/news/Bitcoin-Payment-Solutions-Provider-BIPS-Hacked-1-295-BTC-Stolen-403365.shtml

12. November 24, Louisville Courier-Journal – (Kentucky) Louisville couple awarded $22.5 million verdict in mortgage fraud case. A verdict in Jefferson Circuit Court awarded $22.5 million to two victims of a Ponzi scheme run by New Age Title Co., a company run by two Louisville residents, who failed to pay off the victims’ original mortgage during refinancing. Damages against Wells Fargo, Forcht Bank, and an attorney were also awarded for various improper actions or parts in the scheme. Source: http://www.courier-journal.com/article/20131123/NEWS10/311230092/Louisville-couple-awarded-22-5-million-verdict-mortgage-fraud-case

13. November 22, KMOX 1120AM St. Louis – (Missouri; Nebraska) Secret Service arrests two in Lake Saint Louis debit card scheme. Police announced November 22 that two men were arrested in Omaha, Nebraska, by U.S. Secret Service agents in connection with several skimming incidents in Lake Saint Louis, Missouri. The suspects were found in possession of gift cards and $140,000 in cash. Source: http://stlouis.cbslocal.com/2013/11/22/secret-service-arrests-two-in-lake-saint-louis-debit-card-scheme/

For another story, see item 33 below:

33. November 22, Associated Press – (Colorado) Colorado county says hacker stole $146,000 from its bank accounts through email virus. Huerfano County shut down all but one of its computers used in financial transactions after hackers twice stole over $146,000 from the county’s bank accounts through a computer virus in November. Source: http://www.therepublic.com/view/story/0d1c00f3fdda4c2b95cc2b3b9a794a1c/CO--Countys-Bank-Hacked

Information Technology Sector

36. November 25, Help Net Security – (International) Twitter adds Forward Secrecy to thwart surveillance efforts. Twitter introduced Perfect Forward Secrecy for traffic to its Web site and mobile Web site in an effort to increase security. Source: http://www.net-security.org/secworld.php?id=16004

37. November 25, Softpedia – (International) Evernote warns users whose passwords have been exposed in Adobe breach. Evernote analyzed user data from a recent Adobe breach and found that some of its customers were using the same passwords for Adobe and Evernote. Evernote notified affected customers and advised them to change their passwords. Source: http://news.softpedia.com/news/Evernote-Warns-Users-Whose-Passwords-Have-Been-Exposed-in-Adobe-Breach-403297.shtml

38. November 25, Softpedia – (International) ICANN terminates accreditation of registrar Dynamic Dolphin. The Internet Corporation for Assigned Names and Numbers (ICANN) announced that it will terminate registrar Dynamic Dolphin’s registrar accreditation agreement effective December 20 due to the registrar having a convicted felon as its owner, a violation of ICANN regulations. Source: http://news.softpedia.com/news/ICANN-Terminates-Accreditation-of-Registrar-Dynamic-Dolphin-403142.shtml

39. November 24, The Register – (International) Rackspace patches Windows Updater vuln. CloudPassage researchers discovered a vulnerability in the Rackspace Windows Agent and Updater that allowed modified code to be uploaded to Rackspace Cloud Server instances and then allowed the execution of arbitrary code after a restart. Rackspace closed the vulnerability after CloudPassage notified the company of the issue. Source: http://www.theregister.co.uk/2013/11/24/rackspace_patches_windows_updater_vuln/

40. November 23, Softpedia – (International) Kaspersky publishes spam report for October 2013. Kaspersky published their spam report for October and found that email spam increased by 6.6 percent, among other findings. Source: http://news.softpedia.com/news/Kaspersky-Publishes-Spam-Report-for-October-2013-402999.shtml

41. November 22, The Register – (International) ‘High impact’ Gmail password security hole blew accounts wide open. A security researcher found and reported a security flaw in Gmail that could allow an attacker to use a spoof email with a password reset link to direct users to a site that launches a cross-site request forgery (CSRF) attack, harvesting the user’s username, new password, and login cookie. Google closed the vulnerability after it was notified by the researcher. Source: http://www.theregister.co.uk/2013/11/22/researcher_earns_payday_for_fixing_high_impact_gmail_password_flaw/

Communications Sector

Nothing to report