· Service
on the Number 1, 2, and 3 trains in New York City was suspended for several
hours April 8-9 in the West Village area of the city due to flooding inside the
14th Street Station caused by a water main break. – WCBS 2 New York City
9. April 9, WCBS 2 New York
City – (New York) 500
evacuated from subway after West Village water main break; some service halted.
Service on the New York City subway system’s Number 1, 2, and 3 trains was
suspended for several hours April 8-9 throughout a stretch of the city’s West
Village area due to flooding inside the 14th Street Station caused by a water
main break. About 500 passengers were safely evacuated from trains entering the
station before the suspension, and crews drained water from the station’s
tracks before resuming operations. Source: http://newyork.cbslocal.com/2015/04/08/west-village-water-main-break-reroutes-no-1-train/
· Sabra Dipping Co., LLC
voluntarily issued a recall April 8 for about 30,000 cases of its Classic
Hummus due to possible Listeria monocytogenes contamination. – U.S. Food and
Drug Administration
15. April 8, U.S. Food and Drug
Administration –
(National) Sabra Dipping Company issues nationwide voluntary recall of
select SKUs of its Classic Hummus. The U.S. Food and Drug Administration
reported April 8 that Sabra Dipping Co., LLC voluntarily issued a recall for
about 30,000 cases of its Classic Hummus due to possible Listeria monocytogenes
contamination. The recalled products were distributed to retail outlets,
including food service accounts and supermarkets nationwide. Source: http://www.fda.gov/Safety/Recalls/ucm441863.htm
· Officials reported that
more than 100 million gallons of sewage and storm water spilled into the Ohio
River April 9 after a water treatment plant in Kentucky was knocked out of
service following a fire. – Louisville Courier-Journal
17. April 9,
Louisville Courier-Journal – (Kentucky) Huge sewage flow hits Ohio
River after blast. The Metropolitan Sewer District (MSD) reported that more
than 100 million gallons of sewage mixed with storm water was spilled, and
continues spilling into the Ohio River April 9 after the Morris Forman Water
Quality Treatment Center in Kentucky suffered electrical and mechanical damage
that knocked it out of service following an April 8 explosion and fire. Authorities warned
the public to avoid contact with the river near the discharge area, and stated
that the treatment process will resume once repairs are completed. Source: http://www.courier-journal.com/story/tech/science/environment/2015/04/09/msd-spilling-huge-sewage-flow-ohio-river/25513365/
· Researchers discovered
that an email campaign targeting users worldwide utilizes a combination of the
Upatre downloader and Dyre banking trojans to gain information about
compromised systems and intercept online banking credentials. – Help Net
Security See
item 27 below in the Information Technology Sector
Financial Services Sector
6. April
9, Easton Express-Times – (Pennsylvania; New York) I-78 traffic
stop nets wanted man with 75 fake credit cards in pants, police say. A New York
man was arrested and charged April 7 after Pennsylvania State Police officers
found 75 fake credit cards in his possession during a traffic stop on
Interstate 78 in Lehigh County. The man was sent to the county jail and will be
extradited to New York due to a separate warrant. Source: http://www.lehighvalleylive.com/lehigh-county/index.ssf/2015/04/i-78_traffic_stop_nets_fugitiv.html
7. April
8, South Florida Business Journal – (Florida) 4 Miami residents
indicted in international mortgage fraud scheme. The U.S. Attorney’s Office
for the Southern District of Florida announced the indictment of 6 individuals
and 3 companies April 8 in reference to an international mortgage fraud scheme
in which the individuals allegedly used fraudulent loan applications and other
documents to apply for over $9 million in mortgage loans from Chevy Chase Bank,
JP Morgan Chase Bank, and Washington Mutual Bank for residential properties in
Miami-Dade and Palm Beach counties from October 2004-May 2007. Source: http://www.bizjournals.com/southflorida/news/2015/04/08/4-miami-residents-indicted-in-international.html
For another story, see item 27 below
in the Information Technology Sector
Information Technology Sector
25. April 9,
Softpedia – (International) Over 100 forum websites foist poorly detected
malware. Security researchers at Cyphort discovered a supposed click-fraud
campaign that exploits Web forums running outdated versions of vBulletin or IP
Board software to use malicious code to direct visitors to a landing page
hosting the Fiesta exploit kit (EK) to deliver Gamarue and FleerCivet malware
that steals information and injects backdoor trojans. The malware ensures
persistence by avoiding virtual environments and disabling security settings on
compromised systems, and exploits vulnerabilities found in Internet Explorer
and in Adobe Flash Player version 16.0.0.296 and earlier. Source: http://news.softpedia.com/news/Over-100-Forum-Websites-Foist-Poorly-Detected-Malware-478020.shtml
26. April 9,
Threatpost – (International) Apple iOS 8.3 includes long list of security
fixes. Apple released iOS 8.3 for iPhone and iPad users patching over three
dozen vulnerabilities, including flaws in the mobile operating system’s kernel,
several bugs in WebKit, and a number of code-execution bugs. Source: https://threatpost.com/apple-ios-8-3-includes-long-list-of-security-fixes/112072
27. April 9,
Help Net Security – (International) Deadly combination of Upatre and Dyre trojans
still actively targeting users. ESET researchers discovered that an email
campaign targeting users worldwide utilizes a combination of the Upatre (Waski)
downloader and Dyre/Dyreza banking trojans delivered via simple spam emails to
gain information about compromised systems and intercept online banking
credentials. Researchers believe that the scheme is part of the larger,
previously discovered Dyre Wolf campaign that has targeted businesses around
the world. Source: http://www.net-security.org/malware_news.php?id=3011
28. April 8,
Securityweek – (International) Google Chrome extension criticized for data
collection. Security researchers at ScrapeSentry and Heimdal Security
reported that the Webpage Screenshot Google Chrome third-party extension
contained malicious code that allowed for copies of all browser data to be sent
to a server in the U.S. Google removed the extension from the Chrome Web Store,
and Webpage Screenshot claimed that the information was only used for marketing
and development purposes. Source: http://www.securityweek.com/google-chrome-extension-criticized-data-collection
29. April 8,
Threatpost – (International) Two NTP key authentication vulnerabilities
patched. Network Time Protocol (NTP) patched two vulnerabilities that
allowed attackers to leverage symmetric key authentication flaws to bypass
message authentication code (MAC) to send packets to clients. The second
vulnerability utilized symmetric key authentication to create denial-of-service
(DoS) conditions when peering hosts receive packets with mismatched timestamps.
Source: https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067
Communications Sector
30. April 8,
SCMagazine – (International) FCC fines AT&T $25M for call center
breaches. AT&T agreed to pay $25 million in penalties April 8 as part
of an agreement with the U.S. Federal Communications Commission to settle
allegations that the company’s call centers in Columbia, the Philippines, and
Mexico disclosed the names and full or partial Social Security numbers of
280,000 customers from 2013-2014. The personal information was used by call
center workers to obtain codes that unlock handsets of AT&T phones that
were shared with co-conspirators in a stolen cell phone-trafficking scheme.
Source: http://www.scmagazine.com/att-fined-by-fcc-for-breaches-in-three-call-centers/article/408114/