Complete DHS Report for November 18, 2014
Daily Report
Top Stories
• The U.S. Chemical
Safety Board and the Occupational Safety and Health Administration are
investigating a methyl mercaptan leak at a DuPont and Co. plant in LaPorte,
Texas, that killed four workers and injured one November 15. – Reuters
3. November 16, Reuters – (Texas) Federal
agencies to begin probe of DuPont Texas plant deaths. The U.S. Chemical
Safety Board and the Occupational Safety and Health Administration are
investigating following a methyl mercaptan leak at a DuPont and Co. plant in
LaPorte, Texas, November 15 that killed four workers. A fifth employee was
transported to an area hospital with injuries. Source: http://www.reuters.com/article/2014/11/17/us-usa-chemicals-death-idUSKCN0J00XA20141117
• A boil water
advisory was issued for customers in Sussex Borough November 16 until November
21 following the restoration of water service after a November 13 water main
break during construction work on Route 23 in which over 1 million gallons of
water was lost. – New Jersey Herald
19. November
16, New Jersey Herald – (New Jersey) Customers in Sussex advised
to continue boiling water. A boil water advisory was issued for customers
in Sussex Borough November 16 until November 21 following the restoration of
water service after a November 13 water main break during construction work on
Route 23. The water system lost over 1 million gallons of water due to the
break and crews continue work to bring the borough’s upper water tank to full
capacity. Source: http://www.njherald.com/story/27399965/customers-in-sussex-advised-to-continue-boiling-water
• The Dickson County
Sheriff’s Office in Tennessee’s computer system was compromised by the
CryptoWall ransomware in October after an employee clicked on a malicious
advertisement that forced staff into paying $500 in digital currency in order
to retrieve 72,000 files.– Softpedia
26. November 14, Softpedia – (Tennessee) Sheriff’s
office pays ransom to unlock files encrypted by CryptoWall. The sheriff’s
office in Dickson County, Tennessee, reported that its computer system was the
victim of the CryptoWall ransomware in October after an employee clicked on a
malicious advertisement placed on the Web site of a local radio station. The sheriff’s
office was forced to pay about $500 in digital currency in order to retrieve
72,000 files that were encrypted by the ransom-demanding malware. Source: http://news.softpedia.com/news/Sheriff-s-Office-Pays-Ransom-to-Unlock-Files-Encrypted-by-CryptoWall-464962.shtml
• Eight people were
injured and 40 Ohio University students in Athens, Ohio, were displaced after a
major fire damaged 6 buildings that included university housing and shut off
power to the affected area for several hours November 16. – Athens News
40. November 16, Athens News – (Ohio) Blaze
heavily damages block of uptown buildings. Authorities are investigating
the cause of a November 16 fire that damaged 6 businesses in Athens, Ohio, and
injured 8 individuals, including 3 firefighters and 1 police officer. At least
40 students were displaced from apartment units located above the affected
businesses, and a subsequent power outage affected the area for several hours.
Source: http://www.athensnews.com/ohio/article-43673-blaze-heavily-damages-block-of-uptown-buildings.html
Financial Services Sector
6. November
14, Baltimore Sun – (New York; Maryland) Former owner of Empire
Towers indicted in $7million fraud. The U.S. Securities and Exchange
Commission filed a complaint November 14 against a Hampton Bays, New York man
who owned the Empire Towers building in Glen Burnie, Maryland, for allegedly
raising over $7 million from investors by selling fraudulent, unregistered
bonds. The SEC also charged the man’s investment advisor for allegedly
participating in the scheme. Source: http://www.baltimoresun.com/news/maryland/anne-arundel/bs-md-aa-empire-towers-owner-indicted-20141114-story.html
For another story, see item 32 below
in the Information Technology Sector
Information Technology Sector
27. November
17, Softpedia – (International) BusyBox devices compromised through
Shellshock attack. Researchers with Trend Micro identified a new version of
the Bashlite malware that identifies devices on an infected system’s network
that use the BusyBox software for Linux, including routers, and can then
attempt to compromise them using the Shellshock vulnerability. Source: http://news.softpedia.com/news/BusyBox-Devices-Compromised-Through-Shellshock-Attack-465087.shtml
28. November
17, Softpedia – (International) Steam password stealer is stored on Google Drive.
A researcher with Panda Security analyzed and reported a piece of malware
designed to steal passwords for the Steam gaming service that is being
delivered from a Google Drive account. The account was still active when the
researcher reported the malware November 16 and targets victims via a
fraudulent link in Steam chat that downloads an executable file. Source: http://news.softpedia.com/news/Steam-Password-Stealer-Is-Stored-On-Google-Drive-465107.shtml
29. November
17, The Register – (International) WinShock PoC clocked: But DON’T PANIC… It’s
no Heartbleed. Researchers released a proof-of-concept (PoC) exploit for a
SChannel crypto library flaw that was patched the week of November 10 in a Microsoft
patch release. The flaw can still be exploited in unpatched Windows Server
2012, 2008 R2, and 2003 installations to run arbitrary code. Source: http://www.theregister.co.uk/2014/11/17/ms_schannel_crypto_poc/
30. November
17, The Register – (International) Attack reveals 81 percent of Tor users but
admins call for calm. A paper released by researchers at the Indraprastha
Institute of Information Technology outlined a traffic confirmation attack
method that the researchers stated could be used to identify users of the Tor
anonymity network in 81 percent of cases if an attacker has sufficient
resources. Source: http://www.theregister.co.uk/2014/11/17/deanonymization_techniques_for_tor_and_bitcoin/
31. November
17, Securityweek – (International) Alleged creators of WireLurker malware
arrested in China. Authorities in China arrested three individuals for
allegedly creating and distributing the WireLurker malware targeting Mac OS X,
iOS, and Windows devices and shut down the Web site used to distribute the
malware. Source: http://www.securityweek.com/alleged-creators-wirelurker-malware-arrested-china
32. November
17, Securityweek – (International) Majority of top 100 paid iOS, Android apps
have hacked versions: Report. Arxan Technologies released their annual
State of Mobile App Security report which found that there were cloned or
repackaged versions of 97 percent of the top 100 paid Android apps and 87
percent for top 100 paid iOS apps, and that repackaged or cloned financial
services apps existed for 95 percent of apps on Android and 70 percent in iOS,
among other findings. Source: http://www.securityweek.com/majority-top-100-paid-ios-android-apps-have-hacked-versions-report
33. November
16, Softpedia – (International) New variant of Dofoil trojan emerges with
strong evasion features. Fortinet researchers identified a new variant of
the Dofoil botnet malware that contains several changes aimed at preventing the
malware from being detected and analyzed. Source: http://news.softpedia.com/news/New-Variant-of-Dofoil-Trojan-Emerges-with-Strong-Evasion-Features-465050.shtml
34. November
15, Softpedia – (International) New encryption ransomware offers file
decryption trial. Researchers at Webroot identified a new piece of
encryption ransomware dubbed CoinVault that encrypts victims’ files using
AES-256 encryption, demands a ransom, and offers a free trial of the decryption
performed if a ransom is paid. Source: http://news.softpedia.com/news/New-Encryption-Ransomware-Offers-File-Decryption-Trial-465027.shtml
35. November
14, Softpedia – (International) Google misses trojan SMS app in Play Store
for more than a year. An SMS trojan named Thai Fun Content was identified
by Malwarebytes researchers on the Google Play Store and was available for
download for over 1 year. The app subscribes victims to a paid SMS service and
charges victims $0.37 per day. Source: http://news.softpedia.com/news/Google-Misses-Trojan-SMS-App-in-Play-Store-for-More-than-a-Year-465005.shtml
Communications Sector
36. November 14, McDowell News – (North Carolina) Phone
outage impacts 17,500 customers. Around 17,500 residents, businesses, and
public agencies were without landline and cell phone service for nearly 4 hours
November 13 after a fiber optic line was severed on U.S. 70 west in Pleasant
Gardens. Emergency 9-1-1 service calls were also impacted during the outage.
Source: http://www.mcdowellnews.com/news/phone-outage-impacts-customers/article_ee66dd52-6c41-11e4-b85d-b7d2a99636bc.html
No comments:
Post a Comment