Tuesday, April 22, 2014




Complete DHS Report for April 22, 2014

Daily Report

Details

 • Part of Route 18 in Canton Township, Pennsylvania, was closed for several hours April 21 after an accident involving a semi-truck carrying diesel fuel and two other semi-trucks carrying fracking water which led to a spill of about 1,300 gallons of diesel fuel and 400 gallons of fracking water. – WPXI 11 Pittsburgh; Pittsburgh Tribune-Review

6. April 21, WPXI 11 Pittsburgh; Pittsburgh Tribune-Review – (Pennsylvania) Hazmat situation shuts down part of Route 18 in Washington Co. Part of Route 18 in Canton Township was closed for several hours April 21 after an accident in which a semi-truck carrying more than 2,500 gallons of diesel fuel rear-ended two other semi-trucks carrying fracking water, causing all three to overturn spilling about 1,300 gallons of diesel fuel and 400 gallons of fracking water into the roadway, storm water system, and Chartiers Creek. Officials contained the spill and are investigating the incident. Source: http://www.wpxi.com/news/news/local/hazmat-situation-shuts-down-part-route-18-washingt/nfdxN/

 • Researchers identified a successful attack campaign that utilized the Heartbleed vulnerability to target an undisclosed organization’s virtual private network (VPN) and obtain VPN session tokens. – Dark Reading See item 23 below in the Information Technology Sector

 • The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning that the Innominate mGuard firmware and several Siemens industrial control systems are vulnerable to the Heartbleed vulnerability. – Threatpost See item 25 below in the Information Technology Sector

 • Researchers released a paper outlining critical vulnerabilities in satellite communication gear from several major manufacturers that could allow attackers to disrupt or eavesdrop on communications. – CSO See item 27 below in the Communications Sector

Financial Services Sector

4. April 18, Milwaukee Journal Sentinel – (Wisconsin) Menomonee Falls police arrest 3 suspects in bank robbery. Two men accused of robbing a BMO Harris Bank branch in Menomonee Falls were arrested by police shortly after the robbery April 17. A bank employee accused of being an accomplice was also arrested the same day. Source: http://www.jsonline.com/news/crime/menomonee-falls-police-arrest-2-suspects-in-bank-robbery-b99250798z1-255759901.html

Information Technology Sector

23. April 21, Dark Reading – (International) Heartbleed attack targeted enterprise VPN. Researchers at Mandiant identified a successful attack campaign that utilized the Heartbleed vulnerability in OpenSSL to target an undisclosed organization’s virtual private network (VPN) and obtain VPN session tokens. The attack began April 8, hijacked several active user sessions, and allowed the attackers to attempt to escalate their privileges within the organization. Source: http://www.darkreading.com/attacks-breaches/heartbleed-attack-targeted-enterprise-vpn-/d/d-id/1204592

24. April 19, Softpedia – (International) Sophos names spam-relaying “dirty dozen” countries for Q1 2014. Sophos released its list of top spam-relaying countries for the first quarter of 2014, with the U.S. accounting for the most spam by volume at 16 percent of all spam, followed by Spain and Russia. Source: http://news.softpedia.com/news/Sophos-Names-Spam-Relaying-Dirty-Dozen-Countries-for-Q1-2014-438517.shtml

25. April 18, Threatpost – (International) ICS-CERT warns of Heartbleed vulnerabilities in Siemens gear. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning that the Innominate mGuard firmware and several Siemens industrial control systems are vulnerable to the Heartbleed vulnerability in OpenSSL. Innominate issued a patch for the vulnerable firmware, while Siemens identified affected systems. Source: http://threatpost.com/ics-cert-warns-of-heartbleed-vulnerabilities-in-siemens-gear/105554

26. April 18, The Register – (International) Reddit users discover iOS malware threat. Reddit users identified a piece of malware for iOS devices known as Unflod Baby Panda which can target jailbroken iOS devices. Researchers at SektionEins found that the malware listens to SSL traffic and searches for Apple ID information to steal. Source: http://www.theregister.co.uk/2014/04/18/reddit_users_discover_ios_malware_threat/

For another story, see item 27 below in the Communications Sector

Communications Sector

27. April 18, CSO – (International) Major security flaws threaten satellite communications. Researchers at IOActive released a paper outlining critical vulnerabilities in satellite communication gear from several major manufacturers that could allow attackers to disrupt or eavesdrop on communications systems used in the maritime, energy, aeronautics, and media industries as well as those used by government and emergency services. Affected manufacturers were notified and details will not be publicly released until the second half of 2014 to allow manufacturers to close the vulnerabilities. Source: http://www.networkworld.com/news/2014/041814-major-security-flaws-threaten-satellite-280848.html