Wednesday, April 30, 2014




Complete DHS Report for April 30, 2014

Daily Report

Details

 • A former employee of a FedEx facility in Kennesaw, Georgia, entered the facility with a firearm April 29, shot and injured six people before shooting himself at the facility’s loading dock. – WXIA 11 Atlanta

12. April 29, WXIA 11 Atlanta – (Georgia) 3 critical after Kennesaw FedEx shooting; “Rambo” suspect dead. A former employee of a FedEx facility in Kennesaw entered the facility with a firearm April 29 and injured six people before shooting himself at the FedEx facility’s loading dock. Three victims were reported in critical condition and police had not confirmed a motive. Source: http://www.11alive.com/story/news/local/kennesaw/2014/04/29/kennesaw-fedex-shooting/8448813/

 • Crews continued working to extinguish a fire in a 700-foot-long railroad tunnel in Pike County, Kentucky, that began pouring out heavy smoke and fumes April 26 due to the tunnel’s timbers being treated with creosote. – WYMT 57 Hazard

13. April 29, WYMT 57 Hazard – (Kentucky) Fire inside railroad tunnel causing concern in Pike County. Crews continued working to extinguish a fire in a 700-foot-long railroad tunnel in Pike County, Kentucky, that began pouring out heavy smoke and fumes April 26 due to the tunnel’s timbers being treated with creosote. Some schools were closed in the area April 28-29 due to the smoke. Source: http://www.wkyt.com/wymt/home/headlines/Railroad-tunnel-fire-causing-concern-in-Pike-County-257086571.html

 • Adobe released updates for it Flash Player for Windows, Mac, and Linux following the discovery of a new zero-day vulnerability that is being actively exploited in the wild, and advised users to update immediately. – Help Net Security See item 35 below in the Information Technology Sector

 • Six people were injured and 1 person was killed when a driver lost control of his vehicle, struck a fence, and drove into a line of people waiting to enter Farrell’s Ice Cream Parlour in Buena Park, California, April 25. – Associated Press

40. April 27, Associated Press – (California) SUV rams people at ice cream shop; 1 dead, 6 hurt. Six people were injured and 1 person was killed when a driver lost control of his vehicle, struck a fence, and drove into a line of people waiting to enter Farrell’s Ice Cream Parlour in Buena Park April 25. Source: http://news.msn.com/us/suv-rams-people-at-ice-cream-shop-1-dead-6-hurt

Financial Services Sector

10. April 28, Woodland Daily Democrat – (California) Former Woodland loan officer involved in mortgage fraud scheme. A former Delta Homes and Lending loan officer and branch manager from Woodland was charged along with four others for allegedly participating in a mortgage fraud scheme that involved over $10 million in properties and defrauded lenders of at least $4 million. A Sacramento real estate agent pleaded guilty April 28 to running the scheme. Source: http://www.dailydemocrat.com/breakingnews/ci_25655706/former-woodland-loan-officer-involved-mortgage-fraud-scheme

For additional stories, see items 33 and 36 below in the Information Technology Sector

Information Technology Sector

30. April 29, Help Net Security – (International) AOL breach confirmed, bigger than initially thought. AOL confirmed April 28 that attackers breached the company’s systems and networks, leading to a significant increase in spoofed email spam from AOL Mail accounts. Around 500,000 users had their email addresses, postal addresses, address book contacts, encrypted passwords, and encrypted security questions compromised in the breach. Source: http://www.net-security.org/secworld.php?id=16758

31. April 29, Softpedia – (International) Siemens patches Heartbleed bug in industrial products. Siemens published an advisory and updates for several of its industrial control systems (ICS) programs that address the Heartbleed vulnerability in OpenSSL. Some Siemens ICS software remain unpatched, and the company advised users to apply workarounds until a full patch is made available. Source: http://news.softpedia.com/news/Siemens-Patches-Heartbleed-Bug-in-Industrial-Products-439837.shtml

32. April 29, Softpedia – (International) Apple fixes vulnerability that granted anyone access to personal details of developers. Apple closed a vulnerability in its Developer Center’s Radar application that could have been exploited to obtain the contact information of Apple retail and corporate employees and iOS, Mac, and Safari developers. A proof-of-concept was revealed by the researcher who discovered the vulnerability after Apple closed the vulnerability. Source: http://news.softpedia.com/news/Apple-Fixes-Vulnerability-That-Granted-Anyone-Access-to-Personal-Details-of-Developers-439812.shtml

33. April 29, Softpedia – (International) Phishers abuse Microsoft Azure to target PayPal, Apple, and Visa customers. Researchers at Netcraft reported that cybercriminals are making use of 30-day trials of Microsoft’s Azure cloud service to host phishing Web sites. The researchers identified several Azure-hosted phishing pages targeting Apple, Comcast, PayPal, Visa, American Express, and Cielo customers. Source: http://news.softpedia.com/news/Phishers-Abuse-Microsoft-Azure-to-Target-PayPal-Apple-and-Visa-Customers-439800.shtml

34. April 29, The Register – (International) Researchers warn of resurgent Sefnit malware. Researchers at Facebook reported that the Sefnit malware has been seen in use again, but without the use of a Tor client. The malware instead establishes direct connections to one or more command and control servers using a secure Plink connection. Source: http://www.theregister.co.uk/2014/04/29/researchers_warn_of_resurgent_sefnit_malware/

35. April 28, Help Net Security – (International) Flash 0-day exploited in watering hole attacks, Adobe provides patch. Adobe released updates for it Flash Player for Windows, Mac, and Linux following the discovery of a new zero-day vulnerability that is being actively exploited in the wild. Users were advised to update immediately. Source: http://www.net-security.org/secworld.php?id=16750

36. April 28, CNET News – (International) Stop using Microsoft’s IE browser until bug is fixed, US and UK warn. The U.S. Computer Emergency Readiness Team (US-CERT) advised users to stop using the Internet Explorer browser until Microsoft can develop a patch for a recently-disclosed vulnerability that can allow attackers to run malicious code. The vulnerability is currently being used in attacks against U.S. defense and financial organizations, according to FireEye researchers. Source: http://www.cnet.com/news/stop-using-ie-until-bug-is-fixed-says-us/

Communications Sector

37. April 29, Peninsula Daily News – (Washington) KONP-AM signal expected back today after repairs. KONP’s 1450 AM signal was disrupted April 25 after the transmitter’s primary and backup power modules failed, effectively causing the radio station to rely solely on its FM frequency until replacement parts for the transmitter arrived April 29. Source: http://www.peninsuladailynews.com/article/20140429/news/304299979/konp-am-signal-expected-back-today-after-repairs