Wednesday, August 6, 2014




Complete DHS Report for August 6, 2014

Daily Report

Top Stories

 · Three engines and 10 freight cars from a Union Pacific train derailed after colliding with a semi-truck at a crossing in Ward County, Texas, August 3 halting eastbound rail traffic while crews repaired about 1,000 feet of damaged track. – Odessa American

7. August 4, Odessa American – (Texas) Truck driver injured in Ward County train derailment. Three engines and 10 freight cars from a Union Pacific train derailed after the train collided with a semi-truck at a crossing in Ward County August 3 when the driver of the semi-truck failed to yield the right of way to the train. The driver was transported to an area hospital while eastbound rail traffic was halted through Odessa August 4 while crews repaired about 1,000 feet of damaged track and recovered cars. Source: http://www.oaoa.com/news/article_e994475a-1c29-11e4-9508-001a4bcf6878.html

 · Fire crews continued to fight several wildfires in Oregon and California that combined, have burned thousands of acres, while three new fires have burned over 2,000 acres and compromised the Idaho Power transmission line in Wallowa County. – Portland Oregonian 

15. August 4, Portland Oregonian – (Oregon; California) Monday wildfire roundup: 5 Mile Fire grows to 2,000 acres. Fire crews continued to fight several wildfires in Oregon and California that combined have burned thousands of acres, while three new fires which began August 3 have burned over 2,000 acres and compromised the Idaho Power transmission line in Wallowa County. Source: http://www.oregonlive.com/pacific-northwest-news/index.ssf/2014/08/monday_wildfire_fire_roundup_5.html

 · Rapid 7 reported that multi-function printers from several companies contain vulnerabilities that can allow an attacker to access usernames, email addresses, and passwords from corporate Active Directory accounts. – The Register See item 20 below in the Information Technology Sector

 · A faulty air conditioner is believed to be the cause of a fire that broke out August 4 at the Fair Haven strip mall in Jesup, Georgia, destroying 7 businesses as well as an office space and a church. – WSAV 3 Savannah 

27. August 5, WSAV 3 Savannah – (Georgia) Jesup fire believed to have begun with air conditioner. A faulty air conditioner is believed to be the cause of a fire that broke out August 4 at the Fair Haven strip mall in Jesup, destroying 7 businesses as well as an office space and a church. Source: http://www.wnct.com/story/26195879/jesup-shopping-center-goes-up-in-flames

Financial Services Sector

3. August 4, U.S. Securities and Exchange Commission – (California) SEC charges California-based broker with stealing money from accounts. The U.S. Securities and Exchange Commission charged the former sole owner of Thornes & Associates, Inc., in Redlands with stealing $4.4 million from a two brokerage accounts under his control and paying out the funds to two friends and for personal use. The former owner agreed to settle the charges by paying roughly $4.4 million in disgorgement, plus interest, and nearly $4.4 million in penalties. Source: http://www.sec.gov/litigation/litreleases/2014/lr23058.htm

Information Technology Sector

19. August 5, IDG News Service – (International) Oracle issues fix for Java update that crippled some Web apps. Oracle issued an update for Java 7, Java 7 Update 67, which contains a fix for an issue in the recent Java 7 Update 65 that caused some Web applications to be unable to launch. Source: http://www.computerworld.com/s/article/9250163/Oracle_issues_fix_for_Java_update_that_crippled_some_Web_apps

20. August 5, The Register – (International) Multi function p0wnage just getting worse, researcher finds. A researcher with Rapid 7 reported that multi-function printers from several companies contain vulnerabilities that can allow an attacker to access usernames, email addresses, and passwords from corporate Active Directory accounts. The researcher and his team reported being able to gain access to corporate networks in 40-50 percent of attempts. Source: http://www.theregister.co.uk/2014/08/05/printer_pwnage_just_getting_worse_researcher_finds/

21. August 5, Help Net Security – (International) DDoS attack volumes plummet as NTP servers got patched. Black Lotus released its Q2 2014 Threat Report which found that patching weaknesses in systems decreased distributed reflection denial of service (DrDoS) attacks by 86 percent in the second quarter of 2014 while multi-vector attacks such as TCP SYN and HTTP GET attacks increased 140 percent during the quarter, among other findings. Source: http://www.net-security.org/secworld.php?id=17206

22. August 5, Securityweek – (International) Mobile users targeted with SandroRat posing as security software. Researchers with McAfee identified a campaign targeting Android users in Europe which disguises the SandroRat malware as a Kaspersky mobile security app to trick users into installing it. The malware is spread via text messages and emails and purports to be from a bank as a means of enhancing mobile security. Source: http://www.securityweek.com/mobile-users-targeted-sandrorat-posing-security-software

23. August 5, Securityweek – (International) Flaw enabled access to internal Yahoo administration panel. A researcher with RMSEC identified and reported an issue with Yahoo that allowed him to guess a correct URL and then be logged into an internal content management system (CMS) with full administrator rights. Yahoo closed the issue after being informed by the researcher. Source: http://www.securityweek.com/flaw-enabled-access-internal-yahoo-administration-panel

24. August 5, Securityweek – (International) Apache Cordova vulnerabilities expose Android apps. IBM Security Systems researchers identified three vulnerabilities in the Apache Cordova developer APIs that could allow attackers to steal sensitive information from applications created using Apache Cordova. The Apache Cordova development team was notified by the researchers prior to public disclosure and an update was released August 4 that closes the flaws. Source: http://www.securityweek.com/apache-cordova-vulnerabilities-expose-android-apps

25. August 4, Threatpost – (International) RAT malware communicating via Yahoo Mail. A researcher with G-Data published an analysis of a remote access trojan (RAT) known as IcoScript that has mostly gone undetected since 2012 and uses Yahoo Mail to communicate with its controllers to avoid creating suspicious traffic. The RAT could also be modified to use Gmail or other webmail providers. Source: http://threatpost.com/rat-malware-communicating-via-yahoo-mail

Communications Sector

See item 17 from the Emergency Sector and 26 from the Commercial Facilities Sector below:

17. August 4, NorthEscambia.com – (Florida) 911 outage for some Frontier customers; regular calling, internet out for some. Crews worked to repair a cut fiber optic cable after a contractor inadvertently cut the cable August 4, causing Frontier customers in several communities in Escambia County to lose either 9-1-1 landline service, Internet, or landline phone service. Source: http://www.northescambia.com/2014/08/911-outage-for-some-frontier-customers-regular-calling-internet-out-for-some

26. August 5, Aspen Daily News – (Colorado) Power outage closes dozen of Aspen businesses. Construction crews severed a main electric feeder line August 4 that left many residents in downtown Aspen without power and closed dozens of businesses for nearly 11 hours for repairs. AT&T cell service for customers was also down due to the power being cut off to a cell phone tower. Source: http://www.aspendailynews.com/section/home/163320