Tuesday, November 18, 2014





Complete DHS Report for November 18, 2014

Daily Report

Top Stories

 • The U.S. Chemical Safety Board and the Occupational Safety and Health Administration are investigating a methyl mercaptan leak at a DuPont and Co. plant in LaPorte, Texas, that killed four workers and injured one November 15. – Reuters

3. November 16, Reuters – (Texas) Federal agencies to begin probe of DuPont Texas plant deaths. The U.S. Chemical Safety Board and the Occupational Safety and Health Administration are investigating following a methyl mercaptan leak at a DuPont and Co. plant in LaPorte, Texas, November 15 that killed four workers. A fifth employee was transported to an area hospital with injuries. Source: http://www.reuters.com/article/2014/11/17/us-usa-chemicals-death-idUSKCN0J00XA20141117

 • A boil water advisory was issued for customers in Sussex Borough November 16 until November 21 following the restoration of water service after a November 13 water main break during construction work on Route 23 in which over 1 million gallons of water was lost. – New Jersey Herald

19. November 16, New Jersey Herald – (New Jersey) Customers in Sussex advised to continue boiling water. A boil water advisory was issued for customers in Sussex Borough November 16 until November 21 following the restoration of water service after a November 13 water main break during construction work on Route 23. The water system lost over 1 million gallons of water due to the break and crews continue work to bring the borough’s upper water tank to full capacity. Source: http://www.njherald.com/story/27399965/customers-in-sussex-advised-to-continue-boiling-water

 • The Dickson County Sheriff’s Office in Tennessee’s computer system was compromised by the CryptoWall ransomware in October after an employee clicked on a malicious advertisement that forced staff into paying $500 in digital currency in order to retrieve 72,000 files.– Softpedia

26. November 14, Softpedia – (Tennessee) Sheriff’s office pays ransom to unlock files encrypted by CryptoWall. The sheriff’s office in Dickson County, Tennessee, reported that its computer system was the victim of the CryptoWall ransomware in October after an employee clicked on a malicious advertisement placed on the Web site of a local radio station. The sheriff’s office was forced to pay about $500 in digital currency in order to retrieve 72,000 files that were encrypted by the ransom-demanding malware. Source: http://news.softpedia.com/news/Sheriff-s-Office-Pays-Ransom-to-Unlock-Files-Encrypted-by-CryptoWall-464962.shtml

 • Eight people were injured and 40 Ohio University students in Athens, Ohio, were displaced after a major fire damaged 6 buildings that included university housing and shut off power to the affected area for several hours November 16. – Athens News

40. November 16, Athens News – (Ohio) Blaze heavily damages block of uptown buildings. Authorities are investigating the cause of a November 16 fire that damaged 6 businesses in Athens, Ohio, and injured 8 individuals, including 3 firefighters and 1 police officer. At least 40 students were displaced from apartment units located above the affected businesses, and a subsequent power outage affected the area for several hours. Source: http://www.athensnews.com/ohio/article-43673-blaze-heavily-damages-block-of-uptown-buildings.html

Financial Services Sector

6. November 14, Baltimore Sun – (New York; Maryland) Former owner of Empire Towers indicted in $7million fraud. The U.S. Securities and Exchange Commission filed a complaint November 14 against a Hampton Bays, New York man who owned the Empire Towers building in Glen Burnie, Maryland, for allegedly raising over $7 million from investors by selling fraudulent, unregistered bonds. The SEC also charged the man’s investment advisor for allegedly participating in the scheme. Source: http://www.baltimoresun.com/news/maryland/anne-arundel/bs-md-aa-empire-towers-owner-indicted-20141114-story.html

For another story, see item 32 below in the Information Technology Sector

Information Technology Sector

27. November 17, Softpedia – (International) BusyBox devices compromised through Shellshock attack. Researchers with Trend Micro identified a new version of the Bashlite malware that identifies devices on an infected system’s network that use the BusyBox software for Linux, including routers, and can then attempt to compromise them using the Shellshock vulnerability. Source: http://news.softpedia.com/news/BusyBox-Devices-Compromised-Through-Shellshock-Attack-465087.shtml

28. November 17, Softpedia – (International) Steam password stealer is stored on Google Drive. A researcher with Panda Security analyzed and reported a piece of malware designed to steal passwords for the Steam gaming service that is being delivered from a Google Drive account. The account was still active when the researcher reported the malware November 16 and targets victims via a fraudulent link in Steam chat that downloads an executable file. Source: http://news.softpedia.com/news/Steam-Password-Stealer-Is-Stored-On-Google-Drive-465107.shtml

29. November 17, The Register – (International) WinShock PoC clocked: But DON’T PANIC… It’s no Heartbleed. Researchers released a proof-of-concept (PoC) exploit for a SChannel crypto library flaw that was patched the week of November 10 in a Microsoft patch release. The flaw can still be exploited in unpatched Windows Server 2012, 2008 R2, and 2003 installations to run arbitrary code. Source: http://www.theregister.co.uk/2014/11/17/ms_schannel_crypto_poc/

30. November 17, The Register – (International) Attack reveals 81 percent of Tor users but admins call for calm. A paper released by researchers at the Indraprastha Institute of Information Technology outlined a traffic confirmation attack method that the researchers stated could be used to identify users of the Tor anonymity network in 81 percent of cases if an attacker has sufficient resources. Source: http://www.theregister.co.uk/2014/11/17/deanonymization_techniques_for_tor_and_bitcoin/

31. November 17, Securityweek – (International) Alleged creators of WireLurker malware arrested in China. Authorities in China arrested three individuals for allegedly creating and distributing the WireLurker malware targeting Mac OS X, iOS, and Windows devices and shut down the Web site used to distribute the malware. Source: http://www.securityweek.com/alleged-creators-wirelurker-malware-arrested-china

32. November 17, Securityweek – (International) Majority of top 100 paid iOS, Android apps have hacked versions: Report. Arxan Technologies released their annual State of Mobile App Security report which found that there were cloned or repackaged versions of 97 percent of the top 100 paid Android apps and 87 percent for top 100 paid iOS apps, and that repackaged or cloned financial services apps existed for 95 percent of apps on Android and 70 percent in iOS, among other findings. Source: http://www.securityweek.com/majority-top-100-paid-ios-android-apps-have-hacked-versions-report

33. November 16, Softpedia – (International) New variant of Dofoil trojan emerges with strong evasion features. Fortinet researchers identified a new variant of the Dofoil botnet malware that contains several changes aimed at preventing the malware from being detected and analyzed. Source: http://news.softpedia.com/news/New-Variant-of-Dofoil-Trojan-Emerges-with-Strong-Evasion-Features-465050.shtml

34. November 15, Softpedia – (International) New encryption ransomware offers file decryption trial. Researchers at Webroot identified a new piece of encryption ransomware dubbed CoinVault that encrypts victims’ files using AES-256 encryption, demands a ransom, and offers a free trial of the decryption performed if a ransom is paid. Source: http://news.softpedia.com/news/New-Encryption-Ransomware-Offers-File-Decryption-Trial-465027.shtml

35. November 14, Softpedia – (International) Google misses trojan SMS app in Play Store for more than a year. An SMS trojan named Thai Fun Content was identified by Malwarebytes researchers on the Google Play Store and was available for download for over 1 year. The app subscribes victims to a paid SMS service and charges victims $0.37 per day. Source: http://news.softpedia.com/news/Google-Misses-Trojan-SMS-App-in-Play-Store-for-More-than-a-Year-465005.shtml

Communications Sector

36. November 14, McDowell News – (North Carolina) Phone outage impacts 17,500 customers. Around 17,500 residents, businesses, and public agencies were without landline and cell phone service for nearly 4 hours November 13 after a fiber optic line was severed on U.S. 70 west in Pleasant Gardens. Emergency 9-1-1 service calls were also impacted during the outage. Source: http://www.mcdowellnews.com/news/phone-outage-impacts-customers/article_ee66dd52-6c41-11e4-b85d-b7d2a99636bc.html