Complete DHS Report for November 21, 2014
Daily Report
Top Stories
• Nearly 100,000
gallons of water was allegedly released by vandals following several reports of
open fire hydrants in Dickinson, North Dakota, November 16. – Dickinson
Press
23. November 18, Dickinson Press – (North Dakota) Dickinson
Police investigating fire hydrant vandalism that released 100,000 gallons of
water. Nearly 100,000 gallons of water was allegedly released following
several reports of open fire hydrants in Dickinson, North Dakota, November 16.
Authorities are searching for the suspects involved and are investigating
leads. Source: http://www.thedickinsonpress.com/content/dickinson-police-investigating-fire-hydrant-vandalism-released-100000-gallons-water
• Police shot and
killed a gunman on Florida State University campus after he opened fire at the
university’s Strozier Library November 20 injuring three students. – WCTV 6
Thomasville
24. November 20, WCTV 6 Thomasville – (Florida) Three
students shot at FSU library, gunman killed by police. Police killed a
gunman who shot at officers after opening fire at the Strozier Library at
Florida State University in Tallahassee November 20 injuring three students.
Authorities cleared the scene after several hours and continue to investigate
the incident. Source: http://www.wctv.tv/home/headlines/Dangerous-Situation-Reported-at-FSU-283300801.html
• An accident
involving two George County school buses November 19 sent 21 students to area
hospitals for minor injuries when the two busses collided on Mississippi
Highway 26 in Lucedale, Mississippi. – WALA 10 Mobile
26. November 19, WALA 10 Mobile – (Mississippi) 21
students sent to hospital in school bus accident. An accident involving a
George County school bus that was rear-ended by another county bus along
Mississippi Highway 26 in Lucedale November 19 caused 21 students to be
transported to area hospitals due to injuries. Source: http://fox10tv.com/2014/11/19/21-students-sent-to-hospital-in-school-bus-accident/
• Heavy snow caused a roof to collapse at a
christmascentral.com warehouse in Cheektowaga, New York, November 19 that also
resulted in a natural gas leak, prompting the evacuation of the neighboring Garden
Gate Health Care Facility. – Buffalo News (See item 41)
41. November
19, Buffalo News – (New York) Cheektowaga warehouse roof collapse forces
evacuation of nearby nursing facility. Heavy snow caused a roof collapse at
a christmascentral.com warehouse in Cheektowaga November 19 resulting in
millions of dollars in damage to the structure and its contents. The collapse
also caused a natural gas leak that prompted the evacuation of Garden Gate Health
Care Facility. Source: http://www.buffalonews.com/city-region/cheektowaga-warehouse-roof-collapse-forces-evacuation-of-nearby-nursing-facility-20141119
Financial Services Sector
9. November
19, WXII 12 Winston-Salem – (North Carolina) ‘Striped hoodie
bandit’ still wanted after High Point, Asheboro bank robberies. The FBI
asked for the public’s help in providing information on a suspect known as the
“Striped Hoodie Bandit” responsible for three bank robberies in North Carolina,
with the most recent occurring November 18 at a Sun Trust Bank branch in
Huntersville. Source: http://www.wxii12.com/news/striped-hoodie-bandit-still-wanted-after-high-point-asheboro-bank-robberies/29825564
For another story, see item 39 below
in the Information Technology Sector
Information Technology Sector
32. November
20, Threatpost – (International) Attackers using compromised Web plug-ins in
CryptoPHP blackhat SEO campaign. Researchers with Fox-IT identified a group
of attackers using compromised WordPress themes and plugins to deliver a piece
of malware dubbed CryptoPHP that engages in fraudulent search engine
optimization (SEO) operations. The malware can also inject content into sites
using the compromised plugins and themes, update itself, and perform other
tasks. Source: http://threatpost.com/attackers-using-compromised-web-plug-ins-in-cryptophp-blackhat-seo-campaign/109505
33. November
20, Securityweek – (International) Developers fix XSS vulnerability in jQuery
Validation Plugin script. The developers of the jQuery Validation Plugin
issued a fix for a vulnerability present in the plugin’s demo code that could
have allowed an attacker to engage in session hijacking using a reflected
cross-site scripting (XSS) attack. The code appeared to be first reported in
2007. Source: http://www.securityweek.com/developers-fix-xss-vulnerability-jquery-validation-plugin-script
34. November 20,
Threatpost – (International) Angler exploit kit adds new Flash exploit for
CVE-2014-8440. A security researcher reported that the Angler exploit kit
has been equipped with an exploit for the CVE-2014-8440 vulnerability in Adobe
Flash that can be used to take control of target systems. The vulnerability was
patched by Adobe November 11 but unpatched systems remain vulnerable. Source: http://threatpost.com/angler-exploit-kit-adds-new-flash-exploit-for-cve-2014-8440/109498
35. November
20, Threatpost – (International) Drupal patches denial of service
vulnerability; details disclosed. Researchers who identified a denial of
service (DoS) vulnerability in the Drupal content management system published
details of the vulnerability that could also expose user names following the
release of a patch by Drupal November 19 to close the vulnerability. Source: http://threatpost.com/drupal-patches-denial-of-service-vulnerability-details-disclosed/109502
36. November
19, Securityweek – (International) Chrome 39 includes 42 security fixes,
disables fallback to SSL 3.0. Google released version 39 of its Chrome
browser, closing 42 security issues, 11 of which were rated as high-severity,
adding features, and disabling fallback to SSL 3.0 which could be exploited in
POODLE attacks. Source: http://www.securityweek.com/chrome-39-includes-42-security-fixes-disables-fallback-ssl-30
37. November
19, Network World – (International) FTC gets federal court to shut down $120M
tech support scam. The Federal Trade Commission (FTC) announced November 19
that a federal court granted its request to temporarily shut down two
telemarketing operations that allegedly defrauded consumers out of more than
$120 million by convincing them to grant the marketers remote access and
deceiving them into paying for services and products to solve nonexistent
computer problems. The companies involved include PC Cleaner, Boost Software,
and Inbound Call Experts, and the defendants are the targets of separate cases
filed by the FTC and the State of Florida. Source: http://www.networkworld.com/article/2849636/security0/ftc-gets-federal-court-to-shut-down-120m-tech-support-scam.html
38. November
19, Softpedia – (International) Privilege escalation risk fixed in Android
Lollipop, lower versions vulnerable. A researcher who identified and
reported a flaw in the Android operating system that could allow an attacker to
execute arbitrary code released a proof-of-concept for the vulnerability
following the November 3 release of a patch that closes the vulnerability in
Android Lollipop (also known as Android 5.0). The vulnerability is still
present on previous Android versions. Source: http://news.softpedia.com/news/Privilege-Escalation-Risk-Fixed-in-Android-Lollipop-Lower-Versions-Vulnerable-465407.shtml
39. November
19, Threatpost – (International) Citadel variant targets password managers. Researchers
with IBM Trusteer notified the makers of the nexus Personal Security Client,
KeePass, and Password Safe password managers that a new variant of the Citadel
malware is targeting the three services in an attempt to steal users’ logins
and passwords. Source: http://threatpost.com/citadel-variant-targets-password-managers/109493
Communications Sector
40. November 19, WINK 11 Fort
Myers – (Florida) Police search for cell phone tower copper
thieves Officials are searching for the suspects responsible for stealing
more than $100,000 worth of copper from Lee County cell phone towers over the
course of three months dating back to August. Source: http://www.winknews.com/Local-Florida/2014-11-19/Police-search-for-cell-phone-tower-copper-thieves