Complete DHS Report for
November 12, 2015
Daily Report
Top Stories
• Three men were
charged in connection to an alleged cyber-attack against several U.S. financial
institutions that allowed the suspects to steal the personal information of
more than 100 million customers. – Wall Street Journal See item 3 below in the Financial Services Sector
• Iowa officials
reported that 2 tracks near Danville were out of service November 9 after 2
locomotives and 21 rail cars derailed when a coal train struck a road grader. –
Associated Press
9. November
9, Associated Press – (Iowa) Coal cars derailed when train hits road grader in
Iowa. Des Moines County officials reported that two tracks near Danville
were out of service while crews worked to clean spilled coal and repair damages
November 9 after 2 locomotives and 21 rail cars derailed when a coal train
struck a road grader used to make repairs on nearby U.S. Highway 34.
• A 5-alarm fire
November 9 at the abandoned Paterson Armory in New Jersey prompted the closure
of several schools in the Paterson Public School district November 10. – NJ.com
20. November
9, WBZ 4 Boston – (Massachusetts) Boston Arts Academy students exposed to
hydrochloric acid. Boston Arts Academy in Massachusetts was briefly
evacuated November 9 after 25 students complained of headaches and nausea and
were transported to an area hospital after they were exposed to hydrochloric
acid in a classroom that did not ventilate properly. Fire crews aired out the
building and classes resumed. Source: http://boston.cbslocal.com/2015/11/09/boston-arts-academy-hydrochloric-acid-2/
• Comcast announced
November 9 that it will reset passwords for roughly 200,000 customers after a
package of personal data was listed for sale on a Dark Web site. – Washington
Post See item 24 below in the Communications Sector
Financial Services Sector
3. November
10, Wall Street Journal – (International) Charges announced in J.P.
Morgan hacking case. A Federal indictment was unsealed November 10 against
three men in connection to an alleged massive cyber-attack against J.P. Morgan
Chase & Co., and several other U.S. financial institutions that allowed the
suspects to steal the personal information of more than 100 million customers
by hacking into the financial institutions’ systems and stealing customer
information to carry out a stock-manipulation scheme. The defendants would
artificially inflate stock prices and send spam emails to customers to trick
them into buying stocks.
For another
story, see item 1 below from the Energy Sector
1. November
9, U.S. Attorney’s Office, Southern District of Texas – (New
York) Bronx man charged in oil futures fraud scheme. A Bronx man was
indicted November 9 for an alleged fraud scheme where he misled investors out
of more than $1.5 million by falsely representing that he operated a commodity
poll which invested in oil futures contracts. The suspect would pay returns to
investors with money received from other investors and use funds received for
personal expenses.
Source: https://www.fbi.gov/houston/press-releases/2015/bronx-man-charged-in-oil-futures-fraud-scheme
Information Technology Sector
22. November
10, Securityweek – (International) Flaw in Linux encryption ransomware exposes
decryption key. Researchers at Bitdefender discovered a flaw in the
Linux.Encoder1 ransomware in its advanced encryption standard (AES) key
generation process that revealed the libc rand() function, seeded with the
current system timestamp during encryption, allows the retrieval of the AES key
without having to decrypt the malware by paying the attackers for a RSA public
key. The security firm released a decryption tool that automatically restores
encrypted files previously attacked by Linux.Encoder1. Source: http://www.securityweek.com/flaw-linux-encryption-ransomware-exposes-decryption-key
23. November
9, Securityweek – (International) Remote code execution flaw found in Java app
servers. Researchers from FoxGlove Security released a report addressing
deserialization vulnerabilities in Java applications including Oracle WebLogic,
IBM WebSphere,
and Jenkins, among other products that can be remotely exploited for arbitrary
code due to poor coding via Java library Apache Commons Collections that is
used for more than 1,300 projects. A Java deserialization library and a report
were released to secure applications from malicious actors and educate
developers on how to avoid such flaws. Source: http://www.securityweek.com/remote-code-execution-flaw-found-java-app-servers
For additional stories, see
item 3 above in the Financial Services Sector and item 24 below in the Communications Sector
Communications Sector
24. November
9, Washington Post – (National) Comcast says it’s not to blame after 200,000 user
accounts were put up for the sale online. Comcast announced November 9 that
it will reset passwords for roughly 200,000 customers after a package of
personal data, including the e-mail addresses and passwords, was listed for
sale for $1,000 on a Dark Web site. The company reported it was not hacked and
that its systems and apps were not compromised and held unsuspecting customers
responsible for visiting malware-laden sites or fallen victim to other schemes
that allowed hackers to obtain their data. Source: https://www.washingtonpost.com/news/the-switch/wp/2015/11/09/comcast-says-its-not-to-blame-after-200000-accounts-were-illegally-put-up-for-sale/