Complete DHS Report for April 12, 2016
Daily Report
Top Stories
• TransCanada Corporation announced April 10 that it resumed
operations on its Keystone crude pipeline at reduced pressure after receiving
authorization from the U.S. Pipeline and Hazardous Materials Safety
Administration April 9 following an April 2 shut down when a leak was
discovered in Hutchinson County, South Dakota. – Reuters
1. April 11,
Reuters – (National) TransCanada restarts Keystone pipeline at reduced
pressure. TransCanada Corporation announced April 10 that it resumed
operations on its Keystone crude pipeline at reduced pressure after receiving
authorization from the U.S. Pipeline and Hazardous Materials Safety
Administration April 9 following the pipeline’s shut down April 2 when a leak
was discovered near the company’s Freeman pump station in Hutchinson County,
South Dakota. The company stated that it will conduct aerial patrols and visual
inspections.
• A 15-vehicle pile-up forced the closure of Interstate 290 in
Chicago April 9 for approximately 10 hours, leaving 1 person dead and 4 others
with non-life-threatening injuries. – WLS 89 AM Chicago
11. April 9,
WLS 89 AM Chicago– (Illinois) Chicago chef killed in I-290 crash. A
15-vehicle pile-up forced the closure of Interstate 290 in Chicago April 9 for
approximately 10 hours, leaving 1 person dead and 4 others with
non-life-threatening injuries.
• The North East Independent School District in Texas announced
April 8 that 3 separate ransomware incidents beginning in February, encrypted
about 2.5 terabytes of data, impacting all 20 campuses and 2 departments. – KENS
5 San Antonio
18. April 8,
KENS 5 San Antonio – (Texas) Ransomware attacks 20 North East ISD schools. The
North East Independent School District in Texas announced April 8 that 3
separate ransomware incidents beginning in February, encrypted about 2.5
terabytes of data, impacting all 20 campuses and 2 departments. Authorities
asserted that students’ personal information was not compromised and that
encrypted files were deleted and replaced with backup data. Source: http://www.kens5.com/news/local/ransomware-attacks-20-northeast-isd-schools/125053680
• Forty-two people were injured April 8 following a 5-alarm fire
at a Keyport, New Jersey building that caused extensive damage to the facility
and 3 surrounding buildings. – Asbury Park Press
29. April 9,
Asbury Park Press – (New Jersey) 41 firefighters, 1 civilian hurt in Keyport fire.
Forty-two people were injured April 8 following a 5-alarm fire at a
Keyport, New Jersey building that caused extensive damage to the facility and 3
surrounding buildings, and prompted about 200 firefighters to contain the
incident. The cause of the blaze is under investigation. Source: http://www.app.com/story/news/local/emergencies/2016/04/09/41-firefighters-1-civilian-hurt-keyport-fire/82846758/
Financial Services Sector
Nothing
to report
Information Technology Sector
20. April 11,
Softpedia – (International) Petya ransomware unlocked, you can now
recover password needed for decryption. Two security researchers discovered
ways to help victims of the Petya ransomware retrieve locked files and unlock
computers after one researcher created two Web sites where victims can obtain
the decryption password, and another researcher from Emsisoft created a tool
that can help generate passwords needed to unlock victims’ computers.
21. April 11,
SecurityWeek – (International) Nuclear exploit kit uses Tor to download
payload. Researchers from Cisco discovered that the Nuclear exploit kit
(EK) was dropping a Tor client file, named “tor.exe”, for Microsoft Windows to
execute a request via the Tor anonymity network to download a secondary payload
as several domains listed in the network traffic of the Nuclear exploit kit
(EK) were never registered and were not associated with any Domain Name System
(DNS) traffic. Researchers noted that as attackers used Tor to download a
second payload, the malware was more difficult to track back to its hosting
system.
22. April 9,
Softpedia – (International) CryptoHost ransomware locks your data in a
password-protected RAR file. Security researchers from MalwareForMe,
MalwareHunterTeam, Bleeping Computer, and an independent researcher discovered
a way to recover RAR files locked by the CryptoHost ransomware after an
analysis of the ransomware revealed it was using a combination of the users’ ID
number, motherboard serial number, and the C:\ volume serial number to generate
a secure hash algorithm (SHA) 1 hash, which was used to give the RAR file’s
name and the file’s password. Researchers stated victims will need to open the
Windows Task Manager, find the cryptohost.exe process, stop its execution, and
unzip the RAR file. Source: http://news.softpedia.com/news/cryptohost-ransomware-locks-your-data-in-a-password-protected-rar-file-502767.shtml
23. April 8,
SecurityWeek – (International) Cisco releases critical security updates. Cisco
released six security advisories including a high impact vulnerability in the
Web application programming interface (API) of the Cisco Prime Infrastructure
and Evolved Programmable Network Manager (EPNM) that could allow an attacker to
send a crafted Uniform Resource Language (URL) request to bypass role-based
access control (RBAC) and gain elevated privileges, as well as a vulnerability
in the TelePresence Server that that could allow an attacker to cause a kernel
panic and reboot the device, among other vulnerabilities. Source: http://www.securityweek.com/cisco-releases-critical-security-updates
For another story, see item 18 above in Top Stories
Communications Sector
Nothing to report
No comments:
Post a Comment