Complete DHS Report for October 11, 2016
• The governor of Florida reported October 7 that roughly 600,000 homes across the State were without power due to Hurricane Matthew. – Reuters
1. October 7, Reuters – (Florida) Some 600,000 Florida homes without power due to hurricane: governor. The governor of Florida reported October 7 that roughly 600,000 homes across the State were without power due to Hurricane Matthew and more outages were expected as the storm continues to move north along Florida’s east coast.
• Around 60 homes in Glen Rose, Texas, were evacuated October 6 after a semi-truck jackknifed and spilled 8,000 gallons of gasoline and diesel fuel on Highway 144. – KTVT 11 Fort Worth
2. October 6, KTVT 11 Fort Worth – (Texas) 18-wheeler crash & fuel spill causes evacuations in Glen Rose. Around 60 homes in Glen Rose, Texas, were evacuated October 6 after a semi-truck jackknifed and spilled 8,000 gallons of gasoline and diesel fuel on Highway 144. HAZMAT crews responded to the scene to contain the fuel spill. Source: http://dfw.cbslocal.com/2016/10/06/18-wheeler-crash-fuel-spill-causes-evacuations-in-glen-rose/
• Six U.S. Army soldiers and two civilian co-conspirators were indicted October 5 for their roles in a more than $1 million scheme where they stole and sold sensitive U.S. Army equipment from Fort Campbell in Hopkinsville, Kentucky, to anonymous Internet buyers in Russia, China, and other countries. – U.S. Department of Justice
14. October 6, U.S. Department of Justice – (International) Six Fort Campbell soldiers and two others charged with stealing and selling sensitive military equipment. Six U.S. Army soldiers and two civilian co-conspirators were indicted October 5 for their roles in a more than $1 million scheme where the group stole sensitive U.S. Army equipment from Fort Campbell in Hopkinsville, Kentucky, and sold it to anonymous Internet buyers in Russia, China, Kazakhstan, and Mexico, among other countries. Source: https://www.justice.gov/opa/pr/six-fort-campbell-soldiers-and-two-others-charged-stealing-and-selling-sensitive-military
• The owner of RASKO, a mall kiosk business, pleaded guilty October 6 to his role in a $14 million immigration and money laundering scheme where he and co-conspirators recruited and sent over 140 foreign nationals to the U.S. to work at one of RASKO’s locations from 2011 – 2016. – U.S. Attorney’s Office, Eastern District of Virginia
21. October 6, San Francisco Bay City News – (California) Firefighters clean up small radioactive spill that prompted evacuations in Antioch. Around 50 apartment units in about 8 apartment complexes in Antioch, California, were evacuated for roughly 3 hours October 6 after a radioactive material spilled at a construction site when a truck ran over a piece of equipment that contained cesium and americium. No injuries were reported and HAZMAT crews cleaned up the radioactive material. Source: http://www.nbcbayarea.com/news/local/Contra-Costa-Fire-Investigate-Hazmat-Situation-at-Antioch-Construction-Site-396177381.html
Financial Services Sector
5. October 6, U.S. Attorney’s Office, District of Massachusetts – (National) Boston man charged with identity theft in scheme to defraud retirement accounts. A Boston resident was charged October 6 for his role in an identity theft scheme where he and a co-conspirator who worked as a customer service employee at Mercer, Inc. allegedly stole the personal information and bank account numbers from roughly 270 retirement accounts managed by Mercer, Inc. in order to withdraw money from the accounts from February 2014 – April 2014. The charges allege that the stolen retirement account information was used to load a prepaid card with almost $20,000 in illicitly obtained funds, which the defendant used for personal expenses. Source: https://www.justice.gov/usao-ma/pr/boston-man-charged-identity-theft-scheme-defraud-retirement-accounts
6. October 6, U.S. Attorney’s Office, District of Maryland – (Maryland; Washington, D.C.) Federal indictment charges four conspirators in fraudulent credit card scheme. Four individuals were charged October 6 for their roles in a fraudulent credit card scheme where the group allegedly stole the personal information of at least 33 victims in order to apply for and obtain credit cards, which were used to purchase merchandise and gift cards worth more than $135,000 from October 2014 – July 2016. Source: https://www.justice.gov/usao-md/pr/federal-indictment-charges-four-conspirators-fraudulent-credit-card-scheme
Information Technology Sector
15. October 7, SecurityWeek – (International) VMware patches directory traversal flaw in Horizon View. VMware released versions 7.0.1, 6.2.3, and 5.3.7 of its Horizon View products for Microsoft Windows after a security researcher, dubbed “Bruk0ut” discovered the products were plagued with a flaw that could allow a remote attacker to carry out a directory traversal attack on the Horizon View Connection Server to access sensitive information.
16. October 7, SecurityWeek – (International) X.Org library flaws allow privilege escalation, DoS attacks. The X.Org Foundation released patches addressing more than a dozen vulnerabilities in its client libraries, including an out-of-bounds memory read or write error flaw in libX11 versions 1.6.3 and earlier, an integer overflow issue on 32-bit systems in libXfixes versions 5.0.2 and earlier, and a denial-of-service (DoS) condition via out of boundary memory access or endless loops in XRecord versions 1.2.2 and earlier, among other vulnerabilities. X.Org reported most of the flaws exist because the client libraries trust the server to send correct protocol data and do not consider that the values could cause an overflow or other issues. Source: http://www.securityweek.com/xorg-library-flaws-allow-privilege-escalation-dos-attacks
17. October 6, SecurityWeek – (International) Cerber ransomware can now kill database processes. Security researchers from BleepingComputer discovered a new variant of the Cerber ransomware family is able to kill many database processes before the encryption process begins by using a close_process directive in the configuration file in order to encrypt the processes’ data files. The researchers also found Cerber switched to a four-character randomly generated extension and started scrambling the name of the encryption file, making it more difficult for victims to recover their data. Source: http://www.securityweek.com/cerber-ransomware-can-now-kill-database-processes
For another story, see item 20 below from the Commercial Facilities Sector
20. October 6, Softpedia – (International) FastPOS malware abuses Windows Mailslots to steal POS data. Trend Micro security researchers reported a point-of-sale (PoS) malware, dubbed FastPOS received updates and now uses a modular design with separate components, memory scrapper and keylogger, designed to infect Microsoft Windows computers running 32-bit and 64-bit systems, making the malware more efficient and more difficult to detect. The malware was spotted abusing Mailslots, a Windows mechanism used to store inter-process communications (IPC) in the computer’s random access memory (RAM) in order to avoid creating permanent files.
Nothing to report