Thursday, November 3, 2016



Complete DHS Report for November 3, 2016

Daily Report                                            

Top Stories

• Authorities in Columbus, Ohio, announced that a man dubbed the “Buckeye Bandit” was arrested October 21 after he allegedly committed up to 30 robberies at banks and pharmacies across the State since September 2013. – Columbus Dispatch See item 4 below in the Financial Services Sector

• Authorities in Marion, Ohio, arrested and charged several individuals October 31 after discovering hundreds of fraudulent credit cards and gift cards, a credit card imprinter, and other illicit items in a Marion home while investigating a drug trafficking operation. – WCMH 4 Columbus See item 5 below in the Financial Services Sector

• Idaho Highway 75 in Custer County was closed for more than 8 hours November 1 after a semi-truck was struck by another vehicle and spilled 10,000 gallons of diesel fuel on the roadway, causing a fire to ignite. – KIFI 8 Idaho Falls/KIDK 3 Idaho Falls

11. November 1, KIFI 8 Idaho Falls/KIDK 3 Idaho Falls – (Idaho) Names released in deadly crash on Highway 75. Idaho Highway 75 between Sunbeam and Challis in Custer County was closed for more than 8 hours November 1 after a vehicle traveling northbound crossed the center line and struck a semi-truck, causing the semi-truck to spill 10,000 gallons of diesel fuel on the roadway and ignite. One person was killed and environmental officials were working to assess the damage. Source: http://www.localnews8.com/news/crash-on-highway-75-closes-the-road-kills-one-driver/139165781

• A fire at the Hamilton Plaza in Hamilton, Ohio, caused an estimated $500,000 in damages to the Rent-A-Center and two neighboring stores November 1. – Butler County Journal-News

21. November 1, Butler County Journal-News – (Ohio) Hamilton firefighters battle blaze that does $500K damage in plaza. A fire at the Hamilton Plaza in Hamilton, Ohio, caused an estimated $500,000 in damages to the Rent-A-Center and two neighboring stores November 1. No injuries were reported and the cause of the fire remains under investigation. Source: http://www.journal-news.com/news/local/hamilton-firefighters-battle-blaze-that-does-500k-damage-plaza/EVRy3iIvZKQ4Gbv9aR2WAO/

Financial Services Sector

4. November 2, Columbus Dispatch – (Ohio) Police say they've caught 'Buckeye Bandit,' blamed for up to 30 robberies. Authorities in Columbus, Ohio, announced November 1 that a man dubbed the “Buckeye Bandit” was arrested October 21 after he allegedly committed up to 30 robberies at banks and pharmacies across the State since September 2013, including a robbery at a KeyBank branch in Columbus where the suspect allegedly stole over $53,000 in October 2016. Officials reported that while the suspect currently faces one charge of armed robbery, additional charges could be filed at a later date pending further investigation. Source: http://www.dispatch.com/content/stories/local/2016/11/01/1030-buckeye-bandit-suspect.html

5. November 1, WCMH 4 Columbus – (Ohio) Marion overdose cases lead to credit card skimming operation. Authorities in Marion, Ohio, arrested and charged several individuals October 31 after discovering hundreds of fraudulent credit cards and gift cards, a credit card imprinter, and other illicit items in a Marion home while investigating a drug trafficking operation. Source: http://nbc4i.com/2016/11/01/marion-overdose-cases-lead-to-credit-card-skimming-operation/

Information Technology Sector

17. November 2, The Register – (International) Multiple RCE flaws found in Memcached web speed tool. Web performance tool Memcached received security patches after a security researcher from Cisco Systems, Inc., discovered that Memcached version 1.4.31 and earlier were plagued with three integer overflow vulnerabilities that could be exploited to achieve remote code execution (RCE) on a targeted system, and are manifested in Memcached functions used to insert, append, or modify key-value data pairs. The researcher reported that systems with Memcached compiled with support for Simple Authentication and Security Layer (SASL) authentication were also vulnerable to another flaw due to how Memcached handles SASL authentication commands. Source: http://www.theregister.co.uk/2016/11/02/multiple_rce_flaws_found_in_super_popular_memcached_speed_tool/

18. November 2, SecurityWeek – (International) Security firm discloses unpatched flaws in Schneider HMI product. CRITIFENCE discovered two unpatched denial-of-service (DoS) flaws, dubbed PanelShock affecting several of Schneider Electric’s Magelis human-machine interface (HMI) panels, which could allow attackers to cause the affected devices to enter into a DoS condition by sending maliciously crafted Hypertext Transfer Protocol (HTTP) requests due to a faulty implementation of HTTP request methods and resource consumption management mechanisms. Schneider Electric was working to release patches for the security holes. Source: http://www.securityweek.com/security-firm-discloses-unpatched-flaws-schneider-hmi-product

19. November 1, SecurityWeek – (International) Vulnerability impacts web-exposed SAP systems. A security researcher from Quenta Solutions reported that an information disclosure vulnerability affecting SAP systems that was patched in September affects over 941 SAP systems exposed to the Internet. The flaw could be exploited to remotely access the list of SAP users from the system and obtain information such as usernames, user IDs, and email addresses that can be used to launch phishing campaigns. Source: http://www.securityweek.com/vulnerability-impacts-web-exposed-sap-systems

20. October 30, Softpedia – (International) Teen behind Titanium DDoS Stresser pleads guilty in London. A British national pleaded guilty to running the Titanium Stresser, a distributed denial-of-service (DDoS) for-hire service that malicious actors used to launch a total of 1.7 million DDoS attacks internationally. Authorities reported that the service operator made over $385,000 in profits from renting his DDoS tools to hackers. Source: http://news.softpedia.com/news/teen-behind-titanium-ddos-stresser-pleads-guilty-in-london-509811.shtml

Communications Sector

Nothing to report