Daily Report
Top Stories
• A leak from a tank of liquid petroleum in
Tequesta, Florida that began June 26 due to an issue with the pressure release
valve was sealed June 27 and residents of roughly 600 homes were allowed to
return after 12 hours. – WPTV 5 West Palm Beach
1.
June 27, WPTV 5 West Palm Beach – (Florida) Tequestra propane leak
finally sealed after 12 hours; thousands of residents allowed to return home. Officials
announced that a leak from an AmeriGas-owned 30,000-gallon tank of liquid
petroleum in Tequesta that began June 26 due to an issue with the pressure
release valve was sealed June 27. Residents of roughly 600 homes were allowed
to return after 12 hours and fire rescue authorities reported that air quality
levels were safe. Source: http://www.wptv.com/news/region-n-palm-beach-county/tequesta/a-propane-leak-in-tequesta-forces-thousands-to-evacuate
• The improper storage of materials caused a
chemical release at the New Life Chemical and Equipment Inc. plant in
Greenville City, South Carolina, June 27 and prompted a 6-hour evacuation of
homes and businesses in the area. – WYFF 4 Greenville
7.
June 27, WYFF 4 Greenville – (South Carolina) All clear given after
hazardous situation at plant. Authorities responded to the New Life
Chemical and Equipment Inc., plant in Greenville City June 27 after sodium
hydrosulfate was stored in the wrong container and was exposed to humidity,
creating a chemical release. Homes and businesses were voluntarily evacuated
for about 6 hours as a precaution while crews snuffed out the smoking chemical
with soda ash. Source: http://www.wyff4.com/news/dispatch-chemical-fire-reported-in-greenville/26690862
• The Caruthersville, Missouri City Hall was
closed through June 27 after a man entered the city’s water department office
and stabbed an employee 13 times June 26 due to his water service being shut
off. –KFVS 12 Cape Girardeau
24.
June 27, KFVS 12 Cape Girardeau – (Missouri) Caruthersville man
facing multiple charges after city employee stabbed. The Caruthersville,
Missouri City Hall was closed through June 27 after a man entered the city’s
water department office and stabbed an employee 13 times June 26 due to his
water service being shut off. Police arrested the man at his home, who
confessed to the crime. Source: http://www.kfvs12.com/story/25880050/police-investigate-stabbing-at-caruthersville-city-hall
• Researchers revealed that an integer
overflow bug in the Lempel-Ziv-Oberhumer compression and decompression
algorithm has been present for as long as 20 years, leaving software using the
algorithm vulnerable to remote code execution and denial of service attacks. – Softpedia
See item 31 below in the Information
Technology Sector
Financial Services Sector
10. June 27, Associated Press –
(National) FBI: 9 charged in $15 million Tenn. fake coal company fraud
scheme. The FBI stated that nine individuals from five States were charged
with allegedly defrauding investors of $15 million by soliciting investments in
a coal mining company based in Johnson City, Tennessee, that does not exist.
Source: http://www.lex18.com/news/fbi-9-charged-in-15-million-tenn-fake-coal-company-fraud-scheme/
For another story, see item 28 below in the Information Technology
Sector
Information Technology Sector
28. June 27, Securityweek – (International) Pony Loader
2.0 malware source code for sale. Researchers with Damballa stated that the
source code for version 2.0 of the Pony Loader information-stealing trojan has
been seen for sale in underweb markets. The trojan was offered for sale
starting in May and allows attackers to steal information such as passwords as
well as virtual currency such as Bitcoin and others. Source: http://www.securityweek.com/pony-loader-20-malware-source-code-sale
29. June 27, The Register – (International) Android SMS
worm punts dodgy downloads…from your MATES. AdaptiveMobile researchers
reported finding a piece of Android malware known as Selfmite that spreads like
a worm by sending out SMS messages to infected users’ contacts that contain a
link that attempts to get users to install the Mobogenie app in a likely
pay-per-install scheme. The malware was first observed on mobile networks in
the U.S. and has since spread to several other countries. Source: http://www.theregister.co.uk/2014/06/27/selfmite_android_self_replicating_sms_worm/
30. June 27, Securityweek – (International) RIG Exploit
Kit used in Flash-based malvertising campaign. Researchers with
Malwarebytes stated June 26 that they have detected a malvertising campaign
that attempts to lure users to a malicious Web site containing the RIG Exploit
Kit, which then attempts to use Adobe Flash and Microsoft Silverlight
vulnerabilities to spread a trojan identified a Trojan.Agent.ED. Source: http://www.securityweek.com/rig-exploit-kit-used-flash-based-malvertising-campaign
31. June 27, Softpedia – (International) LZO algorithm
patched after 20 years. The CEO of Lab Mouse Security revealed that an
integer overflow bug in the Lempel-Ziv-Oberhumer (LZO) compression and
decompression algorithm has been present for as long as 20 years, leaving
software using the algorithm vulnerable to remote code execution and denial of
service attacks. The algorithm has been integrated into a variety of software,
including the Linux kernel, some Android phones, medical equipment, and others,
though the variety of applications means that attackers would need to build
custom malicious payloads in order to exploit the issue. Source: http://news.softpedia.com/news/LZO-Algorithm-Patched-After-20-Years-448641.shtml
32. June 27, The Register – (International) Yet another
WordPress vuln: Image furtler plugin lets BADNESS in. Security researchers
warned users of the TimThumb plugin for Wordpress that a vulnerability exists
in the plugin that could allow attackers to inject code or create, remove, and
modify files. The vulnerability exists in the plugin’s Webshot option, which is
turned off by default. Source:
http://www.theregister.co.uk/2014/06/27/wordpress_0day/
33. June 26,
Softpedia – (International) VMware implements Apache Struts security
fixes in vCOps. VMware released an update for its vCenter Operations
Management Suite (vCOps) that close several vulnerabilities affecting the
Apache Struts Java application framework. Source: http://news.softpedia.com/news/VMware-Implements-Apache-Struts-Security-Fixes-in-vCOps-448501.shtml
Communications Sector
34.
June 26, Radioink.com – (Pennsylvania) Poorly fenced-in antennas turn
into $12,000 fine. The Federal Communications Commission fined Birach
Broadcasting in Canonsburg $12,000 for failing to properly enclose WWCS-AM’s two
antenna structures due to the fence being in need of repair and the company not
properly reporting or completing the repair. Source: http://www.radioink.com/article.asp?id=2808541&spid=24698
For
another story, see item 29 above in the Information Technology Sector