Monday, July 28, 2014




Complete DHS Report for July 28, 2014

Daily Report

Top Stories

 · Four people were injured July 24 when a vehicle collided with a semi-truck on Interstate 95 in Chesterfield County, Virginia, prompting the 12-hour closure of southbound lanes before authorities reopened all but two lanes. – WTVR 6 Richmond
10. July 24, WTVR 6 Richmond – (Virginia) All lanes back open after tanker truck overturns on I-95. Four people were injured in an accident involving a vehicle that collided with a semi-truck carrying gasoline on Interstate 95 in Chesterfield County July 24 prompting the 12-hour closure of southbound lanes before authorities reopened all but two lanes. Crews worked to pump out gasoline from the overturned semi-truck in order to contain the leak and clear the scene. Source: http://wtvr.com/2014/07/24/interstate-95-tractor-trailer-crash/

· An outpatient opened fire July 24 at the Mercy Wellness Center in Delaware County, Pennsylvania, killing a caseworker and injuring a doctor who reportedly exchanged gunfire with the suspect, wounding the outpatient. – USA Today
17. July 24, USA Today – (Pennsylvania) Pa. doctor shoots patient who killed caseworker. A psychiatric outpatient opened fire July 24 in an office at the Mercy Wellness Center of Mercy Fitzgerald Hospital in Delaware County, Pennsylvania, killing a caseworker and injuring a doctor who reportedly exchanged gunfire with the suspect, wounding the outpatient. Source: http://www.11alive.com/story/news/nation/2014/07/24/shooting-wellness-center/13118213/

· The U.S. State Department announced July 24 that its main computer system for processing visa and passport applications worldwide was brought back online at limited capacity after it crashed during the week of July 21 during routine maintenance on the consular database. – IDG News Service

19. July 24, IDG News Service – (International) State Department computer crash slows visa, passport applications worldwide. The U.S. State Department announced July 24 that its main computer system for processing visa and passport applications worldwide crashed during the week of July 21 after routine maintenance on the consular database. The system was brought back online but remained at limited capacity while officials worked to correct the problem. Source: http://www.networkworld.com/article/2458181/state-department-computer-crash-slows-visa-passport-applications-worldwide.html

· Two people died and 31 others were injured July 24 when a tornado ripped through the Cherrystone Campground in Capes Charles, Virginia, prompting the evacuation of about 1,300 people and damaging several motor homes. – Reuters

30. July 24, Reuters – (Virginia) Storm kills two, injures 31 at Virginia campground. A tornado likely ripped through the Cherrystone Campground in Capes Charles July 24, killing two individuals and injuring 31 others. About 1,300 people were evacuated from the campground after the storm overturned vehicles and trees smashed through the roofs of motor homes. Source: http://www.reuters.com/article/2014/07/25/us-usa-virginia-storm-idUSKBN0FT1WI20140725

Financial Services Sector

5. July 24, U.S. Securities and Exchange Commission – (New York) Morgan Stanley to pay $275M to settle subprime charges. Morgan Stanley agreed July 24 to pay $275 million to harmed investors to resolve allegations by the U.S. Securities and Exchange Commission that three of the investment firm’s entities misrepresented the delinquency status of mortgage loans and misled investors in the sale of more than $2.5 billion in residential mortgage-backed securities (RMBS). Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542355594

6. July 24, Reuters – (National) Bank of America to pay $16.6 million to resolve U.S. sanctions violations. The U.S. Treasury Department announced July 24 that Bank of America agreed to pay $16.6 million in penalties to resolve allegations that the financial institution knowingly processed about $91,000 in transactions for six designated narcotics traffickers subject to U.S. sanctions between 2005 and 2009. A Bank of America representative stated that the bank addressed the problem in 2009 when it improved its sanctions-related systems and controls. Source: http://www.reuters.com/article/2014/07/24/us-bankofamerica-sanctions-settlement-idUSKBN0FT1V220140724

For another story, see item 25 below in the Information Technology Sector

Information Technology Sector

23. July 25, Threatpost – (International) TAILS team recommends workarounds for flaw in I2P. TAILS operating system developers claimed a vulnerability in the I2P anonymity network software affecting versions 1.1 and earlier can be mitigated with a couple of workarounds, though the vulnerability has yet to be patched. Source: http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107422

24. July 25, Softpedia – (International) Cloud botnets used for mining crypto-currency. Researchers from Bishop Fox created a botnet capable of mining several hundred dollars in Litecoin crypto-currency on a daily basis using free services of multiple cloud-computing businesses. Conducted distributed denial of service (DDoS) attacks was determined to be another way to use the machines. Source: http://news.softpedia.com/news/Cloud-Botnets-Used-for-Mining-Crypto-Currency-452030.shtml

25. July 24, SC Magazine – (International) Sony to shell out $15M in PSN breach settlement. Sony released a statement July 24 claiming it reached an agreement to pay $15 million in a preliminary settlement associated with the April 2011 hacking of its PlayStation Network system, its on-demand service Qriocity, and gaming portal Sony Online Entertainment, exposing the personal data of roughly 77 million users. Source: http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/

26. July 24, Threatpost – (International) More details of Onion/Critroni crypto ransomware emerge. Kaspersky Lab and other researchers found that the Critroni or CTB-Locker dubbed Onion uses a number of features that separate it from other forms of malware including that the ransomware is spread through Andromeda using a version of the asymmetric ECDH (Elliptic Curve Diffie-Hellman) algorithm. Source: http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-encryption/107408

27. July 24, Softpedia – (International) Popular wireless home alarms can be hacked from afar. Two security researchers found that wireless home alarm systems are vulnerable to remote hijacking which would allow for access into the protected environment without tripping the alarm due to the signals lack of encryption or authentication. The tools used to hack into systems are available for purchase, potentially allowing intruders to completely disable the alarm from 10 feet. Source: http://news.softpedia.com/news/Popular-Wireless-Home-Alarms-Are-Easy-to-Hack-452023.shtml

Communications Sector

Nothing to report