Complete DHS Report for January 8, 2015
Daily Report
Top Stories
· A
January 7 fire at an Appalachian Forest Products lumber plant in Mosheim,
Tennessee, consumed 2 buildings and prompted the evacuation of 3 Greene County
schools due to concerns of a chemical release. – WJHL 11 Johnson City
10. January
7, WJHL 11 Johnson City – (Tennessee) Crews battle fire at
Mosheim lumber facility; nearby students bused to other schools. A January
7 fire at an Appalachian Forest Products lumber plant in Mosheim consumed two
buildings and prompted a HAZMAT team response due to concerns of a chemical
release caused by explosive chemicals at the wood chopping business. Three
Greene County schools were evacuated and students were relocated to another
school as a precaution while crews responded to the blaze. Source: http://www.wjhl.com/story/27780382/multiple-units-called-in-to-battle-fire-at-mosheim-lumber-company
· A gunman
died from a self-inflicted gunshot wound after fatally shooting a doctor at the
El Paso VA Health Care System clinic in west Texas January 6. – USA Today
16. January
7, USA Today – (Texas) Gunman, one other dead after El Paso VA
shooting. A gunman died from a self-inflicted gunshot wound after shooting
and killing a doctor at the El Paso VA Health Care System clinic in west Texas
January 6. Police secured the scene and the clinic will remain closed January
7. Source: http://www.usatoday.com/story/news/nation/2015/01/06/active-shooter-reported-at-el-paso-military-hospital/21358703/
· Over 300
vehicle crashes, including 30 involving school buses, were reported in Virginia
January 6 following a winter storm that dumped several inches of snow on
untreated roads. – InsideNova.com
20. January
6, InsideNova.com – (Virginia) Dozens of school buses involved in
crashes Tuesday morning. Over 300 vehicle crashes, including 30 involving
school buses, were reported in Virginia January 6 following a winter storm that
dumped several inches of snow on untreated roads. A number of counties also
cancelled classes or issued delays for students. Source: http://www.insidenova.com/headlines/major-school-districts-open-on-time-during-snow-lawmaker-calls/article_204ac052-95b6-11e4-8dd9-73640a723ffc.html
· Authorities
are investigating after an improvised explosive device detonated against the
building that houses the office for the Colorado Springs, Colorado chapter of
the National Association for the Advancement of Colored People (NAACP) January
6. – Denver Post
27. January 7, Denver Post – (Colorado) "Improvised
explosive device" set off near Colorado Springs NAACP office. Authorities
are investigating after an improvised explosive device detonated against the
building that houses the office for the Colorado Springs chapter of the
National Association for the Advancement of Colored People (NAACP) January 6.
Police are searching for a potential person of interest and are examining
evidence from the scene. Source: http://www.denverpost.com/news/ci_27267521/colorado-springs-police-responding-explosion-reports-at-naacp
Financial Services Sector
4. January
7, Newnan Times-Herald – (Georgia) Forged gift card arrest made
in Grantville. Police in Grantville arrested a man after a search during a
traffic stop yielded 210 fraudulent gift cards and other items January 4.
Police believe that there may be a connection between the man and three others
arrested the week of December 28 due to the same types of forged cards and
cartons of cigarettes in their possession. Source: http://www.times-herald.com/Local/20140107-forged-gift-card-arrest
5. January
7, Securityweek – (International) New Emotet variant targets
banking credentials of German speakers. Researchers with Microsoft
identified a new variant of the Emotet banking malware dubbed
Trojan:Win32/Emotet.C which was first seen in November and currently targets
German-speaking individuals in several European countries. The malware is
capable of stealing online banking login information as well as login
information for email and messaging services. Source: http://www.securityweek.com/new-emotet-variant-targets-banking-credentials-german-speakers
6. January
6, Krebs on Security – (International) Thieves jackpot ATMs with
‘Black Box’ attack. Researchers with NCR analyzed an attack on an ATM
utilizing USB devices and physical access to disconnect an ATM from its
computer and issue remote commands to the cash dispenser. The attack used a
smartphone to issue commands from a remote attacker through a dynamic IP
service, and a second USB device designed to trick the ATM into thinking it was
still connected to its original computer. Source: https://krebsonsecurity.com/2015/01/thieves-jackpot-atms-with-black-box-attack/
Information Technology Sector
21. January 7,
Help Net Security – (International) HuffPo visitors targeted with malvertising,
infected with ransomware. Cyphort Lab researchers identified a malvertising
campaign that placed malicious ads on the Web sites of the Huffington Post and
Gamezone.com by abusing the advertising.com ad network. The campaign began
December 31 and used the Neutrino or Sweet Orange exploit kits to attempt to
serve the Kovter ransomware. Source: http://www.net-security.org/malware_news.php?id=2936
22. January 7,
Securityweek – (International) CryptoWall 2.0 ransomware capable of
executing 64-bit code: Cisco. Researchers with Cisco’s Talos Group
published an analysis of the CryptoWall 2.0 ransomware and found that it
contains several anti-sandbox and anti-security features, as well as the
ability to run 64-bit code from a 32-bit dropper, among other findings. Source:
http://www.securityweek.com/cryptowall-20-ransomware-capable-executing-64-bit-code-cisco
23. January 6,
Securityweek – (International) Wi-Fi password phishing attacks automated
with new tool. A researcher released a tool dubbed Wifiphisher that can
automate WiFi network password phishing by deauthenticating users, setting up a
matching rogue access point using the target’s settings, and the performing a
man-in-the-middle (MitM) attack using a fake firmware update notification.
Source: http://www.securityweek.com/wi-fi-password-phishing-attacks-automated-new-tool
24. January 6,
Softpedia – (International) Microsoft warns of malicious macros targeting
users in the UK and the US. Microsoft stated that it has observed two
pieces of malware being spread via malicious emails that attempts to get users
to enable macros in Microsoft Office programs in order to infect computers. The
campaigns attempt to distribute the Adnel and Tarbir malware and have primarily
targeted users in the U.S. and U.K. Source: http://news.softpedia.com/news/Microsoft-Warns-of-Malicious-Macros-Targeting-Users-in-the-UK-and-the-US-469139.shtml
For another story, see item 5 above in the Financial Services Sector
Communications Sector
25. January 6,
iFIBER ONE News – (Washington) Wilson Creek lost phone service after rodents
chewed through line. CenturyLink reported that 222 lines were cut and 9-1-1
service in Wilson Creek was lost January 5 due to rodents chewing on fiber
optic cable. Service was restored January 6. Source: http://www.ifiberone.com/news/wilson-creek-lost-phone-service-after-rodents-chewed-through-line/article_06a548ea-95e1-11e4-b46d-9f5a33d0ce5d.html
26. January 6,
WKRK 1320 AM Murphy – (North Carolina) Copper thieves to blame for recent telephone
interruption. Copper cables were stolen from Frontier Communications in
Nantahala January 2 and Needmore December 30, disrupting communication
services. Frontier Communications is working with law enforcement and scrap
metal dealers to identify the culprits. Source: http://www.1320am.com/copper-thieves-to-blame-for-recent-telephone-interruption/