Tuesday, January 13, 2015



Complete DHS Report for January 13, 2015

Daily Report

Top Stories

 · A January 10 fire following an explosion at Husky Energy Inc., a 155,000 barrel-per-day crude oil refinery in Lima, Ohio, caused extensive damage to the unit taking out its pumps and compressors. – Reuters

1.     January 11, Reuters – (Ohio) Extensive damage at Husky Ohio refinery unit after explosion, fire. A January 10 fire following an explosion at Husky Energy Inc., a 155,000 barrel-per-day crude oil refinery in Lima, Ohio, caused extensive damage to the unit taking out its pumps and compressors. Fire crews worked through January 11 before the blaze was extinguished and the plant’s output was halted indefinitely while authorities assessed the damage. Source: http://www.reuters.com/article/2015/01/11/refinery-blast-husky-lima-idUSL1N0UQ0IB20150111

 · A section of Interstate 94 was closed for approximately 14 hours January 9 following a 123-vehicle accident that involved 2 semi-trucks carrying dangerous chemicals in Battle Creek, Michigan, killing 1 person and injuring 22 others. – NBC News

10. January 9, NBC News – (Michigan) Fatal 123-vehicle Michigan pileup prompts evacuation. A section of Interstate 94 was closed for approximately 14 hours January 9 following a 123-vehicle accident in Battle Creek that killed 1 person and injured 22 others. The accident also involved a semi-truck carrying fireworks and a semi-truck carrying formic acid that caught fire, prompting authorities to ask residents within 3 miles to evacuate their homes as a precaution. Source : http://www.nbcnews.com/news/us-news/fatal-123-vehicle-michigan-pileup-prompts-evacuation-n283071

 · The U.S. Food and Drug Administration announced January 10 that it traced a Listeria outbreak that killed 3 people and sickened 32 others to the Bidart Brothers distributor’s Safter, California packing plant. – Washington Post

15. January 10, Washington Post – (National) Listeria outbreak that killed three is traced to California apple supplier. The U.S. Food and Drug Administration announced January 10 that it traced a Listeria outbreak that killed 3 people and sickened 32 others to the Bidart Brothers distributor’s Safter, California packing plant. The distributor recalled the affected apples that shipped from the facility for processing into prepackaged caramel apples for national distribution. Source: http://www.washingtonpost.com/news/to-your-health/wp/2015/01/10/listeria-outbreak-that-killed-three-is-traced-to-california-apple-supplier/

 · Three individuals died and 1 other was wounded January 10 when a gunman targeted individuals across 3 locations in Moscow, Idaho, including a Northwest Mutual life insurance office and an Arby’s restaurant. – KREM 2 Spokane; Associated Press

41. January 11, KREM 2 Spokane; Associated Press – (Idaho; Washington) Idaho gunman faces 3 murder charges in shooting spree. Three individuals died and 1 other was wounded January 10 when a gunman targeted individuals across 3 locations in Moscow, Idaho, including a Northwest Mutual life insurance office and an Arby’s restaurant. Police arrested the suspect following a high-speed chase that crossed into Washington, and authorities recovered five guns during a search of the suspect’s vehicle. Source: http://www.usatoday.com/story/news/nation/2015/01/10/idaho-shooting-spree/21579043/

Financial Services Sector

5. January 12, Softpedia – (International) New variant of Vawtrak banking trojan delivered by Chanitor downloader. Researchers with Zscaler identified a new fraud campaign that delivers the Vawtrak (also known as Neverquest or Snifula) financial malware using an updated version of the Chanitor downloader. The downloader is delivered via phishing emails and the campaign uses encrypted traffic passing through the Tor anonymity network to connect with its command and control servers. Source: http://news.softpedia.com/news/New-Variant-of-Vawtrak-Banking-Trojan-Delivered-by-Chanitor-Downloader-469722.shtml

6. January 11, Crystal Lake-Cary Patch – (Illinois; Indiana) ‘Skinny Jeans Bandit’ sought in Cary bank robbery. The FBI is searching for a suspect known as the “Skinny Jeans Bandit” thought responsible for five bank robberies in Illinois and Indiana, with the most recent taking place January 7 at a BMO Harris bank branch in Crown Point, Indiana. Source: http://patch.com/illinois/crystallake/skinny-jeans-bandit-sought-cary-bank-robbery

7. January 9, U.S. Securities and Exchange Commission – (Massachusetts; Texas) SEC charges Massachusetts-based investment advisers with misappropriation of money from investment fund. The U.S. Securities and Exchange Commission filed charges January 9 against a Framingham man, three Massachusetts financial advisory firms he owns or controls, a Texas financial firm he is believed to control, and others for allegedly misappropriating at least $16 million from a fund known as the GL Beyond Income Fund. Source: http://www.sec.gov/litigation/litreleases/2015/lr23171.htm

Information Technology Sector

35. January 12, Softpedia – (International) Buffer overflow glitch in Wonderware Server gets fix from Schneider Electric. Schneider Electric released an update for its Wonderware InTouch Access Anywhere Server human machine interface (HMI) product for industrial control systems (ICS) that closes a remotely exploitable stack-based buffer overflow vulnerability. Users were advised to apply the patch immediately due to the ease of exploiting the vulnerability. Source: http://news.softpedia.com/news/Buffer-Overflow-Glitch-in-Wonderware-Server-Gets-Fix-from-Schneider-Electric-469690.shtml

36. January 12, SC Magazine – (International) Pro-ISIS group hijacks Twitter accounts of regional US media. Attackers identifying themselves as the CyberCaliphate group temporarily compromised the Twitter accounts of several news media organizations in Delaware, Maryland, New Mexico, and Tennessee. The attackers also linked to a dump of Stewart County, Tennessee government documents and alleged personal data of New Mexico residents. Source: http://www.scmagazineuk.com/pro-isis-group-hijacks-twitter-accounts-of-regional-us-media/article/391999/

37. January 9, Krebs on Security – (International) Lizard Stresser runs on hacked home routers. A security researcher reported that the Lizard Stresser for-hire distributed denial of service (DDoS) attack tool associated with the Lizard Squad group was found to draw bandwidth from infected home, commercial, and educational institution routers. The malware used looks for routers which allow access through factory default login and password combinations. Source: http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/

38. January 9, Securityweek – (International) Library flaw could crash HART-based ICS field devices. Emerson Process Management released a patch for a vulnerability in the CodeWrights HART Device Type Manager (DTM) used in Emerson’s Fisher Control, Micro Motion, and Rosemount industrial control system (ICS) products that was discovered by Digital Security researchers. The vulnerability could be exploited by an attacker with physical access to a targeted system. Source: http://www.securityweek.com/library-flaw-could-crash-hart-based-ics-field-devices

39. January 9, Securityweek – (International) Microsoft Dynamics CRM affected by self-XSS vulnerability: Researchers. Researchers with High-Tech Bridge identified an issue in the Microsoft Dynamics Customer Relationship Management (CRM) product that could allow an authenticated user to perform a self cross-site scripting (XSS) attack if manipulated into entering malicious code via social engineering. Source: http://www.securityweek.com/microsoft-dynamics-crm-affected-self-xss-vulnerability-researchers

For another story, see item 5 above in the Financial Services Sector

Communications Sector

Nothing to report