Wednesday, January 14, 2015



Complete DHS Report for January 14, 2015

Daily Report

Top Stories

 · A fire that sparked several explosions at the AirGas Mid South facility in Wichita, Kansas, January 12 prompted an evacuation of the business and caused an estimated $1.7 million in damage to the structure and its contents. – KWCH 12 Hutchinson

2. January 13, KWCH 12 Hutchinson – (Kansas) Cause of fire at AirGas Mid South undetermined. A fire that sparked several explosions at the AirGas Mid South facility in Wichita January 12 prompted an evacuation of the business and caused an estimated $1.7 million in damage to the structure and its contents. The cause of the fire that started where roof work was being done was ruled undetermined, and operations were expected to resume January 13. Source: http://www.kwch.com/news/local-news/fire-working-at-airgas-mid-south-evacuation-ordered/30665224

 · Authorities are investigating the cause of smoke that filled the L’Enfant Plaza subway station in Washington D.C. January 12, causing the death of 1 person and injuries to 84 others. – Fox News; Washington Post; Associated Press

6. January 13, Fox News; Washington Post; Associated Press – (Washington, D.C.) NTSB investigating after smoke at Washington Metro station kills 1, injures 84. The National Transportation Safety Board is investigating the cause of smoke that filled the L’Enfant Plaza subway station in Washington D.C. January 12 and caused the death of 1 person and injuries to 84 others, many of whom were aboard a Yellow Line train that stopped suddenly and began to fill with smoke after departing the platform. Source: http://www.foxnews.com/us/2015/01/13/smoke-at-lenfant-plaza-station/

 · Preliminary lab results found a synthetic drug in a holiday bread after 40 individuals were sickened after consuming rosca de reyes holiday bread from Cholula’s Bakery in Santa Ana, California. – Orange County Register

13. January 13, Orange County Register – (California) Tainted Three Kings Day bread may have sickened 10 more in Mission Viejo. Preliminary lab results found a synthetic drug in a holiday bread after 40 individuals were sickened after consuming rosca de reyes holiday bread from Cholula’s Bakery in Santa Ana. Police are investigating at least 10 additional reports of illness that may be connected to the tainted bread which was distributed to 9 stores in Orange County and one in Long Beach. Source: http://www.ocregister.com/articles/bread-647897-police-mission.html

 · The U.S. Central Command (CENTCOM) announced January 12 that its military networks were not compromised and there was no operational impact after attackers claiming allegiance to the Islamic State temporarily took control of CENTCOM’s Twitter and YouTube accounts. – Washington Post

27. January 12, Washington Post – (International) U.S. military social media accounts apparently hacked by Islamic State sympathizers. The U.S. Central Command (CENTCOM) announced January 12 that its military networks were not compromised and there was no operational impact to CENTCOM after hackers claiming allegiance to the Islamic State took control of CENTCOM’s Twitter and YouTube accounts posting threatening messages and propaganda videos, along with military documents. Both accounts were taken offline and authorities are investigating. Source: http://www.washingtonpost.com/news/checkpoint/wp/2015/01/12/centcom-twitter-account-apparently-hacked-by-islamic-state-sympathizers/

Financial Services Sector

5. January 12, U-T San Diego – (California; Arizona; Utah) ‘Bombshell Bandit’ pleads guilty to bank robberies. A Union City, California woman known as the “Bombshell Bandit” pleaded guilty January 12 to robbing four banks in Utah, Arizona, and California during 2014. Source: http://www.utsandiego.com/news/2015/jan/12/bombshell-bandit-pleads-guilty-bank-robberies/

For another story, see item 23 below from the Healthcare and Public Health Sector

23. January 12, WFMZ 69 Allentown – (Pennsylvania) Former Lehigh County Prison doctor pleads guilty to defrauding IRS. The former medical director of Lehigh County Prison in Pennsylvania pleaded guilty January 12 to defrauding the Internal Revenue Service (IRS), the U.S. Department of Education, and the U.S. Department of Health and Human Services out of hundreds of thousands of dollars and was ordered to pay a fine up to nearly $2.9 million and restitution to the victims. The former medical director tried to defraud the IRS to avoid paying over $200,000 in personal income taxes, filed false applications to the U.S. Department of Education for financial aid for his four children, and tried to file a fraudulent claim for Social Security disability benefits. Source: http://www.wfmz.com/news/news-regional-lehighvalley/former-prison-doc-pleads-guilty-to-defrauding-irs/30666518

Information Technology Sector

34. January 13, Securityweek – (International) Google discloses new unpatched Windows 8.1 privilege escalation flaw. Researchers with Google disclosed a privilege escalation flaw in Windows 8.1 January 11 and released a proof of concept (PoC) for the vulnerability. Researchers confirmed that the vulnerability also affects Windows 7. Source: http://www.securityweek.com/google-discloses-new-unpatched-windows-81-privilege-escalation-flaw

35. January 13, Securityweek – (International) Unpatched security flaws impact Corel software products. Core Security researchers released information on DLL hijacking vulnerabilities that could allow attackers to execute arbitrary commands in Corel DRAW, Photo Paint X7, PaintShop Pro X7, CAD 2014, Painter 2015, PDF Fusion, VideoStudio Pro X7, and Fast Flick products. The researchers initially identified and reported the vulnerabilities in December. Source: http://www.securityweek.com/core-security-discloses-security-vulnerabilities-corel-software-products

36. January 13, Softpedia – (International) Wall charger steals keystrokes from Microsoft wireless keyboards. A security researcher developed a device dubbed KeySweeper that is a wall charger modified to intercept and transmit keystrokes from a nearby Microsoft keyboard using an RF chip, the keyboard’s communications frequency, and a 2G SIM card with SMS support. Source: http://news.softpedia.com/news/Wall-Charger-Steals-Keystrokes-from-Microsoft-Wireless-Keyboards-469851.shtml

37. January 13, The Register – (International) Crayola red-faced after yellow-belly Facebook hijackers post blue jokes. Crayola stated that it regained control of its Facebook account January 11 after unknown attackers took control of it and posted inappropriate content. Source: http://www.theregister.co.uk/2015/01/13/facebook_hackers_work_blue_on_crayola_coloring_page/

38. January 13, The Register – (International) Insert ‘Skeleton Key’, unlocks Microsoft Active Directory. Simples - hackers. Dell SecureWorks researchers identified a piece of malware known as Skeleton Key that can bypass authentication on Microsoft Active Directory (AD) systems, allowing attackers to authenticate as any corporate user. The malware must be redeployed when a domain controller is restarted and requires domain administrator credentials for initial deployment. Source: http://www.theregister.co.uk/2015/01/13/skeleton_key_malware/

39. January 12, Securityweek – (International) Number of IE vulnerabilities fixed by Microsoft doubled in 2014: Report. ESET released a report on vulnerabilities closed by Microsoft in 2014 and found that the majority of the vulnerabilities affected the Internet Explorer browser. The report stated that 7 out of 240 security vulnerabilities were zero-days exploited by attackers before they were patched, and that the total number of Internet Explorer vulnerabilities doubled compared to 2013, among other findings. Source: http://www.securityweek.com/number-ie-vulnerabilities-fixed-microsoft-doubled-2014-report

40. January 12, The Register – (International) Malware coders adopt DevOps to target smut sites. A researcher with ESET reported that the attackers behind the Windigo malware campaign which infected around 25,000 Unix and Linux servers since 2013 began making several changes to the malware and their targets in response to security researcher efforts to combat the malware, including switching exploit kits and restricting targets to smaller adult content Web sites in order to avoid attention. Source: http://www.theregister.co.uk/2015/01/12/linux_vxers_hit_devs_where_it_hurts_p0rn_sites/

For another story, see item 27 below from the Government Facilities Sector

27. January 12, Washington Post – (International) U.S. military social media accounts apparently hacked by Islamic State sympathizers. The U.S. Central Command (CENTCOM) announced January 12 that its military networks were not compromised and there was no operational impact to CENTCOM after hackers claiming allegiance to the Islamic State took control of CENTCOM’s Twitter and YouTube accounts posting threatening messages and propaganda videos, along with military documents. Both accounts were taken offline and authorities are investigating. Source: http://www.washingtonpost.com/news/checkpoint/wp/2015/01/12/centcom-twitter-account-apparently-hacked-by-islamic-state-sympathizers/

Communications Sector

41. January 11, Brownsville Herald – (Texas) Public radio station experiences outages. The Upper Rio Grande Valley public radio KHID-FM 00.1 serving Hidalgo County experienced a broadcasting outage January 8-9. The station confirmed the outage and stated that an engineer was working on the issue. Source: http://www.brownsvilleherald.com/news/valley/article_8a731cdc-9948-11e4-8923-bfe686920ffd.html