Complete DHS Report for
June 9, 2015
Daily Report
Top Stories
• Eastbound Interstate 70 in Ohio was shut down for
approximately 9 hours June 7 due to a 2-vehicle accident in a
construction zone that killed a worker. – Dayton Daily News
6. June 7,
Dayton Daily News – (Ohio) ODOT issues statement on construction
zone death. Eastbound Interstate 70 in Englewood was shut down for
approximately 9 hours June 7 after a dump truck crashed into a semi-truck in a
construction zone and killed a construction worker. The cause of the accident
remains under investigation. Source: http://www.daytondailynews.com/news/news/traffic/semi-crash-shuts-down-i-70-in-englewood/nmXnM/
• Alabama Highway 171 was closed for several
hours June 7 after a semi-truck overturned and spilled hundreds of gallons of
fuel onto the roadway, prompting the evacuation of the nearby area. – WIAT
42 Birmingham
7. June 7,
WIAT 42 Birmingham – (Alabama) Fuel spill closes highway, prompts
evacuation. Alabama Highway 171 at mile marker 5 in Northport was closed
for several hours June 7 while crews cleaned up an accident involving a
semi-truck hauling fuel that spilled hundreds of gallons of gasoline and diesel
onto the roadway and prompted the evacuation of the nearby area. The remaining
fuel was off-loaded into another tanker and 1 person was injured. Source: http://wiat.com/2015/06/07/fuel-spill-closes-highway-prompts-evacuation/
• Officials issued Federal arrest warrants
June 7 for two convicted felons who escaped the Clinton Correctional Facility
in New York after they cut through a wall using power tools and followed
tunnels that led to a manhole outside the prison gates.– CNN
21. June
8, CNN – (New York) Manhunt: escaped killers ‘could literally be
anywhere.’ The U.S. Marshalls Service issued federal arrest warrants June 7
for two convicted felons who escaped the Clinton Correctional Facility in
Dannemora, New York after the inmates cut through a steel wall using power
tools, and followed a series of tunnels that led to a manhole outside the
prison gates. Authorities are currently searching for the escapees and are
offering a $100,000 reward for information leading to their capture. Source: http://www.cnn.com/2015/06/07/us/new-york-escapees/
• The National Institute of Standards and
Technology released the second revision of its “Guide to Industrial Control
Systems (ICS) Security,” which includes updated sections for vulnerabilities,
risk management, security architectures, recommended practices, and security capabilities
and tools.– Securityweek See item 24 below in the Information Technology Sector
Financial Services Sector
5. June 7,
WLWT 5 Cincinnati – (Ohio) ‘Sock hat bandit’ strikes again,
allegedly robs bank No. 8. Authorities are searching for a suspect dubbed
the “Sock hat bandit” after he allegedly robbed a PNC Bank in Hamilton Township
June 6, and has been connected to seven other bank robberies in Bellevue,
Queensgate, Columbus, and Green Township. Source: http://www.wlwt.com/news/sock-hat-bandit-strikes-again-allegedly-robs-bank-no-8/33443610
Information Technology Sector
23. June 8,
Securityweek – (International) MalumPOS malware targets Oracle Micros PoS
systems. Security researchers at Trend Micro discovered a new point-of-sale
(PoS) malware dubbed MalumPOS that is targeting Oracle’s Micros and other PoS
platforms via files disguised as display drivers before targeting up to 100
running processes to scrape payment card information. Source: http://www.securityweek.com/malumpos-malware-targets-oracle-micros-pos-systems
24. June 8,
Securityweek – (International) NIST updates ICS cyber security guide. The
National Institute of Standards and Technology (NIST) released the second
revision of its “Guide to Industrial Control Systems (ICS) Security,” which
includes updated sections for vulnerabilities and other threats, risk
management, security architectures, recommended practices, and security
capabilities and tools as well as guidance on how to adapt traditional
cybersecurity controls to ICS requirements. Source: http://www.securityweek.com/nist-updates-ics-cyber-security-guide
For additional stories, see
item 18 below from the Healthcare and Public Health
Sector and item 30 below from the Commercial Facilities Sector
18. June 5,
Securityweek – (National) Medical devices used as pivot point in hospital
attacks: report. Findings from a May 7 report issued by TrapX Security
detailed an attack vector known as “MedJack,” which targets outdated and
vulnerable software of medical devices. TrapX Security warned that a majority
of hospitals are at risk of being
infected with malware that
has remained undetected. The report included case studies in which networks
were breached via blood gas analyzers, a picture archive and communications
system (PACS), and an X-Ray system. Source: http://www.securityweek.com/medical-devices-used-pivot-point-hospital-attacks-report
30. June
6, Softpedia – (New York) Eataly New York customers affected by
the card breach. Eataly’s New York City Retail Marketplace reported that
their point-of-sale (PoS) system was compromised from January – April after an
unknown actor accessed customer names, payment card account numbers, expiration
dates, and card verification value codes. To mitigate future breaches, the
company plans to introduce encrypted swiping machines and implement a solution
for better system monitoring. Source: http://news.softpedia.com/news/Eataly-New-York-Customers-Affected-by-Card-Breach-483517.shtml
Communications Sector
Nothing to report