Complete DHS Report for
August 7, 2015
Daily Report
Top Stories
· Officials found that an August 4 explosion
in the caste house at Noranda Aluminum in New Madrid, Missouri, that destroyed
a building and injured 33 workers was due to molten aluminum coming into
contact with water. – Associated Press
6. August 5,
Associated Press – (Missouri) Federal agency says molten aluminum hitting water
apparent cause of Missouri plant explosion. Occupational Safety and Health
Administration officials found in a preliminary investigation that an August 4
explosion in the caste house at Noranda Aluminum in New Madrid that destroyed a
building and injured 33 workers was due to molten aluminum coming into contact
with water. An investigation into the incident is ongoing.Source: http://www.brandonsun.com/business/breaking-news/federal-agency-says-molten-aluminum-hitting-water-apparent-cause-of-missouri-plant-explosion-320762571.html?thx=y
· The former president and chief
financial officer of Wilmington Trust Co., and 2 others were indicted August 5
for allegedly concealing material amounts of past due loans and mortgages
exceeding $300 million from 2009 – 2010. – Reuters See item 9 below in the Financial Services Sector
· Dragos Security discovered at least 11
vulnerabilities in control switches being used in industrial control systems
across multiple sectors that could allow an attacker to execute
man-in-the-middle (MitM) attacks. – ZDNet See item 41 below
in the Information Technology Sector
· Three individuals were injured after a
man armed with a pellet gun and a hatchet released pepper spray at audience
members inside a Tennessee movie theater before being shot at and killed by
police August 5. – CBS News; Associated Press
44. August 5,
CBS News; Associated Press – (Tennessee) New horror at the movies: Man
with axe, pellet gun goes berserk. Three individuals were injured after a
man armed with a pellet gun and a hatchet released pepper spray at audience
members inside a Tennessee movie theater before being shot at and killed by
police August 5. Authorities unarmed a hoax device found in the man’s backpack
and believe the individual suffered significant psychiatric problems.Source: http://www.cbsnews.com/news/antioch-tennessee-movie-theater-shooting/
Financial Services Sector
8. August 6,
Memphis Daily News – (National) Family indicted on $18M fraud. A former
Tennessee State Representative and his 2 sons were indicted August 5 for using
their company, First American Monetary Consultants Inc., to allegedly defraud
over 300 people in at least 9 States out of $18 million by encouraging
customers to buy gold and silver that they never completely received. Source: https://www.memphisdailynews.com/news/2015/aug/6/bates-family-indicted-on-18m-fraud/
9. August 5,
Reuters – (National) Ex-Wilmington Trust president, 3 others are
indicted over loans. The former president and chief financial officer of
Wilmington Trust Co., and 2 others were indicted August 5 for allegedly
concealing material amounts of past due loans and mortgages exceeding $300
million from 2009 – 2010, misleading regulators about the company’s finances.Source: http://www.reuters.com/article/2015/08/05/wilmingtontrust-indictments-idUSL1N10G3HP20150805
10. August 5,
KXAN 36 Austin – (Texas) Feds: Austin man linked to $23M worth of counterfeit
money. An Austin man was indicted August 4 for role in a counterfeiting
scheme in which he allegedly forged and distributed U.S. currency worth up to
$23 million from March to July. Two other suspects were recently found guilty
in connection to counterfeiting U.S. currency in the Austin area. Source: http://kxan.com/2015/08/05/feds-austin-man-linked-to-23m-worth-of-counterfeit-money/
For another story, see item 36 below in the Information Technology Sector
Information Technology Sector
36. August 6,
Securityweek – (International) GameOver Zeus gang leader engaged in
espionage: Researchers. Officials from FBI, Fox-IT, and Crowdstrike released
analysis revealing that in addition to using the GameOver Zeus malware to steal
about $100 million from banks, the cybercriminal ring used botnets to commit
cyberespionage against various countries, including members of the Organization
of the Petroleum Exporting Countries (OPEC). Source: http://www.securityweek.com/gameover-zeus-gang-leader-engaged-espionage-researchers
37. August 6,
Softpedia – (International) Researcher hacks his way into a GlobalStar
satellite. A security researcher from Synack disclosed vulnerabilities such
as a lack of encryption in satellite communication protocols, and revealed that
he was able to break down GlobalStar’s simplex satcom protocol to hack
GlobalStar’s SPOT global-positioning system (GPS) devices. The same protocol
could reportedly be used to induce panic by simulating a large-scale disaster,
and could hamper emergency response. Source: http://news.softpedia.com/news/researcher-hacks-his-way-into-a-globalstar-satellite-488659.shtml
38. August 6,
Help Net Security – (International) Corporate networks can be compromised via
Windows updates. Researchers from Context Information Security reported
that Microsoft Windows Update can be used to attack corporate networks by
leveraging improperly configured Windows Server Update Services (WSUS)
implementations, allowing for fake automatic updates that can install a trojan
or other malware, and could be used to grant administrator privileges with a
false login. Source: http://www.net-security.org/secworld.php?id=18725
39. August 6,
The Register – (International) Hacking Team brewed potent iOS poison for
non-jailbroken iThings. Security researchers from FireEye released analysis
of Hacking Team breached data revealing that the company had created an “iOS
Remote Control System (RCS) agent” to hack into jailbroken iOS devices, as well
as other methods targeting non-jailbroken devices via remotely downloaded
Masque Attack apps that can execute commands and extract data from compromised
devices. Source: http://www.theregister.co.uk/2015/08/06/hacking_team_ios_trickery_outed/
40. August 5,
IDG News Service – (International) Android device makers promise monthly
security fixes. Google, Samsung, and LG announced plans to begin issuing
monthly security patches for Android devices, citing the operating system’s
(OS) increased targeting from cybercriminals. The first large update includes a
patch for the Stagefright vulnerability, which can compromise a device via a
specially crafted multimedia message (MMS). Source: http://www.computerworld.com/article/2960512/security/android-device-makers-promise-monthly-security-fixes.html
41. August 5,
ZDNet – (International) Nuclear nightmare: Industrial control
switches need fixing, now. Security researchers at Dragos Security discovered
at least 11 vulnerabilities in control switches being used in industrial
control systems (ICS) across multiple sectors that could allow an attacker to
execute man-in-the-middle (MitM) attacks to cause control systems to shut down
a plant or process or force an ICS into a hazardous state. Researchers believe
that the attacks are being exploited in the wild, and that the vulnerabilities
are made possible by poor authentication protocols and cryptographic integrity.
Source: http://www.zdnet.com/article/nuclear-nightmare-industrial-control-switches-need-fixing-now/
42. August 5,
Threatpost – (International) APT group gets selective about data it
steals. Security researchers from the Dell SecureWorks Counter Threat Unit
released findings from a report revealing that the Emissary Panda advanced
persistent threat (APT) group has focused its efforts on a number of
manufacturing, automotive, aerospace, pharmaceutical, oil and gas, defense
industrial base, political, and education organizations in the U.S. and the
United Kingdom, utilizing a number of tools to steal and transmit intellectual
property via backdoors. Source: https://threatpost.com/apt-group-gets-selective-about-data-it-steals/114103
Communications Sector
See items 37, 39, and 40 above in the Information Technology
Sector