Thursday, November 12, 2015



Complete DHS Report for November 12, 2015

Daily Report                                            

Top Stories

 • Three men were charged in connection to an alleged cyber-attack against several U.S. financial institutions that allowed the suspects to steal the personal information of more than 100 million customers. – Wall Street Journal See item 3 below in the Financial Services Sector

 • Iowa officials reported that 2 tracks near Danville were out of service November 9 after 2 locomotives and 21 rail cars derailed when a coal train struck a road grader. – Associated Press

9. November 9, Associated Press – (Iowa) Coal cars derailed when train hits road grader in Iowa. Des Moines County officials reported that two tracks near Danville were out of service while crews worked to clean spilled coal and repair damages November 9 after 2 locomotives and 21 rail cars derailed when a coal train struck a road grader used to make repairs on nearby U.S. Highway 34.

 • A 5-alarm fire November 9 at the abandoned Paterson Armory in New Jersey prompted the closure of several schools in the Paterson Public School district November 10. – NJ.com

20. November 9, WBZ 4 Boston – (Massachusetts) Boston Arts Academy students exposed to hydrochloric acid. Boston Arts Academy in Massachusetts was briefly evacuated November 9 after 25 students complained of headaches and nausea and were transported to an area hospital after they were exposed to hydrochloric acid in a classroom that did not ventilate properly. Fire crews aired out the building and classes resumed. Source: http://boston.cbslocal.com/2015/11/09/boston-arts-academy-hydrochloric-acid-2/

 • Comcast announced November 9 that it will reset passwords for roughly 200,000 customers after a package of personal data was listed for sale on a Dark Web site. – Washington Post See item 24 below in the Communications Sector

Financial Services Sector

3. November 10, Wall Street Journal – (International) Charges announced in J.P. Morgan hacking case. A Federal indictment was unsealed November 10 against three men in connection to an alleged massive cyber-attack against J.P. Morgan Chase & Co., and several other U.S. financial institutions that allowed the suspects to steal the personal information of more than 100 million customers by hacking into the financial institutions’ systems and stealing customer information to carry out a stock-manipulation scheme. The defendants would artificially inflate stock prices and send spam emails to customers to trick them into buying stocks.

For another story, see item 1 below from the Energy Sector

1. November 9, U.S. Attorney’s Office, Southern District of Texas – (New York) Bronx man charged in oil futures fraud scheme. A Bronx man was indicted November 9 for an alleged fraud scheme where he misled investors out of more than $1.5 million by falsely representing that he operated a commodity poll which invested in oil futures contracts. The suspect would pay returns to investors with money received from other investors and use funds received for personal expenses.

Information Technology Sector

22. November 10, Securityweek – (International) Flaw in Linux encryption ransomware exposes decryption key. Researchers at Bitdefender discovered a flaw in the Linux.Encoder1 ransomware in its advanced encryption standard (AES) key generation process that revealed the libc rand() function, seeded with the current system timestamp during encryption, allows the retrieval of the AES key without having to decrypt the malware by paying the attackers for a RSA public key. The security firm released a decryption tool that automatically restores encrypted files previously attacked by Linux.Encoder1. Source: http://www.securityweek.com/flaw-linux-encryption-ransomware-exposes-decryption-key

23. November 9, Securityweek – (International) Remote code execution flaw found in Java app servers. Researchers from FoxGlove Security released a report addressing deserialization vulnerabilities in Java applications including Oracle WebLogic, IBM WebSphere, and Jenkins, among other products that can be remotely exploited for arbitrary code due to poor coding via Java library Apache Commons Collections that is used for more than 1,300 projects. A Java deserialization library and a report were released to secure applications from malicious actors and educate developers on how to avoid such flaws. Source: http://www.securityweek.com/remote-code-execution-flaw-found-java-app-servers

For additional stories, see item 3 above in the Financial Services Sector and item 24 below in the Communications Sector

Communications Sector

24. November 9, Washington Post – (National) Comcast says it’s not to blame after 200,000 user accounts were put up for the sale online. Comcast announced November 9 that it will reset passwords for roughly 200,000 customers after a package of personal data, including the e-mail addresses and passwords, was listed for sale for $1,000 on a Dark Web site. The company reported it was not hacked and that its systems and apps were not compromised and held unsuspecting customers responsible for visiting malware-laden sites or fallen victim to other schemes that allowed hackers to obtain their data. Source: https://www.washingtonpost.com/news/the-switch/wp/2015/11/09/comcast-says-its-not-to-blame-after-200000-accounts-were-illegally-put-up-for-sale/