Tuesday, April 12, 2016



Complete DHS Report for April 12, 2016

Daily Report                                            

Top Stories

• TransCanada Corporation announced April 10 that it resumed operations on its Keystone crude pipeline at reduced pressure after receiving authorization from the U.S. Pipeline and Hazardous Materials Safety Administration April 9 following an April 2 shut down when a leak was discovered in Hutchinson County, South Dakota. – Reuters

1. April 11, Reuters – (National) TransCanada restarts Keystone pipeline at reduced pressure. TransCanada Corporation announced April 10 that it resumed operations on its Keystone crude pipeline at reduced pressure after receiving authorization from the U.S. Pipeline and Hazardous Materials Safety Administration April 9 following the pipeline’s shut down April 2 when a leak was discovered near the company’s Freeman pump station in Hutchinson County, South Dakota. The company stated that it will conduct aerial patrols and visual inspections.

• A 15-vehicle pile-up forced the closure of Interstate 290 in Chicago April 9 for approximately 10 hours, leaving 1 person dead and 4 others with non-life-threatening injuries. – WLS 89 AM Chicago

11. April 9, WLS 89 AM Chicago– (Illinois) Chicago chef killed in I-290 crash. A 15-vehicle pile-up forced the closure of Interstate 290 in Chicago April 9 for approximately 10 hours, leaving 1 person dead and 4 others with non-life-threatening injuries.

• The North East Independent School District in Texas announced April 8 that 3 separate ransomware incidents beginning in February, encrypted about 2.5 terabytes of data, impacting all 20 campuses and 2 departments. – KENS 5 San Antonio

18. April 8, KENS 5 San Antonio – (Texas) Ransomware attacks 20 North East ISD schools. The North East Independent School District in Texas announced April 8 that 3 separate ransomware incidents beginning in February, encrypted about 2.5 terabytes of data, impacting all 20 campuses and 2 departments. Authorities asserted that students’ personal information was not compromised and that encrypted files were deleted and replaced with backup data. Source: http://www.kens5.com/news/local/ransomware-attacks-20-northeast-isd-schools/125053680

• Forty-two people were injured April 8 following a 5-alarm fire at a Keyport, New Jersey building that caused extensive damage to the facility and 3 surrounding buildings. – Asbury Park Press

29. April 9, Asbury Park Press – (New Jersey) 41 firefighters, 1 civilian hurt in Keyport fire. Forty-two people were injured April 8 following a 5-alarm fire at a Keyport, New Jersey building that caused extensive damage to the facility and 3 surrounding buildings, and prompted about 200 firefighters to contain the incident. The cause of the blaze is under investigation. Source: http://www.app.com/story/news/local/emergencies/2016/04/09/41-firefighters-1-civilian-hurt-keyport-fire/82846758/

Financial Services Sector

Nothing to report

Information Technology Sector

20. April 11, Softpedia – (International) Petya ransomware unlocked, you can now recover password needed for decryption. Two security researchers discovered ways to help victims of the Petya ransomware retrieve locked files and unlock computers after one researcher created two Web sites where victims can obtain the decryption password, and another researcher from Emsisoft created a tool that can help generate passwords needed to unlock victims’ computers.

21. April 11, SecurityWeek – (International) Nuclear exploit kit uses Tor to download payload. Researchers from Cisco discovered that the Nuclear exploit kit (EK) was dropping a Tor client file, named “tor.exe”, for Microsoft Windows to execute a request via the Tor anonymity network to download a secondary payload as several domains listed in the network traffic of the Nuclear exploit kit (EK) were never registered and were not associated with any Domain Name System (DNS) traffic. Researchers noted that as attackers used Tor to download a second payload, the malware was more difficult to track back to its hosting system.

22. April 9, Softpedia – (International) CryptoHost ransomware locks your data in a password-protected RAR file. Security researchers from MalwareForMe, MalwareHunterTeam, Bleeping Computer, and an independent researcher discovered a way to recover RAR files locked by the CryptoHost ransomware after an analysis of the ransomware revealed it was using a combination of the users’ ID number, motherboard serial number, and the C:\ volume serial number to generate a secure hash algorithm (SHA) 1 hash, which was used to give the RAR file’s name and the file’s password. Researchers stated victims will need to open the Windows Task Manager, find the cryptohost.exe process, stop its execution, and unzip the RAR file. Source: http://news.softpedia.com/news/cryptohost-ransomware-locks-your-data-in-a-password-protected-rar-file-502767.shtml

23. April 8, SecurityWeek – (International) Cisco releases critical security updates. Cisco released six security advisories including a high impact vulnerability in the Web application programming interface (API) of the Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) that could allow an attacker to send a crafted Uniform Resource Language (URL) request to bypass role-based access control (RBAC) and gain elevated privileges, as well as a vulnerability in the TelePresence Server that that could allow an attacker to cause a kernel panic and reboot the device, among other vulnerabilities. Source: http://www.securityweek.com/cisco-releases-critical-security-updates

For another story, see item 18 above in Top Stories

Communications Sector

Nothing to report