Monday, July 18, 2016



Complete DHS Report for July 18, 2016

Daily Report                                            

Top Stories

• Three locomotives and 10 rail cars on a Norfolk Southern train derailed July 14 after the train collided with a truck in Wauhatchie Pike in Tennessee, injuring 3 people, and spilling thousands of gallons of diesel fuel. – Chattanooga Times Free Press

7. July 15, Chattanooga Times Free Press – (Tennessee) Thousands of gallons of diesel fuel spilled, 3 injured after train hits heavy truck, derails in Lookout Valley. Three locomotives and 10 rail cars on a Norfolk Southern train derailed July 14 after the train collided with a truck in Wauhatchie Pike in Tennessee, injuring 3 people, and spilling thousands of gallons of diesel fuel. Authorities closed several roads and intersections while crews worked to upright the derailed cars and repair the damaged track. Source: http://www.timesfreepress.com/news/local/story/2016/jul/14/train-hits-semi-truck-derails-lookout-valley/375998/

• Philips advised Xper Connect users to update their operating system (OS) to Microsoft Windows 2008-R2 and install Xper version 1.5 service pack 13 after researchers discovered 460 vulnerabilities in Philips Xper Information Management Connect. – SecurityWeek

19. July 15, SecurityWeek – (National) Hundreds of flaws found in Philips Healthcare product. Philips advised Xper Connect users to update their operating system (OS) to Microsoft Windows 2008-R2 and install Xper version 1.5 service pack 13 after Whitescope LLC and Synopsys researchers discovered 460 vulnerabilities in Philips Xper Information Management Connect, which include code injections, information exposure flaws, and resource management and numeric errors, among others, that can allow an attacker to compromise the system.

• Researchers found a new trojan dubbed “Delilah” that uses social engineering and extortion to recruit insiders by collecting personal information in order to blackmail the targeted individual. – SecurityWeek See item 22 below in the Information Technology Sector

• The Bay State Restorations warehouse in Brockton sustained significant damage July 14 following a seven-alarm fire that forced a nearby Massachusetts Bay Transportation Authority (MBTA) commuter rail station to close. – Brockton Enterprise

27. July 15, Brockton Enterprise – (Massachusetts) Raging 7-alarm fire destroys downtown Brockton warehouse. The Bay State Restorations warehouse in Brockton, Massachusetts, sustained significant damage July 14 following a seven-alarm fire that prompted surrounding homes to be evacuated, cut power to the area, and forced a nearby Massachusetts Bay Transportation Authority (MBTA) commuter rail station on the Middleboro Line to close. One firefighter was injured and crews were working to contain the blaze. Source: http://www.enterprisenews.com/news/20160714/raging-7-alarm-fire-destroys-downtown-brockton-warehouse

Financial Services Sector

5. July 14, WXIX 19 Newport – (Ohio) Investigators: Link between skimmers and 103 credit cards found possible. A New York resident was arrested in Symmes Township, Ohio, July 14 after police found over 103 fraudulent Visa gift cards that had been re-encoded with stolen credit card numbers in the suspect’s vehicle during a routine traffic stop. Authorities are investigating whether the man is linked to a credit card skimming scheme targeting New York, New Jersey, and Connecticut. Source: http://www.fox19.com/story/32448447/investigators-link-between-skimmers-and-103-stolen-credit-cards-found-possible

6. July 14, Southern California City News Service – (California) ‘Hipster Bandit’ bank robbery suspect arrested. A man dubbed the “Hipster Bandit” was arrested in Serra Mesa, California, July 14 after he allegedly robbed eight banks and attempted to rob two others in San Diego, Riverside, and Orange counties since November 2015.

Information Technology Sector

22. July 15, SecurityWeek – (International) New trojan helps attackers recruit insiders. Researchers at Gartner Research and Diskin Advanced Technologies found a new trojan dubbed “Delilah” that uses social engineering and extortion to recruit insiders by collecting personal information and capturing video from the targeted user’s webcam while instructing users to use virtual private networks (VPNs) and the Tor network in order to manipulate or blackmail the targeted individual. Source: http://www.securityweek.com/new-trojan-helps-attackers-recruit-insiders

23. July 15, SecurityWeek – (International) IE exploit added to Neutrino after experts public PoC. FireEye and Symantec researchers found that Neutrino exploit kit (EK) researchers use an Adobe Flash file to deliver exploits in order to profile a victim’s system to determine which exploit to use after researchers published a proof-of-concept (PoC) exploit on two remote code execution (RCE) vulnerabilities that were patched by Microsoft in May. Researchers determined that the exploit added to Neutrino is identical to the one published, except for the code that runs after initial control.

24. July 14, Softpedia – (International) CryptXXX devs provide free decryption keys for some ransomware versions. Bleeping Computer researchers released a category of users who could obtain a free decryption key by visiting the Tor-based payment sites of the CryptXXX ransomware after their files were encrypted by the ransomware using the “.crypz” and “.cryp1” file extensions at the end. Source: http://news.softpedia.com/news/cryptxxx-devs-provide-free-decryption-keys-for-some-ransomware-versions-506333.shtml

25. July 14, Softpedia – (International) Maxthon browser collects sensitive data even if users opt out. Maxthon is investigating after Exatel and Fidelis Cybersecurity researchers found that the Maxthon Web browser collects sensitive information and sends it to its servers, even if the user opts out of the option due to an issue in the current implementation of User Experience Improvement Program (UEIP) that lets the browser manufacturer collect analytical information about how users utilize their product. Source: http://news.softpedia.com/news/maxthon-browser-collects-sensitive-data-even-if-users-opt-out-506327.shtml

For additional stories, see item 19 above in Top Stories and 26 below in the Communications Sector

Communications Sector

26. July 14, Threatpost – (International) Cisco patches DoS flaw in NCS 6000 routers. Cisco Systems released patches for two products addressing a Simple Network Management Protocol (SNMP) configuration management flaw in the Cisco ASR 5000 Series, prior to versions 19.4 and 20.1 that could allow a remote attacker to read and modify device configurations using the SNMP read-write community strings. The second patch addresses a critical flaw in Cisco IOS XR for the Cisco Network Convergence System series router found in the management of system timer resources which could allow an attacker to remotely crash the router by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure File Transfer Protocol (SFTP) management connections to an affected device.