Complete DHS Report for July 18, 2016
Daily Report
Top Stories
• Three locomotives and 10 rail cars on a Norfolk Southern train
derailed July 14 after the train collided with a truck in Wauhatchie Pike in
Tennessee, injuring 3 people, and spilling thousands of gallons of diesel fuel.
– Chattanooga Times Free Press
7. July 15,
Chattanooga Times Free Press – (Tennessee) Thousands of
gallons of diesel fuel spilled, 3 injured after train hits heavy truck, derails
in Lookout Valley. Three locomotives and 10 rail cars on a Norfolk Southern
train derailed July 14 after the train collided with a truck in Wauhatchie Pike
in Tennessee, injuring 3 people, and spilling thousands of gallons of diesel
fuel. Authorities closed several roads and intersections while crews worked to
upright the derailed cars and repair the damaged track. Source: http://www.timesfreepress.com/news/local/story/2016/jul/14/train-hits-semi-truck-derails-lookout-valley/375998/
• Philips advised Xper Connect users to update their operating
system (OS) to Microsoft Windows 2008-R2 and install Xper version 1.5 service
pack 13 after researchers discovered 460 vulnerabilities in Philips Xper
Information Management Connect. – SecurityWeek
19. July 15,
SecurityWeek – (National) Hundreds of flaws found in Philips Healthcare
product. Philips advised Xper Connect users to update their operating
system (OS) to Microsoft Windows 2008-R2 and install Xper version 1.5 service
pack 13 after Whitescope LLC and Synopsys researchers discovered 460
vulnerabilities in Philips Xper Information Management Connect, which include
code injections, information exposure flaws, and resource management and
numeric errors, among others, that can allow an attacker to compromise the
system.
• Researchers found a new trojan dubbed “Delilah” that uses social
engineering and extortion to recruit insiders by collecting personal
information in order to blackmail the targeted individual. – SecurityWeek See item 22 below in
the Information Technology Sector
• The Bay State Restorations warehouse in Brockton sustained
significant damage July 14 following a seven-alarm fire that forced a nearby
Massachusetts Bay Transportation Authority (MBTA) commuter rail station to
close. – Brockton Enterprise
27. July 15,
Brockton Enterprise – (Massachusetts) Raging 7-alarm fire destroys downtown
Brockton warehouse. The Bay State Restorations warehouse in Brockton,
Massachusetts, sustained significant damage July 14 following a seven-alarm
fire that prompted surrounding homes to be evacuated, cut power to the area,
and forced a nearby Massachusetts Bay Transportation Authority (MBTA) commuter
rail station on the Middleboro Line to close. One firefighter was injured and
crews were working to contain the blaze. Source: http://www.enterprisenews.com/news/20160714/raging-7-alarm-fire-destroys-downtown-brockton-warehouse
Financial Services Sector
5. July 14,
WXIX 19 Newport – (Ohio) Investigators: Link between skimmers and 103 credit
cards found possible. A New York resident was arrested in Symmes Township,
Ohio, July 14 after police found over 103 fraudulent Visa gift cards that had
been re-encoded with stolen credit card numbers in the suspect’s vehicle during
a routine traffic stop. Authorities are investigating whether the man is linked
to a credit card skimming scheme targeting New York, New Jersey, and
Connecticut. Source: http://www.fox19.com/story/32448447/investigators-link-between-skimmers-and-103-stolen-credit-cards-found-possible
6. July 14,
Southern California City News Service – (California) ‘Hipster Bandit’
bank robbery suspect arrested. A man dubbed the “Hipster Bandit” was
arrested in Serra Mesa, California, July 14 after he allegedly robbed eight
banks and attempted to rob two others in San Diego, Riverside, and Orange
counties since November 2015.
Information Technology Sector
22. July 15,
SecurityWeek – (International) New trojan helps attackers recruit insiders. Researchers
at Gartner Research and Diskin Advanced Technologies found a new trojan dubbed
“Delilah” that uses social engineering and extortion to recruit insiders by
collecting personal information and capturing video from the targeted user’s
webcam while instructing users to use virtual private networks (VPNs) and the
Tor network in order to manipulate or blackmail the targeted individual. Source:
http://www.securityweek.com/new-trojan-helps-attackers-recruit-insiders
23. July 15,
SecurityWeek – (International) IE exploit added to Neutrino after experts
public PoC. FireEye and Symantec researchers found that Neutrino exploit
kit (EK) researchers use an Adobe Flash file to deliver exploits in order to
profile a victim’s system to determine which exploit to use after researchers
published a proof-of-concept (PoC) exploit on two remote code execution (RCE)
vulnerabilities that were patched by Microsoft in May. Researchers determined
that the exploit added to Neutrino is identical to the one published, except
for the code that runs after initial control.
24. July 14,
Softpedia – (International) CryptXXX devs provide free decryption keys
for some ransomware versions. Bleeping Computer researchers released a
category of users who could obtain a free decryption key by visiting the
Tor-based payment sites of the CryptXXX ransomware after their files were
encrypted by the ransomware using the “.crypz” and “.cryp1” file extensions at
the end. Source: http://news.softpedia.com/news/cryptxxx-devs-provide-free-decryption-keys-for-some-ransomware-versions-506333.shtml
25. July 14,
Softpedia – (International) Maxthon browser collects sensitive data even
if users opt out. Maxthon is investigating after Exatel and Fidelis
Cybersecurity researchers found that the Maxthon Web browser collects sensitive
information and sends it to its servers, even if the user opts out of the
option due to an issue in the current implementation of User Experience
Improvement Program (UEIP) that lets the browser manufacturer collect
analytical information about how users utilize their product. Source: http://news.softpedia.com/news/maxthon-browser-collects-sensitive-data-even-if-users-opt-out-506327.shtml
For additional stories, see
item 19 above in Top Stories and 26 below in the Communications Sector
Communications Sector
26. July 14,
Threatpost – (International) Cisco patches DoS flaw in NCS 6000 routers. Cisco
Systems released patches for two products addressing a Simple Network
Management Protocol (SNMP) configuration management flaw in the Cisco ASR 5000
Series, prior to versions 19.4 and 20.1 that could allow a remote attacker to
read and modify device configurations using the SNMP read-write community
strings. The second patch addresses a critical flaw in Cisco IOS XR for the Cisco
Network Convergence System series router found in the management of system
timer resources which could allow an attacker to remotely crash the router by
sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure
File Transfer Protocol (SFTP) management connections to an affected device.