Complete DHS Report for October 11, 2016
Daily Report
Top Stories
• The governor of Florida reported October 7 that roughly 600,000
homes across the State were without power due to Hurricane Matthew. – Reuters
1. October 7, Reuters –
(Florida) Some 600,000 Florida homes without power due to hurricane:
governor. The governor of Florida reported October 7 that roughly 600,000
homes across the State were without power due to Hurricane Matthew and more
outages were expected as the storm continues to move north along Florida’s east
coast.
• Around 60 homes in Glen Rose, Texas, were evacuated October 6
after a semi-truck jackknifed and spilled 8,000 gallons of gasoline and diesel
fuel on Highway 144. – KTVT 11 Fort Worth
2. October 6, KTVT 11
Fort Worth – (Texas) 18-wheeler crash & fuel spill causes
evacuations in Glen Rose. Around 60 homes in Glen Rose, Texas, were
evacuated October 6 after a semi-truck jackknifed and spilled 8,000 gallons of
gasoline and diesel fuel on Highway 144. HAZMAT crews responded to the scene to
contain the fuel spill. Source: http://dfw.cbslocal.com/2016/10/06/18-wheeler-crash-fuel-spill-causes-evacuations-in-glen-rose/
• Six U.S. Army soldiers and two civilian co-conspirators were
indicted October 5 for their roles in a more than $1 million scheme where they
stole and sold sensitive U.S. Army equipment from Fort Campbell in
Hopkinsville, Kentucky, to anonymous Internet buyers in Russia, China, and
other countries. – U.S. Department of Justice
14. October 6, U.S.
Department of Justice – (International) Six Fort Campbell soldiers and
two others charged with stealing and selling sensitive military equipment. Six
U.S. Army soldiers and two civilian co-conspirators were indicted October 5 for
their roles in a more than $1 million scheme where the group stole sensitive
U.S. Army equipment from Fort Campbell in Hopkinsville, Kentucky, and sold it
to anonymous Internet buyers in Russia, China, Kazakhstan, and Mexico, among
other countries. Source: https://www.justice.gov/opa/pr/six-fort-campbell-soldiers-and-two-others-charged-stealing-and-selling-sensitive-military
• The owner of RASKO, a mall kiosk business, pleaded guilty
October 6 to his role in a $14 million immigration and money laundering scheme
where he and co-conspirators recruited and sent over 140 foreign nationals to
the U.S. to work at one of RASKO’s locations from 2011 – 2016. – U.S.
Attorney’s Office, Eastern District of Virginia
21. October 6, San
Francisco Bay City News – (California) Firefighters clean up small
radioactive spill that prompted evacuations in Antioch. Around 50 apartment
units in about 8 apartment complexes in Antioch, California, were evacuated for
roughly 3 hours October 6 after a radioactive material spilled at a
construction site when a truck ran over a piece of equipment that contained
cesium and americium. No injuries were reported and HAZMAT crews cleaned up the
radioactive material. Source:
http://www.nbcbayarea.com/news/local/Contra-Costa-Fire-Investigate-Hazmat-Situation-at-Antioch-Construction-Site-396177381.html
Financial Services Sector
5. October 6, U.S.
Attorney’s Office, District of Massachusetts – (National) Boston man
charged with identity theft in scheme to defraud retirement accounts. A
Boston resident was charged October 6 for his role in an identity theft scheme
where he and a co-conspirator who worked as a customer service employee at
Mercer, Inc. allegedly stole the personal information and bank account numbers
from roughly 270 retirement accounts managed by Mercer, Inc. in order to
withdraw money from the accounts from February 2014 – April 2014. The charges
allege that the stolen retirement account information was used to load a
prepaid card with almost $20,000 in illicitly obtained funds, which the
defendant used for personal expenses. Source: https://www.justice.gov/usao-ma/pr/boston-man-charged-identity-theft-scheme-defraud-retirement-accounts
6. October 6, U.S.
Attorney’s Office, District of Maryland – (Maryland; Washington, D.C.) Federal
indictment charges four conspirators in fraudulent credit card scheme. Four
individuals were charged October 6 for their roles in a fraudulent credit card
scheme where the group allegedly stole the personal information of at least 33
victims in order to apply for and obtain credit cards, which were used to
purchase merchandise and gift cards worth more than $135,000 from October 2014
– July 2016. Source: https://www.justice.gov/usao-md/pr/federal-indictment-charges-four-conspirators-fraudulent-credit-card-scheme
Information Technology Sector
15. October 7,
SecurityWeek – (International) VMware patches directory traversal flaw
in Horizon View. VMware released versions 7.0.1, 6.2.3, and 5.3.7 of its
Horizon View products for Microsoft Windows after a security researcher, dubbed
“Bruk0ut” discovered the products were plagued with a flaw that could allow a
remote attacker to carry out a directory traversal attack on the Horizon View
Connection Server to access sensitive information.
16. October 7,
SecurityWeek – (International) X.Org library flaws allow privilege
escalation, DoS attacks. The X.Org Foundation released patches addressing
more than a dozen vulnerabilities in its client libraries, including an
out-of-bounds memory read or write error flaw in libX11 versions 1.6.3 and
earlier, an integer overflow issue on 32-bit systems in libXfixes versions
5.0.2 and earlier, and a denial-of-service (DoS) condition via out of boundary
memory access or endless loops in XRecord versions 1.2.2 and earlier, among
other vulnerabilities. X.Org reported most of the flaws exist because the
client libraries trust the server to send correct protocol data and do not
consider that the values could cause an overflow or other issues. Source: http://www.securityweek.com/xorg-library-flaws-allow-privilege-escalation-dos-attacks
17. October 6,
SecurityWeek – (International) Cerber ransomware can now kill database
processes. Security researchers from BleepingComputer discovered a new
variant of the Cerber ransomware family is able to kill many database processes
before the encryption process begins by using a close_process directive in the
configuration file in order to encrypt the processes’ data files. The
researchers also found Cerber switched to a four-character randomly generated
extension and started scrambling the name of the encryption file, making it
more difficult for victims to recover their data. Source: http://www.securityweek.com/cerber-ransomware-can-now-kill-database-processes
For another story, see item 20
below from the Commercial Facilities Sector
20. October 6, Softpedia –
(International) FastPOS malware abuses Windows Mailslots to steal POS data. Trend
Micro security researchers reported a point-of-sale (PoS) malware, dubbed
FastPOS received updates and now uses a modular design with separate
components, memory scrapper and keylogger, designed to infect Microsoft Windows
computers running 32-bit and 64-bit systems, making the malware more efficient
and more difficult to detect. The malware was spotted abusing Mailslots, a
Windows mechanism used to store inter-process communications (IPC) in the
computer’s random access memory (RAM) in order to avoid creating permanent
files.
Communications Sector
Nothing to report