Complete DHS Report for November 3, 2016
Daily Report
Top Stories
• Authorities in Columbus, Ohio, announced that a man dubbed the
“Buckeye Bandit” was arrested October 21 after he allegedly committed up to 30
robberies at banks and pharmacies across the State since September 2013. – Columbus
Dispatch See item 4 below in the Financial Services Sector
• Authorities in Marion, Ohio, arrested and charged several
individuals October 31 after discovering hundreds of fraudulent credit cards
and gift cards, a credit card imprinter, and other illicit items in a Marion
home while investigating a drug trafficking operation. – WCMH 4 Columbus See item 5
below in the Financial Services Sector
• Idaho Highway 75 in Custer County was closed for more than 8
hours November 1 after a semi-truck was struck by another vehicle and spilled
10,000 gallons of diesel fuel on the roadway, causing a fire to ignite. – KIFI
8 Idaho Falls/KIDK 3 Idaho Falls
11. November 1, KIFI 8
Idaho Falls/KIDK 3 Idaho Falls – (Idaho) Names released in deadly crash
on Highway 75. Idaho Highway 75 between Sunbeam and Challis in Custer
County was closed for more than 8 hours November 1 after a vehicle traveling
northbound crossed the center line and struck a semi-truck, causing the
semi-truck to spill 10,000 gallons of diesel fuel on the roadway and ignite.
One person was killed and environmental officials were working to assess the
damage. Source: http://www.localnews8.com/news/crash-on-highway-75-closes-the-road-kills-one-driver/139165781
• A fire at the Hamilton Plaza in Hamilton, Ohio, caused an
estimated $500,000 in damages to the Rent-A-Center and two neighboring stores
November 1. – Butler County Journal-News
21. November 1, Butler
County Journal-News – (Ohio) Hamilton firefighters battle blaze that
does $500K damage in plaza. A fire at the Hamilton Plaza in Hamilton, Ohio,
caused an estimated $500,000 in damages to the Rent-A-Center and two
neighboring stores November 1. No injuries were reported and the cause of the
fire remains under investigation. Source: http://www.journal-news.com/news/local/hamilton-firefighters-battle-blaze-that-does-500k-damage-plaza/EVRy3iIvZKQ4Gbv9aR2WAO/
Financial Services Sector
4. November 2, Columbus
Dispatch – (Ohio) Police say they've caught 'Buckeye Bandit,' blamed for
up to 30 robberies. Authorities in Columbus, Ohio, announced November 1
that a man dubbed the “Buckeye Bandit” was arrested October 21 after he
allegedly committed up to 30 robberies at banks and pharmacies across the State
since September 2013, including a robbery at a KeyBank branch in Columbus where
the suspect allegedly stole over $53,000 in October 2016. Officials reported
that while the suspect currently faces one charge of armed robbery, additional
charges could be filed at a later date pending further investigation. Source: http://www.dispatch.com/content/stories/local/2016/11/01/1030-buckeye-bandit-suspect.html
5. November 1, WCMH 4
Columbus – (Ohio) Marion overdose cases lead to credit card skimming
operation. Authorities in Marion, Ohio, arrested and charged several
individuals October 31 after discovering hundreds of fraudulent credit cards
and gift cards, a credit card imprinter, and other illicit items in a Marion
home while investigating a drug trafficking operation. Source: http://nbc4i.com/2016/11/01/marion-overdose-cases-lead-to-credit-card-skimming-operation/
Information Technology Sector
17. November 2, The
Register – (International) Multiple RCE flaws found in Memcached web
speed tool. Web performance tool Memcached received security patches after
a security researcher from Cisco Systems, Inc., discovered that Memcached
version 1.4.31 and earlier were plagued with three integer overflow
vulnerabilities that could be exploited to achieve remote code execution (RCE)
on a targeted system, and are manifested in Memcached functions used to insert,
append, or modify key-value data pairs. The researcher reported that systems
with Memcached compiled with support for Simple Authentication and Security
Layer (SASL) authentication were also vulnerable to another flaw due to how
Memcached handles SASL authentication commands. Source: http://www.theregister.co.uk/2016/11/02/multiple_rce_flaws_found_in_super_popular_memcached_speed_tool/
18. November
2, SecurityWeek – (International) Security firm discloses unpatched
flaws in Schneider HMI product. CRITIFENCE discovered two unpatched
denial-of-service (DoS) flaws, dubbed PanelShock affecting several of Schneider
Electric’s Magelis human-machine interface (HMI) panels, which could allow
attackers to cause the affected devices to enter into a DoS condition by
sending maliciously crafted Hypertext Transfer Protocol (HTTP) requests due to
a faulty implementation of HTTP request methods and resource consumption
management mechanisms. Schneider Electric was working to release patches for
the security holes. Source: http://www.securityweek.com/security-firm-discloses-unpatched-flaws-schneider-hmi-product
19. November 1,
SecurityWeek – (International) Vulnerability impacts web-exposed SAP
systems. A security researcher from Quenta Solutions reported that an
information disclosure vulnerability affecting SAP systems that was patched in
September affects over 941 SAP systems exposed to the Internet. The flaw could
be exploited to remotely access the list of SAP users from the system and
obtain information such as usernames, user IDs, and email addresses that can be
used to launch phishing campaigns. Source: http://www.securityweek.com/vulnerability-impacts-web-exposed-sap-systems
20. October 30, Softpedia
– (International) Teen behind Titanium DDoS Stresser pleads guilty in
London. A British national pleaded guilty to running the Titanium Stresser,
a distributed denial-of-service (DDoS) for-hire service that malicious actors
used to launch a total of 1.7 million DDoS attacks internationally. Authorities
reported that the service operator made over $385,000 in profits from renting
his DDoS tools to hackers. Source: http://news.softpedia.com/news/teen-behind-titanium-ddos-stresser-pleads-guilty-in-london-509811.shtml
Communications Sector
Nothing to report