Tuesday, July 22, 2014




Complete DHS Report for July 22, 2014

Daily Report

Top Stories

· A Canadian National Railway Co., train struck another freight train in Slinger, Wisconsin, July 20 derailing 3 engines and 10 railcars and spilling about 5,000 gallons of diesel fuel, leading to the evacuation of around 100 nearby residents. – Associated Press

7. July 21, Associated Press – (Wisconsin) Wisconsin train crash injures 2 people, spills oil. A Canadian National Railway Co., train struck another freight train in Slinger, Wisconsin, July 20 derailing 3 engines and 10 railcars and spilling about 5,000 gallons of diesel fuel. Two crew members were injured and around 100 residents were evacuated for 5 hours as a precaution. Source: http://news.msn.com/us/wisconsin-train-crash-injures-2-people-spills-oil
 
· At least one person died and hundreds of homes were destroyed in 114 separate wildfires in several counties across eastern Washington that burned hundreds of thousands of acres. – Wall Street Journal

18. July 20, Wall Street Journal – (National) Washington state wildfires kill one, displace hundreds. At least one person died and hundreds of homes were destroyed in 114 separate wildfires in several counties across eastern Washington that burned hundreds of thousands of acres. Fire crews worked over the weekend of July 19 to contain the fires while hundreds of residents were evacuated. Source: http://online.wsj.com/articles/washington-state-wildfire-grows-1405874057
 
· The sheetrock ceiling of one of five housing units at the Diboll Correction Center in Lufkin, Texas, collapsed July 19, leaving 19 inmates injured. – CNN

21. July 20, CNN – (Texas) 19 injured when Texas prison roof collapses. The sheetrock ceiling of one of five housing units at the Diboll Correction Center in Lufkin, Texas, collapsed July 19, leaving 19 inmates injured. Authorities are investigating the cause of the roof collapse. Source: http://www.cnn.com/2014/07/19/us/prison-roof-collapse/index.html

 · The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) stated July 17 that six Siemens industrial control products used in several industries contained vulnerabilities in their OpenSSL implementation, with four products currently unpatched. – Help Net Security See item 23 below in the Information Technology Sector


Financial Services Sector

5. July 21, The Register – (International) Secondhand Point-o-Sale terminal was horrific security midden. A researcher with HP found that a second-hand Aloha point-of-sale (PoS) terminal purchased from eBay still held a database of employee names, Social Security numbers, and addresses, as well as default passwords that could be used by an attacker if the previous owners did not change passwords in new equipment. Source: http://www.theregister.co.uk/2014/07/21/ebayed_point_of_sale_terminal_leak_peril/

For another story, see item 25 below in the Information Technology Sector

Information Technology Sector

23. July 21, Help Net Security – (International) Unpatched OpenSSL holes found on Siemens ICSs. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) stated July 17 that six Siemens industrial control products contained vulnerabilities in their OpenSSL implementation that could lead to man-in-the-middle (MitM) attacks or the crashing of Web servers. Four of the vulnerabilities remain unpatched and are present in industrial control products used by the manufacturing, chemical, energy, agriculture, and water industries and utilities. Source: http://www.net-security.org/secworld.php?id=17146

24. July 19, Softpedia – (International) Kelihos trojan delivered through Askmen.com. Researchers with Malwarebytes reported that the online publication Askmen.com was compromised by attackers and used to redirect users to a malicious page serving the Nuclear Pack exploit kit for the purpose of infecting users with the Kelihos malware. The compromise was achieved by injecting malicious code into the Askmen.com server, and the site’s administrators were notified. Source: http://news.softpedia.com/news/Kelihos-Trojan-Delivered-Through-Askmen-com-451345.shtml

25. July 18, Help Net Security – (International) Fake Flash Player steals credit card information. Dr. Web researchers reported finding a new piece of Android malware dubbed BankBot that is disguised as Adobe Flash Player and persistently asks users for administrator privileges in order to display a fake credit card information form and steal any entered information. The malware is currently targeting users in Russia but can be repurposed to attack other targets. Source: http://www.net-security.org/malware_news.php?id=2812

26. July 18, Securityweek – (International) Researchers analyze multipurpose malware targeting Linux/Unix Web servers. Virus Bulletin published an analysis of a recently discovered piece of malware that infects Linux and Unix Web servers known as Mayhem, which has infected around 1,400 servers. The malware relies on several plugins for various capabilities, including information stealing and brute-force attacks. Source: http://www.securityweek.com/researchers-analyze-multipurpose-malware-targeting-linuxunix-web-servers

27. July 18, Network World – (International) Cisco counterfeiter gets 37 months in prison, forfeits $700,000. The CEO of ConnectZone.com was sentenced for his role in conspiring with a Chinese company to produce counterfeit Cisco Systems network products and then sell them as genuine products. Four people and two companies were charged in the case, with two others found guilty and a Chinese co-conspirator remaining at large. Source: http://www.networkworld.com/article/2455477/cisco-subnet/cisco-counterfeiter-gets-37-month-prison-forfeits-700-000.html

28. July 18, Threatpost – (International) Critroni crypto ransomware seen using TOR for command and control. Security researchers found that a new piece of ransomware known as Critroni has been spotted in use by various attackers using the Angler exploit kit to infect users with it and other malware. The ransomware encrypts victims’ files and demands a ransom, and uses the TOR network to contact its command and control servers. Source: http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command-and-control/107306

Communications Sector

29. July 21, WNEW 99.1 FM Bowie – (Maryland; Washington, D.C.) Widespread Verizon service outage across D.C. – Baltimore region. Verizon experienced a 6 hour outage July 20 in the Baltimore and Washington, D.C. region that impacted many customers with Internet service, TV, and wireless service. Repairs were completed but many customers continued reporting issues with service. Source: http://washington.cbslocal.com/2014/07/21/widespread-verizon-service-outage-affecting-d-c-baltimore-region/