15/02/22
Critical Infrastructure Daily Brief
Statewide Terrorism & Intelligence Center
Critical Infrastructure Daily Brief
**UNCLASSIFIED **
(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.
Situational Awareness
An Urbana woman has been arrested in a shooting Saturday afternoon at Market Place Mall that left a man injured. But the Champaign County state’s attorney has asked Champaign police to do further investigation before deciding what, if any, charges to file. Police were called at 2:07 p.m. to the mall at 2000 N. Neil St., C. They learned that a man and woman had been in a dispute inside the building near the food court, then moved out to the parking lot. During the dispute, Diamond Mitchell, 22, allegedly fired one shot and hit a 19-year-old man in the leg. Police provided first aid for him until he could be taken to the hospital. Mitchell was taken to the county jail. State’s Attorney Julia Rietz said Mitchell has a firearm owner’s identification card and a concealed-carry license and told police that she was acting in self-defense after a dispute with the man over a pair of shoes. Rietz said police learned that the two did not know each other. Police recovered a loaded gun.
Seven Chicago firefighters were injured Saturday while battling a large house fire in the city's Roseland neighborhood on the South Side. Fire officials arrived at the home near 112th Street and Princeton Avenue just after 3:20 p.m. Saturday afternoon. Less than 10 minutes later, firefighters called for a "mayday."… "Everything in there reached its ignition temperature, and once it got a source, it just kinda goes. Everything lights up, and it's the energy and force behind it that push," explained CFD Fire Commissioner Annette Nance-Holt. The rare occurrence sent seven firefighters to the hospital, according to the Chicago Fire Department. Four were transported to Advocate Christ Medical Center and three were taken to Little Company of Mary Hospital. By early Sunday afternoon, all seven firefighters had been released from the hospital, officials said.
A Maine man charged with setting fire to a Massachusetts church with a predominantly Black congregation was driven by racial animus, according to court documents. Dushko Vulchev, 45, of Houlton, Maine, was indicted by a federal grand jury on Thursday on four counts of damaging religious property “because of the race, color, and ethnic characteristics” of those associated with the church, and one count of using fire to commit a federal felony. An email seeking comment was left with his federal public defender. Authorities allege in the early morning hours he set a Dec. 28, 2020 blaze at the Martin Luther King Jr. Presbyterian Church in Springfield that caused extensive damage. Authorities say he set had previously set several smaller fires at the church. Investigators who examined his electronic devices “identified numerous examples of communications that demonstrated racial animus towards Black people,” according to court documents.
Eleven people were injured in a random stabbing spree along Central Avenue, Sunday in Albuquerque. A spokesman for the Albuquerque Police Department says the stabbings were random in nature. The first stabbing was reported around 11 am, near Sister bar on Central Ave. NW. After an incident near Central Ave. SE and Harvard St. SE, officers were notified of a series of stabbings that ended when a suspect was apprehended near Central Ave. NE and Wyoming Blvd. NE The victims were taken to several hospitals in the Albuquerque area. Two of the victims are in critical condition. The remaining victims were either treated and released, or in stable condition. One person has been arrested in the stabbing incident. Police say Tobias Gutierrez was booked into the Metropolitan Detention Center on charges of aggravated battery with a deadly weapon.
Cybersecurity
The US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months. This was disclosed in a TLP:WHITE joint cybersecurity advisory released Friday in coordination with the US Secret Service. "As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).," the federal law enforcement agency said [PDF]. “BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers." The advisory focuses on providing indicators of compromise (IOCs) that organizations can use to detect and defend against BlackByte's attacks. The IOCs associated with BlackByte activity shared in the advisory include MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services (IIS) servers and a list of commands the ransomware operators used during attacks.
Christian crowdfunding website GiveSendGo is offline Monday due to an apparent hack after the company vowed to fight a Canadian court order to stop disbursing donated funds to a trucker convoy protesting COVID-19 measures in Canada. Sunday the website redirected to a domain “givesendgone[.]wtf” which showed a video from the Disney film frozen alongside a message condemning donors, the Daily Dot’s Mikael Thalen reported. As of Monday morning, the GiveSendGo site delivered an error message. The attackers also appear to have leaked donor information, including names, email addresses, zip codes and IP addresses, according to hacktivist group DDoSSecrets, which obtained the unsecured files. The Canadian protestors belong to a larger global “Freedom Convoy” protest movement by truckers seeking the end of vaccine and mask mandates. The protests have caused a state of emergency in parts of Ottawa, where protestors have been accused of aggressive and illegal behavior by law enforcement. The Christian crowdfunding website became a popular fundraising source for the “Freedom Convoy 2022” after crowdfunding giant GoFundMe stopped protestors from using its service and cut off access to already raised funds.
Adobe has released an emergency patch to tackle a critical bug that is being exploited in the wild. On February 13, the tech giant said that the vulnerability impacts Adobe Commerce and Magento Open Source, and according to the firm's threat data, the security flaw is being weaponized "in very limited attacks targeting Adobe Commerce merchants." Tracked as CVE-2022-24086, the vulnerability has been issued a CVSS severity score of 9.8 out of 10, the maximum severity rating possible. The vulnerability is an improper input validation issue, described by the Common Weakness Enumeration (CWE) category system as a bug that occurs when a "product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." CVE-2022-24086 does not require any administrator privileges to trigger. Adobe says the critical, pre-auth bug can be exploited in order to execute arbitrary code. As the vulnerability is severe enough to warrant an emergency patch, the company has not released any technical details, which gives customers time to accept fixes and mitigates further risks of exploit. The bug impacts Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), as well as earlier versions. Adobe's patches can be downloaded and manually applied here.
Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution (RCE) as SYSTEM on any unpatched MXview server, researchers warned this week. The five bugs, affecting versions 3.x to 3.2.2, score a collective 10 out of 10 on the CVSS vulnerability-severity scale, according to Claroty’s Team82 research team. Three of them can be chained together to achieve the aforementioned RCE (CVE-2021-38452, CVE-2021-38460 and CVE-2021-38458), but the others can be used to lift passwords and other sensitive information (CVE-2021-38456, CVE-2021-38454). Moxa’s MXview network management software is designed for configuring and monitoring networking devices in industrial control systems (ICS) and operational technology (OT) networks. It has multiple components, Team82 noted in its Thursday advisory, including an MQTT message broker named Mosquitto that transfers messages to and from different components in the MXview environment. “Moxa’s MXview is a significant player in the ICS and overall IoT market with their focus on converged networks – few network management vendors focus on this space, and therefore the significance of these vulnerabilities is high,” Bud Broomhead, CEO at Viakoo, said via email. “It’s worth noting that with manufacturing and line-of-business organizations using them, not all their end users will have the IT resources or knowledge to quickly remediate these vulnerabilities – making these high severity (10/10 score) vulnerabilities that much more dangerous.” The bugs are patched in MXview version 3.2.4.
Related Links
Back to index