Wednesday, July 30, 2014



Complete DHS Report for July 30, 2014

Daily Report

Top Stories

 · One subcontractor was killed and three others were injured July 28 when the top blew off a fish oil storage tank under repair at the Omega Protein fish processing facility in Moss Point, Mississippi, prompting a 2-day closure of the plant. – Jackson Clarion-Ledger
10. July 28, Jackson Clarion-Ledger – (Mississippi) Mississippi fish oil plant explosion kills 1, injures 3. One subcontractor was killed and three others were injured July 28 when the top blew off a fish oil storage tank under repair at the Omega Protein fish processing facility in Moss Point. The facility was closed through July 30 while authorities investigate the incident. Source: http://www.usatoday.com/story/news/nation/2014/07/28/mississippi-fish-oil-plant-explosion/13285737

 · Seven East Bay, California communities and the East Bay Municipal Utility District reached an agreement with the U.S. Environmental Protection Agency July 28 to pay $1.5 million in fines for past sewage discharges into the San Francisco Bay. – U.S. Department of Justice 

16. July 28, U.S. Department of Justice – (California) Historic clean water act settlement will prevent millions of gallons of sewage discharges into San Francisco Bay. Seven East Bay communities and the East Bay Municipal Utility District reached an agreement with the U.S. Environmental Protection Agency July 28 to pay $1.5 million in fines for past sewage discharges into the San Francisco Bay. The district and the communities will also upgrade their 1,500 mile-long sewer system over a 21-year period in order to help eliminate millions of gallons of sewage overflows. Source: http://www.justice.gov/opa/pr/2014/July/14-enrd-790.html

 · Data was stolen from a National Oceanic and Atmospheric Administration (NOAA) contractor’s personal computer in 2013, which allowed a hacker to extract data from NOAA’s National Environmental Satellite, Data, and Information Service system through a remote connection. – Nextgov 

23. July 28, Nextgov – (National) Hacker breached NOAA satellite data from contractor’s PC. A report released by the Office of the Inspector General found that satellite data was stolen from a National Oceanic and Atmospheric Administration (NOAA) contractor’s personal computer in 2013, which allowed a hacker to extract data from NOAA’s National Environmental Satellite, Data, and Information Service system through a remote connection. The report found the administration had several security deficiencies and security bugs in its satellite software that remained unfixed, among other findings. Source: http://www.nextgov.com/cybersecurity/2014/07/hacker-breached-noaa-satellite-data-contractors-pc/89771/

 · Police are searching for two suspects connected to a July 28 shooting in the parking lot of the Northwoods Mall in North Charleston, South Carolina, which prompted the mall to go on lockdown for about 5 hours and injured one person. – WCSC 5 Charleston

29. July 29, WCSC 5 Charleston – (South Carolina) NCPD: Teenage suspects identified in mall shooting, search underway. Police are searching for two suspects believed to be connected to a July 28 shooting in the parking lot of the Northwoods Mall in North Charleston which prompted the mall to go on lockdown for about 5 hours while a SWAT team cleared the scene. One person was injured in the incident. Source: http://www.foxcarolina.com/story/26130308/dispatch-police-responding-to-report-of-shooting-at-northwoods-mall

Financial Services Sector

5. July 29, U.S. Commodity Futures Trading Commission – (National) CFTC charges J.P. Morgan Securities LLC with repeatedly submitting inaccurate large trader reports and imposes a $650,000 civil monetary penalty. J.P. Morgan Securities LLC, a subsidiary of JPMorgan Chase & Co., agreed July 29 to pay $650,000 in penalties to resolve charges by the U.S. Commodity Futures Trading Commission that it submitted inaccurate reports about positions held by certain large traders. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6968-14

6. July 28, WWJ 62 Detroit – (Michigan) $11K reward offered for help to catch Dearborn serial bank robber. Authorities asked for the public’s help in identifying a serial bank robber who has robbed three separate banking institutions in Dearborn between May and July. Source: http://detroit.cbslocal.com/2014/07/28/11k-reward-offered-for-help-to-catch-dearborn-serial-bank-robbery/

For another story, see item 21 below from the Government Facilities Sector

21. July 28, St. Louis Post-Dispatch – (Missouri) Ballwin woman gets 51 months for Medicare fraud, bank fraud. A Ballwin woman was sentenced July 28 and ordered to pay $200,000 in restitution after pleading guilty to directing nurses and staff from her healthcare company, Better Way Home Care in Ellisville, to boost billing by falsifying hundreds of records to inflate the number of therapy visits to patients and directed them to document false diagnoses and exaggerate patients’ conditions in order to defraud Medicare. Source: http://www.stltoday.com/news/local/crime-and-courts/ballwin-woman-gets-months-for-medicare-fraud-bank-fraud/article_15b95383-2e8d-5533-aa40-0cb2226313af.html

Information Technology Sector

25. July 29, The Register – (International) Only ‘3% of web servers in tops corps’ fully fixed after Heartbleed snafu. A study by Venafi Labs found that only 3 percent of machines have been fully protected against the Heartbleed Open SSL vulnerability which includes patching servers and changing private keys, as well as being issued with new SSL certificates and having the old ones revoked. Source: http://www.theregister.co.uk/2014/07/29/only_3_of_top_firms_fully_patched_against_heartbleed_flaw/

26. July 28, Securityweek – (International) Cybercriminals abuse Amazon cloud to host Linux DDoS Trojans. Kaspersky Lab reported that Amazon cloud services and other companies are being abused by cybercriminals to host distributed denial of service (DDoS) bots, including a sophisticated Linux trojan capable of conducting domain name system (DNS) amplification DDoS attacks. The attackers are able to access the servers by exploiting vulnerabilities in versions 1.1.x of Elasticsearch. Source: http://www.securityweek.com/cybercriminals-abuse-amazon-cloud-host-linux-ddos-trojans

27. July 28, Securityweek – (International) Kaspersky analyzes distribution network for Koler mobile ransomware. Kaspersky Lab published findings on the Koler ransomware which targets Android and Internet Explorer users stating that dozens of automatically generated sites redirect traffic to a central hub using a traffic distribution system where users are again redirected. The distribution infrastructure relies on a network of at least 48 malicious adult Web sites linked to Keitaro traffic redirection system. Source: http://www.securityweek.com/kaspersky-analyzes-distribution-network-koler-mobile-ransomware

28. July 28, Softpedia – (International) I2P networking tool patched against de-anonymization. Developers of the I2P network released the 0.9.14 patch which integrates repairs for cross-site-scripting (XSS) and remote execution vulnerabilities addressing flawed components in Tails operating system enabling de-anonymization of a client. The release contains several bug fixes in i2ptunnel, i2psnark, and other updates. Source: http://news.softpedia.com/news/I2P-Networking-Tool-Patched-Against-De-Anonymization-452464.shtml

For another story, see item 23 above in Top Stories

Communications Sector

See item 24 below from the Emergency Services Sector

24. July 28, Ashville Citizen-Times – (North Carolina) Landline phone outage reported in Cherokee County. Emergency 9-1-1 service was down indefinitely in Cherokee County, North Carolina, July 28 due to a Frontier Communications’ landline outage. Source: http://www.citizen-times.com/story/news/local/2014/07/28/landline-phone-outage-reported-cherokee-county/13280621/