Thursday, October 16, 2014



Complete DHS Report for October 16, 2014

Daily Report

Top Stories
 
 · An estimated 4,000 barrels of oil were released October 13 in northwest Louisiana from a Sunoco Logistics oil pipeline prompting the shut off of a section of the pipeline until further notice. – Wall Street Journal

October 14, Wall Street Journal – (Louisiana) Pipeline remains shut after spill in Louisiana on Monday. An estimated 4,000 barrels of oil were released October 13 in northwest Louisiana from a Sunoco Logistics oil pipeline prompting the shut off of a section of the pipeline between Longview, Texas, and Mayersville, Mississippi, until further notice. The spill was contained and the company is investigating the incident. Source: http://online.wsj.com/articles/pipeline-remains-shut-after-spill-in-louisiana-monday-1413319263
 
 · A water line break the week of October 6 that left roughly 2,000 customers in Nowata County, Oklahoma, without water service prompted members of the Cherokee Nation to deliver 16,000 bottles of water, 336 one-gallon jugs, and a 535-gallon tank of water to residents. – Tulsa World

16. October 15, Tulsa World – (Oklahoma) Cherokees deliver drinking water following line break in Nowata County. A water line break the week of October 6 that left roughly 2,000 residents in Nowata County without water service prompted members of the Cherokee Nation to deliver 16,000 bottles of water, 336 one-gallon jugs, and a 535-gallon tank of water to residents and Oklahoma Union Public Schools. Source: http://www.tulsaworld.com/news/state/cherokees-deliver-drinking-water-following-line-break-in-nowata-county/article_def659c7-935b-5e5d-8334-565b27b9b71c.html
 
 · Repair work and cleanup continued October 13 after a water main broke October 10 and discharged an estimated 2.5 million gallons of water, flooding nearby streets, 34 homes, and a school in east Salt Lake City, Utah. – Salt Lake Tribune

18. October 13, Salt Lake Tribune – (Utah) Cleanup from E. Salt Lake City water main break continues. Repair work and cleanup efforts continued October 13 after a 48-inch water main broke October 10 and discharged an estimated 2.5 million gallons of water, flooding and damaging nearby streets, 34 homes, and the Montessori Community School in east Salt Lake City. The school remained closed until further notice while city officials worked to assess the total damage. Source: http://www.sltrib.com/sltrib/news/58515941-78/1700-lake-salt-break.html.csp
 
 · A 5-alarm fire displaced more than 20 residents from a Boston apartment building October 10 and caused an estimated $1.1 million in damage to the structure. – Associated Press 

40. October 13, Associated Press – (Massachusetts) Police: Body found in Boston fire had been stabbed. A 5-alarm fire displaced more than 20 residents from a Boston apartment building October 10 and caused an estimated $1.1 million in damage to the structure. Authorities discovered the remains of a man who was stabbed multiple times during their investigation into the source of the blaze. Source: http://www.wbur.org/2014/10/13/police-body-fire-stabbed

Financial Services Sector

Nothing to report

Information Technology Sector

24. October 15, Help Net Security – (International) Microsoft patches two more 0-days actively used by attackers. Microsoft released its monthly Patch Tuesday round of patches for October, closing several critical vulnerabilities including the SandWorm vulnerability and others exploited by attackers. Source: http://www.net-security.org/secworld.php?id=17498

25. October 15, Softpedia – (International) Flash Player 15 update plugs remote code execution bugs. Adobe released patches for three critical vulnerabilities in its Flash Player consisting of two memory corruption issues and one integer overflow vulnerability. Source: http://news.softpedia.com/news/Flash-Player-15-Update-Plugs-Remote-Code-Execution-Bugs-462158.shtml

26. October 15, Softpedia – (International) Mozilla fixes critical bugs in Firefox 33. Mozilla released the latest version of its Firefox browser, closing 33 critical vulnerabilities and adding improved functionality. Source: http://news.softpedia.com/news/Mozilla-Fixes-Critical-Bugs-in-Firefox-33-462211.shtml

27. October 15, Softpedia – (International) SSL 3.0 falls in the face of POODLE attack, needs to be disabled. Researchers with Google designed an attack named POODLE that can exploit a flaw in the design of the Secure Sockets Layer 3.0 (SSL 3.0) protocol that can allow the extraction of data from secure connections using the protocol. SSL 3.0 has been superseded by several other protocols but is still used in some clients and servers and as a backup protocol by Web browsers if modern protocols are unavailable. Source: http://news.softpedia.com/news/SSL-3-0-Falls-In-Face-of-POODLE-Attack-Needs-To-Be-Disabled-462136.shtml

28. October 14, Softpedia – (International) Malware-like browser pop-ups used by advertisers to push apps on Android. A researcher at Malwarebytes reported that some advertisers are using fake warning or update notifications directed at Android users in an attempt to get them to download legitimate but potentially unwanted programs in an affiliate marketing scheme. Source: http://news.softpedia.com/news/Malware-Like-Browser-Pop-Ups-Used-By-Advertisers-to-Push-Apps-On-Android-462103.shtml

29. October 14, Threatpost – (International) BlackBerry 10 devices open to bug that allows malicious app installation. BlackBerry released a patch for a vulnerability in BlackBerry 10 devices that could allow an attacker with a man-in-the-middle position to replace legitimate apps downloaded through the BlackBerry World app store with malicious apps. Source: http://threatpost.com/blackberry-10-devices-open-to-bug-that-allows-malicious-app-installation/108830

30. October 14, Help Net Security – (International) Malicious YouTube ads lead to exploits, ransomware. Trend Micro researchers identified and reported a malvertising campaign where attackers appeared to have bought traffic from legitimate ad providers in order to place malicious ads on popular YouTube videos to redirect users through several sites to a server hosting the Sweet Orange exploit kit. The exploit kit then attempts to infect users with the Kovter ransomware via an Internet Explorer vulnerability. Source: http://www.net-security.org/malware_news.php?id=2883

31. October 14, Securityweek – (International) Massive Oracle security update lands on Microsoft Patch Tuesday. Oracle released over 150 patches for several of its products, closing critical vulnerabilities in several products including Oracle Database and Java SE. Source: http://www.securityweek.com/massive-oracle-security-update-lands-microsoft-patch-tuesday

Communications Sector

32. October 15, KCRA 3 Sacramento – (California) Downed tree to blame for Sonora-area service outage. Cellphone, Internet, and TV service was restored to 37,000 AT&T, Citizens Telephone, and Sierra Cellular customers in the Sonora area October 15 after a downed tree disrupted service October 14. Source: http://www.kcra.com/news/local-news/news-sierra/37k-are-without-att-service-in-foothills/29135598