Complete DHS Report for November 24, 2014
Daily Report
Top Stories
• An oil platform explosion at Fieldwood
Energy’s Echo Platform, West Delta 105, off the coast of Louisiana left 1
person dead and 3 others injured November 20. – WWL 4 New Orleans
1. November
21, WWL 4 New Orleans – (International) 1 dead, 3 hurt in oil
platform explosion off La. coast. An oil platform explosion at Fieldwood
Energy’s Echo Platform, West Delta 105, off the coast of Louisiana left 1
person dead and 3 others injured November 20. Authorities contained the
explosion and continue to investigate the incident. Source: http://www.usatoday.com/story/news/nation/2014/11/20/1-dead-3-hurt-in-oil-platform-explosion-off-la-coast/70039166/
• The California Public Utilities Commission
imposed a $1.05 million fine to Pacific Gas and Electric Company following the
exchange of inappropriate email communications between the utility and State
regulators regarding alleged negotiations of appointing a judge to a hearing on
utility rates in the San Bruno pipeline explosion case. – KPIX 5 San
Francisco
3. November
20, KPIX 5 San Francisco – (California) PG&E fined $1.05
million over backroom negotiations; utility to appeal decision. Pacific Gas
and Electric Company was issued a $1.05 million fine by the California Public
Utilities Commission following the exchange of inappropriate email
communications between the utility and State regulators regarding alleged
negotiations of appointing a judge to a hearing on utility rates in the San
Bruno pipeline explosion case. Source: http://sanfrancisco.cbslocal.com/2014/11/20/pge-fined-more-than-1-million-over-backroom-negotiations/
• All schools in the cities of Buffalo and
Lackawanna, including suburban districts in 7 other towns as well as 7
additional colleges and universities remain closed November 20 for the third
consecutive day after a winter storm dumped over 5 feet of snow in western New
York. – Associated Press
17. November
20, Associated Press – (New York) Some Buffalo-area schools
closed for 3 days in row. All Buffalo and Lackawanna-area schools as well
as schools in 7 other towns, and 7 additional colleges and universities were
closed November 20 for the third consecutive day after a winter storm dumped
over 5 feet of snow in western New York. Source: http://newsok.com/some-buffalo-area-schools-closed-for-3-days-in-row/article/feed/762393
•
Structural damage of rooftops due to the accumulation of heavy snow prompted an
evacuation of more than 50 residents from mobile home parks in Cheektowaga and
West Seneca, New York, and 180 from a Cheektowaga assisted living facility
November 20. – Associated Press
32. November 20, Associated Press – (New York) Roofs
collapse as Buffalo clobbered by more snow. More than 50 residents were
evacuated from mobile home parks in Cheektowaga and West Seneca and about 180
residents were evacuated from a Cheektowaga assisted living facility November
20 due to heavy snows that caused the structures’ roofs to buckle. The Buffalo
Bills rescheduled and relocated its November 24 football game and schools in
the Buffalo area canceled classes November 20 while driving bans were in effect
and a portion of the New York State Thruway remained closed. Source: http://abcnews.go.com/US/wireStory/round-buffalo-braces-wintry-wallop-27044077
Financial Services Sector
5. November
21, Associated Press – (New Jersey) Man admits $20 million Ponzi scheme in New
Jersey. A Colts Neck man pleaded guilty November 20 to running a $20
million Ponzi scheme involving 36 investors that caused investor losses of
around $12.7 million. Source: http://www.msn.com/en-us/news/crime/man-admits-dollar20-million-ponzi-scheme-in-new-jersey/ar-BBeVA1y
6. November
20, U.S. Attorney’s Office, Southern District of New York –
(International) Former corporate executives charged with securities fraud
and tax offenses for wide-ranging commercial bribery scheme. Federal
authorities charged two Coral Gables, Florida men who worked as senior
executives at Systemax Inc., and its subsidiary computer and electronics vendor
TigerDirect for allegedly engaging in a kickback scheme with an Asia-based
group of suppliers that netted the men over $9 million in kickbacks and
benefits. The men were also charged for allegedly concealing the illicit income
from the Internal Revenue Service. Source: http://www.fbi.gov/newyork/press-releases/2014/former-corporate-executives-charged-with-securities-fraud-and-tax-offenses-for-wide-ranging-commercial-bribery-scheme
7. November
19, Consumer Financial Protection Bureau – (National) CFPB takes
first action against ‘buy-here, pay-here’ auto dealer. The Consumer
Financial Protection Bureau issued a consent order November 19 against Arizona-based
used car dealer network DriveTime Automotive Group Inc., and its finance
company DT Acceptance Corporation seeking $8 million in penalties and the
reform of several practices for allegedly providing inaccurate credit
information to credit reporting agencies, engaging in excessive or prohibited
calls, and other actions that constituted harassment of customers. Source: http://www.consumerfinance.gov/newsroom/cfpb-takes-first-action-against-buy-here-pay-here-auto-dealer/
For another story, see item 25 below in the Information Technology Sector
Information Technology Sector
20. November
21, Securityweek – (International) Siemens fixes critical vulnerabilities in
WinCC SCADA products. Siemens issued patches for two vulnerabilities in its
SIMATIC WinCC supervisory control and data acquisition (SCADA) systems, one of
which could be remotely exploited by an unauthorized attacker. The SIMATIC
WinCC system is used to monitor and control industrial and infrastructure
systems in chemical, food and beverage, oil and gas, and water and wastewater
applications. Source: http://www.securityweek.com/siemens-fixes-critical-vulnerabilities-wincc-scada-products
21. November
21, Softpedia – (International) Persistent XSS flaw fixed in WP Statistics
plug-in for WordPress. The developers of the WP Statistics plug-in for
WordPress released version 8.3.1 in order to close a stored cross-site
scripting (XSS) vulnerability that could allow attackers to execute commands in
the administration panel. Source: http://news.softpedia.com/news/Persistent-XSS-Flaw-Fixed-in-WP-Statistics-Plug-In-for-WordPress-465587.shtml
22. November
21, The Register – (International) DoubleDirect hackers snaffle fandroid and
iPhone-strokers’ secrets. Researchers with Zimperium identified a
man-in-the-middle (MitM) attack technique targeting Android and iOS devices
dubbed DoubleDirect that can be used by attackers to intercept devices’ traffic
to steal credentials or deliver malicious payloads that can go on to infect a
larger network. The researchers have observed the attack being used in the wild
and provided a proof of concept for the attack method. Source: http://www.theregister.co.uk/2014/11/21/hackers_snaffling_smartphone_secrets_with_redirection_attack/
23. November
21, Securityweek – (International) WordPress 4.0.1 released to address critical
XSS, other vulnerabilities. The developers of WordPress released version
4.0.1 of the content management system, closing a cross-site scripting (XSS)
vulnerability and eight other security issues. Source: http://www.securityweek.com/wordpress-401-released-address-critical-xss-other-vulnerabilities
24. November
20, Securityweek – (International) Multiple vulnerabilities found in Hikvision
DVR devices. Researchers with Rapid7 identified and reported three remotely
exploitable vulnerabilities in Hikvision DVR devices that could be used by
unauthenticated attackers to execute arbitrary code. Source: http://www.securityweek.com/multiple-vulnerabilities-found-hikvision-dvr-devices
25. November
20, Securityweek – (International) DDoS attacks over 10 Gbps jump in Q3:
Verisign. Verisign released their report on distributed denial of service
(DDoS) attacks for the third quarter (Q3) of 2014 and found that attacks
exceeding 10 Gpbs grew by 38 percent compared to the second quarter (Q2),
representing over 20 percent of all DDoS attacks in Q3, among other findings. Source:
http://www.securityweek.com/ddos-attacks-over-10-gbps-jump-q3-verisign
26. November
20, IDG News Service – (International) Governments act against webcam-snooping
websites. Authorities in the U.S. and U.K. warned users of
Internet-connected webcams and other video devices to secure their devices by
adding passwords and changing default passwords after Web sites broadcasting
unsecured video feeds were identified online. One of the major unsecured feed
sites went offline November 20 while at least one other was still available.
Source: http://www.networkworld.com/article/2850833/governments-act-against-webcamsnooping-websites.html
For another
story, see item 6 above in the Financial Services Sector
Communications Sector
Nothing to report