Complete DHS Report for December 12, 2014
Daily Report
Top Stories
• Officials reported
December 10 that work to clean up an estimated 8,000-gallon gasoline leak from
a pipeline near Belton, South Carolina, will continue for 2 to 3 weeks after
the pipeline was shut off December 8. – Greenville News
4. December 10, Greenville News – (South Carolina)
EPA: 8,000-gallon gas pipeline cleanup to last weeks. Officials reported
December 10 that work to clean up an estimated 8,000-gallon gasoline leak from a
26-inch pipeline owned by the Plantation Pipe Link Company near Belton will
continue for 2 to 3 weeks after the pipeline was shut off December 8 following
a leak. Service was expected to resume December 11 while authorities continue
to investigate the cause of the leak. Source: http://www.greenvilleonline.com/story/news/local/2014/12/10/gas-leak-near-belton-sparks-cleanup/20189533/
• Service on the
Sounder Northline commuter train was suspended until at least December 15 due
to debris from a mudslide that occurred from a slope adjacent to the main rail
line between Seattle and Everett in Washington December 10. – Seattle Times;
Associated Press
13. December 10, Seattle Times; Associated Press –
(Washington) Mudslide: Sounder Northline suspended until at least Monday. Company
officials stated that service on the Sounder Northline commuter train is
suspended until at least December 15 due to debris from a mudslide that
occurred from a slope adjacent to the main rail line between Seattle and
Everett December 10. Crews will assess the slide and slope stability in order
to determine when to resume service. Source: http://blogs.seattletimes.com/today/2014/12/mudslide-south-of-everett-blocks-railroad-track/
• A mandatory water
conservation order was enacted for Castine, Maine, after the Castine Water
Department discovered an unknown leak causing a loss of between 20,000-25,000
gallons a day out of the town’s water supply. – Castine Patriot
20. December 11, Castine Patriot – (Maine) ‘Unidentified
system leak’ forces mandatory water conservation. A mandatory water
conservation was enacted by the Board of Selectmen for the town of Castine
after the Castine Water Department discovered an unknown leak causing a loss of
between 20,000-25,000 gallons a day out of the town’s water supply. Crews
continued to search for the source of the leak while customers were urged to
limit daily consumption. Source: http://castinepatriot.com/news/2014/dec/11/unidentified-system-leak-forces-mandatory-water-co/
• San Francisco and
Oakland Unified School Districts closed all public schools as well as some
private schools in the Bay Area December 11 as a precautionary measure due to
an expected storm in northern California. – Associated Press
23. December 10, Associated Press – (California) Northern
California schools to close due to storm. San Francisco and Oakland Unified
School Districts closed public schools in both San Francisco and Oakland as
well as some private schools in the Bay Area December 11 as a precautionary
measure due to an expected storm in northern California that could impact
school operations. Source: http://www.contracostatimes.com/california/ci_27110628/northern-california-schools-close-due-storm
Financial Services Sector
8. December
10, Bloomberg News – (Nebraska) Former TierOne Bank CEO indicted on fraud charges.
The former CEO of Lincoln, Nebraska-based TierOne Bank was indicted on
federal charges December 10 for allegedly concealing the failed bank’s
financial condition to regulators by maintaining two sets of books and other
documentation to conceal tens of millions of dollars in delinquent loans.
Source: http://www.bloomberg.com/news/2014-12-10/former-tierone-bank-ceo-indicted-on-fraud-charges.html
9. December
10, U.S. Securities and Exchange Commission – (New York) SEC
announces fraud charges against Buffalo-based firm and co-owners accused of
misleading investors in hedge fund. The U.S. Securities and Exchange
Commission announced charges December 10 against Buffalo-based Reliance
Financial Advisors and its two co-owners for allegedly directing investors to
invest in a hedge fund run by a manager whose experience was greatly
exaggerated, causing their clients to lose most of their $12 million in
investments. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543672264
For another story, see item 27 below in the Information Technology Sector
Information Technology Sector
26. December
11, Softpedia – (International) OphionLocker, the new ransomware on the
block. Researchers with Trojan7Malware identified a new piece of ransomware
known as OphionLocker that uses elliptic curve cryptography (ECC) to encrypt
the data on victims’ systems and demand a ransom to decrypt the files. The
ransomware was observed in the wild being spread by the RIG exploit kit in
drive-by download attacks. Source: http://news.softpedia.com/news/OphionLocker-the-New-Ransomware-on-the-Block-467197.shtml
27. December
11, The Register – (International) Elderly zombie Asprox botnet STILL mauling biz
bods, says survey. A report by Palo Alto Networks found that the Asprox
botnet (also known as Kuluoz) was responsible for around 80 percent of recorded
attacks during October across almost 2,000 organizations in sectors including
the healthcare, financial services, and retail industries. The botnet malware
plants malicious code in vulnerable Web sites via SQL injection attacks and has
been used in phishing, malware distribution, and other attacks. Source: http://www.theregister.co.uk/2014/12/11/asprox_malware_mauls_business/
28. December
11, Softpedia – (International) Patch against critical flaw in HD FLV Player
still leaves the plug-in vulnerable. A researcher with Sucuri reported that
a recent patch closing a vulnerability that could have allowed unauthenticated
arbitrary file downloads in the HD FLV Player component for Joomla, WordPress,
and custom Web sites did not close a similar vulnerability that could allow an
unauthenticated attacker to send out emails from an affected site. Source: http://news.softpedia.com/news/Patch-Against-Critical-Flaw-in-HD-FLV-Player-Still-Leaves-the-Plug-in-Vulnerable-467156.shtml
29. December
11, The Register – (International) FreeBSD developers VANQUISH Demon bug. Researchers
with Norse identified and reported a vulnerability in FreeBSD that could have
allowed an attacker to inject malicious code into systems running the software.
The developers of FreeBSD released a patch after receiving the report, closing
the vulnerability. Source: http://www.theregister.co.uk/2014/12/11/freebsd_security_bug_patched/
30. December
11, Threatpost – (International) Black Energy malware may be exploiting
patched WinCC flaw. The Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT) issued an update to a previous alert concerning the Black
Energy malware seen targeting human-machine interface (HMI) products, which
stated that the malware may be exploiting vulnerabilities in the Siemens
SIMATIC WinCC software that was patched by Siemens November 11. Source: http://threatpost.com/black-energy-malware-may-be-exploiting-patched-wincc-flaw/109835
31. December
10, The Register – (International) Taxi app Uber plugs ‘privacy-threatening’ web
security flaw. Ride-sharing service Uber closed a cross-site scripting
(XSS) vulnerability in its Web site after a security researcher identified and
reported the issue. The vulnerability could have exposed users’ cookies,
personal information, browser history, and authentication credentials. Source: http://www.theregister.co.uk/2014/12/10/uber_xss_security_bug/
32. December
10, The Register – (International) ‘Critical’ security bugs dating back to 1987
found in X Window. The developers of the X Window System for Linux and
other Unix operating systems issued patches closing several vulnerabilities
that could be exploited to crash the system or run malicious code as the root
user after they were identified and reported by a researcher at IOActive.
Source: http://www.theregister.co.uk/2014/12/10/x_window_system_bugs/
Communications Sector
33. December 11, Associated
Press – (New Hampshire; Vermont) Widespread FairPoint outage in
New Hampshire, Vermont. FairPoint Communications’ crews worked to resolve a
widespread outage that disrupted high-speed Internet service for an unknown
amount of customers in New Hampshire and Vermont December 11 that also affected
municipal Web sites in Nashua and Manchester. Source: http://www.eagletribune.com/news/new_hampshire/widespread-fairpoint-outage-in-new-hampshire-vermont/article_24d09bd1-5338-5afe-bc3f-404bf217324a.html