Complete DHS Report for March
19, 2015
Daily Report
Top Stories
• Cleanup is expected to last 3 weeks as crews worked to
clear the area where 42,000 pounds of hazardous chemicals spilled from a
semi-truck along U.S. Highway 40 on Rabbit Ears Pass in Steamboat Springs,
Colorado, March 13. – Steamboat Pilot & Today
2. March 17, Steamboat Pilot
& Today –
(Colorado) Chemical spill cleanup continues on Rabbit Ears Pass. Crews
worked March 17 to excavate the area where 42,000 pounds of hazardous chemicals
spilled from an overturned semi-truck along U.S. Highway 40 on Rabbit Ears Pass
in Steamboat Springs March 13, while standing water was being pumped into a
large tank and contaminated dirt was being removed from the scene. Officials
continue to assess the environmental impact and cleanup efforts are expected to
last about 3 weeks. Source: http://www.steamboattoday.com/news/2015/mar/17/chemical-spill-clean-continues-rabbit-ears-pass/
• Kraft Foods Group announced March 17 a
voluntary recall of about 242,000 cases of its Macaroni & Cheese Dinner
product that were distributed throughout several countries due to the
possibility that some boxes may contain metal fragments. – Washington Post
14. March 17, Washington Post – (International) Kraft recalls more
than 6 million boxes of macaroni and cheese because they may contain metal. Kraft
Foods Group announced March 17 a voluntary recall of about 242,000 cases
containing 6.5 million boxes of its Macaroni & Cheese Dinner product that
were distributed throughout the U.S., Puerto Rico, the Caribbean, and some
South American countries due to the possibility that some boxes may contain
metal fragments. The company warned consumers not to prepare and eat macaroni
that comes in the original flavor, 7.25-ounce packages of the product. Source: http://www.washingtonpost.com/news/to-your-health/wp/2015/03/17/kraft-recalls-242000-cases-of-macaroni-and-cheese-because-they-may-contain-metal/
• Premera Blue Cross reported March 17
that hackers may have gained access to financial and personal information for
11 million customers following a cyber-attack that began in May 2014. – Reuters
19. March 17, Reuters – (National) Premera Blue Cross says
data breach exposed medical data. Premera Blue Cross reported March 17 that
hackers may have gained access to banking account numbers, Social Security
numbers, and personal information for 11 million customers following a
cyber-attack that began in May 2014. The health insurer is investigating and
stated that this attack is unrelated to a previous Blue Cross Blue Shield
breach in January. Source: http://www.nytimes.com/2015/03/18/business/premera-blue-cross-says-data-breach-exposed-medical-data.html
• Firefighters reached 70 percent
containment March 17 of a fire that burned 22,300 acres in Woodward County,
Oklahoma, and damaged or destroyed 25 structures causing an estimated $1.1
million in damage. – Enid News & Eagle
20. March 17, Enid News & Eagle – (Oklahoma) Wildfire
damages $1.1 in Woodward area. Firefighters reached 70 percent containment
March 17 of a fire that burned 22,300 acres in Woodward County, Oklahoma, and
damaged or destroyed 25 structures causing an estimated $1.1 million in damage.
Several people were evacuated March 16 and a stretch of Oklahoma 50 between
Mooreland and Freedom was closed for several hours. Source: http://www.enidnews.com/news/update-wildfire-damages-in-woodward-area/article_a8ade7da-ccac-11e4-9cf0-871eee820f92.html
Financial Services Sector
6. March
17, KMGH 7 Denver – (Colorado) Thief dubbed ‘Longhorn Bandit’
robs Westerra Credit Union in Arvada, police say. Authorities are searching
for a suspect dubbed the “Longhorn Bandit”, who allegedly robbed a Westerra
Credit Union branch in Arvada March 17 and is believed to be linked to 5 other
bank robberies in the area. Source: http://www.thedenverchannel.com/news/local-news/man-robs-westerra-credit-union-in-arvada-police-say-suspect-fled-scene-in-black-4-door-sedan03172015
For additional stories, see items 19 above in Top
Stories and 29 below in the Information Technology
Sector
Information Technology Sector
27. March 18,
Securityweek – (International) Apple fixes WebKit vulnerabilities with
release of Safari 8.0.4. Apple released Safari versions 8.0.4, 7.1.4, and
6.2.4 which address a total of 16 memory corruption issues that were identified
in WebKit, by Apple’s own security team and Google Chrome Security Team, and
included a user interface inconsistency. Source: http://www.securityweek.com/apple-fixes-webkit-vulnerabilities-release-safari-804
28. March 18,
Securityweek – (International) Johnson Controls, XZERES, Honeywell patch
vulnerable products. The Industrial Control Systems Cyber Emergency
Response Team (ICS-CERT) announced that Johnson Controls, Honeywell, and XZERES
released patches addressing vulnerabilities in their products which can be
exploited by an attacker to gain administrative access and compromise affected
systems through a cross-site request forgery (CSRF) flaw, an unrestricted file
upload vulnerability, or a path traversal vulnerability. Source: http://www.securityweek.com/johnson-controls-xzeres-honeywell-patch-vulnerable-products
29. March 18,
Softpedia – (International) Almost 2,000 popular Android and iOS apps are
vulnerable to FREAK attack. FireEye researchers discovered that 1,999
popular Android and Apple iOS apps used for photo and video, financial,
lifestyle, social networking, communication, or shopping are susceptible to the
Factoring RSA-Export Key (FREAK) attack which weakens encryption due to a
vulnerable build of OpenSSL cryptographic library. The apps all contain
sensitive information including data related to online banking, account log-in
credentials, or medical information. Source: http://news.softpedia.com/news/Almost-2-000-Popular-Android-and-iOS-Apps-Are-Vulnerable-to-FREAK-Attack-476101.shtml
30. March 17,
Softpedia – (International) Windows Live SSL certificate issued to
unauthorized third party. Microsoft released an advisory warning of a
fraudulent certificate for the Finnish Windows Live domain which is generated
by the Certificate Authority (CA) Comodo following an unauthorized request from
a privileged email account which can be used by hackers to spoof Microsoft Web
content and carry out man-in-the-middle (MitM) and phishing attacks. The
certificate affects systems running certain Windows and Server versions, as
well as Windows Phone 8 and Windows Phone 8.1. A standalone updater is
available for revoked certificate. Source: http://news.softpedia.com/news/Windows-Live-SSL-Certificate-Issued-to-Unauthorized-Third-Party-476020.shtml
Communications Sector
See item 29 above in the Information Technology
Sector
No comments:
Post a Comment