Complete DHS Report for January 6, 2015
Daily Report
Top Stories
· Petro-Hunt
LLC reported January 2 that over 25,000 gallons of crude oil was released
following an oil well blowout at its site in McKenzie County, North Dakota. – Forum
of Fargo-Moorhead
2. January
3, Forum of Fargo-Moorhead – (North Dakota) Blowout releases 600
barrels of oil in McKenzie County. Petro-Hunt LLC reported January 2 that
over 25,000 gallons of crude oil was released following an oil well blowout at
its site in McKenzie County, North Dakota. Crews worked to control and clean up
the spill while authorities continued to investigate whether any oil reached a
tributary of the Missouri River. Source: http://www.jamestownsun.com/news/state/3647122-blowout-releases-600-barrels-oil-mckenzie-county
· A
semi-truck carrying propane and a car collided January 2 prompting the closure
of both directions of Interstate 20 in Arlington, Texas, for more than 24 hours
before all lanes reopened January 3 after propane began burning when the
semi-truck rolled onto its side and leaked. – KXAS 5 Fort Worth
9. January
3, KXAS 5 Fort Worth – (Texas) Propane tank truck fire shuts down
Interstate 20 in Arlington. A semi-truck carrying propane and a car
collided January 2 prompting the closure of both directions of Interstate 20 in
Arlington, Texas, for more than 24 hours before all lanes reopened January 3
after propane began burning when the semi-truck rolled onto its side and
leaked. A third car hit the two vehicles during the incident and no injuries
were reported. Source: http://www.nbcdfw.com/news/local/18-Wheeler-Fire-Shuts-Down-Interstate-20-in-Arlington-287324761.html
· At least
35 vehicles were involved in 2 separate pileups on Interstate 93 in Ashland,
New Hampshire, January 2 prompting a number of injuries due to whiteout road
conditions. – Associated Press
11. January
2, Associated Press – (New Hampshire) Dozens of vehicles crash in
two pileups on New Hampshire Highway. At least 35 vehicles were involved in
2 separate pileups on Interstate 93 in Ashland, New Hampshire, January 2
prompting a number of injuries due to whiteout road conditions. Source: http://www.nytimes.com/2015/01/03/us/new-hampshire-interstate-93-pileup-crash.html
· One
security guard was killed and 2 individuals were injured January 1 when a gunman
opened fire at the Cal Skate roller rink in Grand Terrace, California, during
an all-night New Year's Eve event. – Associated Press
32. January 2, Associated Press – (California) Shooting
at New Year’s Eve party in Grand Terrace leaves 1 dead, 2 wounded. One
security guard was killed and two individuals were injured January 1 when a
gunman opened fire at the Cal Skate roller rink in Grand Terrace during an
all-night New Year's Eve event. Police continue to search for a suspect and the
roller rink was closed indefinitely following the incident. Source: http://www.sbsun.com/general-news/20150101/shooting-at-new-years-eve-party-in-grand-terrace-leaves-1-dead-2-wounded
Financial Services Sector
4. January
5, USA Today – (National) Morgan Stanley fires employee, cites
data theft. Morgan Stanley officials reported January 5 that the investment
banking firm began notifying about 900 clients of its wealth management
division that a former employee stole partial account information of up to 10
percent of the division’s client portfolio and briefly posted the information
on the Internet. The information was promptly removed and the firm instituted
enhanced security procedures on the affected accounts as a precaution. Source: http://www.usatoday.com/story/money/personalfinance/2015/01/05/morgan-stanley-employee-fired-data/21283617/
5. January
4, Associated Press – (Missouri) Columbia man admits to string of
bank robberies. Police arrested a man for allegedly robbing at least of six
banks in Columbia, Missouri, since November including the latest robbery at a
Boone County National Bank branch January 3. Source: http://fox2now.com/2015/01/04/columbia-man-admits-to-string-of-bank-robberies/
Information Technology Sector
25. January 5,
Securityweek – (International) Google discloses unpatched Windows 8.1
vulnerability. A security hole that was reported to Microsoft in September
2014 by Google’s Project Zero initiative was disclosed through a proof-of-concept
(PoC) for a local privilege escalation vulnerability affecting Windows 8.1
which does not check the impersonation token of the caller to determine if a
user is an administrator after allowing application compatibility data to be
cached for quick reuse when new processes are created. Microsoft reported that
it is working on an update to address the vulnerability. Source: http://www.securityweek.com/google-discloses-unpatched-windows-81-vulnerability
26. January 5,
Help Net Security – (International) The hidden dangers of third party code in
free apps. MWR InfoSecurity researchers found several ways hackers can
abuse ad networks by exploiting vulnerabilities in free mobile apps due to a
privileged code injected into the apps that advertisers and third parties use
for tracking which could allow access to address books, SMS contents, email, or
any other action on the device that the app developer is allowed to access.
Source: http://www.net-security.org/secworld.php?id=17783
27. January 5,
Softpedia – (International) New Steam stealer malware sample gets analyzed,
points to Australian national. A researcher discovered 14 active malware
samples in 2014 which were used to steal game items from the accounts of Steam
users and spread to the list of friends available via chat messages, prompting
security researchers to urge users to refrain from running executable files
delivered through comments or communication in chat. Source: http://news.softpedia.com/news/New-Steam-Stealer-Malware-Sample-Gets-Analyzed-Points-to-Australian-National-468902.shtml
28. January 5,
Softpedia – (International) PayPal complete account hijacking bug gets
fix, no award given. PayPal fixed a bug that was discovered by a researcher
which potentially allowed an attacker to steal sensitive information from an
account after a discovery that PayPal did not verify the actual contents of a
file uploaded through a page, trusting the extension of the item implicitly,
despite the fact that the data is served back with false (media type of the
message content) MIME type. The bug would have allowed an attacker to upload
any file to any PayPal subdomain in order to compromise an account. Source: http://news.softpedia.com/news/PayPal-Complete-Account-Hijacking-Bug-Gets-Fix-No-Award-Given-468856.shtml
Communications Sector
Nothing to report