Tuesday, January 6, 2015



Complete DHS Report for January 6, 2015

Daily Report

Top Stories

 · Petro-Hunt LLC reported January 2 that over 25,000 gallons of crude oil was released following an oil well blowout at its site in McKenzie County, North Dakota. – Forum of Fargo-Moorhead

2. January 3, Forum of Fargo-Moorhead – (North Dakota) Blowout releases 600 barrels of oil in McKenzie County. Petro-Hunt LLC reported January 2 that over 25,000 gallons of crude oil was released following an oil well blowout at its site in McKenzie County, North Dakota. Crews worked to control and clean up the spill while authorities continued to investigate whether any oil reached a tributary of the Missouri River. Source: http://www.jamestownsun.com/news/state/3647122-blowout-releases-600-barrels-oil-mckenzie-county

 · A semi-truck carrying propane and a car collided January 2 prompting the closure of both directions of Interstate 20 in Arlington, Texas, for more than 24 hours before all lanes reopened January 3 after propane began burning when the semi-truck rolled onto its side and leaked. – KXAS 5 Fort Worth

9. January 3, KXAS 5 Fort Worth – (Texas) Propane tank truck fire shuts down Interstate 20 in Arlington. A semi-truck carrying propane and a car collided January 2 prompting the closure of both directions of Interstate 20 in Arlington, Texas, for more than 24 hours before all lanes reopened January 3 after propane began burning when the semi-truck rolled onto its side and leaked. A third car hit the two vehicles during the incident and no injuries were reported. Source: http://www.nbcdfw.com/news/local/18-Wheeler-Fire-Shuts-Down-Interstate-20-in-Arlington-287324761.html

 · At least 35 vehicles were involved in 2 separate pileups on Interstate 93 in Ashland, New Hampshire, January 2 prompting a number of injuries due to whiteout road conditions. – Associated Press

11. January 2, Associated Press – (New Hampshire) Dozens of vehicles crash in two pileups on New Hampshire Highway. At least 35 vehicles were involved in 2 separate pileups on Interstate 93 in Ashland, New Hampshire, January 2 prompting a number of injuries due to whiteout road conditions. Source: http://www.nytimes.com/2015/01/03/us/new-hampshire-interstate-93-pileup-crash.html

 · One security guard was killed and 2 individuals were injured January 1 when a gunman opened fire at the Cal Skate roller rink in Grand Terrace, California, during an all-night New Year's Eve event. – Associated Press
32. January 2, Associated Press – (California) Shooting at New Year’s Eve party in Grand Terrace leaves 1 dead, 2 wounded. One security guard was killed and two individuals were injured January 1 when a gunman opened fire at the Cal Skate roller rink in Grand Terrace during an all-night New Year's Eve event. Police continue to search for a suspect and the roller rink was closed indefinitely following the incident. Source: http://www.sbsun.com/general-news/20150101/shooting-at-new-years-eve-party-in-grand-terrace-leaves-1-dead-2-wounded

Financial Services Sector

4. January 5, USA Today – (National) Morgan Stanley fires employee, cites data theft. Morgan Stanley officials reported January 5 that the investment banking firm began notifying about 900 clients of its wealth management division that a former employee stole partial account information of up to 10 percent of the division’s client portfolio and briefly posted the information on the Internet. The information was promptly removed and the firm instituted enhanced security procedures on the affected accounts as a precaution. Source: http://www.usatoday.com/story/money/personalfinance/2015/01/05/morgan-stanley-employee-fired-data/21283617/

5. January 4, Associated Press – (Missouri) Columbia man admits to string of bank robberies. Police arrested a man for allegedly robbing at least of six banks in Columbia, Missouri, since November including the latest robbery at a Boone County National Bank branch January 3. Source: http://fox2now.com/2015/01/04/columbia-man-admits-to-string-of-bank-robberies/


Information Technology Sector

25. January 5, Securityweek – (International) Google discloses unpatched Windows 8.1 vulnerability. A security hole that was reported to Microsoft in September 2014 by Google’s Project Zero initiative was disclosed through a proof-of-concept (PoC) for a local privilege escalation vulnerability affecting Windows 8.1 which does not check the impersonation token of the caller to determine if a user is an administrator after allowing application compatibility data to be cached for quick reuse when new processes are created. Microsoft reported that it is working on an update to address the vulnerability. Source: http://www.securityweek.com/google-discloses-unpatched-windows-81-vulnerability

26. January 5, Help Net Security – (International) The hidden dangers of third party code in free apps. MWR InfoSecurity researchers found several ways hackers can abuse ad networks by exploiting vulnerabilities in free mobile apps due to a privileged code injected into the apps that advertisers and third parties use for tracking which could allow access to address books, SMS contents, email, or any other action on the device that the app developer is allowed to access. Source: http://www.net-security.org/secworld.php?id=17783

27. January 5, Softpedia – (International) New Steam stealer malware sample gets analyzed, points to Australian national. A researcher discovered 14 active malware samples in 2014 which were used to steal game items from the accounts of Steam users and spread to the list of friends available via chat messages, prompting security researchers to urge users to refrain from running executable files delivered through comments or communication in chat. Source: http://news.softpedia.com/news/New-Steam-Stealer-Malware-Sample-Gets-Analyzed-Points-to-Australian-National-468902.shtml

28. January 5, Softpedia – (International) PayPal complete account hijacking bug gets fix, no award given. PayPal fixed a bug that was discovered by a researcher which potentially allowed an attacker to steal sensitive information from an account after a discovery that PayPal did not verify the actual contents of a file uploaded through a page, trusting the extension of the item implicitly, despite the fact that the data is served back with false (media type of the message content) MIME type. The bug would have allowed an attacker to upload any file to any PayPal subdomain in order to compromise an account. Source: http://news.softpedia.com/news/PayPal-Complete-Account-Hijacking-Bug-Gets-Fix-No-Award-Given-468856.shtml

Communications Sector

Nothing to report