Wednesday, January 21, 2015



Complete DHS Report for January 21, 2015

Daily Report

Top Stories

 · A California man and 3 other individuals were convicted January 16 in a scheme that defrauded 200 people out of more than $3 million through fake oil-well investments in Kentucky from mid-2012 through August 2014. – Lexington Herald-Leader

2. January 18, Lexington Herald-Leader – (National) California man is convicted in $3 million Kentucky oil-well scheme. A California man was found guilty January 16 for conducting a plan that defrauded 200 people out of more than $3 million through fake oil-well investments in Kentucky from mid-2012 through August 2014. Three other individuals were also charged in the scheme which included utilizing documents that included fake geological surveys to make it appear that the wells were producing substantial amounts of oil and that the sites had large reserves. Source: http://www.kentucky.com/2015/01/18/3648594_california-man-is-convicted-in.html

 · Two Delta Airlines plane sharing the same flight number were deplaned and searched at John F. Kennedy International Airport in New York January 19 after a bomb threat was made for Delta flight 468. – WCBS 2 New York City

6. January 19, WCBS 2 New York City – (New York) Police swarm JFK after alleged bomb threat directed at landing Delta flight. An alleged bomb threat that was called in for a Delta Air Lines flight 468 landing at John F. Kennedy International Airport in New York January 20 prompted officials to search two Delta planes sharing the same flight number, with one moved to a remote area of the airport to rescreen luggage for potential explosive devices. Both flights were cleared when nothing suspicious was found. Source: http://newyork.cbslocal.com/2015/01/19/police-swarm-jfk-after-alleged-bomb-threat-directed-at-landing-delta-flight/

 · More than 160 miles of eastbound lanes on Interstate 84 in Oregon was closed for several hours January 17 following a 26-car pileup that involved 12 semi-trucks and over 50 vehicles due to icy road conditions. – Portland Oregonian

10. January 17, Portland Oregonian – (Oregon) Interstate 84 finally reopened after massive 26-car pileup closes it for most of day. More than 160 miles of eastbound lanes on Interstate 84 from Pendleton to Ontario were closed for several hours January 17 following a massive 26-car pileup that involved 12 semi-trucks and trapped over 50 vehicles due to icy road conditions. Twelve people were injured and treated at local hospitals. Source: http://www.oregonlive.com/pacific-northwest-news/index.ssf/2015/01/interstate_84_finally_reopened.html

 · An advisory was issued to residents in Glendive, Montana, against ingesting water after oil was detected in the city’s public water supply following a January 17 pipeline break that caused up to 50,000 gallons of oil to spill along the Yellowstone River. – CBS News; Associated Press

24. January 20, CBS News; Associated Press – (Montana) Yellowstone River spill: Oil detected in water supplies. Preliminary testing detected oil in the city of Glendive’s public water supplies prompting officials to bring in drinking water for residents following a January 17 Bridger Pipeline LLC-owned pipeline break that caused up to 50,000 gallons of oil to spill along the Yellowstone River in Montana. The pipeline remained shut down indefinitely while crews worked to contain the oil and officials continued to test the water. Source: http://www.cbsnews.com/news/yellowstone-river-spill-oil-detected-in-water-supplies/

Financial Services Sector

Nothing to report

Information Technology Sector

31. January 20, Securityweek – (International) VideoLan says flaws exist in codecs library, not VLC. A security researcher discovered two vulnerabilities in libavcodec, a free open-source audio/video codecs library used by VLC, Xine and MPlayer media players that could allow the attacker the ability to corrupt memory and exploit arbitrary code. Source: http://www.securityweek.com/videolan-says-flaws-exist-codecs-library-not-vlc

32. January 20, Securityweek – (International) CSRF flaw allowed attackers to hijack GoDaddy domains. A security researcher discovered that Internet domain registrar GoDaddy failed to implement any cross-site request forgery (CSRF) protections for many DNS management actions which an attacker could have exploited to edit nameservers, edit DNS records, and modify automatic renewal settings. GoDaddy took measures to fix the vulnerability and introduced CSRF protections for sensitive account actions January 19. Source: http://www.securityweek.com/csrf-flaw-allowed-attackers-hijack-godaddy-domains

33. January 20, Softpedia – (International) Oracle addresses 167 bugs in critical patch update. Oracle released its quarterly Critical Patch Update January 20, closing 167 vulnerabilities found in 48 of the company’s products. The developer’s Oracle Fusion Middleware product received 35 security patches, more than any other product, including 28 patches for vulnerabilities exploited remotely without authentication of the potential attacker. Source: http://news.softpedia.com/news/Oracle-Addresses-167-Bugs-In-Critical-Patch-Update-470567.shtml

34. January 20, CNET News – (National) Verizon races out fix for email security flaw. Verizon patched a serious vulnerability in its My FiOS mobile app after a security researcher discovered a flaw that could allow a user to access any Verizon email account, scan the inbox, read individual emails, and send messages. Source: http://www.cnet.com/news/verizon-races-out-fix-for-email-security-flaw/

For another story, see item 4 below from the Critical Manufacturing Sector

4. January 19, Help Net Security – (National) 2+ million US cars can be hacked remotely, researchers claim. A researcher with Digital Bond Labs presented a vulnerability that he identified at the S4 conference in Miami when he reverse-engineered the Snapshot tracking dongle offered by Progressive Insurance that is currently in use in over 2 million vehicles acrosthe U.S. that could allow the attacker to control some of the core functions of a car by compromising its on-board system via Snapshot remotely due to minimal security in the firmware. Source: http://www.net-security.org/secworld.php?id=17840

Communications Sector

35. January 17, Erie Times-News – (Pennsylvania) Tower climbing crew called in to work on WQLN radio outage. Crews worked to restore the signal to WQLN 91.3 FM Erie and all of the station’s translators after the station remained off the air January 17 due to an unspecified problem which knocked out the signal January 15. Source: http://www.goerie.com/tower-climbing-crew-called-in-to-work-on-wqln-radio-outage

For another story, see item 34 above in the Information Technology Sector