Complete DHS Report for February
11, 2015
Daily Report
Top Stories
· More
than 1,800 flights within, into, or out of the United States were cancelled
February 9 due to a massive snow storm that swept across the Northeast region
of the country. – USA Today
10. February
9, USA Today – (National) Airlines cancel flights as another
snowstorm hits northeast. More than 1,800 flights within, into, or out of
the United States were canceled February 9 due to a massive snow storm that
swept across the Northeast region of the country. Airports in the New York City
area reported significant delays for inbound flights, including average delays
of almost 7 hours for flights headed to LaGuardia Airport. Source: http://www.usatoday.com/story/todayinthesky/2015/02/09/northeast-snow-flight-cancellations/23111291/
·
A semi-truck that overturned on U.S. 40 in Daniels Canyon in Utah February 6
spilled 12,000 gallons of crude oil and ignited a large blaze that prompted the
closure of the highway in both directions for nearly 12 hours. – KSL 5 Salt
Lake City
11. February
7, KSL 5 Salt Lake City – (Utah) Daniels Canyon opens after oil
tanker crash, fire. A semi-truck that overturned on U.S. 40 in Daniels
Canyon February 6 spilled 12,000 gallons of crude oil and ignited a large blaze
that prompted the closure of the highway in both directions for nearly 12
hours. One lane of the highway was scheduled to remain open February 7-8 while
crews responded to road damage and environmental cleanup, and a second lane in
the opposite direction reopened ahead of schedule February 7. Source: http://www.ksl.com/?nid=148&sid=33385876
·
California health officials reported that 107 cases of measles were confirmed
in the State February 9, with 39 cases linked to a December 2014 outbreak that
began in Disneyland. –Reuters
21. February
9, Reuters – (International) California confirms 107 cases of measles, 39
from Disneyland outbreak. California health officials reported that 107
cases of measles were confirmed in the State February 9 and 39 of them linked
to a December 2014 outbreak that began in Disneyland. More than 3 dozen
additional cases of the disease have been reported in 19 other States and in
Mexico. Source: http://www.msn.com/en-us/news/us/california-confirms-107-cases-of-measles-39-from-disneyland-outbreak/ar-AA9bOHN
· A
researcher released 10 million username/password combinations that he collected
over the years on the Web in an effort to advance research and make
authentication more secure. – Securityweek
29. February
10, Securityweek – (International) Researcher publishes 10
million usernames and passwords. A researcher released 10 million
username/password combinations that he collected over the years in an attempt
to advance research and make authentication more secure. The researcher
asserted that most combinations were dated and had been scrubbed of all
identifying and compromising information. Source: http://www.securityweek.com/researcher-publishes-10-million-usernames-and-passwords
Financial Services Sector
4. February
9, Bergen County Record – (National) Waldwick police seize 125
credit cards from Walgreens customers. Three individuals were arrested by
police at a Waldwick Walgreens February 7 when they were caught with more than
125 stolen credit cards allegedly taken from all over the U.S. The suspects
were caught while they were purchasing a gift card and police found additional
gift cards on them while they were arrested. Source: http://www.northjersey.com/news/waldwick-police-seize-125-credit-cards-from-walgreens-customers-1.1267484
5. February
9, Reuters – (New York) New York plans cybersecurity reviews of
insurers after breach. New York’s Financial Services Department announced
plans February 9 to increase State insurers preparedness through regular
cyber-security reviews and enhanced regulations in the wake of February’s
Anthem Inc., breach that affected up to 80 million customers. Source: http://www.reuters.com/article/2015/02/09/us-anthem-cybersecurity-new-york-idUSKBN0LD1R620150209
Information Technology Sector
28. February
10, Softpedia – (International) About 40,000 MongoDB databases found open
online. Three Saarland University cyber-security students reported security
vulnerabilities in MongoDB’s database configuration, including servers with no
access control mechanisms that could potentially allow access outside the
backend and expose the information of millions of customer to unauthorized
parties. An initial scan found nearly 40,000 databases that were open,
prompting the researchers to submit their findings to MongoDB maintainers for
integration into revised security instructions for users. Source: http://news.softpedia.com/news/About-40-000-MongoDB-Databases-Found-Open-Online-472747.shtml
29. February
10, Securityweek – (International) Researcher publishes 10 million usernames and
passwords. A researcher released 10 million username/password combinations
that he collected over the years in an attempt to advance research and make
authentication more secure. The researcher asserted that most combinations were
dated and had been scrubbed of all identifying and compromising information.
Source: http://www.securityweek.com/researcher-publishes-10-million-usernames-and-passwords
30. February
9, Securityweek – (International) Box Sync for Mac exposed sensitive
information: Researcher. Box Sync for Mac released version 4.0.6035 to fix
a security issue discovered in January that exposed Python files containing
sensitive data such as application program interface (API) keys, internal user
IDs, passwords, and URLs. Box Sync representatives asserted that customer data
was never at risk. Source: http://www.securityweek.com/box-sync-mac-exposed-sensitive-information-researcher
31. February
9, Securityweek – (International) LG fixes authentication bypass vulnerability
in on-screen phone app. LG released On-Screen Phone application update
4.3.010 to fix a vulnerability discovered by Search-Lab researchers in
September 2014 that allowed attackers to possibly bypass authentication and
take control of users’ smartphones without their knowledge through a connection
between the mobile device and the computer conducted via USB cable, Wi-Fi, or
Bluetooth. Source: http://www.securityweek.com/lg-fixes-authentication-bypass-vulnerability-screen-phone-app
For another
story, see item 1 below from the Energy Sector
1. February 9, Securityweek – (National) API
vulnerability exposed accounts of Delmarva Power customers. Delmarva Power,
a subsidiary of Pepco Holdings, issued a patch in January addressing a
vulnerability in its Android app after a researcher discovered the application
programming interface (API) is plagued by Insecure Direct Object Reference
(IDOR), which could have allowed an attacker to hijack customer’s online
accounts by resetting user’s passwords and gaining control over their accounts.
Source: http://www.securityweek.com/api-vulnerability-exposed-accounts-delmarva-power-customers
Communications Sector
Nothing to report