Wednesday, February 25, 2015



Complete DHS Report for February 25, 2015

Daily Report

Top Stories

 · All four cars and the locomotive of a Metrolink train derailed in Oxnard, California, February 24 when it collided with a vehicle that was stopped on the tracks causing injury to 28 people. – Los Angeles Times

6. February 24, Los Angeles Times – (California) Southern California commuter train crash: 4 are critically hurt. Authorities continue to investigate after all four cars and the locomotive of a Metrolink train derailed in Oxnard when it collided with a pickup truck that was stopped on the tracks causing injury to 28 people February 24. The Metrolink engineer reportedly saw the truck and initiated the train’s flashing lights and braking mechanisms in anticipation of a crash, but the train was unable to stop before the collision. Source: http://www.latimes.com/local/lanow/la-me-ln-california-trail-derails-30-injured-20150224-story.html

 · Pike County, Kentucky officials announced that more than 6,000 Mountain Water District customers remained without water February 24 due to a combination of cold temperatures, ice accumulation, power outages, and frozen pipes. – WSAZ 3 Huntington

11. February 24, WSAZ 3 Huntington – (Kentucky) Thousands still without water in Pike County, Ky. Officials in Pike County, Kentucky, announced that more than 6,000 Mountain Water District customers remained without water February 24 due to a combination of freezing temperatures, ice accumulation, power outages, and frozen pipes. A boil advisory was issued for the entire area until further notice and the City of Pikeville is continuing to produce water and provide service to the district. Source: http://www.wsaz.com/news/headlines/Thousands-without-Water-in-Pike-County-Ky--293670011.html

 · An impending winter storm that could dump snow in Shreveport, Louisiana, and surrounding areas prompted the closure of several police departments, courthouses, school districts, and universities February 24. – Shreveport Times

13. February 24, Shreveport Times – (Louisiana) Tuesday winter weather and closures. Winter weather concerns about an impending storm that could dump up to four inches of snow in Shreveport and surrounding areas prompted the closure of several police departments, courthouses, school districts, and universities February 24. Several roadways experienced closures and delays, and the Louisiana State Police warned of hazardous driving conditions on stretches of Interstate 20. Source: http://www.shreveporttimes.com/story/news/local/2015/02/24/tuesday-winter-weather/23925081/

 · A former civilian employee of U.S. Central Command at MacDill Air Force Base in Florida was arrested February 20 after being charged February 12 in connection with the April 2013 theft of 5 command laptops. – Tampa Tribune

16. February 23, Tampa Tribune – (National) No sign of data breach after Centcom laptops stolen, U.S. Attorney says. A former civilian employee of U.S. Central Command at MacDill Air Force Base in Florida was arrested February 20 after being charged February 12 in connection with the April 2013 theft of 5 command laptops. The U.S. Attorney’s Office reported that there were no signs of a data breach caused by the theft. Source: http://tbo.com/list/military-news/no-sign-of-data-breach-after-centcom-laptops-stolen-us-attorney-says-20150223/

Financial Services Sector

4. February 24, Reuters – (Connecticut) Connecticut credit union manager found wearing suspected bomb vest. Police found February 23 an Achieve Financial Credit Union executive in a car outside of the New Britain, Connecticut branch with a bomb-like device strapped to his body in an apparent scheme to rob the financial institution that was aborted after the man was allegedly abducted from his home. The suspected explosive device was removed and destroyed without incident, and officials are seeking 3 suspects in connection with the incident while working to determine if the executive was a willing participant in the alleged plot. Source: http://www.reuters.com/article/2015/02/24/us-usa-connecticut-police-idUSKBN0LR1LB20150224

For another story, see item 21 below in the Information Technology Sector

Information Technology Sector

18. February 23, SC Magazine – (International) Older vulnerabilities a top enabler of breaches, according to report. Hewlett Packard security researchers reported that 44 percent of known breaches happened as a result of server misconfigurations and vulnerabilities discovered years ago. The report cites 33 percent of identified exploit samples from Microsoft Windows, 11 percent from Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft Office flaws. Source: http://www.scmagazine.com/report-shows-organizations-dont-properly-patch-systems-networks/article/399708/

19. February 23, Securityweek – (International) Norton update caused Internet Explorer to crash. Symantec released a new version of the Intrusion Prevention System (IPS) definition package after a corrupt file in the previous release caused the 32-bit version of Microsoft’s Internet Explorer Web browser to crash on computers running Norton Security, Norton Security with Backup, Norton 360, and Norton Internet Security. Source: http://www.securityweek.com/norton-update-caused-internet-explorer-crash

20. February 23, Softpedia – (International) Comodo’s PrivDog breaks HTTPS security possibly worse than Superfish. A security researcher discovered that Comodo’s PrivDog browsing privacy protection tool compromised browsing security by acting as a man-in-the-middle (MitM), intercepting and replacing all certificates with its own, causing browsers to accept every HTTPS certificate regardless of authority. The issue could affect nearly 64,000 users worldwide, and PrivDog released an update with a fix for the issue. Source: http://news.softpedia.com/news/Comodo-s-PrivDog-Breaks-HTTPS-Security-Possibly-Worse-than-Superfish-473968.shtml

21. February 23, Softpedia – (International) CSIS security group warns of fake emails using its name. CSIS security experts discovered an email campaign that spoofed the company’s email address and used an employee’s name to distribute a malicious attachment and deploy malware on the recipients’ machines. The Danish-based company provides security services for some of the largest global banks and acts as a consultant to governments, media, and businesses. Source: http://news.softpedia.com/news/CSIS-Security-Group-Warns-of-Fake-Emails-Using-its-Name-474022.shtml

Communications Sector

22. February 23, WATE 6 Knoxville – (Tennessee) Cumberland County radio station struggles to stay on the air after winter weather takes out transmitter. A winter storm in Cumberland County took 101.9 FM The Vibe Crossville off air February 20 after a tower fell under the weight of ice and knocked out the station. The station’s owner hoped to get the station back on air February 24 after the tower is repaired. Source: http://wate.com/2015/02/23/cumberland-county-radio-station-struggles-to-stay-on-the-air-after-winter-weather-takes-out-transmitter/

 For another story, see item 21 above in the Information Technology Sector