Complete DHS Report for
June 12, 2015
Daily Report
Top Stories
· Plains
All American Pipeline officials reported June 10 that the clean-up of oil along
the Santa Barbara County, California coast has cost over $60 million, peaking
at $3 million a day. – Los Angeles Times
4. June
10, Los Angeles Times – (California) Officials: cost to clean
oiled Santa Barbara beaches exceeds $60 million. Plains All American
Pipeline officials reported June 10 that the clean-up of oil along the Santa
Barbara Coast has cost over $60 million, peaking at $3 million a day, and that
workers have cleaned up 76 percent of damaged beach stretches. Costs could
continue to rise due to possible financial damage claims and potential Clean
Water Act violations stemming from the 101,000-gallon crude oil spill in May.
Source: http://www.latimes.com/local/lanow/la-me-santa-barbara-oil-spill-cleanup-cost-20150610-story.html
· The
center tube of the Lincoln Tunnel in New York City was closed for several hours
June 10 and about 31 people were injured after two buses collided. – WNBC 4
New York City
11. June
11, WNBC 4 New York City – (New York; New Jersey) 31 hurt when NJ
Transit bus bumps tour bus carrying students in Lincoln Tunnel: officials The
center tube of the Lincoln Tunnel in New York City was closed for several hours
June 10 and about 31 people were injured after a New Jersey Transit bus with
about 60 passengers crashed into a Canada-based tour bus that was carrying more
than 2 dozen students. None of the students were reported injured in the
accident. Source: http://www.nbcnewyork.com/news/local/Lincoln-Tunnel-Death-Bus-Crash-Police-306773321.html
· Several
miles of Route 374 east of Dannemora to West Plattsburgh, and Saranac Central
School District in New York were closed June 11 as State authorities continued
to search for 2 prisoners that escaped the Clinton Correctional Facility. – USA
Today
20. June
11, USA Today – (New York) Manhunt focuses on prison area; Philly
tip discredited. Several miles of Route 374 east of Dannemora to West
Plattsburgh, and Saranac Central School District in New York were closed June
11 as State authorities investigated a new lead into the whereabouts of 2
escaped prisoners from the Clinton Correctional Facility June 6. Officials may
reopen schools as early as June 12. Source: http://www.usatoday.com/story/news/nation/2015/06/11/police-close-road-killers-manhunt/71051406/
· Security
researchers from Kaspersky Lab discovered that the Duqu advanced persistent
threat (APT) group had used a new platform to compromise the lab’s systems
along with about 100 other victims between 2014 – 2015, most of whom were
related to P5 + 1 talks over Iran’s nuclear program. – Threatpost See item 26 below in the Information Technology Sector
Financial Services Sector
10. June
11, WCPO 9 Cincinnati – (Indiana) Sock Hat Bandit: man matching
suspect’s description accused of robbing Indiana bank. Anderson, Indiana
Police Department officials reported that a man matching the description of the
suspect dubbed the “Sock Hat Bandit” struck the town’s PNC Bank June 10,
marking his ninth robbery across Ohio, Kentucky, and Indiana. The FBI is
offering a $5,000 reward for information leading to his arrest. Source: http://www.wcpo.com/news/state/state-indiana/sock-hat-bandit-man-matching-suspects-description-accused-of-robbing-indiana-bank
For another story, see item 2 below
from the Energy Sector
2. June
10, Palm Beach Post – (Florida) Skimming devices found at three
more Palm Beach County gas stations. Florida’s Department of Agriculture
and Consumer Services reported June 10 that 4 more skimming devices were found
and removed from gas stations in Jupiter, Boca Raton, and West Palm Beach,
bringing the total number of skimmers found since April to 15. Source: http://protectingyourpocket.blog.palmbeachpost.com/2015/06/10/skimming-devices-found-at-three-more-palm-beach-county-gas-stations/
Information Technology Sector
24. June 11,
Securityweek – (International) Serious flaw in iOS mail app exposes users to
phishing attacks. A Czech security researcher discovered a vulnerability in
Apple’s iOS mobile operating system (OS) in which an attacker can create emails
that load remote Hypertext Markup Language (HTML) content when opened,
prompting users to input credentials that are sent back to the attacker.
Source: http://www.securityweek.com/serious-flaw-ios-mail-app-exposes-users-phishing-attacks
25. June 11,
Softpedia – (International) Malvertising campaign hits Bejeweled Blitz
game on Facebook, CNN Indonesia. Security researchers from Websense
discovered a malvertising campaign impacting up to 50 million users a month
that is distributed through popular online locations including the Bejeweled
Blitz game on Facebook via the OpenX advertising platform and an old Adobe
Flash Player glitch. The campaign directs users to a site hosting the Angler
exploit kit (EK) and delivers payloads including ransomware, ad-fraud,
backdoor, and malware downloaders. Source: http://news.softpedia.com/news/Malvertising-Campaign-Hits-Bejeweled-Blitz-Game-on-Facebook-CNN-Indonesia-484021.shtml
26. June 10,
Threatpost – (International) New APT Duqu 2.0 hits high-value victims,
including Kaspersky Lab. Security researchers from Kaspersky Lab discovered
that the Duqu advanced persistent threat (APT) group had used a new platform
dubbed Duqu 2.0 to compromise the lab’s systems along with about 100 other
victims between 2014 – 2015, most of whom were related to P5 + 1 talks over
Iran’s nuclear program. The APT group seeks to gain access to intellectual
property by attacking systems using modules residing entirely in-memory via
Windows zero-day vulnerabilities to inject a backdoor and a larger espionage
platform with extensive capabilities.
Source: https://threatpost.com/duqu-resurfaces-with-new-round-of-victims-including-kaspersky-lab/113237
27. June 10,
SC Magazine – (International) Stuxnet still a threat to critical
infrastructure. Findings from Kleissner & Associates “Internet Attacks
Against Nuclear Power Plants” report revealed that the Stuxnet malware was
found on at least 153 devices worldwide in almost 5 years, at least 6 of which
were running supervisory control and data acquisition (SCADA) development
software. The researchers reiterated the threat posed by malware developed on
behalf of foreign nation states. Source: http://www.scmagazineuk.com/stuxnet-still-a-threat-to-critical-infrastructure/article/419802/
28. June 10,
SC Magazine – (International) U.S. National Vulnerability Database
vulnerable to XSS attack. A security consultant discovered that the
National Institute of Standards and Technology’s National Vulnerability
Database (NVD) housing common vulnerabilities and exposures (CVE) flaws is vulnerable
to a cross-site scripting (XSS) attack by replacing the document object mode
(DOM) with a phishing page to collect personal identifiable information (PII)
and card information. NVD officials reported that the agency is working to
address the issue. Source: http://www.scmagazineuk.com/us-national-vulnerability-database-vulnerable-to-xss-attack/article/419789/
29. June 10,
Securityweek – (International) Weak remote access practices contributed to
nearly all PoS breaches: Trustwave. Trustwave released a report revealing
that 40 percent of the 574 breaches the company investigated from 2014 were in
point-of-sale (PoS) systems and that 94 percent of the incidents were a result
of weak remote security and passwords. The retail sector comprised 43 percent
of the PoS breach investigations, among other findings. Source: http://www.securityweek.com/weak-remote-access-practices-contributed-nearly-all-pos-breaches-trustwave
30. June 10,
Threatpost – (International) Microsoft brings HSTS to Windows 7 and 8.1. Microsoft
released patches introducing Hypertext Transfer Protocol (HTTP) Strict
Transport Security (HSTS) to users running Internet Explorer 11 on Windows 7
and 8.1, in an effort to increase security against man-in-the-middle (MitM) Web
sessions and attacks using invalid digital certificates. The protocol forces
HTTP sessions to be sent over HTTP Secure (HTTPS) connections according to a
list of preloaded sites supporting it. Source: https://threatpost.com/microsoft-brings-hsts-to-windows-7-and-8-1/113258
Communications Sector
See item 25 above in the Information Technology
Sector