Complete DHS Report for
August 14, 2015
Daily Report
Top Stories
· Authorities reported that an August 12
chemical leak in a barrel at Pacific Steel and Recycling plant in Spokane,
Washington, hospitalized at least 10 workers and prompted an evacuation of a
4-block perimeter surrounding the site. – KREM 2 Spokane
3. August 13,
KREM 2 Spokane – (Washington) 8 critically hurt in chlorine leak at recycling
plant. Authorities reported that an August 12 chemical leak in a barrel at
Pacific Steel and Recycling plant in Spokane hospitalized at least 10 workers
and prompted an evacuation of a 4-block perimeter surrounding the site. Crews
worked to decontaminate employees exposed to the chemical and officials
temporarily halted Burlington Northern train traffic through the area.
· A spokesperson with the U.S. Department
of Veterans Affairs (VA) stated August 11 that the agency was taking action to
enroll and reach out to 35,093 combat veterans that were denied health care
enrollment for more than 5 years due to an error with the department’s computer
system. – Washington Free Beacon
24. August 11,
Washington Free Beacon – (National) 35,000 combat veterans denied
health care because of VA computer error. A spokesperson with the U.S.
Department of Veterans Affairs (VA) stated August 11 that the agency was taking
action to enroll and reach out to 35,093 combat veterans that were denied
health care enrollment for more than 5 years due to an error with the
department’s computer system. The VA also stated that it is working to correct
the computer error.
Source: http://freebeacon.com/issues/35000-combat-veterans-denied-health-care-because-of-va-computer-error/
· Evacuations were lifted for all
residents August 13 while crews continued to battle the 200,000-acre Soda Fire
in Boise, Idaho. – KBOI 2 Boise
26. August 13,
KBOI 2 Boise – (Idaho; Oregon) Soda Fire: Highway 95 closed again,
evacuations lifted. Evacuations were lifted for all residents August 13
while crews continued to battle the 200,000-acre Soda Fire in Boise. Highway 95
between the Oregon border and Highway 55 remained closed, and 1 structure was
destroyed while several others remain threatened.
·
Guards used pepper spray and fired warning shots to control a riot involving 70
inmates at the California State Prison, Sacramento after an inmate was attacked
in the exercise yard and killed August 12. – KXTV 10 Sacramento; Associated
Press (See item 30)
30. August 13,
KXTV 10 Sacramento; Associated Press – (California) Member of
infamous ‘San Quentin
6’ killed in Folsom prison riot. Guards used pepper spray and fired warning
shots to control a riot involving 70 inmates at the California State Prison,
Sacramento after an inmate was attacked in the exercise yard and killed August
12. At least 11 other inmates were injured in the riot. Source: http://www.usatoday.com/story/news/nation/2015/08/12/folsom-prison-riot-killed/31574409/
Financial Services Sector
5. August 13,
U.S. Securities and Exchange Commission – (National) Edward Jones to pay
$20 million for overcharging retail customers in municipal bond underwritings. The
U.S. Securities and Exchange Commission announced August 13 that the St.
Louis-based brokerage firm Edward Jones and the former leader of its municipal
bonds underwriting desk would pay over $20 million to resolve allegations that
they overcharged customers in new municipal bonds sales instead of offering them
at the typical initial offering price. Source: http://www.sec.gov/news/pressrelease/2015-166.html
6. August 12,
Reuters – (National) U.S. charges data brokers in $7 million payday
loan scam. The U.S. Federal Trade Commission announced charges August 12
against Sequioa One LLC, Gen X Marketing Group LLC, and 4 suspects in a data
broker operation for allegedly selling the financial information of 500,000
payday loan applicants’ to scammers, who raided bank accounts for at least $7.1
million. Source: http://www.reuters.com/article/2015/08/12/usa-ftc-fraud-idUSL1N10N1F320150812
7. August 13,
Philadelphia Business Journal – (National) Trio of regulators
order big bank to pay $34M for deposit discrepancies. The U.S. Consumer
Financial Protection Bureau, U.S. Federal Deposit Insurance Corporation, and
the Office of the Comptroller of the Currency ordered Citizens Bank to pay $20
million in fines and $14 million in restitution for failing to honor full
credit for customer deposits until the fourth quarter of 2013. Source: http://www.bizjournals.com/philadelphia/news/2015/08/12/citizens-bank-fine-deposits-owed-20m-fdic.html
Information Technology Sector
32. August 13,
Securityweek – (International) SAP Security updates patch 22
vulnerabilities. SAP released patches for 22 vulnerabilities and updated
four previously release patches, including a remote code execution flaw in SAP
ST-P that an attacker could leverage to compromise SAP servers and access
information stored on them, and a Reflected File Download (RFD) in SAP’s
NetWeaver AFP Servlet that could be exploited to push malware onto victims’
devices using a specially crafted link, among other flaws. Source: http://www.securityweek.com/sap-security-updates-patch-22-vulnerabilities
33. August 13,
Help Net Security – (International) Cisco spots attackers hijacking its
networking gear by modifying firmware. Cisco reported that attackers have
been conducting attacks in-the-wild in which they gain administrative or
physical access to an IOS device before replacing the IOS ROMMON with a
malicious ROMMON image in order to manipulate device behavior.
34. August 12,
The Register – (International) CAUGHT: Lenovo crams unremovable crapware
into Windows laptops – by hiding it in the BIOS. Security researchers
reported that Lenovo bundled laptops with persistent firmware that installs the
Lenovo Service Engine (LSE) software, which is vulnerable to a buffer-overflow
flaw that could be exploited to gain administrator-level privileges. The LSE
software is no longer included in new laptops. Source: http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/
35. August 12,
Threatpost – (International) Vulnerabilities identified in several
WordPress plugins. Researchers from dxw Security discovered cross-site
scripting (XSS) and blind Structured Query Language (SQL) vulnerabilities in
WordPress’ iframe version 3.0, Yoast’s Google Analytics, and Symposium plugins
for WordPress that could give some users administrative privileges. Source: https://threatpost.com/vulnerabilities-identified-in-several-wordpress-plugins/114255
Communications Sector
Nothing to report