Complete DHS Report for
November 18, 2015
Daily Report
Top Stories
• Heavy rain and a
tornado November 16 knocked out electricity to about 35,000 customers, caused
damage to a Halliburton Plant in Pampa, and led to the derailment of four BNSF
Railway cars in Miami, Texas. – Associated Press; KERA 13 Dallas
1. November
17, Associated Press; KERA 13 Dallas – (Texas) Storms pound north
Texas, leaving thousands without power; tornadoes hit Texas Panhandle. Heavy
rain and a tornado November 16 knocked out electricity to about 35,000
customers, caused damage to a Halliburton Plant in Pampa, and led to the
derailment of four BNSF Railway cars near the town of Miami, Texas. Officials
also reported that a chemical leak at the plant was cleared and the complex was
deemed safe. Source:
http://keranews.org/post/storms-pound-north-texas-leaving-thousands-without-power-tornadoes-hit-texas-panhandle
• Interstate 94 in
Minneapolis, Minnesota, was shut down for approximately 3 hours November 16 due
to nearly 300 protestors who took part in a demonstration following a November
15 officer-involved shooting of an individual. – CNN
3. November
17, CNN – (Minnesota) Shooting: Demonstrators shut down Minneapolis
interstate. Interstate 94 in Minneapolis was shut down for approximately 3
hours November 16 due to nearly 300 protestors who took part in a demonstration
following a November 15 officer-involved shooting of an individual. Protestors
damaged squad cars, and an investigation into the shooting is ongoing. Source: http://www.cnn.com/2015/11/17/us/minneapolis-jamar-clark-police-shooting/index.html
• Arkansas-based
Tyson Foods Inc., recalled November 17 about 52,486 pounds of its chicken wings
after consumer reports revealed the product had an “off-odor” scent and mild
illness associated with consumption. – U.S. Department of Agriculture
6. November
16, U.S. Department of Agriculture – (National) Tyson Foods Inc.
recalls chicken product due to possible adulteration. Pine Bluff,
Arkansas-based Tyson Foods Inc. issued a recall November 17 for approximately
52,486 pounds of 28-ounce bags of chicken wings after consumer complaints
reported the product had an “off-odor” scent as well as mild illness associated
with consumption. Source:
http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2015/recall-141-2015-release
• Education
Management Corp., will pay $95.5 million to resolve allegations that it
violated the Higher Education Act and False Claims Act November 16 by
unlawfully recruiting students using high pressure boiler room strategies. – USA
Today
16. November
16, USA Today – (National) Education giant agrees to $95 million settlement. The
U.S. Department of Justice, U.S. Department of Education, and state officials
announced November 16 that Education Management Corp., will pay $95.5 million
to resolve allegations that the for-profit education company violated the
Higher Education Act and False Claims Act by unlawfully recruiting students
using high pressure boiler room strategies, including paying admissions
personnel based on the number of students enrolled. Source: http://www.usatoday.com/story/news/nation/2015/11/16/education-giant-edmc-to-pay-95-million-in-settlement/75876574/
Financial Services Sector
2. November
16, Reuters – (National) Fund manager Virtus to pay $16.5 million to settle
false-advertising charges. Connecticut-based Virtus Investment Advisers
agreed to pay the U.S. Securities and Exchange Commission $16.5 million to
settle charges for falsifying performance claims through exchange-traded funds
(ETFs) and using hypothetical data to inflate the fund’s track record to boost
their investment strategy November 16. The U.S. Securities and Exchange
Commission is investigating whether advisors may have potentially misled
investors with false performance data. Source: http://www.reuters.com/article/2015/11/16/virtus-funds-fine-idUSL1N13B1PV20151116
Information Technology Sector
17. November
17, Securityweek – (International) Poor backend security practices expose
sensitive data. Researchers at the Technical University of Darmstadt in
Germany discovered more than 18.6 million records of security risks associated
with the use of Backend-as-a-Service (BaaS) offerings including extrapolation
of an ID and an undisclosed key for authentication from a victims’ mobile
application that allows attackers access to the backend with the same
privileges as the application. Source: http://www.securityweek.com/poor-backend-security-practices-expose-sensitive-data
18. November
17, Securityweek – (International) Flaw in D-Link switches exposes corporate
networks: Researchers. Security researchers from Elastica’s Cloud Threat
Labs discovered a flaw in DGS-1210 Series Gigabit Smart Switches from D-Link
that can be exploited by remote attackers to access backup files found on the
flash memory and the web server, where log and configuration files are stored,
with any authentication credentials if the attackers identify the targeted
device’s Internet Protocol (IP) address. Source: http://www.securityweek.com/flaw-d-link-switches-exposes-corporate-networks-researchers
19. November
17, Help Net Security – (International) Cyber crooks actively
hijacking servers with unpatched vBulletin installations. Symantec
researchers discovered that attackers are using a patched zero-day flaw that
affects vBulletin Connect versions 5.1.4 through 5.1.9, to remotely execute
code on a vulnerable server by first downloading and executing a multipurpose
malicious shell script, filesender1.sh onto a vulnerable server via a single
Hypertext Transfer Protocol (HTTP) request. Source: http://www.net-security.org/secworld.php?id=19113
20. November
17, Securityweek – (International) Automation fuels onslaught of web app
attacks: Report. Imperva released its Web Application Attack Report (WAAR)
revealing that more than 75 percent of analyzed applications were targeted by
automated attacks via SQL injection (SQLi), remote file inclusion (RFI), remote
code execution (RCE), directory traversal (DT), cross-site scripting (XSS),
spam, file upload (FU), and Hypertext Transfer Protocol (HTTP) reconnaissance,
to compromise users and steal sensitive information as cybercriminals leverage
automated tools, making SQL injections attacks 3 times higher this year than
previous years. Source: http://www.securityweek.com/automation-fuels-onslaught-web-app-attacks-report
Communications Sector
Nothing to report