Wednesday, November 18, 2015



Complete DHS Report for November 18, 2015

Daily Report                                            

Top Stories

 • Heavy rain and a tornado November 16 knocked out electricity to about 35,000 customers, caused damage to a Halliburton Plant in Pampa, and led to the derailment of four BNSF Railway cars in Miami, Texas. – Associated Press; KERA 13 Dallas

1. November 17, Associated Press; KERA 13 Dallas – (Texas) Storms pound north Texas, leaving thousands without power; tornadoes hit Texas Panhandle. Heavy rain and a tornado November 16 knocked out electricity to about 35,000 customers, caused damage to a Halliburton Plant in Pampa, and led to the derailment of four BNSF Railway cars near the town of Miami, Texas. Officials also reported that a chemical leak at the plant was cleared and the complex was deemed safe. Source: http://keranews.org/post/storms-pound-north-texas-leaving-thousands-without-power-tornadoes-hit-texas-panhandle

 • Interstate 94 in Minneapolis, Minnesota, was shut down for approximately 3 hours November 16 due to nearly 300 protestors who took part in a demonstration following a November 15 officer-involved shooting of an individual. – CNN

3. November 17, CNN – (Minnesota) Shooting: Demonstrators shut down Minneapolis interstate. Interstate 94 in Minneapolis was shut down for approximately 3 hours November 16 due to nearly 300 protestors who took part in a demonstration following a November 15 officer-involved shooting of an individual. Protestors damaged squad cars, and an investigation into the shooting is ongoing. Source: http://www.cnn.com/2015/11/17/us/minneapolis-jamar-clark-police-shooting/index.html

 • Arkansas-based Tyson Foods Inc., recalled November 17 about 52,486 pounds of its chicken wings after consumer reports revealed the product had an “off-odor” scent and mild illness associated with consumption. – U.S. Department of Agriculture

6. November 16, U.S. Department of Agriculture – (National) Tyson Foods Inc. recalls chicken product due to possible adulteration. Pine Bluff, Arkansas-based Tyson Foods Inc. issued a recall November 17 for approximately 52,486 pounds of 28-ounce bags of chicken wings after consumer complaints reported the product had an “off-odor” scent as well as mild illness associated with consumption. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2015/recall-141-2015-release

 • Education Management Corp., will pay $95.5 million to resolve allegations that it violated the Higher Education Act and False Claims Act November 16 by unlawfully recruiting students using high pressure boiler room strategies. – USA Today

16. November 16, USA Today – (National) Education giant agrees to $95 million settlement. The U.S. Department of Justice, U.S. Department of Education, and state officials announced November 16 that Education Management Corp., will pay $95.5 million to resolve allegations that the for-profit education company violated the Higher Education Act and False Claims Act by unlawfully recruiting students using high pressure boiler room strategies, including paying admissions personnel based on the number of students enrolled. Source: http://www.usatoday.com/story/news/nation/2015/11/16/education-giant-edmc-to-pay-95-million-in-settlement/75876574/

Financial Services Sector

2. November 16, Reuters – (National) Fund manager Virtus to pay $16.5 million to settle false-advertising charges. Connecticut-based Virtus Investment Advisers agreed to pay the U.S. Securities and Exchange Commission $16.5 million to settle charges for falsifying performance claims through exchange-traded funds (ETFs) and using hypothetical data to inflate the fund’s track record to boost their investment strategy November 16. The U.S. Securities and Exchange Commission is investigating whether advisors may have potentially misled investors with false performance data. Source: http://www.reuters.com/article/2015/11/16/virtus-funds-fine-idUSL1N13B1PV20151116

Information Technology Sector

17. November 17, Securityweek – (International) Poor backend security practices expose sensitive data. Researchers at the Technical University of Darmstadt in Germany discovered more than 18.6 million records of security risks associated with the use of Backend-as-a-Service (BaaS) offerings including extrapolation of an ID and an undisclosed key for authentication from a victims’ mobile application that allows attackers access to the backend with the same privileges as the application. Source: http://www.securityweek.com/poor-backend-security-practices-expose-sensitive-data

18. November 17, Securityweek – (International) Flaw in D-Link switches exposes corporate networks: Researchers. Security researchers from Elastica’s Cloud Threat Labs discovered a flaw in DGS-1210 Series Gigabit Smart Switches from D-Link that can be exploited by remote attackers to access backup files found on the flash memory and the web server, where log and configuration files are stored, with any authentication credentials if the attackers identify the targeted device’s Internet Protocol (IP) address. Source: http://www.securityweek.com/flaw-d-link-switches-exposes-corporate-networks-researchers

19. November 17, Help Net Security – (International) Cyber crooks actively hijacking servers with unpatched vBulletin installations. Symantec researchers discovered that attackers are using a patched zero-day flaw that affects vBulletin Connect versions 5.1.4 through 5.1.9, to remotely execute code on a vulnerable server by first downloading and executing a multipurpose malicious shell script, filesender1.sh onto a vulnerable server via a single Hypertext Transfer Protocol (HTTP) request. Source: http://www.net-security.org/secworld.php?id=19113

20. November 17, Securityweek – (International) Automation fuels onslaught of web app attacks: Report. Imperva released its Web Application Attack Report (WAAR) revealing that more than 75 percent of analyzed applications were targeted by automated attacks via SQL injection (SQLi), remote file inclusion (RFI), remote code execution (RCE), directory traversal (DT), cross-site scripting (XSS), spam, file upload (FU), and Hypertext Transfer Protocol (HTTP) reconnaissance, to compromise users and steal sensitive information as cybercriminals leverage automated tools, making SQL injections attacks 3 times higher this year than previous years. Source: http://www.securityweek.com/automation-fuels-onslaught-web-app-attacks-report

Communications Sector

Nothing to report