Thursday, December 10, 2015

Complete DHS Report for December 10, 2015

Daily Report                                            

Top Stories

• Over 40 residents were temporarily displaced following a Tabula Rasa Energy-operated oil well blowout December 8 in Gaines County, Texas, that released clouds of toxic fumes containing hydrogen sulfide. – KWES 9 Midland/Odessa

3. December 8, KWES 9 Midland/Odessa – (Texas) Oil well blowout reported in Gaines County, evacuations in effect. Over 40 residents were evacuated and temporarily displaced following a Tabula Rasa Energy-operated oil well blowout December 8 in Gaines County that released clouds of toxic fumes containing hydrogen sulfide. Authorities are monitoring the air quality and are investigating the cause of the pressure control failure which led to the blowout. Source:

• Interstate 10 in Louisiana, was shut down for approximately 12 hours December 8 following a multi-vehicle crash that left 2 drivers injured. – Baton Rouge Advocate

12. December 8, Baton Rouge Advocate – (Louisiana) For school, industry leaders, I-10 crash illustrates how easily region can be paralyzed by traffic problem. Interstate 10 near Baton Rouge was shut down for approximately 12 hours December 8 while crews worked to clean up the wreckage from a multi-vehicle crash involving 1 car and 6 semi-trucks that left 2 drivers injured. Source:

• The FBI announced December 8 that its current tracking system which gathers information on violent police encounters in the U.S. will be replaced by 2017 and will include additional data and near real-time reporting. – Washington Post

20. December 8, Washington Post – (National) FBI to sharply expand system for tracking fatal police shootings. The FBI announced December 8 its current tracking system that gathers information on violent police encounters in the U.S. will be replaced by 2017 and will include the tracking of incidents in which an officer causes serious injury or death to civilians, and data collection that is share with the public in near real-time.

• The owner of J&W Aseda Plaza in Massachusetts was charged December 8 for allegedly conducting more than 22,500 fraudulent Supplemental Nutritional Assistance Program (SNAP) benefits transactions netting $3.6 million. –

33. December 8, – (Massachusetts) Worcester store conducted more than 22,500 questionable food stamp transactions in $3.6 million SNAP theft. A convenience store owner was charged December 8 for 1 count of conspiracy to commit Supplemental Nutritional Assistance Program (SNAP) benefits fraud and 1 count of money laundering and SNAP fraud following allegations that the woman conducted more than 22,500 transactions of $100 or more within a 4-year span at her J&W Aseda Plaza store in Massachusetts. The woman stole $3.6 million from the Federal government and paid individuals 50 cents for every SNAP dollar. Source:

Financial Services Sector

7. December 8, U.S. Attorney’s Office, Eastern District of Pennsylvania – (New York) New York man charged with bank fraud. A Brooklyn man was charged in Pennsylvania December 8 on 3 counts of bank fraud for receiving $9.3 million worth of loans, loan modifications, and loan extensions from Republic First Bank by submitting fraudulent documents that claimed his $2 million investment portfolio was worth $26 million to $60 million at different times. Source:

8. December 8, U.S. Attorney’s Office, District of New Mexico – (New Mexico; Colorado) Colorado man pleads guilty to robbing banks in Colorado and New Mexico in 2014 and 2015. Officials from the U.S. Attorney’s Office announced December 8 that a Denver man pleaded guilty to committing one bank robbery in New Mexico and two in Colorado between August 2014 and August 2015. Source:

9. December 8, U.S. Securities and Exchange Commission – (North Carolina) SEC charges ZeekRewards pyramid-Ponzi scheme promoter. The U.S. Securities and Exchange Commission (SEC) reported December 8 that an individual was charged December 4 in North Carolina for her role in an $850 million Internet-based Ponzi and pyramid scheme operated by Rex Venture Group LLC d/b/a where she solicited investors to participate in the Web site’s program which offered investors several ways to earn money involving the purchase of securities that were not registered with the SEC from January 2011 to August 2012. Authorities allege that the woman and other co-conspirators lured and falsely promised investors a share of the company’s purported profits. Source:

Information Technology Sector

22. December 9, SecurityWeek – (International) Apple issues security updates for OS X, iOS, Safari. Apple released security updates patching multiple vulnerabilities within its OS X, iOS, Safari, Xcode, watchOS, and tvOS systems including flaws affecting Apple’s mobile operating system, Siri, Webkit, and components such as the App Sandbox, Compression, CoreMedia Playback, EFI, and File Bookmark, among others. Source:

23. December 9, Softpedia – (International) DNS Root servers hit by DDoS attack. Researchers from RootOps reported that a large-scale denial-of-service (DDoS) attack on the Internet’s Domain Name System (DNS) root servers caused timeouts for the B, C, G, and H node servers after 2 attacks blasted up to 5 million queries per second per DNS root name server. The DDoS attacks did not cause serious damage. Source:

24. December 9, SecurityWeek – (International) Adobe patches 77 vulnerabilities in Flash Player. Adobe released new versions of its Flash Player for OS X, Windows, Linux, and Android systems, patching 77 critical vulnerabilities including buffer overflow, stack overflow, type confusion, integer overflow issues, use-after free vulnerabilities, three security bypass flaws, and other memory corruption issues that can lead to code execution. Source:

25. December 9, SecurityWeek – (International) Microsoft patches Windows, Office flaws exploited in the wild. Microsoft released 12 security bulletins addressing 60 flaws in several of its products including Windows, Internet Explorer, Edge, .NET, Office, and Skype for Business, among other products, addressing 2 zero-day flaws exploited in the wild that could allow attackers to run arbitrary code and gain control of the infected system if a victim logs on with administrative rights. Source:

26. December 8, SecurityWeek – (International) Critical flaw found in AVG, McAfee, Kaspersky products. Researchers from enSilo discovered a serious vulnerability in AVG, McAfee, and Kaspersky security products that allows attackers to bypass Windows protection protocol and exploit vulnerabilities in third-party applications to compromise the underlying system in a multi-stage attack. AVG, McAfee, and Kaspersky patched the flaws in each of their systems. Source:

27. December 8, SecurityWeek – (International) SAP security updates patch 19 new flaws. SAP released 26 patches for its software addressing 19 new vulnerabilities and 7 updated patches including 4 cross-site scripting (XSS), 3 information disclosure flaws, 4 missing authorization and authentication check issues, and 2 denial-of-service (DoS) vulnerabilities, among other patched issues. Source:

28. December 8, Softpedia – (International) Security flaw fixed in Malwarebytes antivirus. Malwarebytes Corporation released a patch for its Windows antivirus software after a researcher from COSIG research & pentesting team discovered a security vulnerability that can be exploited when a malformed executable with an invalid integer(-1) in the “SizeOfRawData” in UPX section is deconstructed by the Malwarebytes antivirus, enabling a memory corruption flaw that can expose the infected system to an arbitrary code attack. Malwarebytes stated there was no evidence to suggest the exploit was used in the wild. Source:

Communications Sector

Nothing to report