Complete DHS Report for
December 10, 2015
Daily Report
Top Stories
• Over 40 residents were temporarily displaced following a
Tabula Rasa Energy-operated oil well blowout December 8 in Gaines County,
Texas, that released clouds of toxic fumes containing hydrogen sulfide. – KWES
9 Midland/Odessa
3. December
8, KWES 9 Midland/Odessa – (Texas) Oil well blowout reported in
Gaines County, evacuations in effect. Over 40 residents were evacuated and
temporarily displaced following a Tabula Rasa Energy-operated oil well blowout
December 8 in Gaines County that released clouds of toxic fumes containing
hydrogen sulfide. Authorities are monitoring the air quality and are
investigating the cause of the pressure control failure which led to the
blowout. Source: http://www.newswest9.com/story/30695088/oil-well-blowout-reported-in-gaines-county
• Interstate 10 in Louisiana, was shut down for approximately
12 hours December 8 following a multi-vehicle crash that left 2 drivers
injured. – Baton Rouge Advocate
12. December
8, Baton Rouge Advocate – (Louisiana) For school, industry leaders,
I-10 crash illustrates how easily region can be paralyzed by traffic problem. Interstate
10 near Baton Rouge was shut down for approximately 12 hours December 8 while
crews worked to clean up the wreckage from a multi-vehicle crash involving 1
car and 6 semi-trucks that left 2 drivers injured. Source: http://theadvocate.com/news/14224660-126/multiple-18-wheeler-crash-closes-i-10-in-both-directions-closure-expected-to-continue-through-mornin
• The FBI announced December 8 that its current tracking
system which gathers information on violent police encounters in the U.S. will
be replaced by 2017 and will include additional data and near real-time
reporting. – Washington Post
20. December
8, Washington Post – (National) FBI to sharply expand system for tracking fatal
police shootings. The FBI announced December 8 its current tracking system
that gathers information on violent police encounters in the U.S. will be
replaced by 2017 and will include the tracking of incidents in which an officer
causes serious injury or death to civilians, and data collection that is share
with the public in near real-time.
• The owner of J&W Aseda Plaza in Massachusetts was
charged December 8 for allegedly conducting more than 22,500 fraudulent Supplemental
Nutritional Assistance Program (SNAP) benefits transactions netting $3.6
million. – MassLive.com
33. December
8, MassLive.com – (Massachusetts) Worcester store conducted more than 22,500
questionable food stamp transactions in $3.6 million SNAP theft. A
convenience store owner was charged December 8 for 1 count of conspiracy to
commit Supplemental Nutritional Assistance Program (SNAP) benefits fraud and 1
count of money laundering and SNAP fraud following allegations that the woman
conducted more than 22,500 transactions of $100 or more within a 4-year span at
her J&W Aseda Plaza store in Massachusetts. The woman stole $3.6 million
from the Federal government and paid individuals 50 cents for every SNAP
dollar. Source:
http://www.masslive.com/news/worcester/index.ssf/2015/12/vida_causeys_worcester_store_c.html
Financial Services Sector
7. December
8, U.S. Attorney’s Office, Eastern District of Pennsylvania – (New
York) New York man charged with bank fraud. A Brooklyn man was charged
in Pennsylvania December 8 on 3 counts of bank fraud for receiving $9.3 million
worth of loans, loan modifications, and loan extensions from Republic First
Bank by submitting fraudulent documents that claimed his $2 million investment
portfolio was worth $26 million to $60 million at different times. Source: https://www.fbi.gov/philadelphia/press-releases/2015/new-york-man-charged-with-bank-fraud
8. December
8, U.S. Attorney’s Office, District of New Mexico – (New
Mexico; Colorado) Colorado man pleads guilty to robbing banks in Colorado
and New Mexico in 2014 and 2015. Officials from the U.S. Attorney’s Office
announced December 8 that a Denver man pleaded guilty to committing one bank
robbery in New Mexico and two in Colorado between August 2014 and August 2015. Source:
https://www.fbi.gov/albuquerque/press-releases/2015/colorado-man-pleads-guilty-to-robbing-banks-in-colorado-and-new-mexico-in-2014-and-2015
9. December
8, U.S. Securities and Exchange Commission – (North Carolina) SEC
charges ZeekRewards pyramid-Ponzi scheme promoter. The U.S. Securities and
Exchange Commission (SEC) reported December 8 that an individual was charged
December 4 in North Carolina for her role in an $850 million Internet-based
Ponzi and pyramid scheme operated by Rex Venture Group LLC d/b/a
ZeekRewards.com where she solicited investors to participate in the Web site’s
program which offered investors several ways to earn money involving the
purchase of securities that were not registered with the SEC from January 2011
to August 2012. Authorities allege that the woman and other co-conspirators
lured and falsely promised investors a share of the company’s purported
profits. Source: http://www.sec.gov/litigation/litreleases/2015/lr23421.htm
Information Technology Sector
22. December
9, SecurityWeek – (International) Apple issues security updates for OS X, iOS,
Safari. Apple released security updates patching multiple vulnerabilities
within its OS X, iOS, Safari, Xcode, watchOS, and tvOS systems including flaws
affecting Apple’s mobile operating system, Siri, Webkit, and components such as
the App Sandbox, Compression, CoreMedia Playback, EFI, and File Bookmark, among
others. Source: http://www.securityweek.com/apple-issues-security-updates-os-x-ios-safari
23. December
9, Softpedia – (International) DNS Root servers hit by DDoS attack. Researchers
from RootOps reported that a large-scale denial-of-service (DDoS) attack on the
Internet’s Domain Name System (DNS) root servers caused timeouts for the B, C,
G, and H node servers after 2 attacks blasted up to 5 million queries per
second per DNS root name server. The DDoS attacks did not cause serious damage.
Source: http://news.softpedia.com/news/dns-root-servers-hit-by-ddos-attack-497363.shtml
24. December
9, SecurityWeek – (International) Adobe patches 77 vulnerabilities in Flash
Player. Adobe released new versions of its Flash Player for OS X, Windows,
Linux, and Android systems, patching 77 critical vulnerabilities including
buffer overflow, stack overflow, type confusion, integer overflow issues,
use-after free vulnerabilities, three security bypass flaws, and other memory
corruption issues that can lead to code execution. Source: http://www.securityweek.com/adobe-patches-77-vulnerabilities-flash-player
25. December
9, SecurityWeek – (International) Microsoft patches Windows, Office flaws
exploited in the wild. Microsoft released 12 security bulletins addressing
60 flaws in several of its products including Windows, Internet Explorer, Edge,
.NET, Office, and Skype for Business, among other products, addressing 2
zero-day flaws exploited in the wild that could allow attackers to run
arbitrary code and gain control of the infected system if a victim logs on with
administrative rights. Source: http://www.securityweek.com/microsoft-patches-windows-office-flaws-exploited-wild
26. December
8, SecurityWeek – (International) Critical flaw found in AVG, McAfee, Kaspersky
products. Researchers from enSilo discovered a serious vulnerability in
AVG, McAfee, and Kaspersky security products that allows attackers to bypass
Windows protection protocol and exploit vulnerabilities in third-party
applications to compromise the underlying system in a multi-stage attack. AVG,
McAfee, and Kaspersky patched the flaws in each of their systems. Source: http://www.securityweek.com/critical-flaw-found-avg-mcafee-kaspersky-products
27. December
8, SecurityWeek – (International) SAP security updates patch 19 new flaws. SAP
released 26 patches for its software addressing 19 new vulnerabilities and 7
updated patches including 4 cross-site scripting (XSS), 3 information
disclosure flaws, 4 missing authorization and authentication check issues, and
2 denial-of-service (DoS) vulnerabilities, among other patched issues. Source: http://www.securityweek.com/sap-security-updates-patch-19-new-flaws
28. December
8, Softpedia – (International) Security flaw fixed in Malwarebytes
antivirus. Malwarebytes Corporation released a patch for its Windows
antivirus software after a researcher from COSIG research & pentesting team
discovered a security vulnerability that can be exploited when a malformed
executable with an invalid integer(-1) in the “SizeOfRawData” in UPX section is
deconstructed by the Malwarebytes antivirus, enabling a memory corruption flaw
that can expose the infected system to an arbitrary code attack. Malwarebytes
stated there was no evidence to suggest the exploit was used in the wild. Source:
http://news.softpedia.com/news/security-flaw-fixed-in-malwarebytes-antivirus-497329.shtml
Communications Sector
Nothing to report