Complete DHS Report for March 7, 2016
Daily Report
Top Stories
• Montana officials reported March 3 that a pipe below a holding
pond in Big Sky spilled an estimated 35 million gallons of treated sewage water
into the West Fork of the Gallatin River. – Bozeman Daily Chronicle
11. March 4,
Bozeman Daily Chronicle – (Montana) Sewage pond spills 35 million
gallons into Gallatin. The Montana Department of Environmental Quality
reported March 3 that there was no indication of potential public health issues
after a pipe below a holding pond in Big Sky, Montana, spilled an estimated 35
million gallons of treated sewage water into the West Fork of the Gallatin
River. Officials are investigating the cause of the spill. Source: http://www.bozemandailychronicle.com/news/environment/sewage-pond-spills-million-gallons-into-west-gallatin-river/article_e1f9b069-6b8b-582c-880b-92f2c5e8a1d0.html
• A bomb threat received by an employee at Cony High School prompted
the closure of all Augusta, Maine-area schools March 4 after an email specified
that there was a bomb at schools in the area. – Kennebec Journal/Waterville
Morning Sentinel
14. March 4,
Kennebec Journal/Waterville Morning Sentinel – (Maine) ‘Someone other
than a student’ may have emailed Augusta schools bomb threat. An emailed
bomb threat received by an employee at Cony High School prompted the closure of
all Augusta-area schools March 4 after the email specified that there was a
bomb at schools in the area. Police spent 5 hours searching all city schools
before issuing an all clear once nothing suspicious was found. Source: https://www.centralmaine.com/2016/03/04/bomb-threat-closes-augusta-schools/
• The budget officer for the Northboro-Southboro School District
in Massachusetts was arrested March 2 after he allegedly admitted to stealing
$200,000 – $450,000 from the district’s petty cash account. – Worcester
Telegram & Gazette
15. March 3,
Worcester Telegram & Gazette – (Massachusetts) Northboro-Southboro
school official accused of stealing up to $450K to fuel drug habit. The
budget officer for the Northboro-Southboro School District in Massachusetts was
arrested March 2 after allegedly admitting to stealing $200,000 – $450,000 from
the district’s petty cash account by depositing reimbursement checks from
various school districts and vendors into the petty cash account and writing
checks out to cash, which he used for personal expenses.
• The Alexander Lofts
building and an adjacent law office in West Palm Beach, Florida, were both
evacuated March 3 and closed for at least 3 days after a portion of the Loft’s
brick wall collapsed. – WPEC 12 West Palm Beach
22. March 3,
WPEC 12 West Palm Beach – (Florida) Alexander Lofts, law office
closed after brick wall collapse. The Alexander Lofts building and an
adjacent law office in West Palm Beach were both evacuated March 3 and closed
for at least 3 days after a portion of the Loft’s brick wall collapsed.
Seventy-six residents were displaced and the building will remain closed until
repairs are completed.
Financial Services Sector
3. March 4,
Framingham Patch – (Massachusetts) Framingham man pleads guilty to securities
fraud. The former owner of Graduate Leverage LLC and co-portfolio manager
of the GL Beyond Income Fund pleaded guilty March 3 to Federal charges after he
issued dozens of fraudulent loans and diverted more than $15 million from the
GL Beyond Income Fund into a Graduate Leverage operating account and a personal
bank account. The former owner used the money to pay the operating costs of his
businesses, personal expenses, and interest on previous loans from February
2013 – December 2014. Source: http://patch.com/massachusetts/framingham/framingham-man-pleads-guilty-securities-fraud-0
Information Technology Sector
19. March 4,
Softpedia – (International) XSS on Fortinet’s login page let attackers
log passwords in cleartext. A security researcher at Synetis found that
Fortinet’s Single-Sign-On (SSO) login system contained a reflected cross-site
scripting (RXSS) vulnerability that could allow attackers to insert malicious
parameters in cleartext inside the login page’s Uniform Resource Locator (URL).
Fortinet released a patch for the vulnerability. Source: http://news.softpedia.com/news/xss-on-fortinet-s-login-page-let-attackers-log-passwords-in-cleartext-501343.shtml
20. March 4,
SecurityWeek – (International) Adobe to patch flaws in Reader, Acrobat. Adobe
Systems reported March 3 that it will be releasing security updates March 8 to
patch critical vulnerabilities in Microsoft Windows and Apple Mac versions of
Acrobat and Reader.
21. March 3,
SecurityWeek – (International) Chrome 49 released with 26 security fixes. Google
released Chrome 49 to the stable channel for Microsoft Windows, Apple Mac, and
Linux systems, containing 26 security fixes and several other improvements
including fixes for a same-origin bypass flaw in Blink, a same-origin bypass
flaw in Pepper Plugin, and an information leak flaw in Skia, among other
vulnerabilities. Source: http://www.securityweek.com/chrome-49-released-26-security-fixes
For another story, see item 2 below from the Critical Manufacturing Sector
2. March 3, Softpedia – (International) Building automation software exposes company headquarters to attacks. Schneider Electric released version 1.7.1 of its Automation Server software patching two issues after an independent security researcher discovered that default hard-coded credentials in Schneider Electric’s Automation Server software 1.7.0 and prior versions could be used by unskilled remote attackers to gain control of stand-alone servers installed in the headquarters of companies to take control over the energy supply to a building, cut off an alarm system, and facilitate trespassing. The researcher also found that by using the default hard-coded credentials, attackers could circumvent a Linux operating system’s administrative controls and execute malicious code on the server.
Source: http://news.softpedia.com/news/building-automation-software-exposes-company-headquarters-to-attacks-501294.shtml
Source: http://news.softpedia.com/news/building-automation-software-exposes-company-headquarters-to-attacks-501294.shtml
Communications Sector
Nothing to report
No comments:
Post a Comment