Friday, September 16, 2016



Complete DHS Report for September 16, 2016

Daily Report                                            

Top Stories

• The U.S. Environmental Protection Agency announced September 13 that General Petroleum Corporation agreed to pay $15,500 to resolve allegations that the company violated Federal regulations. – Southern California City News Service

1. September 13, Southern California City News Service – (California) Petroleum company pays $15K for violating federal regulations. The U.S. Environmental Protection Agency announced September 13 that General Petroleum Corporation agreed to pay $15,500 to resolve allegations that the company violated Federal regulations that require on shore oil production facilities at risk of discharging oil into nearby waterways to prepare and implement a spill prevention plan after an April 2015 investigation at the company’s Terminal Island, California facility revealed that the company failed to provide adequate secondary containment around tanks in order to keep spilled oil from leaving the site and entering surrounding waterways. Source: http://mynewsla.com/crime/2016/09/13/petroleum-company-pays-15k-for-violating-federal-regulations/

• Northbound lanes of Interstate 295 in Jacksonville, Florida, were closed for several hours September 14 following a 6-vehicle crash involving a semi-truck hauling 2,800 gallons of fuel. – WTLV 12 Jacksonville

7. September 14, WTLV 12 Jacksonville – (Florida) I-295 at Wilson northbound shut down due to six vehicle crash. Northbound lanes of Interstate 295 in Jacksonville, Florida, at Wilson Boulevard were closed for several hours September 14 following a 6-vehicle crash involving a semi-truck hauling 2,800 gallons of fuel. Four people were sent to an area hospital. Source: http://www.firstcoastnews.com/traffic/i-295-at-wilson-shut-in-both-directions-due-to-accident/318855338

• ClixSense confirmed that the details of over 6.6 million users were stolen after hackers gained access to the company’s database server by accessing an old server still connected to the database. – SecurityWeek See item 18 below in the Information Technology Sector

• Up to 100 people were evacuated from a 3-story office building in Parsippany, New Jersey, for 4 hours September 14 following a chlorine leak in the pump room of a nearby parking garage. – Morris County Daily Record

22. September 14, Morris County Daily Record – (New Jersey) Chlorine fumes evacuate Parsippany building. Up to 100 people were evacuated from a 3-story office building in Parsippany, New Jersey, for 4 hours September 14 following a chlorine leak in the pump room of a nearby parking garage that serviced a water fountain. HAZMAT crews contained the leak and no injuries were reported. Source: http://www.dailyrecord.com/story/news/2016/09/14/chlorine-fumes-evacuate-parsippany-building/90354072/

Financial Services Sector

Nothing to report

Information Technology Sector

18. September 15, SecurityWeek – (International) 6.6 million users affected by ClixSense breach. ClixSense confirmed that the details of over 6.6 million users were stolen after hackers gained access to the company’s database server after accessing an old server still connected to the database. ClixSense reported the vulnerable server has been shut down and restored user balances, forum, and account names, and reset user passwords, among other measures. Source: http://www.securityweek.com/66-million-users-affected-clixsense-breach

19. September 14, Softpedia – (International) Sixth Linux DDoS trojan discovered in the last 30 days. Dr. Web security researchers discovered a trojan affecting Linux machines via the Shellshock vulnerability that launches 25 child processes that carry out a distributed denial-of-service (DDoS) attack on a targeted device when the attacker in control of the trojan botnet issues an attack command. Researchers stated the trojan can start Transmission Control Protocol (TCP) floods, User Datagram Protocol (UDP) floods, and Hypertext Transfer Protocol (HTTP) floods, as well as update itself, terminate its process, and delete itself, among other capabilities. Source: http://news.softpedia.com/news/sixth-linux-ddos-trojan-discovered-in-the-last-30-days-508309.shtml

20. September 14, SecurityWeek – (International) Apple patches 7 flaws with release of iOS 10. Apple Inc., released version 10 of its operating system (iOS), Xcode version 8, and watchOS version 3 patching a total of seven vulnerabilities, including a flaw in iOS that can be exploited by a man-in-the-middle (MitM) attacker to prevent a device from receiving updates, an information disclosure vulnerability in iOS and watchOS that can be exploited by malicious applications to access an user’s location data, and a flaw in Xcode that could allow a local attacker to execute arbitrary code or crash an application, among other flaws. Source: http://www.securityweek.com/apple-patches-7-flaws-release-ios-10

Communications Sector

Nothing to report

No comments: