Complete DHS Report for March 1, 2016
Daily Report
Top Stories
•Northbound lanes of Interstate 5 in Commerce, California, were
shut down for at least 24hours February 27 due to a multi-vehicle accident that
left 3 people dead and 4 others injured. – KCBS 2 Los Angeles
7. February 27,
KCBS 2 Los Angeles – (California) I-5 closed in Commerce after crash leaves 3
dead. Northbound lanes of Interstate 5 in Commerce, California, were shut
down for at least 24 hours while southbound lanes were closed for several hours
February 27 due to a multi-vehicle accident caused by motorists racing on the
freeway that left 3 people dead and 4 others injured. Source: http://losangeles.cbslocal.com/2016/02/27/5-freeway-closed-in-commerce-after-crash-leaves-3-dead-5-injured/
•International Packing LLC, Universal Cheese & Drying Inc.,
and an executive pleaded guilty February 26 to falsely marketing grated Swiss
and mozzarella cheese as 100 percent parmesan and romano. – Associated Press
10. February
26, Associated Press – (Pennsylvania) Exec, 2 companies plead guilty in mislabeled
cheese case. The U.S. Food and Drug Administration (FDA) announced February
26 that an executive and 2 Slippery Rock, Pennsylvania-based businesses,
International Packing LLC and Universal Cheese & Drying Inc., pleaded
guilty after marketing grated Swiss and mozzarella cheese made by Castle Cheese
Inc. as 100 percent parmesan and romano, following an investigation that found
the products contained more than the 4 percent of cellulose allowed by the FDA.
Under a deal with Federal prosecutors, the companies must each forfeit
$500,000. Source: http://www.theolympian.com/news/business/article62618967.html
•Officials deemed a portion of Padden Creek in Washington a
temporary health hazard February 26 after approximately 200,000 gallons of raw
sewage spilled into the creek. –KOMO 4 Bellevue
11. February
26, KOMO 4 Bellevue – (Washington) Estimated 200,000 gallons of raw sewage spills into
Bellingham creek. Officials deemed a portion of Padden from 17th Street to
the Padden Lagoon in Bellingham a temporary health hazard February 26 after
approximately 200,000 gallons of raw sewage spilled into the creek after a
contractor inadvertently placed a sewer bypass pumping system into a storm
water manhole. Source: http://komonews.com/news/local/estimated-200000-gallons-of-raw-sewage-spills-into-bellingham-creek
•The U.S. Internal Revenue Service (IRS) announced February 26
that approximately390,000 additional taxpayers had their information stolen
after cyber-thieves hacked intoits Get Transcripts system in May 2015 and stole
information on about 113,000 taxpayers.–Fox News; Associated Press
12. February
27, Fox News; Associated Press – (National) IRS: Cyber hackers
got info on roughly 700K taxpayers, double earlier estimates. The U.S.
Internal Revenue Service (IRS) announced February 26 that approximately 390,000
additional taxpayers had their personal and financial information stolen after
the agency first reported that cyber-thieves hacked into its Get Transcripts
system in May 2015 and stole information on about 113,000 taxpayers. The IRS
stated that it continues to investigate the incident and is working to mitigate
the breach. Source: http://www.foxnews.com/politics/2016/02/27/irs-cyber-hackers-got-info-on-roughly-7k-taxpayers-double-earlier-estimate.html
Financial Services Sector
4. February
26, Oxford Eagle – (Mississippi) Former bank VP pleads guilty to fraud. The
former vice president (VP) of Mechanics Bank in Water Valley, Mississippi,
pleaded guilty February 25 to Federal charges after he embezzled over $1.3
million in an elaborate scheme to obtain bank money, funds, credits, assets,
securities, and other property, owned and controlled by Mechanics Bank. The
former VP issued loans and lines of credits in the names of unsuspecting bank
customers, used the money for personal expenses, and made payments on other
fraudulent loans. Source: http://www.oxfordeagle.com/2016/02/26/former-bank-vp-pleads-guilty-to-fraud/
Information Technology Sector
14. February
29, ZDNet – (International) Snapchat falls foul of CEO impersonation,
hands over employee pay data. The video messaging application, Snapchat
reported that many of its current and former employees’ payroll information was
compromised after a cyber-attacker impersonated the firm’s chief executive
officer (CEO) via a phishing campaign and collected employee payroll
information from staff at the firm. Snapchat stated that the incident was
contained and reported the scheme to the FBI. Source: http://www.zdnet.com/article/snapchat-falls-foul-of-ceo-impersonation-hands-over-employee-pay-data/
15. February
28, Softpedia – (International) One in ten top internet sites may be
vulnerable to CSRF and XSS attacks. A CloudFlare engineer discovered that
about 10 percent of Alexa Top 1 Million Web sites allowed resources to be
shared outside of their domain due to improperly configured Cross-Origin
Resource Sharing (CORS) settings, enabling hackers to steal users’ private
session details and log into users’ accounts to carry out fraudulent operations
via cross-site request forgery (CSRF) and cross-site sLcripting (CSS) attacks. Source:
http://news.softpedia.com/news/one-in-ten-top-internet-sites-may-be-vulnerable-to-csrf-and-xss-attacks-501106.shtml
16. February
27, Softpedia – (International) The most common vulnerabilities in open
source Web applications are XSS and SQLi. The security firm, Netsparker
released a report detailing that 396 Web applications were plagued with 269
security vulnerabilities after a study revealed that 180 vulnerabilities were
cross-site scripting (XSS) flaws, 55 vulnerabilities were Structured Query
Language (SQL) injection (SQLi) flaws, and 16 vulnerabilities were Remote and
Local file Inclusion flaws, among other vulnerabilities. Source: http://news.softpedia.com/news/the-most-common-vulnerabilities-in-open-source-web-applications-are-xss-and-sqli-501078.shtml
17. February
26, Agence France-Presse – (National) Pentagon boosts spending to
fight cyber attacks. The U.S. Secretary of Defense reported February 25
that the Pentagon will spend a total of $6.7 billion in 2017 in an effort to
deter advanced cyber adversaries, invest in cyber warfare capabilities, and
fund cyber strategy. Source: http://www.securityweek.com/pentagon-boosts-spending-fight-cyber-attacks
18. February
26, SecurityWeek – (International) Google helps news sites thwart DDoS attacks. Google
announced the public release of its Project Shield initiative which aims to
protect news Web sites from distributed denial-of-service (DDoS) attacks and
aims to keep smaller journalism Web sites safe from cyber-attacks. The
initiative now allows small news sites to serve their content through Google’s
infrastructure without having to move their hosting location. Source: http://www.securityweek.com/google-helps-news-sites-thwart-ddos-attacks
19. February
26, Softpedia – (International) 90 percent of all SSL VPNs use insecure or
outdated encryption. Researchers from High-Tech Bridge discovered that many
Secure Sockets Layer (SSL) Virtual Private Networks (VPNs) servers were using
insecure or outdated encryption after an analysis of 10,436 servers revealed
that about 76 percent of all SSL VPN servers used untrusted SSL certificates,
allowing attacks to mimic and launch man-in-the-middle (MitM) attacks on
unsuspecting users. Source: http://news.softpedia.com/news/90-percent-of-all-ssl-vpn-use-insecure-or-outdated-encryption-501038.shtml
Communications Sector
Nothing to report