Complete DHS Report for March 9, 2016
Daily Report
Top Stories
• Oklahoma officials
announced March 7 that about 18,000 barrels of wastewater injection fluid were
unaccounted for following a spill at a Special Energy Corporation site in Grant
County. – Enid News & Eagle (See item 1)
1.
March 7, Enid News & Eagle –
(Oklahoma) Wastewater spills thousands of barrels in Grant County. The
Oklahoma Corporation Commission announced March 7 that about 18,000 barrels of
wastewater injection fluid remained unaccounted for following a spill at a
Special Energy Corporation site in Grant County the week of February 29 due to
a malfunctioning underground valve. Officials reported that an unknown amount
of the wastewater leaked into Polecat Creek and that the incident remains under
investigation. Source: http://www.enidnews.com/news/wastewater-spills-thousands-of-barrels-in-grant-county/article_0c702e34-e4aa-11e5-9479-4f4a3ba1caba.html
• State Route 28 near Quincy, Washington was shut down for nearly
12 hours March 6 due to an overturned semi-truck that leaked approximately
2,000 gallons of gasoline. – Grant County iFiber One News
10. March 7,
Grant County iFiber One News – (Washington) Tanker rolls on
state Route 28 Sunday, spills fuel. State Route 28 near Quincy, Washington
was shut down for nearly 12 hours March 6 while crews worked to clear the
wreckage from an overturned semi-truck that leaked approximately 2,000 gallons
of gasoline. Source: http://www.ifiberone.com/news/tanker-rolls-on-state-route-sunday-spills-fuel/article_44042c66-e49a-11e5-b652-77b1a6978022.html
• Federal authorities issued a public health alert March 7
informing the public of a Maxi Canada, Inc., recall for about 103,752 pounds of
its Yummy brand Chicken Breast Nuggets due to contamination with metal pieces.
– U.S. Department of Agriculture
12. March 8,
U.S. Department of Agriculture – (International) FSIS issues
public health alert for imported chicken product foreign matter contamination. The
Food Safety and Inspection Service (FSIS) issued a public health alert March 7
to notify the public of a Maxi Canada, Inc., recall for approximately 103,752
pounds of its Yummy brand Chicken Breast Nuggets products sold in the U.S. due
to contamination with metal pieces after the Quebec, Canada-based company
received a consumer complaint of a foreign object in the product. The products
were imported into the U.S. from July 2015 – March 2016. Source: http://www.fsis.usda.gov/wps/portal/fsis/newsroom/news-releases-statements-transcripts/news-release-archives-by-year/archive/2016/pha-030716
• Vulnerability Lab reported that Apple’s iOS versions 9.0, 9.1,
and 9.2.1 contained several connected passcode bypass vulnerabilities affecting
various iPhone and iPad products that allowed an attacker to access a device
and compromise sensitive user data, emails, and phone settings. – SecurityWeek
See item 20 below in the
Information Technology Sector
Financial Services Sector
4. March 7,
U.S. Securities and Exchange Commission – (Rhode Island) SEC charges
Rhode Island agency and Wells Fargo with fraud in 38 Studios bond offering. The
U.S.
Securities and Exchange Commission charged Rhode Island Economic Development
Corporation (RIEDC), two former executives, Wells Fargo Securities, and a
former lead banker March 7 for defrauding investors in a $75 million municipal
bond offering to finance 38 Studios, a startup video game company, after RIEDC allegedly
loaned the startup only $50 million in bond proceeds and used the remaining
proceeds to pay related bond offering expenses and establish other funds. RIEDC
and Wells Fargo reportedly failed to disclose to investors that 38 Studios
faced a funding shortage and could not produce the video game, causing the
company to default on the loan, and failed to disclose that Wells Fargo had a
side deal with 38 Studios which enabled the firm to receive additional
compensation. Source: https://www.sec.gov/news/pressrelease/2016-37.html
Information Technology Sector
17. March 8,
Help Net Security – (International) Google plugs 19 holes in newest Android
security update. Google released 19 security issues for its Android Open Source Project (AOSP)
after its company’s security researchers found two remote code execution (RCE)
vulnerabilities in Mediaserver that can be leveraged via a specially crafted
file, as well as discovering a critical vulnerability in the Qualcomm
performance component that can be leveraged to allow elevation of privileges
flaw, enabling a local malicious application to execute arbitrary code in the
kernel, among other vulnerabilities. Source: https://www.helpnetsecurity.com/2016/03/08/android-security-update/
18. March 8,
SecurityWeek – (International) Facebook password reset flaw earns
researchers $15,000. An independent researcher from India discovered a
brute-force vulnerability in Facebook’s beta.facebook.com domain that could
allow an attacker to change user account passwords by easily finding the
six-digit code sent to customers requesting a password reset via email or text
message. Facebook patched the vulnerability February 23. Source: http://www.securityweek.com/facebook-password-reset-flaw-earns-researcher-15000
19. March 7,
Softpedia – (International) Intel fixes McAfee bug that allowed attackers
to disable antivirus protection. Intel Security released version SB10151
for its McAfee Enterprise antivirus program after a security researcher from
Mediaservice found attackers could bypass the administration password and
unlock the safe registry keys in the McAfee VirusScan Enterprise engine due to
the feature’s improper implementation. Source: http://news.softpedia.com/news/intel-fixes-mcafee-bug-that-allowed-attackers-to-disable-antivirus-protection-501441.shtml
20. March 7,
SecurityWeek – (International) Multiple passcode bypass vulnerabilities
discovered in iOS 9. Researchers from Vulnerability Lab reported that
Apple’s iOS versions 9.0, 9.1, and 9.2.1 contain several connected passcode
bypass vulnerabilities and affects iPhone 5, 5s, 6, and 6s, as well as iPad
mini, iPad 1 and iPad 2 products. The vulnerability can allow an attacker to
access a device and compromise sensitive user data, including address books,
photos, short message service (SMS), multimedia messaging service (MMS),
emails, and phone settings, among other data. Source: http://www.securityweek.com/multiple-passcode-bypass-vulnerabilities-discovered-ios-9
For another story, see item 4 above in the Financial Services Sector
Communications Sector
Nothing to report