Complete DHS Report for March 22, 2016
• A March 19 fire at the Kwik’Pak Fisheries LLC facility in Emmonak, Alaska, destroyed 3 buildings, spread to 2 others owned by Yukon Marine Manufacturing, and caused an estimated $3 million in damages. – KTUU 2 Anchorage
10. March 20, KTUU 2 Anchorage – (Alaska) Saturday fire swallows five buildings in Emmonak causing $3 million in damage. A March 19 fire at the Kwik’Pak Fisheries LLC facility in Emmonak, Alaska, destroyed 3 buildings, spread to 2 others owned by Yukon Marine Manufacturing, and caused an estimated $3 million in damages after fire suppression efforts failed due to inoperable equipment. No injuries were reported and authorities are investigating the cause of the blaze. Source: http://www.ktuu.com/news/news/emmonak-fire-swallows-five-buildings-causing-3-million-in-damage/38608818
• Apple Inc., will release an update patching a zero-day flaw in its operating system (iOS) encryption which could allow attackers to decrypt intercepted iMessages in iOS 9 and older iOS versions. – Help Net Security See item 20 below in the Information Technology Sector
• Secunia researchers released a report detailing that in 2015, 16,081 flaws were found in 2,484 software applications from 263 different vendors including Google, Adobe, Microsoft, and Oracle, among others. – Softpedia See item 22 below in the Information Technology Sector
• A 3-alarm fire March 20 at the Flying J truck stop and the Denny’s restaurant in Indianapolis caused about $4 million in damages and prompted the truck stop’s indefinite closure. – WXIN 59 Indianapolis
23. March 21, WXIN 59 Indianapolis – (Indiana) Fire at Indianapolis Flying J truck stop causes $4 million in damage. A 3-alarm fire at the Flying J truck stop and the Denny’s restaurant in Indianapolis caused about $4 million in damages and prompted the evacuation of 40 people after the fire began outside the restaurant and spread to surrounding areas due to strong winds March 20. The truck stop was closed indefinitely and officials are investigating the cause of the fire.
Financial Services Sector
6. March 18, South Florida Sun-Sentinel – (Florida; Indiana) Two arrested after boarding plane with bundles of fake credit cards, detectives said. Officials from the Broward Sheriff’s Office announced March 18 that 2 men were arrested at Fort Lauderdale-Hollywood International Airport March 16 after security officials detected a total of 186 fraudulent Vanilla Visa and Walmart Stores, Inc., gift cards in the pair’s checked luggage. Authorities stated that 83 of the cards were re-encoded with real credit card numbers, some of which were issued by banks to several card-holders in Indiana. Source: http://www.sun-sentinel.com/local/broward/fort-lauderdale/fl-airport-gift-card-fraud-20160318-story.html
For another story, see item 28 from the Commercial Facilities Sector
28. March 19, Associated Press – (California) Train hero’s father charged in California arson fraud scheme. An indictment unsealed March 18 stated that 3 people were charged for their involvement in an arson fraud scheme after the trio allegedly set 7 fires at 6 commercial buildings in the Sacramento area and collected over $1.5 million in insurance proceeds from 2009 – 2013. Source: http://www.foxnews.com/us/2016/03/19/train-heros-father-charged-in-california-arson-fraud-scheme.html
Information Technology Sector
20. March 21, Help Net Security – (International) iOS zero-day breaks Apple’s iMessage encryption. Researchers from Johns Hopkins University discovered a zero-day flaw in Apple’s operating system (iOS) encryption which could allow attackers to decrypt intercepted iMessages in iOS 9 and older iOS versions. Apple Inc., partially patched the vulnerability in iOS 9, but reported that the flaw will be completely patched in iOS 9.3 March 21.
21. March 21, SecurityWeek – (International) Symantec patches high risk vulnerabilities in Endpoint protection. Symantec released a security update for its Symantec Endpoint Protection (SEP) product which patched three high risk security flaws including a cross-site request forgery (CSRF) vulnerability, a Structured Query Language (SQL) injection vulnerability, and a bypass security flaw that could allow authorized users with low privileges to gain elevated access to the Management Console, as well as enable attackers to achieve arbitrary code execution on a victim’s device by bypassing the SEP Client security mitigations, among other actions. Source: http://www.securityweek.com/symantec-patches-high-risk-vulnerabilities-endpoint-protection
22. March 19, Softpedia – (International) There were over 16,000 software bugs detected in 2015. Secunia researchers released a report detailing that in 2015, 16,081 flaws were found in 2,484 software applications from 263 different vendors including Google, Adobe, Microsoft, and Oracle, among others, and that 57 percent of the vulnerabilities could be exploited from a remote network. The report stated that there was a 2 percent increase in vulnerabilities from 2014 – 2015. Source: http://news.softpedia.com/news/there-have-been-over-16-000-software-bugs-detected-in-2015-501939.shtml
Nothing to report