Tuesday, April 5 2016



Complete DHS Report for April 5, 2016

Daily Report                                            

Top Stories

• The South Coast Air Quality Management District board (AQMD) approved the restart of an ExxonMobil refinery in Torrance, California, April 2 and required them to pay a $ 5 million settlement following a February 2015 explosion. – Associated Press

2. April 3, Associated Press – (California) Regulators allow Exxon to restart refinery in California. The South Coast Air Quality Management District board (AQMD) approved the restart of an ExxonMobil refinery in Torrance April 2 following a February 2015 explosion that injured four contractors, caused severe damage at the plant, and prompted the plant’s shutdown. AQMD ordered ExxonMobil to restart outside of school and business hours due to excess emissions that will be released, and ordered the company to pay $5 million in penalties for air pollution violations after the explosion. Source: http://blog.mysanantonio.com/atlarge/2016/04/regulators-allow-exxon-to-restart-refinery-in-california/

• Authorities announced April 1 that a man was charged after he allegedly placed skimming devices on Wells Fargo ATMs throughout San Diego County, compromising at least 4,870 credit and debit cards with losses exceeding $428,000 through the use of counterfeit cards. – San Diego Union-Tribune See item 7 below in the Financial Services Sector

• Two people were killed and 35 people were injured April 3 after an Amtrak train carrying 341 passengers and 7 crew members crashed into a backhoe in Chester, Pennsylvania, forcing the closure of the rail line until April 4. – CNN

10. April 4, CNN – (Pennsylvania) Amtrak restores service after fatal crash; investigation continues. Two people were killed and 35 people were injured April 3 after an Amtrak train carrying 341 passengers and 7 crew members crashed into a backhoe in Chester, Pennsylvania, forcing the closure of the rail line until April 4. The derailment in Chester is 1 of 3 Amtrak crashes that occurred within 12 hours. Source: http://www.cnn.com/2016/04/03/us/philadelphia-amtrak-derailment/index.html?eref=rss_topstories

• Officials stated April 1 that a broken sewage line has been dumping approximately 50 million gallons of untreated wastewater per day into Cypress Creek in Tennessee since March 31. – Associated Press

21. April 1, Associated Press – (Tennessee) Federal officials monitoring sewage spill in Tennessee creek. Officials from the U.S. Environmental Protection Agency announced April 1 that a broken sewage line has been dumping approximately 50 million gallons of untreated wastewater per day into Cypress Creek in Tennessee since March 31 after heavy rainfall caused the ground around the pipe to collapse. Officials were working to determine if there will be long-term health and environmental effects from the spill, and stated that the repairs could take a total of 4 months to complete and cost up to $10 million. Source: http://abcnews.go.com/US/wireStory/federal-officials-monitoring-sewage-spill-tennessee-creek-38094814
  
Financial Services Sector

7. April 3, San Diego Union-Tribune – (International) Thousands of cards compromised in ATM scam. Authorities announced April 1 that a man was charged after he allegedly placed skimming devices on Wells Fargo ATMs throughout San Diego County, compromising at least 4,870 credit and debit cards with losses exceeding $428,000 through the use of counterfeit cards. The man also withdrew money from customer accounts, purchased merchandise from local Walmarts, and transmitted over $114,000 in funds via MoneyGrams to Jordan, Belgium, China, Bulgaria, and Moldova. Source: http://www.sandiegouniontribune.com/news/2016/apr/03/atm-skimming-arrest-alkhateeb/

8. April 2, Oak Lawn Patch – (Illinois) Elusive Midday Bandit robs 11th bank: FBI. The FBI is searching for a man dubbed the “Midday Bandit” who is suspected of robbing the MB Financial Bank branch in Oak Lawn, Illinois, March 31. Authorities stated that the man is suspected of robbing 10 other Chicago-area banks since June 2014. Source: http://patch.com/illinois/oaklawn/elusive-midday-bandit-robs-11th-bank-fbi

9. April 1, Associated Press – (New Jersey; New York; Indiana) Ex-furniture company exec pleads guilty in $18M loan fraud. The former chief financial officer (CFO) of New Jersey-based Munire Furniture Inc., and an affiliated Indiana company pleaded guilty to Federal charges April 1 after the CFO falsified the companies’ financial conditions by inflating sales and revenue numbers beginning in 2011 in order to get $17 million in loans from a Manhattan bank and $1 million in municipal loans from Gas City, Indiana, so the companies could continue business. Officials stated that the companies defaulted on the $18 million loans. Source: http://abcnews.go.com/US/wireStory/furniture-company-exec-pleads-guilty-18m-loan-fraud-38094630

Information Technology Sector

25. April 4, Softpedia – (International) Authentication flaw in Microsoft accounts gets researcher $13,000 reward. Microsoft patched a cross-site request forgery (CSRF) flaw in its main authentication system after a security researcher found attackers could gain access to its Azure, Outlook, and Office servers by altering the “wreply” parameter and sending authentication tokens to a hacker-controlled Web site due to improper input filtering on the “wreply” Uniform Resource Locator (URL). Source: http://news.softpedia.com/news/authentication-flaw-in-microsoft-accounts-gets-researcher-13-000-reward-502544.shtml

26. April 4, SecurityWeek – (International) Romanian hacker “Guccifer” appears in U.S. court. A Romanian national was extradited to the U.S. for a period of 18 months after U.S. authorities stated the man allegedly hacked into the email and social media accounts of two former presidents, a former cabinet member, a former presidential advisor, and a former member of the U.S. Joint Chiefs of Staff, among other people, and released victims’ personal information including private emails, personal photographs, and medical and financial data from December 2012 – January 2014. Source: http://www.securityweek.com/romanian-hacker-guccifer-appears-us-court

27. April 1, Softpedia – (International) Hackers can unlock any HID door controller with one UDP packet. A security researcher from Trend Micro discovered a design vulnerability in HID Global’s door controllers, specifically in VertX and Edge products, that can allow an attacker to send one malicious User Datagram Protocol (UDP) request to a door and automatically unlock the door and/or deactivate the alarm. An attacker could execute remote commands on the device with root privileges due to the two devices running a special daemon titled, discoveryd, which communicates to UDP network packets on port 4070 with information about the device. Source: http://news.softpedia.com/news/hackers-can-unlock-any-hid-door-controller-with-one-udp-packet-502471.shtml

Communications Sector

Nothing to report