Complete DHS Report for April 5, 2016
Daily Report
Top Stories
• The South Coast Air Quality Management District board (AQMD)
approved the restart of an ExxonMobil refinery in Torrance, California, April 2
and required them to pay a $ 5 million settlement following a February 2015
explosion. – Associated Press
2. April 3,
Associated Press – (California) Regulators allow Exxon to restart refinery in
California. The South Coast Air Quality Management District board (AQMD)
approved the restart of an ExxonMobil refinery in Torrance April 2 following a
February 2015 explosion that injured four contractors, caused severe damage at
the plant, and prompted the plant’s shutdown. AQMD ordered ExxonMobil to
restart outside of school and business hours due to excess emissions that will
be released, and ordered the company to pay $5 million in penalties for air
pollution violations after the explosion. Source: http://blog.mysanantonio.com/atlarge/2016/04/regulators-allow-exxon-to-restart-refinery-in-california/
• Authorities announced April 1 that a man was charged after he
allegedly placed skimming devices on Wells Fargo ATMs throughout San Diego
County, compromising at least 4,870 credit and debit cards with losses
exceeding $428,000 through the use of counterfeit cards. – San Diego
Union-Tribune See item 7 below in the Financial Services Sector
• Two people were killed and 35 people were injured April 3 after
an Amtrak train carrying 341 passengers and 7 crew members crashed into a
backhoe in Chester, Pennsylvania, forcing the closure of the rail line until
April 4. – CNN
10. April 4,
CNN – (Pennsylvania) Amtrak restores service after fatal crash;
investigation continues. Two people were killed and 35 people were injured
April 3 after an Amtrak train carrying 341 passengers and 7 crew members
crashed into a backhoe in Chester, Pennsylvania, forcing the closure of the
rail line until April 4. The derailment in Chester is 1 of 3 Amtrak crashes
that occurred within 12 hours. Source: http://www.cnn.com/2016/04/03/us/philadelphia-amtrak-derailment/index.html?eref=rss_topstories
• Officials stated April 1 that a broken sewage line has been
dumping approximately 50 million gallons of untreated wastewater per day into
Cypress Creek in Tennessee since March 31. – Associated Press
21. April 1,
Associated Press – (Tennessee) Federal officials monitoring sewage spill in
Tennessee creek. Officials from the U.S. Environmental Protection Agency
announced April 1 that a broken sewage line has been dumping approximately 50
million gallons of untreated wastewater per day into Cypress Creek in Tennessee
since March 31 after heavy rainfall caused the ground around the pipe to
collapse. Officials were working to determine if there will be long-term health
and environmental effects from the spill, and stated that the repairs could
take a total of 4 months to complete and cost up to $10 million. Source: http://abcnews.go.com/US/wireStory/federal-officials-monitoring-sewage-spill-tennessee-creek-38094814
Financial Services Sector
7. April 3,
San Diego Union-Tribune – (International) Thousands of cards
compromised in ATM scam. Authorities announced April 1 that a man was
charged after he allegedly placed skimming devices on Wells Fargo ATMs
throughout San Diego County, compromising at least 4,870 credit and debit cards
with losses exceeding $428,000 through the use of counterfeit cards. The man
also withdrew money from customer accounts, purchased merchandise from local
Walmarts, and transmitted over $114,000 in funds via MoneyGrams to Jordan,
Belgium, China, Bulgaria, and Moldova. Source: http://www.sandiegouniontribune.com/news/2016/apr/03/atm-skimming-arrest-alkhateeb/
8. April 2,
Oak Lawn Patch – (Illinois) Elusive Midday Bandit robs 11th bank: FBI. The
FBI is searching for a man dubbed the “Midday Bandit” who is suspected of
robbing the MB Financial Bank branch in Oak Lawn, Illinois, March 31.
Authorities stated that the man is suspected of robbing 10 other Chicago-area
banks since June 2014. Source: http://patch.com/illinois/oaklawn/elusive-midday-bandit-robs-11th-bank-fbi
9. April 1,
Associated Press – (New Jersey; New York; Indiana) Ex-furniture company exec
pleads guilty in $18M loan fraud. The former chief financial officer (CFO)
of New Jersey-based Munire Furniture Inc., and an affiliated Indiana company
pleaded guilty to Federal charges April 1 after the CFO falsified the
companies’ financial conditions by inflating sales and revenue numbers
beginning in 2011 in order to get $17 million in loans from a Manhattan bank
and $1 million in municipal loans from Gas City, Indiana, so the companies
could continue business. Officials stated that the companies defaulted on the
$18 million loans. Source: http://abcnews.go.com/US/wireStory/furniture-company-exec-pleads-guilty-18m-loan-fraud-38094630
Information Technology Sector
25. April 4,
Softpedia – (International) Authentication flaw in Microsoft accounts
gets researcher $13,000 reward. Microsoft patched a cross-site request
forgery (CSRF) flaw in its main authentication system after a security
researcher found attackers could gain access to its Azure, Outlook, and Office
servers by altering the “wreply” parameter and sending authentication tokens to
a hacker-controlled Web site due to improper input filtering on the “wreply”
Uniform Resource Locator (URL). Source: http://news.softpedia.com/news/authentication-flaw-in-microsoft-accounts-gets-researcher-13-000-reward-502544.shtml
26. April 4,
SecurityWeek – (International) Romanian hacker “Guccifer” appears in U.S.
court. A Romanian national was extradited to the U.S. for a period of 18
months after U.S. authorities stated the man allegedly hacked into the email
and social media accounts of two former presidents, a former cabinet member, a
former presidential advisor, and a former member of the U.S. Joint Chiefs of
Staff, among other people, and released victims’ personal information including
private emails, personal photographs, and medical and financial data from
December 2012 – January 2014. Source: http://www.securityweek.com/romanian-hacker-guccifer-appears-us-court
27. April 1,
Softpedia – (International) Hackers can unlock any HID door controller
with one UDP packet. A security researcher from Trend Micro discovered a
design vulnerability in HID Global’s door controllers, specifically in VertX
and Edge products, that can allow an attacker to send one malicious User
Datagram Protocol (UDP) request to a door and automatically unlock the door
and/or deactivate the alarm. An attacker could execute remote commands on the
device with root privileges due to the two devices running a special daemon
titled, discoveryd, which communicates to UDP network packets on port 4070 with
information about the device. Source: http://news.softpedia.com/news/hackers-can-unlock-any-hid-door-controller-with-one-udp-packet-502471.shtml
Communications Sector
Nothing to report