Wednesday, April 6, 2016



Complete DHS Report for April 6, 2016

Daily Report                                            

Top Stories

• A U.S. district judge in New Orleans gave final approval April 4 to an estimated $20 billion settlement over the 2010 BP oil spill in the Gulf of Mexico that killed 11 workers and caused a 134-million-gallon spill. – Associated Press

2. April 5, Associated Press – (International) US judge OKs $20B settlement from 2010 BP oil spill. A U.S. district judge in New Orleans gave final approval April 4 to an estimated $20 billion settlement over the 2010 BP oil spill in the Gulf of Mexico that killed 11 workers and caused a 134-million-gallon spill. The settlement resolves Clean Water Act penalties and will cover the cost of environmental damage and other claims by five Gulf of Mexico States and local governments. Source: http://abcnews.go.com/US/wireStory/us-judge-oks-20b-settlement-2010-bp-oil-38142701

• TransCanada Corporation shut down the Keystone pipeline until further notice after a potential leak was reported April 2 in Hutchinson County, South Dakota. – Associated Press

3. April 5, Associated Press – (South Dakota) Keystone pipeline shut down as possible leak investigated. TransCanada Corporation shut down the Keystone pipeline until further notice after a potential leak was reported April 2 in Hutchinson County, South Dakota. Crews reported to the site to remove the oil and investigate the source of the leak.

• Officials from the Trump Hotel Collection reported April 4 that they were investigating a potential breach in its credit card systems after sources in the financial sector detected fraudulent transactions on customers’ credit cards. – Krebs On Security

27. April 4, Krebs On Security – (International) Sources: Trump Hotels breached again. Officials from the Trump Hotel Collection reported April 4 that they were investigating a potential breach in its credit card systems which affects more than a dozen global properties after three sources in the financial sector discovered a pattern of fraudulent transactions on customers’ credit cards. Source: http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/

• A 3-alarm fire at a metal recycling center in Montclair, California, April 4 closed westbound lanes of Mission Boulevard for several hours and prompted 8 homes, 1 mobile home park, 1 motel, and 40 other apartments to evacuate. – KABC 7 Los Angeles

29. April 4, KABC 7 Los Angeles – (California) Large fire erupts at metal recycling center in Montclair. Police reported April 4 that a 3-alarm fire at a metal recycling center in Montclair, California, closed westbound lanes of Mission Boulevard for several hours and prompted 8 homes, 1 mobile home park, 1 motel, and 40 other apartments to evacuate while 5 fire departments worked to contain the blaze. One person was injured and officials stated it would take several hours before crews could enter the recycling center due to burned hazardous material. Source: http://abc7.com/news/large-fire-erupts-at-metal-recycling-center-in-montclair/1275927/

Financial Services Sector

5. April 5, U.S. Department of Justice – (International) Two former senior executives of global financial services company charged in scheme to defraud clients through secret trading commissions on billions of dollars in securities trades. Two former executives of a Boston-based financial services company were charged in an indictment unsealed April 5 for their roles in a scheme where the duo and co-conspirators allegedly added secret commissions to billions of dollars of fixed income and equity trades performed for at least six clients of the bank’s transition management business, thereby overcharging the clients by millions of dollars. The indictment also alleges that from February 2010 to September 2011 the pair took action to hide the commission from the clients and other bank employees. Source: https://www.justice.gov/opa/pr/two-former-senior-executives-global-financial-services-company-charged-scheme-defraud-clients

Information Technology Sector

20. April 5, SecurityWeek – (International) Researchers bypass patch for old IBM Java flaw. The founder and chief executive officer (CEO) of Security Explorations reported that a sandbox escape vulnerability in IBM Java, which was previously patched in 2013, could still be exploited by attackers after discovering the flaw could be abused by making minor modifications to the proof-of-concept (PoC) code published by the company in July 2013. A patch has yet to be released, but IBM was working to release a fix.

21. April 4, The Register – (International) Top Firefox extensions can hide silent malware using easy pre-fab tool. Two U.S. security researchers at the Black Hat Asia 2016 security conference reported that Mozilla’s Firefox extensions were open to attacks that can compromise machines and pass automated and human security tests by reusing attack exploit weaknesses in the structure of Firefox extensions to disguise malicious activity as legitimate functionality. Source: http://www.theregister.co.uk/2016/04/04/top_firefox_extensions_can_hide_silent_malware_using_easy_prefab_tool/

22. April 4, SecurityWeek – (International) Path traversal flaw found in ICONICS WebHMI. A German researcher discovered that ICONICS’ WebHMI product was plagued with a directory traversal flaw that could allow a remote attacker to access configuration files that stored password hashes and other information by sending a request to a vulnerable WebHMI product via the Internet. ICONICs have not released a patch and advised users to avoid exposing the product to the Internet.

23. April 4, IDG News Service – (International) HTTP compression continues to put encrypted communications at risk. Security researchers from the National Technical University of Athens reported at the Black Hat Asia 2016 security conference that they made improvements to the Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) attack to make it practical for hacking Transport Layer Security (TLS) block ciphers such as Advanced Encryption Standard (AES) by intercepting a victim’s Web traffic through a router connected to a wireless network. Source: http://www.computerworld.com/article/3051677/security/http-compression-continues-to-put-encrypted-communications-at-risk.html#tk.rss_security

24. April 4, Softpedia – (International) Chrome extension caught hijacking users’ browsers. Google reported that it banned the Better History Chrome extension from its Web Store after users reported that the extensions redirected them to click on a Hypertext Transfer Protocol (HTTP) link that lead to an extra Web page showing several types of advertisements. The extra Web page collected analytics on users which could be later used to sell online to advertisers. Source: http://news.softpedia.com/news/chrome-extension-caught-hijacking-users-browsers-502557.shtml

25. April 4, Softpedia – (International) Google fixes another 40 security bugs in Android’s April update. Google released an Android Security Advisory patching 40 security flaws including 15 critical bugs in Android devices running versions 4.4.4 and higher, that could have allowed an attacker to root and permanently compromise the device. In addition, multiple remote code execution (RCE) flaws were patched in Dynamic Host Configuration Protocol Client Daemon (DHCPCD) service, Media Codec, Mediaserver component, and the libstagefright library, among other patched vulnerabilities. Source: http://news.softpedia.com/news/google-fixes-another-40-security-bugs-in-android-s-april-update-502564.shtml

26. April 4, SecurityWeek – (International) iOS app patching tool “rollout” prone to abuse. Security researchers from FireEye reported that another quick-patching solution, Rollout.io, used for Apple’s iOS applications and runs on 35 million devices could be abused by malicious hackers to integrate a malicious third-party ad software development kit (SDK) into a legitimate app and potentially turn harmless iOS apps into malware. Source: http://www.securityweek.com/ios-app-patching-tool-rollout-prone-abuse

Communications Sector

Nothing to report