Monday, May 16, 2016



Complete DHS Report for May 16, 2016

Daily Report                                            

Top Stories

• Federal authorities announced that nearly 90,000 gallons of crude oil was released into the Gulf of Mexico from Shell Offshore Inc.’s Glider subsea system at its Brutus platform off the Louisiana coast May 12. – NBC News  

1. May 12, NBC News – (International) Tens of thousands of gallons of crude oil spill into the Gulf of Mexico. Federal authorities announced that nearly 90,000 gallons of crude oil was released into the Gulf of Mexico from Shell Offshore Inc.’s Glider subsea system at its Brutus platform off the Louisiana coast May 12. Shell reported that production from all wells that flow to the platform were shut off and the U.S. Coast Guard stated that the spill was contained and cleanup operations were underway. Source: http://www.nbcnews.com/news/us-news/tens-thousands-gallons-crude-oil-spill-gulf-mexico-n573311

• Federal officials announced May 12 new steps to address methane emissions from both new and existing sources in the oil and gas sector in an effort to reduce 510,000 short tons of methane by 2025. – U.S. Environmental Protection Agency

2. May 12, U.S. Environmental Protection Agency – (National) EPA releases first-ever standards to cut methane emissions from the oil and gas sector. The U.S. Environmental Protection Agency announced May 12 new steps to address methane emissions from both new and existing sources in the oil and gas sector, which include clarification of the Source Determination Rule, and a final Federal implementation plan for the Minor New Source Review Program in Indian County in an effort to reduce 510,000 short tons of methane by 2025. The new regulations also include the issuance of an Information Collection Request (ICR) that seeks information on the types of technology that could be used to reduce emissions and their associated costs.

• The governor of Michigan announced May 12 that the State will pay all Flint water bills in May to encourage the flushing of lead from old pipes and the recoating of plumbing with a corrosion chemical. – Associated Press

18. May 12, Associated Press – (Michigan) Michigan will pay Flint’s water bill in May. The governor of Michigan announced May 12 that the State will pay all Flint water bills in May to encourage the flushing of lead from old pipes and the recoating of plumbing with a corrosion chemical. The campaign, which began May 1 and will cost the State an estimated $1.7 million, urges residents to run cold water for 10 minutes a day for 14 days in order to help rid the system of toxic lead. Source: http://www.abcactionnews.com/news/national/michigan-will-pay-flints-water-bill-in-may

• Three doctors were charged May 12 for allegedly selling more than $5 million worth of prescription drugs from a now-defunct business on South Broad Street in Philadelphia under the guise of offering help to addicts. – WPVI 6 Philadelphia

19. May 12, WPVI 6 Philadelphia – (Pennsylvania) Philadelphia doctors charged in $5M prescription drug bust. Three doctors were charged May 12 for allegedly selling more than $5 million worth of prescription drugs from a now-defunct business on South Broad Street in Philadelphia known as the National Association for Substance Abuse, Prevention & Treatment by reaching out to unsuspecting families of addicts under the guise of offering help. The doctors reportedly exploited the addictions by writing prescriptions for commonly abused drugs without medical or mental evaluations in exchange for cash.

Financial Services Sector

5. May 13, IDG News Service – (International) SWIFT warns of malware attack on another customer. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) warned customers May 13 against a second malware attack discovered at a bank using its services that targeted customer banks’ secondary security controls by modifying the bank’s PDF reader with malicious software to conceal the fraudulent transactions in PDF reports of payment confirmations. Attackers also exploited vulnerabilities in the bank’s systems in order to initiate fund transfers, steal credentials, and use them to send irrevocable fund transfer orders via the SWIFT network.

6. May 12, Associated Press – (National) RushCard to pay $19 million to users for last year’s outage. RushCard agreed to pay at least $19 million to compensate its users impacted by an October 2015 service outage after the company attempted to switch payment processors, which caused tens of thousands of RushCard accounts to freeze leaving customers without access to their money for as long as 2 weeks. According to the agreement, the company will pay each customer who could not access their funds at least $100, and up to $500 to individuals who can document any losses incurred due to the outage. Source: http://www.wsfa.com/story/31959686/rushcard-to-pay-19-million-to-users-for-last-years-outage

7. May 12, KCCI 8 Des Moines – (Iowa) Former worker pleads guilty in $626,941 banks embezzlement case. The former president of People’s Savings Bank in Crawfordsville, Iowa, pleaded guilty May 9 to embezzling $626,941 from the bank after he created multiple straw loans involving existing bank customers and stole the loan proceeds from December 2002 – March 2013. Officials stated the former executive also received unauthorized bonuses and salary increases from January 2008 – October 2013. Source: http://www.kcci.com/news/former-worker-pleads-guilty-in-626941-bank-embezzlement-case/39513608

Information Technology Sector

22. May 12, SecurityWeek – (International) Adobe patches Flash zero-day exploited in the wild. Adobe updated its Flash Player for Microsoft Windows, Apple Mac, and Linux addressing 25 vulnerabilities including a type confusion, use-after-free, buffer overflow, directory search path, various memory corruption vulnerabilities that can lead to arbitrary code execution, and a zero-day that has been exploited in the wild. Source: http://www.securityweek.com/adobe-patches-flash-zero-day-exploited-wild

23. May 12, Softpedia – (International) 7-Zip 16.0 released to fix gaping security hole. The 7-Zip project released version 16.0 of their open-source (de)compression software patching two critical vulnerabilities discovered by Cisco’s Talos team, which include a heap overflow vulnerability and an out-of-bounds read vulnerability, due to an issue with how the 7-Zip client handles Universal Disk Format (UDF) files. Attackers can create a booby-trapped 7-Zip archive which contains a malicious file that clients’ can unzip, initiating the attack. Source: http://news.softpedia.com/news/7-zip-16-0-released-to-fix-gaping-security-hole-504003.shtml

For another story, see item 12 below from the Transportation Systems Sector

12. May 12, Network World – (National) DHS inspector general lambasts TSA’s IT security flaws. The DHS Office of Inspector General released a report the week of May 9 following a review of the Transportation Security Administration’s (TSA) Security Technology Integrated Program (STIP) and its Information Technology (IT) department, which found several security issues including unpatched software, inadequate contractor oversight, physical security, and inadequate vulnerability reporting, among other issues. The TSA stated that it is addressing the recommendations made in the report, and has developed a Cybersecurity Statement of Objective in order to bring legacy transportation security equipment into compliance with IT security controls mandated by DHS. Source: http://www.networkworld.com/article/3069561/careers/dhs-inspector-general-lambasts-tsa-s-it-security-flaws.html

Communications Sector

Nothing to report