Monday, June 20, 2016



Complete DHS Report for June 20, 2016

Daily Report                                            

Top Stories

• Utility crews worked to restore power to more than 150,000 customers across central Virginia June 17 following severe storms that produced strong winds and frequent lightning June 16. – WWBT 12 Richmond

1. June 17, WWBT 12 Richmond – (Virginia) Over 150,000 homes, businesses without power in central Va. Utility crews worked to restore power to more than 150,000 customers across central Virginia June 17 following severe storms that produced strong winds and frequent lightning June 16. Source: http://www.nbc12.com/story/32244892/nearly-150000-homes-businesses-without-power-in-central-va?clienttype=generic

• The Willy Wonka Candy Factory in Itasca was evacuated overnight June 16 – June 17 after lithium chloride was spilled when a pipe carrying the chemical burst, injuring a dozen workers. – WBBM 2 Chicago

12. June 17, WBBM 2 Chicago – (Illinois) Chemical spill at suburban candy factory sickens workers. The Willy Wonka Candy Factory in Itasca, Illinois, was evacuated overnight June 16 – June 17 after lithium chloride, a product used for humidity control, was spilled when a pipe carrying the chemical burst, prompting around a dozen workers to be transported to area hospitals with respiratory issues. Authorities stated that the material was non-hazardous and the spill was contained. Source: http://chicago.cbslocal.com/2016/06/17/chemical-spill-at-suburban-candy-factory-sickens-workers/

• Thirty-two municipal wells owned by the Security Water and Sanitation District were contaminated with Perfluorinated chemicals June 15, placing about 80,000 residents near Colorado Springs at risk. – Denver Post

19. June 16, Denver Post – (Colorado) Drinking water in three Colorado cities contaminated with toxic chemicals above EPA limits. Officials announced June 15 that 32 municipal wells owned by the Security Water and Sanitation District are contaminated with invisible toxic Perfluorinated chemicals, placing approximately 80,000 residents near Colorado Springs at risk and prompting officials to shut down seven wells. Officials notified residents informing them of the contaminated waters. Source: http://www.denverpost.com/2016/06/15/colorado-widefield-fountain-security-water-chemicals-toxic-epa/

• The U.S. Department of Justice reported June 15 that a former leader of the hacking group, Kosova Hacker’s Security pleaded guilty to stealing data on more than 1,300 U.S. military and government personnel while providing the information to the Islamic State. – IDG News Service

24. June 16, IDG News Service – (International) Pro-ISIS hacker pleads guilty to stealing U.S. military data. The U.S. Department of Justice reported June 15 that a former leader of the hacking group, Kosova Hacker’s Security pleaded guilty to stealing data on more than 1,300 U.S. military and government personnel while providing the information to the Islamic State. The FBI investigated the hacked server and found the same Internet Protocol (IP) address the man used to carry out the attacks was the same IP address used for his personal Facebook and Twitter accounts. Source: http://www.computerworld.com/article/3085209/security/pro-isis-hacker-pleads-guilty-to-stealing-us-military-data.html#tk.rss_security

Financial Services Sector

6. June 17, Bergen County Record – (New Jersey) Time runs out for suspected ‘Countdown Bandit;’ arrest made in North Jersey bank heists. A man dubbed the “Countdown Bandit” was arrested June 16 after he allegedly robbed the Spencer Savings Bank in Wallington, New Jersey, and at least nine other banks in the region since February 2015. Source: http://www.northjersey.com/news/time-runs-out-for-suspected-countdown-bandit-arrest-made-in-north-jersey-bank-heists-1.1617419

Information Technology Sector

25. June 17, SecurityWeek – (International) Adobe patches flash zero-day exploited by APT Group. Adobe released Flash Player 22.0.0.192 which addressed 36 flaws that could be exploited for arbitrary code execution and information disclosure after a new advanced persistent threat (APT) group dubbed, “ScarCruft” was using the flaws to disseminate its “Operation DayBreak” campaign to target high-profile targets. In addition, researchers discovered that attackers were using a method to bypass modern anti-malware products by decrypting and executing a shellcode that downloads and runs a Dynamic Link Library (DLL) file. Source: http://www.securityweek.com/adobe-patches-flash-zero-day-exploited-apt-group

26. June 16, Softpedia – (International) GitHub resets some user passwords after brute-force attack. GitHub reported that it reset all its users’ passwords and advised its users to look at their password complexity level and enable the two-factor authentication for their accounts after the company’s security researchers found a hacker had used credentials leaked during a previous breach to access GitHub users’ accounts. The company stated their systems were not compromised or breached in the attack. Source: http://news.softpedia.com/news/github-resets-some-user-passwords-after-brute-force-attack-505340.shtml

27. June 16, Softpedia – (International) Microsoft open-sources “Checked C,” a safer C version. Microsoft released its open-sourced Checked C, which will help developers detect common programming errors such as buffer overruns, out-of-bounds memory access, and incorrect type casts that were previously used in vulnerabilities including Shellshock, Heartbleed, and Sandworm. Checked C will modify how pointers are handled and will allow programmers to detect errors as they create the code. Source: http://news.softpedia.com/news/microsoft-open-sources-checked-c-a-safer-c-version-505331.shtml

For another story, see item 24 above in Top Stories

Communications Sector

28. June 17, KMOV4 St. Louis – (Missouri) AT&T restored Friday Morning. AT&T customers in four Missouri cities experienced outages June 16 including firefighters and police officers forcing them to use map books to find locations. Source: http://www.wnem.com/story/32238092/att-outage-reported-in-parts-of-missouri