Wednesday, July 20, 2016



Complete DHS Report for July 20, 2016

Daily Report                                            

Top Stories

• Federal officials reached a $425 million settlement with Tesoro Corporation and Par Hawaii Refining, LLC July 18 resolving Federal Clean Air Act violations at 1 Par Hawaii refinery in Kapolei, Hawaii, and 5 Tesoro refineries in Alaska, Washington, Utah, North Dakota, and California. – Associated Press; KING 5 Seattle

2. July 18, Associated Press; KING 5 Seattle – (National) Federal $425 million settlement to reduce air pollution at 6 refineries. The U.S. Justice Department and U.S. Environmental Protection Agency reached a $425 million settlement with Tesoro Corporation and Par Hawaii Refining, LLC July 18 resolving Federal Clean Air Act violations at 1 Par Hawaii refinery in Kapolei, Hawaii, and 5 Tesoro refineries in Alaska, Washington, Utah, North Dakota, and California. Under the consent decree, the companies are required to spend nearly $403 million to install emissions control equipment at the refineries, and Tesoro must spend approximately $12 million for environmental projects in communities harmed by the pollution, as well as pay a $10.45 million civil penalty. Source: http://www.king5.com/tech/science/environment/federal-425-million-settlement-to-reduce-air-pollution-at-6-refineries/276303234

• Authorities are searching July 18 for a man dubbed “America’s Bandit” who is suspected of robbing six banks in New York City since September 2015, including a Chase Bank branch July 9. – WPIX 11 New York See item 4 below in the Financial Services Sector

• Crews worked overnight July 18 – July 19 to contain a sewage spill that released at least 1.5 million gallons of sewage into the Los Angeles River July 18, prompting the closure of all beaches in Long Beach. – Los Angeles Times

10. July 19, Los Angeles Times – (California) Sewage spill in L.A. grows to 1.5 million gallons and forces closure of beaches in Long Beach. Crews worked overnight July 18 – July 19 to contain a sewage spill that released at least 1.5 million gallons of sewage into the Los Angeles River July 18 after the top of a sewer pipe collapsed, prompting the closure of all beaches in Long Beach. Officials were testing ocean water samples to ensure there were no health risks to the public. Source: http://www.latimes.com/local/lanow/la-me-ln-sewage-spill-beaches-20160718-snap-story.html

• Officials reported July 18 that approximately 2.8 million gallons of diluted wastewater was released into Butler Creek in Augusta, Georgia, following heavy rainfall July 16. – WRDW 12 Augusta/WAGT 26 Augusta

11. July 18, WRDW 12 Augusta/WAGT 26 Augusta – (Georgia) Estimated 2.8 M gallons of diluted wastewater released into Butler Creek. The Augusta Utilities Department announced July 18 that approximately 2.8 million gallons of diluted wastewater was released into Butler Creek in Augusta, Georgia, following heavy rainfall July 16. Officials were working to design and implement projects to remove significant amounts of rainwater from the wastewater collection system. Source: http://www.wrdw.com/content/news/Estimated-28-M-gallons-of-diluted-wastewater-released-into-Butler-Creek-387332041.html

Financial Services Sector

4. July 18, WPIX 11 New York – (New York) $5K reward offered to stop ‘Americas Bandit’ after 6 Manhattan banks struck in almost a year. Authorities offered a reward July 18 in exchange for information on a man dubbed “America’s Bandit” who is suspected of robbing six banks in New York City since September 2015, including a Chase Bank branch July 9. The suspect is considered armed and dangerous. Source: http://pix11.com/2016/07/18/authorities-offer-5k-reward-for-tips-on-americas-bandit-bank-robberies/

Information Technology Sector

16. July 19, SecurityWeek – (International) Apple patches tens of vulnerabilities in iOS, OS X. Apple Inc., released security updates for several of its products including OS X El Capitan version 10.11.6, which patched a total of 60 security bugs affecting components such as audio, FaceTime, and CFNetwork, among others after a Zscaler researcher discovered the flaws could allow unprivileged applications to access cookies stored in the Safari browser. Apple also released iOS version 9.3.3., resolving 43 vulnerabilities, one of which could allow an attacker with physical access to the device to abuse Siri and view private contact information, among other patches.

17. July 18, Softpedia – (International) HTTPoxy vulnerability affects CGI-based apps in PHP, Python, and Go. A developer from Vend discovered CGI applications written in Hypertext Preprocessor (PHP), Python, and Go were plagued by a HTTPoxy vulnerability after finding that CGI-based environments receiving incoming Hypertext Transfer Protocol Secure (HTTP) requests containing a “Proxy” header were dropping the header’s content in the HTTP_PROXY environment without sanitization, which could allow an attacker to force a vulnerable CGI-based application to use a malicious proxy for its outgoing HTTP requests, carry out Man-in-the-Middle (MitM) attacks, and poison servers. Source: http://news.softpedia.com/news/httpoxy-vulnerability-affects-cgi-based-apps-in-php-python-and-go-506416.shtml

18. July 18, SecurityWeek – (International) CryptXXX now being distributed via spam emails. Security researchers from Proofpoint warned that the CryptXXX malware was leveraging a spam email campaign after discovering that the emails, using subjects such as “Security Breach – Security Report #123456789,” were tricking users into activating malicious macros embedded in the emails’ document attachments, which were designed to download and install the ransomware when the victim interacted with them. Source: http://www.securityweek.com/cryptxxx-now-being-distributed-spam-emails

19. July 18, Softpedia – (International) Steemit social network hacked, user funds stolen, DDoS attack ensued. Steemit, a social networking platform, announced July 14 that an unknown attacker exploited the network’s browser-side vulnerabilities to steal $85,000 worth of Steem Dollars and Steem Power from approximately 260 users’ funds after a user reported mysterious transactions that transferred funds from his account to another Bittrex account, a Bitcoin trading portal. Steemit’s servers also faced a distributed denial-of-service (DDoS) attack, prompting the network to bring down its servers for maintenance and service upgrades. Source: http://news.softpedia.com/news/steem-social-network-hacked-user-funds-stolen-ddos-attack-followed-after-506417.shtml

Communications Sector

Nothing to report