Complete DHS Report for July 20, 2016
Daily Report
Top Stories
• Federal officials reached a $425 million settlement with Tesoro
Corporation and Par Hawaii Refining, LLC July 18 resolving Federal Clean Air
Act violations at 1 Par Hawaii refinery in Kapolei, Hawaii, and 5 Tesoro
refineries in Alaska, Washington, Utah, North Dakota, and California. – Associated
Press; KING 5 Seattle
2. July 18,
Associated Press; KING 5 Seattle – (National) Federal $425
million settlement to reduce air pollution at 6 refineries. The U.S.
Justice Department and U.S. Environmental Protection Agency reached a $425
million settlement with Tesoro Corporation and Par Hawaii Refining, LLC July 18
resolving Federal Clean Air Act violations at 1 Par Hawaii refinery in Kapolei,
Hawaii, and 5 Tesoro refineries in Alaska, Washington, Utah, North Dakota, and
California. Under the consent decree, the companies are required to spend
nearly $403 million to install emissions control equipment at the refineries,
and Tesoro must spend approximately $12 million for environmental projects in
communities harmed by the pollution, as well as pay a $10.45 million civil
penalty. Source: http://www.king5.com/tech/science/environment/federal-425-million-settlement-to-reduce-air-pollution-at-6-refineries/276303234
• Authorities are searching July 18 for a man dubbed “America’s
Bandit” who is suspected of robbing six banks in New York City since September
2015, including a Chase Bank branch July 9. – WPIX 11 New York See item 4 below in
the Financial Services Sector
• Crews worked overnight July 18 – July 19 to contain a sewage
spill that released at least 1.5 million gallons of sewage into the Los Angeles
River July 18, prompting the closure of all beaches in Long Beach. – Los
Angeles Times
10. July 19,
Los Angeles Times – (California) Sewage spill in L.A. grows to 1.5 million
gallons and forces closure of beaches in Long Beach. Crews worked overnight
July 18 – July 19 to contain a sewage spill that released at least 1.5 million
gallons of sewage into the Los Angeles River July 18 after the top of a sewer
pipe collapsed, prompting the closure of all beaches in Long Beach. Officials
were testing ocean water samples to ensure there were no health risks to the
public. Source: http://www.latimes.com/local/lanow/la-me-ln-sewage-spill-beaches-20160718-snap-story.html
• Officials reported July 18 that approximately 2.8 million
gallons of diluted wastewater was released into Butler Creek in Augusta,
Georgia, following heavy rainfall July 16. – WRDW 12 Augusta/WAGT 26 Augusta
11. July 18,
WRDW 12 Augusta/WAGT 26 Augusta – (Georgia) Estimated 2.8 M
gallons of diluted wastewater released into Butler Creek. The Augusta
Utilities Department announced July 18 that approximately 2.8 million gallons
of diluted wastewater was released into Butler Creek in Augusta, Georgia,
following heavy rainfall July 16. Officials were working to design and
implement projects to remove significant amounts of rainwater from the
wastewater collection system. Source: http://www.wrdw.com/content/news/Estimated-28-M-gallons-of-diluted-wastewater-released-into-Butler-Creek-387332041.html
Financial Services Sector
4. July 18,
WPIX 11 New York – (New York) $5K reward offered to stop ‘Americas Bandit’ after
6 Manhattan banks struck in almost a year. Authorities offered a reward
July 18 in exchange for information on a man dubbed “America’s Bandit” who is
suspected of robbing six banks in New York City since September 2015, including
a Chase Bank branch July 9. The suspect is considered armed and dangerous. Source:
http://pix11.com/2016/07/18/authorities-offer-5k-reward-for-tips-on-americas-bandit-bank-robberies/
Information Technology Sector
16. July 19,
SecurityWeek – (International) Apple patches tens of vulnerabilities in iOS,
OS X. Apple Inc., released security updates for several of its products
including OS X El Capitan version 10.11.6, which patched a total of 60 security
bugs affecting components such as audio, FaceTime, and CFNetwork, among others
after a Zscaler researcher discovered the flaws could allow unprivileged
applications to access cookies stored in the Safari browser. Apple also
released iOS version 9.3.3., resolving 43 vulnerabilities, one of which could
allow an attacker with physical access to the device to abuse Siri and view
private contact information, among other patches.
17. July 18,
Softpedia – (International) HTTPoxy vulnerability affects CGI-based apps
in PHP, Python, and Go. A developer from Vend discovered CGI applications
written in Hypertext Preprocessor (PHP), Python, and Go were plagued by a
HTTPoxy vulnerability after finding that CGI-based environments receiving
incoming Hypertext Transfer Protocol Secure (HTTP) requests containing a
“Proxy” header were dropping the header’s content in the HTTP_PROXY environment
without sanitization, which could allow an attacker to force a vulnerable
CGI-based application to use a malicious proxy for its outgoing HTTP requests,
carry out Man-in-the-Middle (MitM) attacks, and poison servers. Source: http://news.softpedia.com/news/httpoxy-vulnerability-affects-cgi-based-apps-in-php-python-and-go-506416.shtml
18. July 18,
SecurityWeek – (International) CryptXXX now being distributed via spam
emails. Security researchers from Proofpoint warned that the CryptXXX
malware was leveraging a spam email campaign after discovering that the emails,
using subjects such as “Security Breach – Security Report #123456789,” were
tricking users into activating malicious macros embedded in the emails’
document attachments, which were designed to download and install the
ransomware when the victim interacted with them. Source: http://www.securityweek.com/cryptxxx-now-being-distributed-spam-emails
19. July 18,
Softpedia – (International) Steemit social network hacked, user funds
stolen, DDoS attack ensued. Steemit, a social networking platform,
announced July 14 that an unknown attacker exploited the network’s browser-side
vulnerabilities to steal $85,000 worth of Steem Dollars and Steem Power from
approximately 260 users’ funds after a user reported mysterious transactions
that transferred funds from his account to another Bittrex account, a Bitcoin
trading portal. Steemit’s servers also faced a distributed denial-of-service
(DDoS) attack, prompting the network to bring down its servers for maintenance
and service upgrades. Source: http://news.softpedia.com/news/steem-social-network-hacked-user-funds-stolen-ddos-attack-followed-after-506417.shtml
Communications Sector
Nothing to report