Complete DHS Report for July 28, 2016
Daily Report
Top Stories
• Officials approved 200 water crossings and 3 Section 408
easements July 26, allowing the $3.8 billion, 1,168-mile Dakota Access pipeline
to cross U.S. Army Corps of Engineers property along its route from the Bakken
region of North Dakota through Iowa and into Illinois. – Bismarck Tribune;
Cedar Rapids Gazette
2. July 26,
Bismarck Tribune; Cedar Rapids Gazette – (National) U.S. Army Corps of
Engineers approves Dakota Access river crossing permits. The U.S. Army
Corps of Engineers approved 200 water crossings and 3 Section 408 easements
July 26, allowing the $3.8 billion, 1,168-mile Dakota Access pipeline to cross
U.S. Army Corps of Engineers property along its route from the Bakken region of
North Dakota through Iowa and into Illinois. Energy Transfer Partners, the
pipeline’s developer, still requires approval for an easement in Illinois and
an easement in South Dakota.
• PSEG Nuclear officials reported July 25 that its Salem 2 nuclear
reactor at Salem Nuclear Power Plant in Lower Alloways Creek Township, New
Jersey, was shut down July 24 after an alert from a generator protection system
indicated there was an electrical fault in the reactor’s main generator. – South
Jersey Times
3. July 26,
South Jersey Times – (New Jersey) N.J. nuclear plant shut down for 4th time in
past month. PSEG Nuclear officials reported July 25 that its Salem 2
nuclear reactor at Salem Nuclear Power Plant in Lower Alloways Creek Township,
New Jersey, was shut down July 24 after an alert from a generator protection
system indicated there was an electrical fault in the reactor’s main generator.
Officials stated that Salem 1 is also shutdown to replace damaged bolts in the
reactor core, while Hope Creek continues to operate at full power. Source: http://www.nj.com/salem/index.ssf/2016/07/nj_nuclear_plant_shut_down_for_4th_time_in_past_mo.html
• A sewer line break caused more than 300,000 gallons of untreated
sewage to spill into the Mohawk River in Amsterdam, New York, July 25. – WRGB
6 Schenectady
14. July 26,
WRGB 6 Schenectady – (New York) Pipe break sends 300,000 gallons of sewage into
Mohawk River. A sewer line break caused more than 300,000 gallons of
untreated sewage to spill into the Mohawk River in Amsterdam, New York, July
25. State officials reported that a notice of violation was issued against the
city of Amsterdam and plans to improve the infrastructure were underway. Source:
http://cbs6albany.com/news/local/pipe-break-sends-300000-gallons-of-sewage-into-mohawk-river
• A state of emergency was declared July 26 for Los Angeles and
Monterey counties due to the 37,701-acre Sand Fire and the more than
20,000-acre Soberanes Fire. – KABC 7 Los Angeles
16. July 27,
KABC 7 Los Angeles – (California) State of emergency declared to help battle Sand
Fire. The acting governor of California declared a state of emergency July
26 for Los Angeles and Monterey counties due to the 37,701-acre Sand Fire and
the more than 20,000-acre Soberanes Fire, which have prompted mandatory
evacuations and the response of more than 3,000 firefighters.
Financial Services Sector
5. July 26,
KTLA 5 Los Angeles – (California) So-called ‘Cowboy Bandits’ convicted for
robberies throughout L.A. County: FBI. Two Los Angeles residents dubbed the
“Cowboy Bandits” were convicted July 26 for their roles in a series of armed
robberies at gas stations and a Citibank branch in Los Angeles County during
the fall of 2013. Source: http://ktla.com/2016/07/26/so-called-cowboy-bandits-convicted-for-robberies-throughout-l-a-county-fbi/
Information Technology Sector
19. July 27,
Softpedia – (International) Two vulnerabilities affect LastPass, both
allow full password compromise. Researchers with Google Project Zero and
Detectify discovered a vulnerability affecting LastPass through its JavaScript
code that parsed the Uniform Resource Locator (URL) of the page LastPass was
working on, potentially allowing an attacker to gain a user’s credentials by
tricking the user into accessing a URL in the form of
“attacker-site.com/@twitter.com/@script.php.” The vulnerability was patched;
however a second vulnerability that could lead to a complete LastPass
compromise was reported and is currently being evaluated by the service. Source:
http://news.softpedia.com/news/two-vulnerabilities-affect-lastpass-both-allow-full-password-compromise-506677.shtml
20. July 27,
Help Net Security – (International) DDoS attacks increase 83%, Russia top victim.
Nexusguard released a report showing that distributed denial-of-service
(DDoS) attacks increased 83 percent to more than 182,900 attacks in the second
quarter of 2016, with Russia as the top victim country. The U.S. and China were
part of the top three targeted countries as the company also reported increases
in routing information protocol (RIP) and multicast domain name service (mDNS)
threats. Source: https://www.helpnetsecurity.com/2016/07/27/ddos-attacks-increase-russia-top-victim/
21. July 27,
SecurityWeek – (International) Siemens patches flaws in industrial
automation products. Siemens released software updates addressing several
vulnerabilities found in SIMATIC and SINEMA products including a cross-site
scripting (XSS) vulnerability in the integrated Web server of SINEMA Remote
Connect Server which can be exploited by a remote attacker by tricking the user
into clicking on a specially crafted link, as well as two high severity
improper input validation bugs that were discovered in SIMATIC WinCC SCADA systems
and PCS7 distributed control systems (DCS), among other vulnerabilities. Source:
http://www.securityweek.com/siemens-patches-flaws-industrial-automation-products
For another story, see item 4 below from the Critical Manufacturing Sector
4. July 27,
Help Net Security – (International) Osram’s intelligent home lighting system in
riddled with flaws. A researcher from Rapid7 discovered nine
vulnerabilities affecting the Home and Pro versions of Osram’s Lightify
intelligent home lighting system running on Apple iOS7 or above and Android 4.1
or above that could allow attackers to discover the Wi-Fi Protected Access
(WPA) pre-shared key of the user’s home Wi-Fi and the network’s password, to launch
browser-based attacks against the user’s workstation, control the light
installations, and access confidential data. The vendor addressed nearly all
problems in its latest patch set, with the exception of Secure Sockets Layer
(SSL) pinning and issues related to ZigBee rekeying. Source: https://www.helpnetsecurity.com/2016/07/27/osram-lightify-flaws/
Communications Sector
Nothing to report