Thursday, August 4, 2016



Complete DHS Report for August 4, 2016

Daily Report                                            

Top Stories

• The U.S. Coast Guard reported that approximately 4,200 gallons of crude oil spilled from a Texas Petroleum Investment Co. well into the Main Pass of the Mississippi River in Louisiana August 2. – New Orleans Times-Picayune

1. August 2, New Orleans Time-Picayune – (Louisiana) As much as 4,200 gallons of crude oil spill into mouth of Mississippi River. The U.S. Coast Guard reported that approximately 4,200 gallons of crude oil spilled from a Texas Petroleum Investment Co. well into the Main Pass of the Mississippi River in Louisiana August 2 and 840 gallons spilled from the company’s pipeline into the river’s South Pass July 28. The U.S. Coast Guard secured the pipe and installed a containment boom and officials were investigating the cause of the spill. Source: http://www.nola.com/environment/index.ssf/2016/08/as_much_as_4200_gallons_of_cru.html

• Rhode Island police are investigating August 2 after a card-skimming device was found on an ATM at the Navigant Credit Union in Cumberland August 1 and the skimmed payment information was used to steal more than $110,000 from ATMs across the State. – WPRI 12 Providence See item 5 below in the Financial Services Sector

• Two Detroit, Michigan residents were arrested in the Birmingham, Alabama, area July 28 after authorities found 177 stolen identities from over 25 banks in the duo’s possession. – Birmingham News See item 6 below in the Financial Services Sector

• Officials from the Nashville Fire Department reported August 2 that approximately 2 million of gallons of water were contaminated after 5 gallons of oil spilled from a nearby storm drain into the Cumberland River. – WZTV 17 Nashville

19. August 2, WZTV 17 Nashville – (Tennessee) 2 million gallons of water contaminated by oil, fire department says. Officials from the Nashville Fire Department reported August 2 that approximately 2 million of gallons of water were contaminated after 5 gallons of oil spilled from a nearby storm drain into the Cumberland River. Officials stated the spill did not affect the area’s drinking source. Source: http://fox17.com/news/local/2-million-gallons-of-water-contaminated-by-oil-fire-department-says

Financial Services Sector

5. August 2, WPRI 12 Providence – (Rhode Island) Police: ATM skimming device used to steal $110k. Rhode Island police are investigating August 2 after a card-skimming device was found on an ATM at the Navigant Credit Union in Cumberland August 1 and the skimmed payment information was used to steal more than $110,000 from ATMs across the State. Source: http://wpri.com/2016/08/02/police-atm-skimming-device-used-to-steal-110k/

6. August 1, Birmingham News – (Alabama) 2 Detroit men busted in Alabama with 177 stolen identities. Two Detroit, Michigan residents were arrested in the Birmingham, Alabama, area July 28 after authorities found 177 stolen identities from over 25 banks in the duo’s possession. Source: http://www.al.com/news/birmingham/index.ssf/2016/08/2_detroit_men_busted_in_alabam.html

Information Technology Sector

27. August 2, Help Net Security – (International) 36,000 SAP systems exposed online, most open to attacks. ERPScan released a comprehensive SAP Cybersecurity Threat Report which revealed the average number of security patches for SAP products per year has decreased, while the amount of vulnerable platforms has increased and now includes modern cloud and mobile technologies such as HANA. The report also found that SAP’s Customer Relationship Management (CRM), Enterprise Portal (EP), and Supplier Relationship Management (SRM) products are most vulnerable to flaws, and that the U.S. is one of the three countries with the most exposed services, among other findings.

28. August 2, Softpedia – (International) Google SEO trick leads users to online scam, CryptMIC ransomware. Researchers from Malwarebytes discovered an active campaign where malicious actors were abusing Google search featured snippets to show links to compromised Websites and redirect users to online stores selling product keys for Microsoft Office or hosting the Neutrino exploit kits (EK), which would in turn infect the user’s device with the CryptMIC ransomware. Researchers found the attackers could also actively search for third-party Websites listed in featured snippets that run vulnerable content management systems (CMSs), and hack the sites to deliver the ransomware. Source: http://news.softpedia.com/news/google-seo-trick-leads-users-to-online-scam-cryptmic-ransomware-506891.shtml

29. August 2, SecurityWeek – (International) Google patches tens of critical vulnerabilities in Android. Google released security patches for the Android operating system (OS) resolving 81 vulnerabilities including 3 remote code execution (RCE) flaws, 4 Elevation of Privilege (EoP) bugs, and 4 denial-of-service (DoS) flaws in Mediaserver, a DoS issue in system clock, and a RCE flaw in libjhead, among other vulnerabilities. Source: http://www.securityweek.com/google-patches-tens-critical-vulnerabilities-android

Communications Sector

Nothing to report