Friday, August 12, 2016



Complete DHS Report for August 12, 2016

Daily Report                                            

Top Stories

• Approximately 3,400 pounds of sodium hydroxide spilled on the Interstate 75 exit ramp in Anna, Ohio, August 10, prompting officials to close the ramp for at least 24 hours while HAZMAT crews clean up the spill. – Dayton Daily News

1. August 11, Dayton Daily News – (Ohio) Chemical leak closes I-75 ramp in Shelby Co. for 24 hours Approximately 3,400 pounds of sodium hydroxide spilled on the exit ramp from Ohio 119 to southbound Interstate 75 in Anna, Ohio, August 10 after a semi-truck hauling the chemical exploded. Officials stated the ramp will be closed for at least 24 hours while U.S. Environmental Protection Agency personnel and HAZMAT crews clean the spill. Source: http://www.daytondailynews.com/news/news/traffic/hazmat-situation-shuts-down-sb-i-75-in-shelby-co/nsDbk/

• Officials charged Cavalier Union Investments LLC and its 2 co-owners August 10 for running a $10 million investment fraud scheme where they allegedly diverted nearly $6 million of investors’ funds to pay for personal expenses and to repay earlier investors. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector

• Approximately 25,000 gallons of raw sewage leaked into a canal near Redfish Circle that feeds into Grand Lagoon in Panama City Beach, Florida, August 9. – WMBB 13 Panama City

12. August 10, WMBB 13 Panama City – (Florida) 25,000 gallons of sewage leaks into Grand Lagoon. Nearly 25,000 gallons of raw sewage leaked from a manhole cover into a canal near Redfish Circle that feeds into the north side of Grand Lagoon in Panama City Beach, Florida, August 9. Officials advised residents to avoid swimming in the canal and Grand Lagoon until further notice.

• Nearly 100 residents were displaced from the Flower Branch Apartments in Silver Spring, Maryland, August 10 – August 11 following a 3-alarm fire and natural gas explosion that destroyed the complex and injured 34 people. – USA Today

21. August 11, USA Today – (Maryland) 2 dead, several missing after gas explosion, fire in D.C. suburb. Nearly 100 residents were displaced from the Flower Branch Apartments in Silver Spring, Maryland, August 10 – August 11 following a 3-alarm fire and natural gas explosion that destroyed the complex, damaged surrounding buildings and streets, left 2 people dead, and injured 34 others. Authorities were searching August 11 for several missing residents. Source: http://www.usatoday.com/story/news/nation-now/2016/08/11/fire-possible-explosion-rocks-dc-suburb/88553412/

Financial Services Sector

4. August 10, U.S. Securities and Exchange Commission – (Virginia) SEC charges former professional football player with running $10 million fraud. The U.S. Securities and Exchange Commission charged Cavalier Union Investments LLC and its 2 co-owners August 10 for running a $10 million investment fraud scheme where the duo allegedly misled investors about the unregistered debt securities they sold and convinced investors that the company’s investment funds were operated by experienced advisers in order to divert nearly $6 million of the investors’ funds to pay for personal expenses and to repay earlier investors. Officials also announced parallel criminal charges against one of the company’s owners for his role in the scheme. Source: https://www.sec.gov/news/pressrelease/2016-159.html

Information Technology Sector

18. August 11, SecurityWeek – (International) Linux flaw allows attackers to hijack web connections. Researchers from the University of California at Riverside and the U.S. Army Research Laboratory discovered a vulnerability affecting the Transmission Control Protocol (TCP) specification implemented in Linux kernel could be leveraged to intercept TCP-based connections between two hosts on the Internet, to track users’ activity, terminate connections, and inject arbitrary data into a connection after an off-path attacker deduced the sequence numbers that identify TCP data packets exchanged between hosts using the Internet Protocol (IP) addresses of the targeted communicating devices. Developers of various Linux distributors were working to fix the security hole. Source: http://www.securityweek.com/linux-flaw-allows-attackers-hijack-web-connections

19. August 10, Softpedia – (International) Chrome, Firefox, and IE browser hijacker distributed via legitimate software. Intel McAfee security researchers discovered recent versions of the Bing.vc malware were being delivered to Google Chrome, Mozilla Firefox, and Microsoft’s Internet Explorer via legitimate-looking applications distributed by Lavians Inc., in order to take over the Website’s homepage and insert ads into visited sites, and redirect all users to Bing.vc in an attempt to sell victims an expensive utility to fix the browser hijacking problem. Researchers stated users must remove the registry keys or use an automated PC clean-up utility, as well as clean the shortcuts for each browser in order clear the malware from an infected app. Source: http://news.softpedia.com/news/chrome-firefox-and-ie-browser-hijacker-distributed-via-legitimate-software-507183.shtml

20. August 10, SecurityWeek – (International) Secure Boot vulnerability exposes Windows devices to attacks. Two researchers, dubbed MY123 and Slipstream discovered the new type of Secure Boot policy introduced in the Microsoft Windows 10 Anniversary Update, v1607, can be exploited to bypass the security feature and install rootkits and bootkits on Windows devices after finding that the new supplemental policies are loaded by the boot manager without being properly checked and can be used to enable “test-signing,” a feature that allows an attacker to bypass Secure Boot and load the malware once it is activated. Researchers stated the attack can only be carried out by an attacker with admin privileges or physical access to the targeted device and Microsoft was working to release a patch for the issue. Source: http://www.securityweek.com/secure-boot-vulnerability-exposes-windows-devices-attacks

Communications Sector

Nothing to report