Wednesday, November 23, 2016 – Tomorrow is Thanksgiving in the U.S.




Complete DHS Report for November 23, 2016

Daily Report                                            

Top Stories

• North Dakota officials reported that crews contained around 16,800 gallons of oil that spilled after a valve at an oil well on the Fort Berthold Indian Reservation near Killdeer failed November 19. – Forum of Fargo-Moorhead

1. November 21, Forum of Fargo-Moorhead – (North Dakota) Oil spill reported, contained near Killdeer, N.D. The North Dakota Industrial Commission, Oil and Gas Division reported that crews contained around 16,800 gallons of oil that spilled after a valve at an oil well on the Fort Berthold Indian Reservation near Killdeer failed November 19.

• Florida health officials issued a health advisory for Lake Vivien and the Choctawhatchee Bay in Shalimar November 21 after 2,800 gallons of sewage spilled following the overflow of a wastewater manhole. – WJHG 7 Panama City/WECP 18 Panama City

7. November 22, WJHG 7 Panama City/WECP 18 Panama City – (Florida) Health advisories issued after 2,800-gallon sewage spill. Florida Department of Health officials issued a health advisory for Lake Vivien, also known as Lake Clyde, and the Choctawhatchee Bay in Shalimar November 21 after 2,800 gallons of sewage spilled at the intersection of Bayshore Drive and Palm Boulevard following the overflow of a wastewater manhole. Crews contained the spill and health officials reported that the sewage did not contaminate any drinking water sources.

• The U.S. National Transportation Safety Board is investigating after a school bus transporting 37 Woodmore Elementary School students overturned and crashed into a tree in Chattanooga, Tennessee, November 21, killing 5 students and hospitalizing 12 others. – Chattanooga Times Free Press

11. November 22, Chattanooga Times Free Press – (Tennessee) 6 students in ICU after school bus driver charged in crash that killed Woodmore Elementary students. The U.S. National Transportation Safety Board is investigating after a school bus transporting 37 Woodmore Elementary School students overturned and crashed into a tree in Chattanooga, Tennessee, November 21, killing 5 students and hospitalizing 12 others. The driver was arrested and charged following the incident. Source: http://www.timesfreepress.com/news/local/story/2016/nov/22/federal-investigators-probe-crash-killed-mult/399118/

• A fire at the Mike Raahauge Shooting Enterprises range in Corona, California, November 21 caused an estimated $2.5 million in damages and forced the facility to close until November 25. – Los Angeles Times

21. November 21, Los Angeles Times – (California) Firefighters take cover when ammunition explodes during blaze at Corona shooting range. A fire at the Mike Raahauge Shooting Enterprises range in Corona, California, November 21 caused an estimated $2.5 million in damages and forced the facility to close until November 25. The cause of the fire remains under investigation.

Financial Services Sector

Nothing to report

Information Technology Sector

18. November 22, SecurityWeek – (International) Office 365 flaw made fake Microsoft emails look legitimate. A Turkey-based security researcher discovered a flaw in Microsoft Office 365 that could be exploited by attackers to send malicious emails and make them appear as if they were sent from a legitimate microsoft.com email address after a test of different email services’ spam filters found that some of his phishing emails that were marked as valid came from a spoofed microsoft.com address and were forwarded through Outlook 365 to the Yandex email service. Additional testing found that Gmail also accepted the spoofed microsoft.com emails that were forwarded from Outlook as legitimate.

19. November 21, SecurityWeek – (International) Code execution flaws patched in HDF5 library. The HDF Group released version 1.8.18 of its HDF5 library after researchers from Cisco’s Talos Vulnerability Development Team discovered the library was plagued with a total of 4 local heap-buffer overflow flaws that could allow an attacker to execute arbitrary code in the context of the application using the library if they trick a victim into opening a maliciously crafted file. The vulnerabilities are the result of a failure to check if the number of dimensions for an array from a file is within bounds, failure to check if certain message types support a specific flag, and insufficient handling of select values in memory when parsing a Hierarchical Date Format (HDF) file, among other failures. Source: http://www.securityweek.com/code-execution-flaws-patched-hdf5-library

For another story, see item 12 below from the Government Facilities Sector

12. November 22, Softpedia – (International) US Government invites hackers to attack US Army domains. The U.S. Department of Defense (DOD) and partner company HackerOne reported November 22 that hackers can now register for the Hack the Army bug bounty challenge, which will allow 500 security researchers to hack U.S. Army domains and find unpatched vulnerabilities in exchange for a reward. DOD officials reported the program concerns any public-facing Website that is owned, operated, or controlled by the department, and is part of an effort to explore new security approaches.
Source: http://news.softpedia.com/news/us-government-invites-hackers-to-attack-us-army-domains-510418.shtml

Communications Sector

Nothing to report