Tuesday, April 29, 2014




Complete DHS Report for April 29, 2014

Daily Report

Details

 • Authorities are investigating a plane crash over the San Francisco Bay April 27, in which 2 small planes collided in the air sending 1 plane crashing into the bay while the other plane landed later at Eagle’s Nest Airport in Ione, California. – Associated Press

5. April 28, Associated Press – (California) Pilot missing after 2 planes collide in California. The Federal Aviation Administration is investigating a plane crash over the San Francisco Bay April 27, in which 2 small planes collided in the air, sending 1 plane crashing into the bay while the other plane with 2 onboard landed 40 minutes later at Eagle’s Nest Airport in Ione, California. Source: http://news.msn.com/us/2-planes-collide-over-northern-san-francisco-bay

 • Interstate 15 in Beaver County, Utah, was shut down for several hours April 27 after a suspect kidnapped a child and started a high-speed chase, eventually barricading himself and the child in the vehicle for hours before giving up peacefully. – KSL 102.7 FM Salt Lake City

6. April 27, KSL 102.7 FM Salt Lake City – (Utah) I-15 standoff ends as a man holding child hostage surrenders. Interstate 15 in Beaver County, Utah, was shut down for several hours April 27 after a suspect in a homicide investigation in Louisiana kidnapped a 2-year-old child and started a high-speed chase, eventually barricading himself and the child in the vehicle for hours before giving up peacefully. Source: http://www.ksl.com/?sid=29660803&nid=148
 • Authorities arrested 5 nurses of Prime Health LLC in Plaquemine, Louisiana, April 24 in connection to accepting money in exchange for obtaining fake prescriptions for drugs used to make a recreational drug mixture. – Baton Rouge Advocate
15. April 27, Baton Rouge Advocate – (Louisiana) Five booked in ‘purple drank’ investigation. Authorities arrested 5 current and former nurses of Prime Health LLC in Plaquemine April 24 in connection to accepting money during the past 6 months in exchange for obtaining fake prescriptions for drugs used to make a recreational drug mixture consisting of prescription-strength cough syrup. Officials stated that more arrests are expected in the investigation. Source: http://theadvocate.com/home/8994791-125/five-booked-in-purple-drank

 • Microsoft warned users of its Internet Explorer (IE) browser after researchers discovered a critical zero day vulnerability that affects IE 6 through IE 11 and could allow an attacker to use a Flash exploitation technique to remotely execute code. – V3.co.uk See item 19 below in the Information Technology Sector
Financial Services Sector
3. April 25, Atlanta Journal-Constitution – (Georgia) FDIC sues directors and officers of failed Bartow bank. The Federal Deposit Insurance Corporation (FDIC) filed a lawsuit against the former directors and officers of the failed Bartow County Bank in Georgia for allegedly making risky loans and not adhering to the bank’s loan policies, which led to the bank’s collapse and cost the FDIC around $69.5 million. Source: http://www.ajc.com/news/business/fdic-sues-directors-and-officers-of-failed-bartow-/nfhjS/

4. April 25, Associated Press – (National) Ex-Islanders partial owner admits investment fraud. A former partial owner of the New York Islanders pleaded guilty to participating in a 13-year investment fraud scheme that enabled him to misappropriate $50.7 million from investors. The fraud scheme involved securities businesses in Connecticut and California and misappropriated hundreds of millions of dollars from accounts belonging to clients, including university foundations and pension plans. Source: http://abcnews.go.com/Sports/wireStory/islanders-partial-owner-admits-investment-fraud-23471790

Information Technology Sector

19. April 28, V3.co.uk – (International) Critical Microsoft Internet Explorer flaw leaves one in four web users vulnerable. Microsoft warned users of its Internet Explorer (IE) browser after FireEye researchers discovered a critical zero day vulnerability that affects IE 6 through IE 11 and could allow an attacker to use a Flash exploitation technique to remotely execute code. FireEye researchers spotted attacks using the vulnerability targeting IE 9 through IE 11, representing about a quarter of total browser users. Source: http://www.v3.co.uk/v3-uk/news/2341834/critical-microsoft-internet-explorer-flaw-leaves-one-in-four-web-users-vulnerable

20. April 28, Softpedia – (International) 4 vulnerabilities and 38 bugs fixed with the release of MyBB 1.6.13. The latest version of MyBB was released for download, closing 4 security vulnerabilities and addressing 38 functionality bugs. Source: http://news.softpedia.com/news/4-Vulnerabilities-and-38-Bugs-Fixed-With-the-Release-of-MyBB-1-6-13-439653.shtml

21. April 28, Softpedia – (International) Apache Struts 2.3.16.2 released to properly fix zero-day vulnerability. The Apache Software Foundation released an update for its Apache Struts open-source framework, addressing an issue with a previous update that included a fix for a zero day vulnerability that was not efficient. Source: http://news.softpedia.com/news/Apache-Struts-2-3-16-2-Released-to-Properly-Fix-Zero-Day-Vulnerability-439621.shtml

22. April 28, Softpedia – (International) XSS vulnerability in Sohu.com leveraged for large-scale DDoS attacks. The source of a distributed denial of service (DDoS) attack on a client of Incapsula early in April that involved 20 million GET requests was found to be Sohu.com, a popular Chinese Web portal. Incapsula informed Sohu.com of the issue and the site was able to close a cross-site scripting (XSS) vulnerability that was used to power the attack. Source: http://news.softpedia.com/news/XSS-Vulnerability-in-Sohu-com-Leveraged-for-Large-Scale-DDOS-Attacks-439606.shtml

23. April 25, Softpedia – (International) Security patches released for IP.Board 3.3.x and 3.4.x. Invision Power Services released security patches for its IP.Board 3.3.x and 3.4.x products, addressing three file inclusion issues and a cross-site scripting (XSS) vulnerability. Source: http://news.softpedia.com/news/Security-Patches-Released-for-IP-Board-3-3-x-and-3-4-x-439416.shtml

24. April 25, Threatpost – (International) Exploiting Facebook Notes to launch DDoS. A security researcher discovered and reported a method that can be used to launch distributed denial of service (DDoS) attacks through the Facebook Notes feature by using random GET parameters for HTML tags. Facebook stated that they acknowledged the issue but would not change the method the tags are handled because it would degrade user functionality. Source: http://threatpost.com/exploiting-facebook-notes-to-launch-ddos/105701
 
Communications Sector

Nothing to report