Tuesday, October 21, 2014



Complete DHS Report for October 21, 2014

Daily Report

Top Stories

 · A chemical leak at a Phillips 66 refinery in Linden, New Jersey, was contained October 20 after a solution of ethylaluminum dichloride was released and plant employees were ordered to shelter in place.– WABC 7 New York City 

1. October 20, WABC 7 New York City – (New Jersey) Hazmat teams respond to chemical leak at Linden refinery. A chemical leak October 20 at the Philips 66 – Bayway refinery in Linden was contained after authorities issued a shelter-in-place for the surrounding area following the release of a 15 percent solution of ethylaluminum dichloride used in the refining process. Officials are investigating the incident. Source: http://7online.com/news/hazmat-teams-respond-to-chemical-leak-at-linden-refinery/357813/

 · Cleanup crews contained and recovered 300 barrels of oil and water at a XTO Energy Incorporated well near Watford City, North Dakota, October 17 after a leak was discovered October 16 due to a mechanical failure at a wellhead. – Associated Press 

2. October 17, Associated Press – (North Dakota) North Dakota well leaking oil, gas and water. North Dakota regulators reported October 17 that 300 barrels of oil and water were contained and recovered at a XTO Energy Incorporated-owned well near Watford City that began leaking October 16 due to a mechanical failure. Crews worked to stop the leak at the oil well. Source: http://abcnews.go.com/US/wireStory/north-dakota-leaking-oil-gas-water-26284040

 · About 50 gallons of diesel spilled after a semi-truck struck a bridge and caught fire on 15 Freeway north near Baker, California, and prompted the closure of the freeway for 10 hours while crews cleaned up the spill October 19. – Riverside Press-Enterprise 

9. October 19, Riverside Press-Enterprise – (California) Mohave Desert: Big rig crash, fuel spill close 15 Freeway. A semi-truck that caught fire after striking a bridge on the 15 Freeway north near Baker spilled about 50 gallons of diesel and closed the freeway for 10 hours while crews cleaned up the spill October 19. Source: http://www.pe.com/articles/freeway-752318-chp-log.html

 · Thirty individuals were injured and 14 arrests were made October 19 when a riot broke out during an annual pumpkin festival in Keene, New Hampshire. – WCVB 5 Boston 

41. October 19, WCVB 5 Boston – (New Hampshire) Arrests after Keene pumpkin festival turns to mayhem. At least 30 individuals were injured when riots involving hundreds of individuals broke out October 18 following the Keene Pumpkin Festival in New Hampshire. Police arrested at least 14 individuals in connection with the incident. Source: http://www.wcvb.com/news/arrests-after-keene-pumpkin-festival-turns-to-mayhem/29220936

Financial Services Sector

7. October 17, Times of San Diego – (California) Ex-banker admits taking big bribes in J.P. Morgan Chase case. A former banker at J.P. Morgan Chase in San Diego pleaded guilty October 17 to receiving over $200,000 in bribes from the owner of mortgage investment firms Ocean 18 LLC and Note Tracker Corp., in exchange for ensuring that certain customers won on bids to purchase mortgage notes. The former banker also admitted to tax fraud for not reporting the illegal payments to the Internal Revenue Service. Source: http://timesofsandiego.com/business/2014/10/17/another-banker-pleads-guilty-bribery-charge-mortgage-scheme/

Information Technology Sector

33. October 20, The Register – (International) Microsoft pulls another dodgy patch. Microsoft stated that it is investigating a patch for Windows 7 and Windows Server 2008 R2 after some users reported experiencing issues with their systems after installation. Microsoft advised users experiencing problems to uninstall the patch. Source: http://www.theregister.co.uk/2014/10/20/microsoft_pulls_ianotheri_dodgy_patch/

34. October 18, Softpedia – (International) Dropbox users are served a phishing page delivered over SSL. A researcher with Symantec stated that attackers are using a phishing campaign with a page hosted on Dropbox to attempt to steal users’ Dropbox and email credentials. The phishing page uses the secure sockets layer (SSL) protocol of its host in order to appear legitimate. Source: http://news.softpedia.com/news/Dropbox-Users-Are-Served-A-Phishing-Page-Delilvered-Over-SSL-462514.shtml

35. October 17, The Register – (International) Apple releases MEGA security patch round for OS X, Server and iTunes. Apple released a round of patches for several of its products, including OS X, OS X Server, and iTunes, addressing 150 issues including patches to close the POODLE and Shellshock vulnerabilities. Source: http://www.theregister.co.uk/2014/10/17/apple_releases_mega_security_patch_round_for_osx_server_and_itunes/

36. October 17, Softpedia – (International) Modular malware for OS X relies on open-source keylogger code. Kaspersky Lab researchers identified a piece of modular malware for Apple OS X known as Ventir that uses the legitimate LogKext keylogging software in order to steal information from infected systems. Source: http://news.softpedia.com/news/Modular-Malware-for-OS-X-Relies-On-Open-Source-Keylogger-Code-462473.shtml

37. October 17, SC Magazine – (International) Sandworm vulnerability seen targeting SCADA-based systems. An advisory issued by Trend Micro stated that researchers have identified attackers using the Sandworm vulnerability to target systems running the GE Intelligent Platform’s CIMPLICITY human-machine interface (HMI) solution used in supervisory control and data acquisition (SCADA) systems. The attackers appear to be using the vulnerability in the first stage of an advanced persistent threat (APT) targeted attack and use the vulnerability to install the Black Energy malware. Source: http://www.scmagazineuk.com/sandworm-vulnerability-seen-targeting-scada-based-systems/article/377846/

Communications Sector

Nothing to report