Complete DHS Report for
July 6, 2015
Daily Report
Top Stories
· Officials
from 4 States announced July 2 that BP would pay $18.7 billion to resolve
charges related to a 2010 Gulf of New Mexico oil spill that was declared an
environmental disaster. – USA Today
1. July 2,
USA Today – (National) Gulf States reach $18.7 billion settlement
with BP over 2010 oil spill. Officials from Florida, Alabama, Mississippi,
and Louisiana announced July 2 that BP would pay $18.7 billion in a settlement
resolving charges related to a 2010 Gulf of Mexico oil spill that was declared
an environmental disaster. The funds will be used to resolve Clean Water Act
penalties, natural resources damage claims, economic claims, and economic
damage claims for local governments. Source: http://www.usatoday.com/story/money/business/2015/07/02/gulf-states-reach-187b-settlement--bp-over-oil-spill/29611451/
· More
than 5,000 residents in Maryville, Tennessee were evacuated after a CSX train traveling
from Cincinnati, Ohio to Waycross, Georgia, carrying highly flammable toxic gas
partially derailed and caught on fire July 2. – NBC News
8. July 2,
NBC News – (Tennessee) Tennessee train derailment: 5,000
residents evacuated from Maryville. More than 5,000 residents in Maryville,
Tennessee were evacuated after a CSX train traveling from Cincinnati, Ohio, to
Waycross, Georgia, carrying highly flammable and toxic gas, partly derailed and
caught fire July 2. The evacuation zone is a 2-mile radius and could be in
place for up to 48 hours. Source: http://www.nbcnews.com/news/us-news/tennessee-train-derailment-5-000-residents-evacuated-maryville-n385576
· The
Washington Navy Yard in the District of Columbia was under lockdown for over 2
hours July 2 after authorities received reports of an active shooter. – CNN
20. July
2, CNN – (Washington, D.C.) Washington Navy Yard: police say ‘all
clear’ after lockdown. The Washington Navy Yard was under lockdown for over
2 hours July 2 after authorities received reports of an active shooter in
building 197 that prompted the evacuation of employees and sent dozens of
police crews and ambulances to respond to the incident. Authorities cleared the
building and found no shooter. Source: http://www.cnn.com/2015/07/02/politics/navy-yard-shooting-lockdown-police-activity/index.html
· New York
officials reported July 1 that a new superintendent was hired at the Clinton
Correctional Facility after an investigation put 22 prison employees on
administrative leave following the June 6 escape of 2 convicts. – Associated
Press
23. July 1, Associated Press – (New York) New
warden, security measures at upstate NY prison where murderers escaped. New
York officials reported July 1 that a new superintendent was hired at the
Clinton Correctional Facility to increase and implement new security measures
after an internal investigation put 22 prison employees on administrative leave
following the escape of 2 murder convicts June 6. Source: http://7online.com/news/new-warden-security-measures-at-upstate-ny-prison-where-murderers-escaped/809257/
Financial Services Sector
6. July 1,
U.S. Securities and Exchange Commission – (Pennsylvania) SEC
charges former stockbroker with conducting Ponzi scheme. The U.S.
Securities and Exchange Commission charged a former stockbroker in Pennsylvania
July 1 with conducting a Ponzi scheme in which he allegedly raised $15.5
million from over 50 investors by selling fraudulent certificates of deposit
(CDs) to customers while promising higher-than-normal interest rates of return,
before spending invested funds on himself or to repay earlier investors.
Source: http://www.sec.gov/news/pressrelease/2015-135.html
7. July 1,
Jackson Clarion-Ledger – (Mississippi) North Miss. bank robbery
suspect had gun, pipe bomb. Saltillo, Mississippi Police Department
officials reported July 1 that they arrested a man suspected of robbing a First
American National Bank with a firearm and a pipe bomb. A local bomb squad
responded and closed the area surrounding the bank. Source: http://www.clarionledger.com/story/news/2015/07/01/saltillo-bank-robbery/29560335/
For additional stories, see items 28 and 31 below in the Information Technology
Sector
Information Technology Sector
26. July 2,
Threatpost – (International) Cisco UCDM platform ships with default,
static password. Cisco warned customers that its Unified Communications
Domain Manager Platform software versions prior to 4.4.5 have a default, static
password for an account with root privileges, possibly allowing an
unauthenticated remote attacker to take full control of an affected system with
root privileges. Source: https://threatpost.com/cisco-ucdm-platform-ships-with-default-static-password/113591
27. July 2,
Softpedia – (International) GhostShell hackers reveal 548 targets, links
to dumps. Hackers associated with GhostShell released a list of 548
compromised targets including government, educational, and retail sector Web
sites along with links to previews of extracted data in an effort to reportedly
draw attention to poor cybersecurity practices. The data contained contact
information, dates of birth, and hashed and plain text passwords. Source: http://news.softpedia.com/news/ghostshell-hackers-reveal-548-targets-links-to-dumps-485866.shtml
28. July 2,
Securityweek – (International) PCI Council updates Point-to-Point Encryption
Standard. The Payment Card Industry Security Standards Council (PCI SSC)
announced the release of Version 2.0 of its PCI Point-to-Point Encryption
Solution Requirements and Testing Procedures, updating requirements for
encryption products and giving merchants the option to manage their own
encryption solutions for point-of-sale (PoS) locations, among other changes
intended to enhance security and PCI SSC compliance. Source: http://www.securityweek.com/pci-council-updates-point-point-encryption-standard
29. July 1,
Threatpost – (International) LifeLock patches XSS that could’ve led to
phishing. LifeLock patched a cross-site scripting (XSS) vulnerability on
its Web site that could have allowed an attacker to inject HyperText Markup
Language (HTML) into the site’s uniform resource locator (URL) to create a fake
login page to harvest usernames and passwords from customers. Source: https://threatpost.com/lifelock-patches-xss-that-couldve-led-to-phishing/113577
30. July 1,
Securityweek – (International) Flaw in 802.11n standard exposes wireless
networks to attacks: researchers. Security researchers in Belgium
discovered a vulnerability in the frame aggregation mechanism in the 802.11n
wireless networking standard in which an attacker could use a Packet-in-Packet
(PIP) technique to inject arbitrary frames into wireless networks, allowing
access to internal services. Source: http://www.securityweek.com/flaw-80211n-standard-exposes-wireless-networks-attacks-researchers
31. July 1,
Help Net Security – (International) 4,900 new Android malware strains discovered
every day. Security researchers from G DATA reported that they discovered
440,267 new Android malware strains in the first quarter of 2015, and that at
least 50 percent of the malware currently being distributed includes banking
trojans and SMS trojans for financial motivations, among other findings.
Source: http://www.net-security.org/malware_news.php?id=3067
32. July 1,
Softpedia – (International) Schneider Electric’s Wonderware products
receive security patch. Schneider Electric released a patch addressing a
high-severity security vulnerability in its InTouch, Application Server,
Historian, and SuiteLink applications in the Wonderware System Platform in
which an attacker could leverage dynamic link library (DLL) hijacking to run
code on an affected machine. Source: http://news.softpedia.com/news/schneider-electric-s-wonderware-products-receive-security-patch-485787.shtml
33. July 1,
Threatpost – (International) Patched Apple Quicktime vulnerability details
disclosed. Security researchers from Cisco released details on a recently
patched use-after-free vulnerability in Apple’s QuickTime media player in which
an attacker could access and control data inside the internal data in a
QuickTime file to remotely execute code on a targeted system. Source: https://threatpost.com/patched-apple-quicktime-vulnerability-details-disclosed/113570
For another
story, see item 18 below from the Government Facilities Sector
18. July 2, Help Net Security– (Massachusetts) Harvard
University suffers IT security breach. Harvard University announced July 1
that 8 of its schools and administrative organizations were affected by a data
breach discovered June 19. Federal law enforcement is working with the school
to conduct a forensic investigation. Source: http://www.net-security.org/secworld.php?id=18586
Communications Sector
See item 31 above in the Government Facilities
Sector
No comments:
Post a Comment