Wednesday, January 7, 2015



Complete DHS Report for January 7, 2015

Daily Report

Top Stories

 · A school bus from the Larimore Public School District in Fargo, North Dakota, collided with an oncoming train at a railroad crossing January 5, killing the bus driver and 1 student and injuring 12 others. – Associated Press

8. January 6, Associated Press – (North Dakota) 2 dead, a dozen injured in North Dakota train-bus crash. A school bus from the Larimore Public School District in Fargo collided with an oncoming train at a railroad crossing January 5, killing the bus driver and 1 student and injuring 12 others. The train was not carrying cargo at the time and two crew members on board were not injured. Source: http://www.msn.com/en-us/news/us/2-dead-a-dozen-injured-in-north-dakota-train-bus-crash/ar-BBhyEAe?ocid=iehp

 · A winter storm moved across the country January 5 - January 6 affecting transportation nationally and causing road and flight delays in several States while a landslide in Aberdeen-Hoquiam, Washington, isolated 200 people and the city of Snoqualmie, Washington, ordered flood evacuations due to rain. – Weather.com

9. January 6, Weather.com – (National) Winter Storm Gorgon state-by-state update: one dead in Nebraska; multi-vehicle pileups in Midwest; traffic snarled in Northeast. Winter Storm Gorgon moved from the West Coast January 5 to the East Coast January 6 affecting transportation nationally and causing road and flight delays in several Midwestern and Northeastern States. Additionally a landslide in Aberdeen-Hoquiam, Washington, isolated 200 people and closed Highways 12, 101, and 107 for cleanup and the city of Snoqualmie, Washington, ordered flood evacuations January 5 due to rain from the storm. Source: http://www.weather.com/safety/winter/news/winter-storm-gorgon-latest-news

 · More than 650,000 gallons of raw sewage spilled into Spring Creek in Collin County, Texas, after a lift station’s power supply was struck by lightning January 3. – KTVT 11 Fort Worth

15. January 5, KTVT 11 Fort Worth – (Texas) Concerns after 650,000+ gallons of raw sewage flows into creek. More than 650,000 gallons of raw sewage spilled into Spring Creek in Collin County after a lift station’s power supply was struck by lightning January 3. North Texas Municipal Water District officials stated that lab test results have not identified any potential environmental health concerns. Source: http://dfw.cbslocal.com/2015/01/05/concerns-after-650000-gallons-of-raw-sewage-flows-into-creek/

 · A two-story annex of a Best Western motel in Ludlow, Vermont, suffered $500,000 in losses and severe structural damage after an explosion in an oil-fired water heater January 6. – Associated Press

30. January 6, Associated Press – (Vermont) Water heater explosion destroys part of Ludlow hotel. A two-story annex of a Best Western motel in Ludlow suffered $500,000 in losses and severe structural damage after an explosion in an oil-fired water heater January 6. Source: http://www.wcax.com/story/27772760/water-heater-explosion-destroys-part-of-ludlow-hotel

Financial Services Sector

6. January 6, Softpedia – (International) Over $5 million stolen from Bitstamp’s Bitcoin wallets. Bitstamp stated January 6 that some of its wallet accounts for the Bitcoin virtual currency were compromised January 4, resulting in a loss of around $5 million in Bitcoins. The company suspended its services January 5 to investigate the compromise and stated that law enforcement agencies are involved in the inquiry. Source: http://news.softpedia.com/news/Over-5-Million-Stolen-From-Bitstamp-s-Bitcoin-Wallets-469069.shtml

Information Technology Sector

26. January 6, Securityweek – (International) Researchers find several UEFI vulnerabilities. The Computer Emergency Response Team Coordination Center (CERT/CC) released three advisories for vulnerabilities in the Unified Extensible Firmware Interface (UEFI) identified by researchers at Bromium and MITRE Corporation. Two vulnerabilities could be exploited by a local, authenticated attacker to bypass security functions and the third is a buffer overflow vulnerability. Source: http://www.securityweek.com/researchers-find-several-uefi-vulnerabilities

27. January 6, The Register – (International) HTTPS can be set as your super-cookie. A researcher demonstrated that the HTTP Strict Transport Security (HSTS) mechanism in HTTPS can be used by a malicious Web site to track which Web sites a user has visited due to HSTS creating a unique identifier to remember preferences for HTTPS sites. HSTS identifiers can be cleared in the Chrome, Firefox, and Opera browsers, are not used in Internet Explorer, but cannot be cleared in the Safari browser and syncs with the iCloud service as well. Source: http://www.theregister.co.uk/2015/01/06/https_can_be_set_as_your_supercookie/

28. January 6, Softpedia – (International) Custom greeting card seller Moonpig fixes security blunder 17 months after responsible disclosure. Greeting card seller Moonpig closed a vulnerability in its Android app that was first reported to the company in August 2013 and could have allowed an attacker to change the customer ID and access customer names, email addresses, dates of birth, addresses, order histories, and the last four digits of payment card numbers. Source: http://news.softpedia.com/news/Custom-Greeting-Card-Seller-Moonpig-Fixes-Security-Blunder-17-Months-After-Responsible-Disclosure-469085.shtml

Communications Sector

Nothing to report