Complete DHS Report for January 21, 2015
Daily Report
Top Stories
· A
California man and 3 other individuals were convicted January 16 in a scheme
that defrauded 200 people out of more than $3 million through fake oil-well
investments in Kentucky from mid-2012 through August 2014. – Lexington
Herald-Leader
2. January
18, Lexington Herald-Leader – (National) California man is
convicted in $3 million Kentucky oil-well scheme. A California man was
found guilty January 16 for conducting a plan that defrauded 200 people out of
more than $3 million through fake oil-well investments in Kentucky from
mid-2012 through August 2014. Three other individuals were also charged in the
scheme which included utilizing documents that included fake geological surveys
to make it appear that the wells were producing substantial amounts of oil and
that the sites had large reserves. Source: http://www.kentucky.com/2015/01/18/3648594_california-man-is-convicted-in.html
· Two
Delta Airlines plane sharing the same flight number were deplaned and searched
at John F. Kennedy International Airport in New York January 19 after a bomb
threat was made for Delta flight 468. – WCBS 2 New York City
6. January
19, WCBS 2 New York City – (New York) Police swarm JFK after
alleged bomb threat directed at landing Delta flight. An alleged bomb
threat that was called in for a Delta Air Lines flight 468 landing at John F.
Kennedy International Airport in New York January 20 prompted officials to
search two Delta planes sharing the same flight number, with one moved to a
remote area of the airport to rescreen luggage for potential explosive devices.
Both flights were cleared when nothing suspicious was found. Source: http://newyork.cbslocal.com/2015/01/19/police-swarm-jfk-after-alleged-bomb-threat-directed-at-landing-delta-flight/
· More
than 160 miles of eastbound lanes on Interstate 84 in Oregon was closed for
several hours January 17 following a 26-car pileup that involved 12 semi-trucks
and over 50 vehicles due to icy road conditions. – Portland Oregonian
10. January
17, Portland Oregonian – (Oregon) Interstate 84 finally reopened
after massive 26-car pileup closes it for most of day. More than 160 miles
of eastbound lanes on Interstate 84 from Pendleton to Ontario were closed for
several hours January 17 following a massive 26-car pileup that involved 12
semi-trucks and trapped over 50 vehicles due to icy road conditions. Twelve
people were injured and treated at local hospitals. Source: http://www.oregonlive.com/pacific-northwest-news/index.ssf/2015/01/interstate_84_finally_reopened.html
· An
advisory was issued to residents in Glendive, Montana, against ingesting water
after oil was detected in the city’s public water supply following a January 17
pipeline break that caused up to 50,000 gallons of oil to spill along the
Yellowstone River. – CBS News; Associated Press
24. January
20, CBS News; Associated Press – (Montana) Yellowstone River
spill: Oil detected in water supplies. Preliminary testing detected oil in
the city of Glendive’s public water supplies prompting officials to bring in
drinking water for residents following a January 17 Bridger Pipeline LLC-owned
pipeline break that caused up to 50,000 gallons of oil to spill along the
Yellowstone River in Montana. The pipeline remained shut down indefinitely
while crews worked to contain the oil and officials continued to test the water.
Source: http://www.cbsnews.com/news/yellowstone-river-spill-oil-detected-in-water-supplies/
Financial Services Sector
Nothing
to report
Information Technology Sector
31. January 20, Securityweek – (International) VideoLan
says flaws exist in codecs library, not VLC. A security researcher
discovered two vulnerabilities in libavcodec, a free open-source audio/video
codecs library used by VLC, Xine and MPlayer media players that could allow the
attacker the ability to corrupt memory and exploit arbitrary code. Source: http://www.securityweek.com/videolan-says-flaws-exist-codecs-library-not-vlc
32. January 20, Securityweek – (International) CSRF
flaw allowed attackers to hijack GoDaddy domains. A security researcher
discovered that Internet domain registrar GoDaddy failed to implement any
cross-site request forgery (CSRF) protections for many DNS management actions
which an attacker could have exploited to edit nameservers, edit DNS records,
and modify automatic renewal settings. GoDaddy took measures to fix the
vulnerability and introduced CSRF protections for sensitive account actions
January 19. Source: http://www.securityweek.com/csrf-flaw-allowed-attackers-hijack-godaddy-domains
33. January 20, Softpedia – (International) Oracle
addresses 167 bugs in critical patch update. Oracle released its quarterly
Critical Patch Update January 20, closing 167 vulnerabilities found in 48 of
the company’s products. The developer’s Oracle Fusion Middleware product
received 35 security patches, more than any other product, including 28 patches
for vulnerabilities exploited remotely without authentication of the potential
attacker. Source: http://news.softpedia.com/news/Oracle-Addresses-167-Bugs-In-Critical-Patch-Update-470567.shtml
34. January 20, CNET News – (National) Verizon
races out fix for email security flaw. Verizon patched a serious
vulnerability in its My FiOS mobile app after a security researcher discovered
a flaw that could allow a user to access any Verizon email account, scan the
inbox, read individual emails, and send messages. Source: http://www.cnet.com/news/verizon-races-out-fix-for-email-security-flaw/
For another story, see
item 4 below from the Critical Manufacturing Sector
4. January
19, Help Net Security – (National) 2+ million US cars can be
hacked remotely, researchers claim. A researcher with Digital Bond Labs
presented a vulnerability that he identified at the S4 conference in Miami when
he reverse-engineered the Snapshot tracking dongle offered by Progressive
Insurance that is currently in use in over 2 million vehicles acrosthe U.S.
that could allow the attacker to control some of the core functions of a car by
compromising its on-board system via Snapshot remotely due to minimal security
in the firmware. Source: http://www.net-security.org/secworld.php?id=17840
Communications Sector
35. January 17, Erie
Times-News – (Pennsylvania) Tower climbing crew called in to work
on WQLN radio outage. Crews worked to restore the signal to WQLN 91.3 FM
Erie and all of the station’s translators after the station remained off the
air January 17 due to an unspecified problem which knocked out the signal
January 15. Source: http://www.goerie.com/tower-climbing-crew-called-in-to-work-on-wqln-radio-outage
For another story, see item 34 above in the Information Technology
Sector