Friday, January 23, 2015



Complete DHS Report for January 23, 2015

Daily Report

Top Stories

 · Officials reported January 21 that nearly 3 million gallons of saltwater generated by oil drilling spilled from a Summit Midstream Partners LLC-owned pipeline near Williston, North Dakota, January 6, and leaked into Blacktail Creek, Little Muddy Creek, and possibly the Missouri River. – Associated Press

1. January 21, Associated Press – (North Dakota) Nearly 3M gallons of brine spill; ND oil boom’s largest leak. North Dakota officials reported January 21 that nearly 3 million gallons of saltwater generated by oil drilling spilled from a Summit Midstream Partners LLC-owned pipeline near Williston January 6, and leaked into Blacktail Creek, Little Muddy Creek, and possibly the Missouri River. Cleanup and monitoring continued while investigators worked to determine the cause of the rupture. Source: http://bismarcktribune.com/bakken/nearly-m-gallons-of-brine-spill-nd-oil-boom-s/article_2a3b4732-3ca4-591f-ab2f-dd42da3c72d4.html

 · Standard & Poor’s Rating Services (S&P) agreed to pay more than $77 million to the U.S. Securities and Exchange Commission (SEC) and 2 States January 21 to settle charges of fraudulent misconduct to mortgage-backed securities. – U.S. Securities and Exchange Commission See item 6 below in the Financial Services Sector

 · About 500 first responders worked for more than 15 hours to contain a January 21 fire that destroyed at least 200 units at the Avalon on the Hudson apartment complex in Edgewater and left more than 1,000 residents permanently or temporarily displaced. – WNBC 4 New York City

27. January 22, WNBC 4 New York City – (New Jersey) Luxury apartment complex inferno contained after more than 15 hours; hundreds displaced. About 500 first responders worked for more than 15 hours to contain a January 21 fire that destroyed at least 200 units at the Avalon on the Hudson apartment complex in Edgewater and left more than 1,000 residents permanently or temporarily displaced. The city’s Mayor declared a local state of emergency and closed area schools January 22 due to reduced visibility and restricted access to roadways as crews battled the blaze that is under investigation. Source: http://www.nbcnewyork.com/news/local/New-Jersey-Edgewater-Fire-Apartment-Complex-Avalon-on-Hudson-289416441.html

 · Officials in the Amackertown community of Mississippi alerted emergency personnel January 21 that the Pearl River County dam was in ‘imminent danger’ of breaking after a leak was discovered. – WLOX 13 Biloxi

30. January 21, WLOX 13 Biloxi – (Mississippi) Officials: Pearl River County dam in ‘imminent danger’ of breaking. Officials in the Amackertown community alerted emergency personnel January 21 that the Pearl River County dam was in ‘imminent danger’ of breaking after a leak was discovered. A contractor was called in to create a controlled breach on the dam to relieve some of the pressure. Source: http://www.wlox.com/story/27908398/officials-pearl-river-county-dam-in-imminent-danger-of-breaking

Financial Services Sector

5. January 22, Forex Magnates – (International) FX options scam charged by US Court - $2.16 million penalty and trading ban. Two individuals and a company were charged by a federal court in New York January 22 for fraudulently soliciting retail clients to trade FX options with misappropriating client funds between 2001 and 2008, targeting individuals from around the world including North America and Europe and sustaining severe losses of $1.7 million trading in financial derivatives. Source: http://forexmagnates.com/fx-options-scam-charged-us-court-2-16-mln-penalty-trading-ban/

6. January 21, U.S. Securities and Exchange Commission – (New York; Massachusetts) SEC announces charges against Standard & Poor’s for fraudulent ratings misconduct. Standard & Poor’s Rating Services (S&P) reached a settlement January 21 with the U.S. Securities and Exchange Commission (SEC) to resolve a series of federal securities law violations for fraudulent misconduct in its ratings of commercial mortgage-backed securities. The agreement requires S&P to pay more than $58 million to the SEC and plus an additional $21 million in penalties to settle parallel cases in New York Massachusetts. Source: http://www.sec.gov/news/pressrelease/2015-10.html#.VMEPKkfF-Ps

7. January 21, Fort Lauderdale Sun Sentinel – (Florida) FBI hunts gun-toting ‘Poncho Bandit’ in bank holdup spree. Authorities are searching for a suspect known as the “Poncho Bandit” responsible for four bank robberies and one attempted bank robbery throughout South Florida from May - December 2014. Source: http://www.sun-sentinel.com/local/broward/fl-five-bank-jobs-linked-20150121-story.html

8. January 21, U.S. Securities and Exchange Commission – (Florida) SEC charges investment adviser and manager in south Florida-based fraud. The U.S. Securities and Exchange Commission (SEC) announced January 21 fraud charges and an assets freeze against Elm Tree Investment Advisors LLC, a Florida-based investment advisory firm, its manager, and three related funds in a scheme that raised more than $17 million from investors since November 2013 and mislead them by using most of the money raised to make Ponzi-like payments. Source: http://www.sec.gov/news/pressrelease/2015-12.html#.VMEaqUfF-Ps

Information Technology Sector

22. January 22, Help Net Security – (International) Angler exploit kit goes after new Adobe Flash 0-day flaw. A malware researcher discovered an unconfirmed zero-day vulnerability in Adobe Flash Player versions 16.0.0.235 and 16.0.0.257 that was found in the popular Angler exploit kit and exposes users of Windows XP, 7, 8 and Internet Explorer 6, 7, 8, and 10 to the Bedep trojan that makes the victims’ computer perform ad fraud calls. Source: http://www.net-security.org/malware_news.php?id=2944

23. January 22, Securityweek – (International) Google fixes 62 security bugs with release of Chrome 40. Google announced a release of Chrome 40 for Windows, Mac OS, and Linux, closing 62 vulnerabilities, including the disabling of SSL 3.0, a protocol found to be vulnerable to POODLE attacks. Source: http://www.securityweek.com/google-fixes-62-security-bugs-release-chrome-40

24. January 22, The Register – (International) Remote code execution vulns hit Atlassian kit. Atlassian has released updates to patch a serious vulnerability, an Object-Graph Navigation Language (OGNL) double evaluation vulnerability found in all versions of its Confluence, Bamboo, FishEye, and Crucible products that could allow an attacker to execute Java code of their choice on systems that use the affected frameworks as long as they can access their Web interfaces. Source: http://www.theregister.co.uk/2015/01/22/atlassian_vulns/

25. January 22, Help Net Security – (International) Click-fraud malware brings thousands of dollars to YouTube scammers. Researchers at Symantec reported a two-component click-fraud malware dubbed Tubrosa, which could allow an attacker to compromise victims’ computers with the malware and use them to artificially inflate their YouTube video views and take advantage of the YouTube Partner Program validation process. Source: http://www.net-security.org/malware_news.php?id=2945

For another story, see item 4 below from the Critical Manufacturing Sector

4. January 22, Softpedia – (International) Tesla Model S hacked to start without key. Qihoo 360 reported a vulnerability in the Tesla Model S discovered during a demonstration at the SyScan security conference in Beijing that could allow an attacker to unlock the vehicle, start the engine, and drive away with the vehicle by intercepting the communication between the key fob and the car. Tesla officials confirmed the flaw and stated that a fix would be released to close the vulnerability. Source: http://news.softpedia.com/news/Tesla-Model-S-Hacked-to-Start-Without-Key-470827.shtml

Communications Sector

26. January 22, KMPH 26 Visalia – (California) AT&T land line outage after construction crews cut cable. An unknown number of customers in Madera, Fresno, and Mariposa counties experienced an AT&T land line phone outage January 21 when a contractor inadvertently cut a cable. Emergency 9-1-1 calls were rerouted while crews worked to restore service. Source: http://www.kmph.com/story/27910326/att-land-line-outage-after-construction-crews-cut-cable