Complete DHS Report for January 23, 2015
Daily Report
Top Stories
· Officials
reported January 21 that nearly 3 million gallons of saltwater generated by oil
drilling spilled from a Summit Midstream Partners LLC-owned pipeline near
Williston, North Dakota, January 6, and leaked into Blacktail Creek, Little
Muddy Creek, and possibly the Missouri River. – Associated Press
1. January
21, Associated Press – (North Dakota) Nearly 3M gallons of brine
spill; ND oil boom’s largest leak. North Dakota officials reported January
21 that nearly 3 million gallons of saltwater generated by oil drilling spilled
from a Summit Midstream Partners LLC-owned pipeline near Williston January 6,
and leaked into Blacktail Creek, Little Muddy Creek, and possibly the Missouri
River. Cleanup and monitoring continued while investigators worked to determine
the cause of the rupture. Source: http://bismarcktribune.com/bakken/nearly-m-gallons-of-brine-spill-nd-oil-boom-s/article_2a3b4732-3ca4-591f-ab2f-dd42da3c72d4.html
· Standard
& Poor’s Rating Services (S&P) agreed to pay more than $77 million to
the U.S. Securities and Exchange Commission (SEC) and 2 States January 21 to
settle charges of fraudulent misconduct to mortgage-backed securities. – U.S.
Securities and Exchange Commission See item 6
below in the Financial Services Sector
· About
500 first responders worked for more than 15 hours to contain a January 21 fire
that destroyed at least 200 units at the Avalon on the Hudson apartment complex
in Edgewater and left more than 1,000 residents permanently or temporarily
displaced. – WNBC 4 New York City
27. January
22, WNBC 4 New York City – (New Jersey) Luxury apartment complex
inferno contained after more than 15 hours; hundreds displaced. About 500
first responders worked for more than 15 hours to contain a January 21 fire
that destroyed at least 200 units at the Avalon on the Hudson apartment complex
in Edgewater and left more than 1,000 residents permanently or temporarily
displaced. The city’s Mayor declared a local state of emergency and closed area
schools January 22 due to reduced visibility and restricted access to roadways
as crews battled the blaze that is under investigation. Source: http://www.nbcnewyork.com/news/local/New-Jersey-Edgewater-Fire-Apartment-Complex-Avalon-on-Hudson-289416441.html
· Officials
in the Amackertown community of Mississippi alerted emergency personnel January
21 that the Pearl River County dam was in ‘imminent danger’ of breaking after a
leak was discovered. – WLOX 13 Biloxi
30. January
21, WLOX 13 Biloxi – (Mississippi) Officials: Pearl River County
dam in ‘imminent danger’ of breaking. Officials in the Amackertown
community alerted emergency personnel January 21 that the Pearl River County
dam was in ‘imminent danger’ of breaking after a leak was discovered. A
contractor was called in to create a controlled breach on the dam to relieve
some of the pressure. Source: http://www.wlox.com/story/27908398/officials-pearl-river-county-dam-in-imminent-danger-of-breaking
Financial Services Sector
5. January
22, Forex Magnates – (International) FX options scam charged by US Court - $2.16
million penalty and trading ban. Two individuals and a company were charged
by a federal court in New York January 22 for fraudulently soliciting retail
clients to trade FX options with misappropriating client funds between 2001 and
2008, targeting individuals from around the world including North America and
Europe and sustaining severe losses of $1.7 million trading in financial
derivatives. Source: http://forexmagnates.com/fx-options-scam-charged-us-court-2-16-mln-penalty-trading-ban/
6. January
21, U.S. Securities and Exchange Commission – (New York; Massachusetts) SEC
announces charges against Standard & Poor’s for fraudulent ratings
misconduct. Standard & Poor’s Rating Services (S&P) reached a
settlement January 21 with the U.S. Securities and Exchange Commission (SEC) to
resolve a series of federal securities law violations for fraudulent misconduct
in its ratings of commercial mortgage-backed securities. The agreement requires
S&P to pay more than $58 million to the SEC and plus an additional $21
million in penalties to settle parallel cases in New York Massachusetts.
Source: http://www.sec.gov/news/pressrelease/2015-10.html#.VMEPKkfF-Ps
7. January
21, Fort Lauderdale Sun Sentinel – (Florida) FBI hunts gun-toting
‘Poncho Bandit’ in bank holdup spree. Authorities are searching for a
suspect known as the “Poncho Bandit” responsible for four bank robberies and
one attempted bank robbery throughout South Florida from May - December 2014.
Source: http://www.sun-sentinel.com/local/broward/fl-five-bank-jobs-linked-20150121-story.html
8. January
21, U.S. Securities and Exchange Commission – (Florida) SEC charges
investment adviser and manager in south Florida-based fraud. The U.S.
Securities and Exchange Commission (SEC) announced January 21 fraud charges and
an assets freeze against Elm Tree Investment Advisors LLC, a Florida-based
investment advisory firm, its manager, and three related funds in a scheme that
raised more than $17 million from investors since November 2013 and mislead
them by using most of the money raised to make Ponzi-like payments. Source: http://www.sec.gov/news/pressrelease/2015-12.html#.VMEaqUfF-Ps
Information Technology Sector
22. January 22, Help Net Security – (International)
Angler exploit kit goes after new Adobe Flash 0-day flaw. A malware
researcher discovered an unconfirmed zero-day vulnerability in Adobe Flash
Player versions 16.0.0.235 and 16.0.0.257 that was found in the popular Angler
exploit kit and exposes users of Windows XP, 7, 8 and Internet Explorer 6, 7,
8, and 10 to the Bedep trojan that makes the victims’ computer perform ad fraud
calls. Source: http://www.net-security.org/malware_news.php?id=2944
23. January 22, Securityweek – (International) Google
fixes 62 security bugs with release of Chrome 40. Google announced a
release of Chrome 40 for Windows, Mac OS, and Linux, closing 62
vulnerabilities, including the disabling of SSL 3.0, a protocol found to be
vulnerable to POODLE attacks. Source: http://www.securityweek.com/google-fixes-62-security-bugs-release-chrome-40
24. January 22, The Register – (International) Remote
code execution vulns hit Atlassian kit. Atlassian has released updates to
patch a serious vulnerability, an Object-Graph Navigation Language (OGNL)
double evaluation vulnerability found in all versions of its Confluence,
Bamboo, FishEye, and Crucible products that could allow an attacker to execute
Java code of their choice on systems that use the affected frameworks as long
as they can access their Web interfaces. Source: http://www.theregister.co.uk/2015/01/22/atlassian_vulns/
25. January 22, Help Net Security – (International)
Click-fraud malware brings thousands of dollars to YouTube scammers. Researchers
at Symantec reported a two-component click-fraud malware dubbed Tubrosa, which
could allow an attacker to compromise victims’ computers with the malware and
use them to artificially inflate their YouTube video views and take advantage
of the YouTube Partner Program validation process. Source: http://www.net-security.org/malware_news.php?id=2945
For another story, see
item 4 below from the Critical Manufacturing Sector
4. January
22, Softpedia – (International) Tesla Model S hacked to start without key. Qihoo
360 reported a vulnerability in the Tesla Model S discovered during a
demonstration at the SyScan security conference in Beijing that could allow an
attacker to unlock the vehicle, start the engine, and drive away with the
vehicle by intercepting the communication between the key fob and the car.
Tesla officials confirmed the flaw and stated that a fix would be released to
close the vulnerability. Source: http://news.softpedia.com/news/Tesla-Model-S-Hacked-to-Start-Without-Key-470827.shtml
Communications Sector
26. January 22, KMPH 26
Visalia – (California) AT&T land line outage after
construction crews cut cable. An unknown number of customers in Madera,
Fresno, and Mariposa counties experienced an AT&T land line phone outage
January 21 when a contractor inadvertently cut a cable. Emergency 9-1-1 calls
were rerouted while crews worked to restore service. Source: http://www.kmph.com/story/27910326/att-land-line-outage-after-construction-crews-cut-cable