Complete DHS Report for February 25, 2015
Daily Report
Top Stories
· All four
cars and the locomotive of a Metrolink train derailed in Oxnard, California,
February 24 when it collided with a vehicle that was stopped on the tracks
causing injury to 28 people. – Los Angeles Times
6. February
24, Los Angeles Times – (California) Southern California commuter
train crash: 4 are critically hurt. Authorities continue to investigate
after all four cars and the locomotive of a Metrolink train derailed in Oxnard
when it collided with a pickup truck that was stopped on the tracks causing
injury to 28 people February 24. The Metrolink engineer reportedly saw the
truck and initiated the train’s flashing lights and braking mechanisms in
anticipation of a crash, but the train was unable to stop before the collision.
Source: http://www.latimes.com/local/lanow/la-me-ln-california-trail-derails-30-injured-20150224-story.html
· Pike
County, Kentucky officials announced that more than 6,000 Mountain Water
District customers remained without water February 24 due to a combination of
cold temperatures, ice accumulation, power outages, and frozen pipes. – WSAZ
3 Huntington
11. February
24, WSAZ 3 Huntington – (Kentucky) Thousands still without water
in Pike County, Ky. Officials in Pike County, Kentucky, announced that more
than 6,000 Mountain Water District customers remained without water February 24
due to a combination of freezing temperatures, ice accumulation, power outages,
and frozen pipes. A boil advisory was issued for the entire area until further
notice and the City of Pikeville is continuing to produce water and provide
service to the district. Source: http://www.wsaz.com/news/headlines/Thousands-without-Water-in-Pike-County-Ky--293670011.html
· An
impending winter storm that could dump snow in Shreveport, Louisiana, and
surrounding areas prompted the closure of several police departments,
courthouses, school districts, and universities February 24. – Shreveport
Times
13. February
24, Shreveport Times – (Louisiana) Tuesday winter weather and
closures. Winter weather concerns about an impending storm that could dump
up to four inches of snow in Shreveport and surrounding areas prompted the
closure of several police departments, courthouses, school districts, and
universities February 24. Several roadways experienced closures and delays, and
the Louisiana State Police warned of hazardous driving conditions on stretches
of Interstate 20. Source: http://www.shreveporttimes.com/story/news/local/2015/02/24/tuesday-winter-weather/23925081/
· A former
civilian employee of U.S. Central Command at MacDill Air Force Base in Florida
was arrested February 20 after being charged February 12 in connection with the
April 2013 theft of 5 command laptops. – Tampa Tribune
16. February
23, Tampa Tribune – (National) No sign of data breach after Centcom laptops
stolen, U.S. Attorney says. A former civilian employee of U.S. Central Command
at MacDill Air Force Base in Florida was arrested February 20 after being
charged February 12 in connection with the April 2013 theft of 5 command
laptops. The U.S. Attorney’s Office reported that there were no signs of a data
breach caused by the theft. Source: http://tbo.com/list/military-news/no-sign-of-data-breach-after-centcom-laptops-stolen-us-attorney-says-20150223/
Financial Services Sector
4. February
24, Reuters – (Connecticut) Connecticut credit union manager
found wearing suspected bomb vest. Police found February 23 an Achieve
Financial Credit Union executive in a car outside of the New Britain,
Connecticut branch with a bomb-like device strapped to his body in an apparent
scheme to rob the financial institution that was aborted after the man was
allegedly abducted from his home. The suspected explosive device was removed
and destroyed without incident, and officials are seeking 3 suspects in
connection with the incident while working to determine if the executive was a
willing participant in the alleged plot. Source: http://www.reuters.com/article/2015/02/24/us-usa-connecticut-police-idUSKBN0LR1LB20150224
For another story, see item 21 below
in the Information Technology Sector
Information Technology Sector
18. February
23, SC Magazine – (International) Older vulnerabilities a top enabler of
breaches, according to report. Hewlett Packard security researchers
reported that 44 percent of known breaches happened as a result of server
misconfigurations and vulnerabilities discovered years ago. The report cites 33
percent of identified exploit samples from Microsoft Windows, 11 percent from
Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft
Office flaws. Source: http://www.scmagazine.com/report-shows-organizations-dont-properly-patch-systems-networks/article/399708/
19. February
23, Securityweek – (International) Norton update caused Internet Explorer to
crash. Symantec released a new version of the Intrusion Prevention System
(IPS) definition package after a corrupt file in the previous release caused
the 32-bit version of Microsoft’s Internet Explorer Web browser to crash on
computers running Norton Security, Norton Security with Backup, Norton 360, and
Norton Internet Security. Source: http://www.securityweek.com/norton-update-caused-internet-explorer-crash
20. February
23, Softpedia – (International) Comodo’s PrivDog breaks HTTPS security
possibly worse than Superfish. A security researcher discovered that
Comodo’s PrivDog browsing privacy protection tool compromised browsing security
by acting as a man-in-the-middle (MitM), intercepting and replacing all
certificates with its own, causing browsers to accept every HTTPS certificate
regardless of authority. The issue could affect nearly 64,000 users worldwide,
and PrivDog released an update with a fix for the issue. Source: http://news.softpedia.com/news/Comodo-s-PrivDog-Breaks-HTTPS-Security-Possibly-Worse-than-Superfish-473968.shtml
21. February
23, Softpedia – (International) CSIS security group warns of fake emails
using its name. CSIS security experts discovered an email campaign that
spoofed the company’s email address and used an employee’s name to distribute a
malicious attachment and deploy malware on the recipients’ machines. The
Danish-based company provides security services for some of the largest global
banks and acts as a consultant to governments, media, and businesses. Source: http://news.softpedia.com/news/CSIS-Security-Group-Warns-of-Fake-Emails-Using-its-Name-474022.shtml
Communications Sector
22. February 23, WATE 6
Knoxville – (Tennessee) Cumberland County radio station struggles
to stay on the air after winter weather takes out transmitter. A winter
storm in Cumberland County took 101.9 FM The Vibe Crossville off air February
20 after a tower fell under the weight of ice and knocked out the station. The
station’s owner hoped to get the station back on air February 24 after the
tower is repaired. Source: http://wate.com/2015/02/23/cumberland-county-radio-station-struggles-to-stay-on-the-air-after-winter-weather-takes-out-transmitter/
For
another story, see item 21 above in the Information Technology
Sector