Tuesday, March 3, 2015



Complete DHS Report for  March 3, 2015

Daily Report

Top Stories

 · Crews recovered an estimated 3,906 gallons of crude oil, water, and other fluids from the Hilcorp Alaska Production-owned Tract 14 in North Slope, Alaska, after a pipeline leaked an unknown amount of liquid February 28. – KTUU 2 Anchorage

1. March 1, KTUU 2 Anchorage – (Alaska) DEC, authorities addressing 4,000-gallon Hilcorp pipeline spill. Crews recovered an estimated 3,906 gallons of crude oil, water, and other fluids from the Hilcorp Alaska Production-owned Tract 14 at the Milne Point site in North Slope, Alaska, after a pipeline leaked an unknown amount of liquid February 28. Officials are investigating the leak and shut in wells at Tract 14, and closed valves on the affected section of the pipe. Source: http://www.ktuu.com/news/news/dec-authorities-addressing-4000gallon-hilcorp-pipeline-spill/31558574

 · All lanes of Interstate 44 near Rolla, Missouri, reopened March 1 after closing February 28 due to a multi-vehicle accident involving a bus that rear-ended a semi-truck causing it to overturn on westbound lanes, leaving 11 people injured. – KSDK 5 St. Louis

10. March 1, KSDK 5 St. Louis – (Missouri) I-44 reopens after pileup near Rolla. All lanes of Interstate 44 near Rolla, Missouri, reopened March 1 after closing February 28due to a multi-vehicle accident that was initiated after a Greyhound bus rear-ended a semi-truck carrying Terester, a flammable and corrosive liquid, causing the semi-truck to overturn on westbound lanes. Eleven people were transported to an area hospital with injuries and crews cleaned up the toxic spill. Source: http://www.ksdk.com/story/news/traffic/2015/02/28/snowfall-causing-slick-roads-accidents/24187955/

 · Uber found that their internal database was breached in May 2014 by an unidentified third-party who accessed the information of 50,000 former and current drivers. – Softpedia

13. February 28, Softpedia – (National) Uber data breach impacts 50,000 current and former drivers. Uber determined in September 2014 that their internal database was breached in May without authorization by an unidentified third-party who accessed the information of 50,000 former and current drivers, which included names and driver’s license numbers. Uber changed access protocols and locked down the database while continuing to investigate the incident. Source: http://news.softpedia.com/news/Uber-Data-Breach-Impacts-50-000-Current-and-Former-Drivers-474515.shtml

 · A precautionary swimming advisory was issued March 1 until further notice for the beach area in Oleta River State Park in Miami after rainfalls caused about 5 million gallons of partially treated waste to overflow into surrounding wetlands. – WPLG 10 Miami

18. March 1, WPLG 10 Miami – (Florida) Precautionary swimming advisory issued for Oleta River. A precautionary swimming advisory was issued March 1 until further notice for the beach area in Oleta River State Park in Miami after rainfalls February 28 caused about 5 million gallons of partially treated waste to overflow into surrounding wetlands. The Florida Department of Health and the Department of Regulatory and Economic resources are conducting tests on the affected waters. Source: http://www.local10.com/news/precautionary-swimming-advisory-issued-for-oleta-river/31556444

Financial Services Sector

6. February 28, Grand Rapids Press – (Michigan) West Michigan developer indicted in $8 million real estate mortgage ‘stacking’ fraud. Authorities arrested a part owner of the GBW Development real estate firm in Michigan during the week of February 23 for allegedly conspiring with the owner of Prime Title Service to defraud banks, private lenders, and real estate title insurance companies out of $8 million by taking multiple mortgages out on a single property without lenders’ knowledge. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2015/02/west_michigan_developer_indict.html

7. February 27, U.S. Securities and Exchange Commission – (New York) SEC halts Ponzi-like scheme by purported venture capital fund manager in Buffalo. The U.S. Securities and Exchange Commission charged a New York-based supposed venture capital fund manager February 27 for allegedly using his firms Archipel Capital LLC and BIM Management LP to solicit money from investors for the purchase of 230,000 pre-IPO Twitter shares, of which he only purchased 80,000 shares, and using 3 unrelated funds and Ponzi-like payments with fake documents to pay investors. Source: http://www.sec.gov/litigation/litreleases/2015/lr23210.htm

8. February 26, Reuters – (International) Texas brothers must pay $299 million in SEC fraud case: judge. A Texas man and his late brother’s estate were ordered to pay the U.S. Securities and Exchange Commission $299.4 million February 26 for allegedly engaging in securities fraud and earning $553 million in undisclosed profits by trading in Michaels Stores Inc., Sterling Software Inc., Scottish Annuity & Life Holdings Ltd. now known as Scottish Re Group Ltd., and Sterling Commerce Inc. using trusts in the Isle of Man. Source: http://www.reuters.com/article/2015/02/27/sec-wyly-idUSL1N0W03Y820150227

Information Technology Sector

23. March 2, Help Net Security – (International) 0-day flaw in Seagate NAS devices endangers thousands. A security researcher discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS devices are susceptible to an easily-exploitable zero-day remote code execution vulnerability due to outdated Web-enabled application management versions of Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that contain known security issues. The company is reportedly working on the issue. Source: http://www.net-security.org/secworld.php?id=18023

24. March 2, Softpedia – (International) Privilege escalation glitch found in Toshiba software. SmartNet researchers discovered a path privilege escalation vulnerability in Toshiba’s Bluetooth Stack for Windows and Service Station that could allow attackers to take over control of computers by implementing malicious programs, and alter or delete information stored on hard disks. Toshiba released updates for its vulnerable products. Source: http://news.softpedia.com/news/Privilege-Escalation-Glitch-Found-in-Toshiba-Software-474649.shtml
For another story, see item 4 below from the Critical Manufacturing Sector

4. March 2, Softpedia – (International) Vulnerabilities in Blu-ray players open door for network compromise. Security researchers at NCC Group discovered security flaws in the software and hardware of Blu-ray players that could allow attackers to use poorly implemented Java to create malicious discs in order to bypass auto-run protection mechanisms through a sandbox escape and execute arbitrary code automatically. The second vulnerability was achieved by launching a library from a USB drive plugged into the device and the Web browser which could allow modifications of the firmware in order to remove anti-piracy technology. Source: http://news.softpedia.com/news/Vulnerabilities-in-Blu-Ray-Players-Open-Door-for-Network-Compromise-474635.shtml

Communications Sector

Nothing to report