Complete DHS Report for March
3, 2015
Daily Report
Top Stories
· Crews
recovered an estimated 3,906 gallons of crude oil, water, and other fluids from
the Hilcorp Alaska Production-owned Tract 14 in North Slope, Alaska, after a
pipeline leaked an unknown amount of liquid February 28. – KTUU 2 Anchorage
1. March
1, KTUU 2 Anchorage – (Alaska) DEC, authorities addressing
4,000-gallon Hilcorp pipeline spill. Crews recovered an estimated 3,906
gallons of crude oil, water, and other fluids from the Hilcorp Alaska
Production-owned Tract 14 at the Milne Point site in North Slope, Alaska, after
a pipeline leaked an unknown amount of liquid February 28. Officials are
investigating the leak and shut in wells at Tract 14, and closed valves on the
affected section of the pipe. Source: http://www.ktuu.com/news/news/dec-authorities-addressing-4000gallon-hilcorp-pipeline-spill/31558574
· All
lanes of Interstate 44 near Rolla, Missouri, reopened March 1 after closing
February 28 due to a multi-vehicle accident involving a bus that rear-ended a
semi-truck causing it to overturn on westbound lanes, leaving 11 people
injured. – KSDK 5 St. Louis
10. March
1, KSDK 5 St. Louis – (Missouri) I-44 reopens after pileup near
Rolla. All lanes of Interstate 44 near Rolla, Missouri, reopened March 1
after closing February 28due to a multi-vehicle accident that was initiated after
a Greyhound bus rear-ended a semi-truck carrying Terester, a flammable and
corrosive liquid, causing the semi-truck to overturn on westbound lanes. Eleven
people were transported to an area hospital with injuries and crews cleaned up
the toxic spill. Source: http://www.ksdk.com/story/news/traffic/2015/02/28/snowfall-causing-slick-roads-accidents/24187955/
· Uber
found that their internal database was breached in May 2014 by an unidentified
third-party who accessed the information of 50,000 former and current drivers.
– Softpedia
13. February
28, Softpedia – (National) Uber data breach impacts 50,000
current and former drivers. Uber determined in September 2014 that their
internal database was breached in May without authorization by an unidentified
third-party who accessed the information of 50,000 former and current drivers,
which included names and driver’s license numbers. Uber changed access
protocols and locked down the database while continuing to investigate the
incident. Source: http://news.softpedia.com/news/Uber-Data-Breach-Impacts-50-000-Current-and-Former-Drivers-474515.shtml
· A
precautionary swimming advisory was issued March 1 until further notice for the
beach area in Oleta River State Park in Miami after rainfalls caused about 5
million gallons of partially treated waste to overflow into surrounding
wetlands. – WPLG 10 Miami
18. March 1,
WPLG 10 Miami – (Florida) Precautionary swimming advisory issued for Oleta
River. A precautionary swimming advisory was issued March 1 until further
notice for the beach area in Oleta River State Park in Miami after rainfalls
February 28 caused about 5 million gallons of partially treated waste to
overflow into surrounding wetlands. The Florida Department of Health and the
Department of Regulatory and Economic resources are conducting tests on the
affected waters. Source: http://www.local10.com/news/precautionary-swimming-advisory-issued-for-oleta-river/31556444
Financial Services Sector
6. February
28, Grand Rapids Press – (Michigan) West Michigan developer
indicted in $8 million real estate mortgage ‘stacking’ fraud. Authorities
arrested a part owner of the GBW Development real estate firm in Michigan
during the week of February 23 for allegedly conspiring with the owner of Prime
Title Service to defraud banks, private lenders, and real estate title
insurance companies out of $8 million by taking multiple mortgages out on a
single property without lenders’ knowledge. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2015/02/west_michigan_developer_indict.html
7. February
27, U.S. Securities and Exchange Commission – (New York) SEC halts
Ponzi-like scheme by purported venture capital fund manager in Buffalo. The
U.S. Securities and Exchange Commission charged a New York-based supposed
venture capital fund manager February 27 for allegedly using his firms Archipel
Capital LLC and BIM Management LP to solicit money from investors for the
purchase of 230,000 pre-IPO Twitter shares, of which he only purchased 80,000
shares, and using 3 unrelated funds and Ponzi-like payments with fake documents
to pay investors. Source: http://www.sec.gov/litigation/litreleases/2015/lr23210.htm
8. February
26, Reuters – (International) Texas brothers must pay $299 million in SEC
fraud case: judge. A Texas man and his late brother’s estate were ordered
to pay the U.S. Securities and Exchange Commission $299.4 million February 26
for allegedly engaging in securities fraud and earning $553 million in
undisclosed profits by trading in Michaels Stores Inc., Sterling Software Inc.,
Scottish Annuity & Life Holdings Ltd. now known as Scottish Re Group Ltd., and
Sterling Commerce Inc. using trusts in the Isle of Man. Source: http://www.reuters.com/article/2015/02/27/sec-wyly-idUSL1N0W03Y820150227
Information Technology Sector
23. March 2, Help Net Security – (International) 0-day
flaw in Seagate NAS devices endangers thousands. A security researcher
discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS
devices are susceptible to an easily-exploitable zero-day remote code execution
vulnerability due to outdated Web-enabled application management versions of
Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that
contain known security issues. The company is reportedly working on the issue.
Source: http://www.net-security.org/secworld.php?id=18023
24. March 2, Softpedia – (International) Privilege
escalation glitch found in Toshiba software. SmartNet researchers
discovered a path privilege escalation vulnerability in Toshiba’s Bluetooth
Stack for Windows and Service Station that could allow attackers to take over
control of computers by implementing malicious programs, and alter or delete
information stored on hard disks. Toshiba released updates for its vulnerable
products. Source: http://news.softpedia.com/news/Privilege-Escalation-Glitch-Found-in-Toshiba-Software-474649.shtml
For another story, see
item 4 below from the Critical Manufacturing Sector
4. March 2,
Softpedia – (International) Vulnerabilities in Blu-ray players open door
for network compromise. Security researchers at NCC Group discovered security
flaws in the software and hardware of Blu-ray players that could allow
attackers to use poorly implemented Java to create malicious discs in order to
bypass auto-run protection mechanisms through a sandbox escape and execute
arbitrary code automatically. The second vulnerability was achieved by
launching a library from a USB drive plugged into the device and the Web
browser which could allow modifications of the firmware in order to remove
anti-piracy technology. Source: http://news.softpedia.com/news/Vulnerabilities-in-Blu-Ray-Players-Open-Door-for-Network-Compromise-474635.shtml
Communications Sector
Nothing to report