Thursday, March 5, 2015



Complete DHS Report for  March 5, 2015

Daily Report

Top Stories

 · California officials stopped production at 12 wells used to pump oil-and-gas in Central Valley March 3 in order to protect underground drinking-water from contamination. – Associated Press

1. March 4, Associated Press – (California) California shuts down oil wells to protect ground water. The California Department of Conservation stopped production at 12 wells used to pump oil-and-gas in Central Valley March 3 in order to protect underground drinking-water from contamination following a review that found over 2,500 instances when the State authorized the injection of oilfield waste into protected aquifers used for drinking water or irrigating crops. Two operators were issued cease-and-desist orders while 10 other oil wells in Kern County stopped production. Source: http://www.nbcbayarea.com/news/california/California-Shuts-Down-Oil-Wells-to-Protect-Ground-Water-294933891.html

 · A former correctional officer was arrested and charged March 3 in connection to two separate shooting incidents including one on the Maryland Intercounty Connector, and a second incident where shots were fired near the NSA headquarters in Fort Meade. – WRC 4 Washington, D.C.

13. March 4, WRC 4 Washington, D.C. – (Maryland; Washington, D.C.) Former correctional officer charged in shootings at NSA, ICC. A former correctional officer was arrested and charged March 3 in connection to two separate shooting incidents, including one on the Maryland Intercounty Connector near Interstate 95 where two individuals were struck by bullets, and a second incident where shots were fired near the NSA headquarters in Fort Meade where a building was damaged. Authorities are investigating if the suspect is connected to a series of other shootings in the Washington, D.C. and Baltimore areas beginning February 24 targeting individuals at shopping centers, a Walmart, and an AMC Theater. Source: http://www.nbcwashington.com/news/local/Shots-Fired-Near-NSA-Headquarters-294909111.html

 · A vulnerability dubbed FREAK was found in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM). – Softpedia See item 20 below in the Information Technology Sector

 · Four suspects were charged March 3 in connection to more than 40 crash-and-grab thefts netting over $2 million across Chicago and other areas of the Midwest since 2014. – Chicago Sun-Times

24. March 3, Chicago Sun-Times – (Illinois) Crash-and-grab suspects nabbed in $2 million spree. The Chicago Police Department announced charges March 3 against four suspects who are believed to be part of a theft ring that is responsible for more than 40 crash-and-grab thefts across the city and other areas of the Midwest since 2014. The suspects are accused of stealing more than $2 million in merchandise and causing more than $500,000 in damage to businesses. Source: http://chicago.suntimes.com/news-chicago/7/71/411528/crash-grab-suspects-nabbed-2-million-spree

Financial Services Sector

4. March 3, Softpedia – (International) Banking malware targets almost 1,500 financial institutions in 86 countries. Security researchers from Symantec reported an analysis of 999 banking malware configurations that targeted 1,467 financial institutions worldwide in 2014, most of which were in the U.S. where consumers have been attacked with 95 percent of the trojans analyzed. The analysis also revealed that 4.1 million users’ systems had been compromised in 2014. Source: http://news.softpedia.com/news/Banking-Malware-Targets-Almost-1-500-Financial-Institutions-in-86-Countries-474782.shtml

5. March 3, Threatpost – (International) New POS malware uses mailslots to avoid detection. Security researchers from Morphick discovered that the new LogPOS point-of-sale (PoS) malware uses Microsoft Windows’ mailslots technology to avoid detection. inject code, and act like a client while it relays stolen payment card numbers to a command and control (C&C) server. Source: http://threatpost.com/new-pos-malware-uses-mailslots-to-avoid-detection/111391

For another story, see item 20 below in the Information Technology Sector

Information Technology Sector

20. March 4, Softpedia – (International) Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack. A security researcher at INRIA and the Microsoft Research Team identified a serious vulnerability in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM) attacks that capitalize on abandoned policies to force the use of weak RSA keys, potentially leaving a wide range of government and other Web sites vulnerable. The researchers have dubbed the attack FREAK (Factoring RSA Export Keys) and Akamai cloud platform announced that it patched the vulnerability. Source: http://news.softpedia.com/news/Strong-SSL-TLS-Ciphers-Downgraded-to-Use-Weak-Crypto-Key-in-FREAK-Attack-474842.shtml

21. March 4, Securityweek – (International) Google fixes 51 vulnerabilities with release of Chrome 41. Google addressed 51 security issues and added new apps, extension application program interfaces (APIs), and stability and performance improvements in the release of Google Chrome version 41. The addressed vulnerabilities include 13 high-severity and 6-medium-severity issues discovered by external researchers. Source: http://www.securityweek.com/google-fixes-51-vulnerabilities-release-chrome-41

For additional stories, see items 4 and 5 above in the Financial Services Sector

Communications Sector

22. March 2, KHQ 6 Spokane – (Washington) Homeless man caught stealing $10,000 in radio equipment. Police arrested a man March 2 for stealing radio equipment in Quincy from Cherry Creek Radio’s KWWW 96.7 FM Wenatchee radio station worth $10,000 after station personnel notified the utility company when their transmitter went offline. Source: http://www.khq.com/story/28243325/homeless-man-caught-stealing-10000-in-radio-equipment