Friday, March 27, 2015



Complete DHS Report for  March 27, 2015

Daily Report

Top Stories

 · The Alabama Fire Marshal’s Office confirmed March 25 that a cease-and-desist order was issued that closes the production portion of the Ultratec fireworks plant in Madison County following a deadly explosion in February. – WAFF 48 Huntsville

1. March 26, WAFF 48 Huntsville – (Alabama) Fire marshal: Victim of fatal blast reported unsafe work environment. The Alabama Fire Marshal’s Office confirmed March 25 that a cease-and-desist order was issued that closes the production portion of the Ultratec fireworks plant in Madison County following a deadly explosion in February. The State’s fire marshal cited the company for five violations, including improper storage of materials and cross-contamination concerns, following an inspection of the facility. Source: http://www.waff.com/story/28614817/portion-of-fireworks-plant-to-close-following-deadly-explosion

 · A stretch of U.S. 400 in Wilson County, Kansas, that closed March 25 due to a fatal multi-vehicle accident was expected to reopen by March 27. – KSNW 3 Wichita

7. March 26, KSNW 3 Wichita – (Kansas) One dead in Wilson County collision. A stretch of U.S. 400 in Wilson County was closed March 25 due to a multi-vehicle accident that killed the driver of a vehicle when she lost control on the wet roadway and crossed into oncoming traffic. The road was expected to reopen no later than March 27. Source: http://ksn.com/2015/03/25/u-s-400-closed-in-wilson-county-due-to-collision/

 · The governor of Indiana declared a health emergency March 26 in southeastern Indiana after the Indiana State Department of Health recorded 79 HIV cases connected to intravenous drug use in Scott County. – Indianapolis Star; Associated Press

15. March 26, Indianapolis Star; Associated Press – (Indiana) Governor approves short-term needle exchange in HIV epidemic. The governor of Indiana declared a health emergency March 26 in southeastern Indiana after the Indiana State Department of Health recorded 79 HIV cases connected to intravenous drug use in Scott County. The governor also announced that the State would sanction a short-term needle-exchange program to last for 30 days to help address the epidemic. Source: http://www.indystar.com/story/news/politics/2015/03/25/gov-pence-visit-indiana-county-hiv-outbreak/70427432/

 · One fatality was reported following tornado-producing storms that moved across Oklahoma, March 25 and caused severe damage to a mobile home park and businesses, knocked out power to nearly 75,000 customers, closed Interstate 35 in Moore, and prompted Moore Public Schools to cancel classes March 26. – Weather.com

26. March 26, Weather.com – (Oklahoma) Severe storm causes what appears to be first tornado-related fatality of 2015 in Sand Springs, Oklahoma. Tornado-producing storms that moved across Oklahoma, March 25 caused severe damage to a mobile home park in Sand Springs where one person was killed and several others were injured, and knocked out power to nearly 75,000 customers in the area. Both directions of Interstate 35 in Moore were closed and blocked by overturned vehicles, and Moore Public Schools canceled classes March 26 due to natural gas leaks and structural damage to businesses and homes. Source: http://www.weather.com/storms/severe/news/severe-thunderstorms-oklahoma-kansas-arkansas-missouri-texas-impacts

Financial Services Sector

3. March 25, Reuters – (International) PayPal to pay $7.7 million in U.S. Treasury sanctions case. PayPal agreed to pay $7.7 million March 25 to settle U.S. Department of the Treasury charges for failing to adequately screen transactions for several years, resulting in 486 violations of sanctions programs against countries including Iran, Cuba, and Sudan, as well as for a specific Turkish national on the sanctions blacklist that had been tied to proliferators of weapons of mass destruction. Source: http://www.reuters.com/article/2015/03/25/us-usa-treasury-ebay-idUSKBN0ML28620150325

4. March 25, Reuters – (California) U.S. jury convicts former bank exec of securities fraud. The former chief operating officer of United Commercial Bank in San Francisco was convicted March 25 of several criminal counts, including securities fraud, for allegedly concealing the falling value of collateral used to secure the bank’s loans from auditors during the 2008 financial crisis. Source: http://www.reuters.com/article/2015/03/25/fraud-tarp-trial-idUSL2N0WR2OM20150325

5. March 25, Associated Press – (Ohio) Ohio businessmen convicted in sports drink investment scheme. Two Ohio businessmen were convicted March 25 of charges relating to a fraud scheme in which they used their sport drink company, Imperial Integrated Health Research and Development LLC, to defraud investors out of about $9 million and diverted investors’ funds for their personal use. The wife of one of the businessmen was also convicted on several charges which included filing a false income tax return and structuring financial transactions to evade currency reporting requirements. Source: http://abcnews.go.com/US/wireStory/ohio-businessmen-convicted-sports-drink-investment-scheme-29910890

Information Technology Sector

21. March 26, Softpedia – (International) Microsoft revokes rogue digital certificate for Google and other web domains. Microsoft updated its Certificate Trust List (CTL) for Windows operating systems and pushed automatic updates to revoke a certificate fraudulently issued by Egypt-based MCS Holdings. The fraudulent certificates affected several Google and other domains, and left Windows users vulnerable to Web content spoofing, phishing, and man-in-the-middle (MitM) attacks. Source: http://news.softpedia.com/news/Microsoft-Revokes-Rogue-Digital-Certificate-for-Google-and-Other-Web-Domains-476809.shtml

22. March 26, Softpedia – (International) Apple customers lured to disclose Apple ID and card data. Security analysts at Bitdefender discovered a phishing scheme in which Apple device users are being targeted with emails that link to a hoax site requesting Apple ID credentials, personal information, payment card information, and a 3D Secure password. After users fill out the form, they are notified of a bogus two-factor authentication (2FA) process and are given an option to change their password. Source: http://news.softpedia.com/news/Apple-Customers-Lured-to-Disclose-Apple-ID-and-Card-Data-476817.shtml

23. March 26, Securityweek – (International) Cisco fixes DoS vulnerabilities in IOS software. Cisco Systems released security updates patching 16 vulnerabilities in IOS and IOS XE software components including Autonomic Network Infrastructure (ANI), Common Industrial Protocol (CIP), multicast Domain Name System (mDNS), transmission control protocol (TCP), Virtual Routing and Forwarding (VRF), and Internet Key Exchange version 2 (IKEv2). The vulnerabilities allowed remote, unauthenticated attackers to trigger denial-of-service (DoS) conditions on targeted systems. Source: http://www.securityweek.com/cisco-fixes-dos-vulnerabilities-ios-software

24. March 25, Threatpost – (International) Default setting in Windows 7, 8.1 could allow privilege escalation, sandbox escape. A Google Security Project Zero researcher identified certain default authentication settings in Microsoft’s Windows versions 7 and 8.1 that could allow attackers to use cross-protocol NT LAN Manager (NTLM) reflection to attack a local Server Message Block (SMB) server and leverage Web Distributed Authoring and Versioning (WebDAV) to elevate privileges or escape application sandboxes. Microsoft urged users to implement Extended Protection for Authentication (EPA) to mitigate the vulnerability. Source: https://threatpost.com/default-setting-in-windows-7-8-1-could-allow-privilege-escalation-sandbox-escape/111809

Communications Sector

25. March 25, WXIN 59 Indianapolis – (National) Sprint service restored after massive outage spans Chicago area. Sprint reported March 25 that service was restored to an unspecified number of customers following a major network outage that affected customers’ voice and text messaging services in Chicago and the surrounding areas. The cause of the outage remains under investigation. Source: http://www.nbcchicago.com/news/local/Massive-Sprint-Service-Outage-Across-Chicago-Area-297594231.html