Complete DHS Report for
May 12, 2015
As I documented earlier, DHS is/was having problems with the
distribution of its daily report. I
learned that it was being distributed successfully to various state sites,
InfraGard in particular. Sometime today,
May 13, 2015 after 3PM EDST it appears that all is again working.
Daily Report
Top Stories
· At least
26 tornadoes moved through Texas and Arkansas May 10, leaving 5 people dead, 26
injured, and 8 unaccounted for as the tornadoes knocked out power to
approximately 28,040 people and caused extensive damage. – NBC News;
Associated Press
1. May 11,
NBC News; Associated Press – (Texas; Arkansas) Van, Texas, and
Nashville, Arkansas, hit by suspected tornados. At least 26 reported
tornados moved through Texas and Arkansas May 10, leaving 5 people dead at
least 26 others injured, and about 8 people unaccounted for as the tornados
knocked out power to approximately 28,040 people and caused extensive damage to
homes, cars, and schools. Source: http://www.nbcnews.com/news/weather/van-texas-nashville-arkansas-hit-suspected-twisters-n356911
· A
transformer fire at the Indian Point nuclear station in Buchanan, New York,
shut down the plant’s Unit 3 reactor and caused at least 15,000 gallons of oil
to spill into the Hudson River May 9. – WABC 7 New York City
4. May 10,
WABC 7 New York City – (New York) Part of Indian Point Nuclear
Plant still shut down after transformer fire. A transformer fire at the
Entergy Corporation’s Indian Point nuclear station in Buchanan prompted the
shutdown of the plant’s Unit 3 reactor and caused at least 15,000 gallons of oil
to spill into the Hudson River May 9. Officials reported that most of the oil
was contained with no impact on the public, and that the plant remains offline
while the incident is investigated. Source: http://7online.com/news/cleanup-underway-of-oil-in-hudson-river-after-indian-point-fire/710359/
· U.S
officials reported May 8 that a former U.S. Department of Energy (DOE) and U.S.
Nuclear Regulatory Commission employee was extradited to the U.S. from the
Philippines to face charges for allegedly attempting to infiltrate the DOE’s
system to steal nuclear secrets to sell to a foreign government. – Washington
Post
18. May 8,
Washington Post – (International) Former Energy Department
employee indicted in nuclear secrets case. U.S. officials reported May 8
that a former employee at the U.S. Department of Energy and the U.S. Nuclear
Regulatory Commission was deported to the U.S. from the Philippines March 27
and charged for allegedly targeting over 80 department employees with emails
containing malicious software in an effort to extract sensitive nuclear
information and sell it to a foreign government. Officials stated that no
computer virus or malicious code was transferred into government computers.
Source: http://www.washingtonpost.com/world/national-security/former-energy-department-employee-indicted-in-nuclear-secrets-case/2015/05/08/0a84c3ac-f32c-11e4-b2f3-af5479e6bbdd_story.html
· Nebraska
officials reported that 2 inmates were found dead and 2 others were injured in
a May 10 riot at Tecumseh State Prison. – Omaha World-Herald
20. May 11, Omaha World-Herald – (Nebraska) 2
inmates found dead at Tecumseh State Prison, officials say. Nebraska
officials reported May 11 that 2 inmates were found dead at Tecumseh State
Prison following a May 10 riot that left 2 other inmates injured and caused
several disruptions in housing units, resulting in small fires and property
damage. Prison staff secured the facility after nearly 8 hours and the incident
remains under investigation. Source: http://www.omaha.com/news/crime/tecumseh-state-correctional-institution-workers-inmates-injured-in-prison-riot/article_251b8a66-f76e-11e4-a89d-5febbe51124f.html
Financial Services Sector
6. May 9,
Denver Post; Associated Press – (Colorado) FBI agent shot at
motel; suspect dead. An FBI agent was injured May 8 after being fired upon
while trying to serve an arrest warrant at a Littleton motel to the bank
robbery suspected dubbed “The Longhorn Bandit,” who had allegedly robbed
multiple banks in the area since February. Authorities reported that officers
did not fire any shots, and that the suspect was found dead in his room.
Source: http://www.denverpost.com/news/ci_28079813/swat-surrounds-essex-house-motel-littleton
Information Technology Sector
23. May 11, Securityweek – (International) MacKeeper
patches serious remote code execution flaw. The developers of the MacKeeper
utility software suite for Apple OS X patched a critical input validation
vulnerability which an attacker could exploit to remotely execute code on
affected systems by tricking victims to visit a specially crafted Web site that
runs code with root privileges once visited. Source: http://www.securityweek.com/mackeeper-patches-serious-remote-code-execution-flaw
24. May 11, Securityweek – (International) Angler
EK makes it difficult to track down malvertising sources. A security expert
discovered that the Angler Exploit Kit (EK) is leveraging Web browser bugs to
break the referrer chain, making it more difficult for security researchers and
advertising networks to determine the kit’s source in the campaign. Source: http://www.securityweek.com/angler-ek-makes-it-difficult-track-down-malvertising-sources
25. May 8, Threatpost – (International) Wordpress
sites backdoored, leaking credentials. Security researchers at Zscaler
discovered backdoor code compromising content management systems (CMS) on a
number of WordPress Web sites that activates when users input their login
credentials. Once activated, the backdoor injects JavaScript (JS) code hosted
on a command and control (C&C) server. Source: https://threatpost.com/wordpress-sites-backdoored-leaking-credentials/112703
For another story, see
item 5 below from the Critical Manufacturing Sector
5. May 8, Securityweek – (National) Rockwell
Automation fixes flaw in factory communication solution. Rockwell
Automation released software updates to address a buffer overflow vulnerability
in its RSLinx Classic comprehensive factory communication server solution in
which an attacker could crash the application or inject malicious code with
elevated privileges by loading a specially crafted concurrent versions system
(CVS) file to trigger a stack-based buffer overflow in the application. Source:
http://www.securityweek.com/rockwell-automation-fixes-flaw-factory-communication-solution
Communications Sector
Nothing to report