Tuesday, May 12, 2015




Complete DHS Report for May 12, 2015

As I documented earlier, DHS is/was having problems with the distribution of its daily report.  I learned that it was being distributed successfully to various state sites, InfraGard in particular.  Sometime today, May 13, 2015 after 3PM EDST it appears that all is again working.

Daily Report

Top Stories

 · At least 26 tornadoes moved through Texas and Arkansas May 10, leaving 5 people dead, 26 injured, and 8 unaccounted for as the tornadoes knocked out power to approximately 28,040 people and caused extensive damage. – NBC News; Associated Press

1. May 11, NBC News; Associated Press – (Texas; Arkansas) Van, Texas, and Nashville, Arkansas, hit by suspected tornados. At least 26 reported tornados moved through Texas and Arkansas May 10, leaving 5 people dead at least 26 others injured, and about 8 people unaccounted for as the tornados knocked out power to approximately 28,040 people and caused extensive damage to homes, cars, and schools. Source: http://www.nbcnews.com/news/weather/van-texas-nashville-arkansas-hit-suspected-twisters-n356911

 · A transformer fire at the Indian Point nuclear station in Buchanan, New York, shut down the plant’s Unit 3 reactor and caused at least 15,000 gallons of oil to spill into the Hudson River May 9. – WABC 7 New York City

4. May 10, WABC 7 New York City – (New York) Part of Indian Point Nuclear Plant still shut down after transformer fire. A transformer fire at the Entergy Corporation’s Indian Point nuclear station in Buchanan prompted the shutdown of the plant’s Unit 3 reactor and caused at least 15,000 gallons of oil to spill into the Hudson River May 9. Officials reported that most of the oil was contained with no impact on the public, and that the plant remains offline while the incident is investigated. Source: http://7online.com/news/cleanup-underway-of-oil-in-hudson-river-after-indian-point-fire/710359/

 · U.S officials reported May 8 that a former U.S. Department of Energy (DOE) and U.S. Nuclear Regulatory Commission employee was extradited to the U.S. from the Philippines to face charges for allegedly attempting to infiltrate the DOE’s system to steal nuclear secrets to sell to a foreign government. – Washington Post

18. May 8, Washington Post – (International) Former Energy Department employee indicted in nuclear secrets case. U.S. officials reported May 8 that a former employee at the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission was deported to the U.S. from the Philippines March 27 and charged for allegedly targeting over 80 department employees with emails containing malicious software in an effort to extract sensitive nuclear information and sell it to a foreign government. Officials stated that no computer virus or malicious code was transferred into government computers. Source: http://www.washingtonpost.com/world/national-security/former-energy-department-employee-indicted-in-nuclear-secrets-case/2015/05/08/0a84c3ac-f32c-11e4-b2f3-af5479e6bbdd_story.html

 · Nebraska officials reported that 2 inmates were found dead and 2 others were injured in a May 10 riot at Tecumseh State Prison. – Omaha World-Herald

20. May 11, Omaha World-Herald – (Nebraska) 2 inmates found dead at Tecumseh State Prison, officials say. Nebraska officials reported May 11 that 2 inmates were found dead at Tecumseh State Prison following a May 10 riot that left 2 other inmates injured and caused several disruptions in housing units, resulting in small fires and property damage. Prison staff secured the facility after nearly 8 hours and the incident remains under investigation. Source: http://www.omaha.com/news/crime/tecumseh-state-correctional-institution-workers-inmates-injured-in-prison-riot/article_251b8a66-f76e-11e4-a89d-5febbe51124f.html

Financial Services Sector

6. May 9, Denver Post; Associated Press – (Colorado) FBI agent shot at motel; suspect dead. An FBI agent was injured May 8 after being fired upon while trying to serve an arrest warrant at a Littleton motel to the bank robbery suspected dubbed “The Longhorn Bandit,” who had allegedly robbed multiple banks in the area since February. Authorities reported that officers did not fire any shots, and that the suspect was found dead in his room. Source: http://www.denverpost.com/news/ci_28079813/swat-surrounds-essex-house-motel-littleton

Information Technology Sector

23. May 11, Securityweek – (International) MacKeeper patches serious remote code execution flaw. The developers of the MacKeeper utility software suite for Apple OS X patched a critical input validation vulnerability which an attacker could exploit to remotely execute code on affected systems by tricking victims to visit a specially crafted Web site that runs code with root privileges once visited. Source: http://www.securityweek.com/mackeeper-patches-serious-remote-code-execution-flaw

24. May 11, Securityweek – (International) Angler EK makes it difficult to track down malvertising sources. A security expert discovered that the Angler Exploit Kit (EK) is leveraging Web browser bugs to break the referrer chain, making it more difficult for security researchers and advertising networks to determine the kit’s source in the campaign. Source: http://www.securityweek.com/angler-ek-makes-it-difficult-track-down-malvertising-sources

25. May 8, Threatpost – (International) Wordpress sites backdoored, leaking credentials. Security researchers at Zscaler discovered backdoor code compromising content management systems (CMS) on a number of WordPress Web sites that activates when users input their login credentials. Once activated, the backdoor injects JavaScript (JS) code hosted on a command and control (C&C) server. Source: https://threatpost.com/wordpress-sites-backdoored-leaking-credentials/112703

For another story, see item 5 below from the Critical Manufacturing Sector

5. May 8, Securityweek – (National) Rockwell Automation fixes flaw in factory communication solution. Rockwell Automation released software updates to address a buffer overflow vulnerability in its RSLinx Classic comprehensive factory communication server solution in which an attacker could crash the application or inject malicious code with elevated privileges by loading a specially crafted concurrent versions system (CVS) file to trigger a stack-based buffer overflow in the application. Source: http://www.securityweek.com/rockwell-automation-fixes-flaw-factory-communication-solution

Communications Sector

Nothing to report