Friday, June 12, 2015




Complete DHS Report for June 12, 2015

Daily Report

Top Stories

 · Plains All American Pipeline officials reported June 10 that the clean-up of oil along the Santa Barbara County, California coast has cost over $60 million, peaking at $3 million a day. – Los Angeles Times

4. June 10, Los Angeles Times – (California) Officials: cost to clean oiled Santa Barbara beaches exceeds $60 million. Plains All American Pipeline officials reported June 10 that the clean-up of oil along the Santa Barbara Coast has cost over $60 million, peaking at $3 million a day, and that workers have cleaned up 76 percent of damaged beach stretches. Costs could continue to rise due to possible financial damage claims and potential Clean Water Act violations stemming from the 101,000-gallon crude oil spill in May. Source: http://www.latimes.com/local/lanow/la-me-santa-barbara-oil-spill-cleanup-cost-20150610-story.html

 · The center tube of the Lincoln Tunnel in New York City was closed for several hours June 10 and about 31 people were injured after two buses collided. – WNBC 4 New York City

11. June 11, WNBC 4 New York City – (New York; New Jersey) 31 hurt when NJ Transit bus bumps tour bus carrying students in Lincoln Tunnel: officials The center tube of the Lincoln Tunnel in New York City was closed for several hours June 10 and about 31 people were injured after a New Jersey Transit bus with about 60 passengers crashed into a Canada-based tour bus that was carrying more than 2 dozen students. None of the students were reported injured in the accident. Source: http://www.nbcnewyork.com/news/local/Lincoln-Tunnel-Death-Bus-Crash-Police-306773321.html

 · Several miles of Route 374 east of Dannemora to West Plattsburgh, and Saranac Central School District in New York were closed June 11 as State authorities continued to search for 2 prisoners that escaped the Clinton Correctional Facility. – USA Today

20. June 11, USA Today – (New York) Manhunt focuses on prison area; Philly tip discredited. Several miles of Route 374 east of Dannemora to West Plattsburgh, and Saranac Central School District in New York were closed June 11 as State authorities investigated a new lead into the whereabouts of 2 escaped prisoners from the Clinton Correctional Facility June 6. Officials may reopen schools as early as June 12. Source: http://www.usatoday.com/story/news/nation/2015/06/11/police-close-road-killers-manhunt/71051406/

 · Security researchers from Kaspersky Lab discovered that the Duqu advanced persistent threat (APT) group had used a new platform to compromise the lab’s systems along with about 100 other victims between 2014 – 2015, most of whom were related to P5 + 1 talks over Iran’s nuclear program. – Threatpost See item 26 below in the Information Technology Sector

Financial Services Sector

10. June 11, WCPO 9 Cincinnati – (Indiana) Sock Hat Bandit: man matching suspect’s description accused of robbing Indiana bank. Anderson, Indiana Police Department officials reported that a man matching the description of the suspect dubbed the “Sock Hat Bandit” struck the town’s PNC Bank June 10, marking his ninth robbery across Ohio, Kentucky, and Indiana. The FBI is offering a $5,000 reward for information leading to his arrest. Source: http://www.wcpo.com/news/state/state-indiana/sock-hat-bandit-man-matching-suspects-description-accused-of-robbing-indiana-bank

For another story, see item 2 below from the Energy Sector

2. June 10, Palm Beach Post – (Florida) Skimming devices found at three more Palm Beach County gas stations. Florida’s Department of Agriculture and Consumer Services reported June 10 that 4 more skimming devices were found and removed from gas stations in Jupiter, Boca Raton, and West Palm Beach, bringing the total number of skimmers found since April to 15. Source: http://protectingyourpocket.blog.palmbeachpost.com/2015/06/10/skimming-devices-found-at-three-more-palm-beach-county-gas-stations/

Information Technology Sector

24. June 11, Securityweek – (International) Serious flaw in iOS mail app exposes users to phishing attacks. A Czech security researcher discovered a vulnerability in Apple’s iOS mobile operating system (OS) in which an attacker can create emails that load remote Hypertext Markup Language (HTML) content when opened, prompting users to input credentials that are sent back to the attacker. Source: http://www.securityweek.com/serious-flaw-ios-mail-app-exposes-users-phishing-attacks

25. June 11, Softpedia – (International) Malvertising campaign hits Bejeweled Blitz game on Facebook, CNN Indonesia. Security researchers from Websense discovered a malvertising campaign impacting up to 50 million users a month that is distributed through popular online locations including the Bejeweled Blitz game on Facebook via the OpenX advertising platform and an old Adobe Flash Player glitch. The campaign directs users to a site hosting the Angler exploit kit (EK) and delivers payloads including ransomware, ad-fraud, backdoor, and malware downloaders. Source: http://news.softpedia.com/news/Malvertising-Campaign-Hits-Bejeweled-Blitz-Game-on-Facebook-CNN-Indonesia-484021.shtml

26. June 10, Threatpost – (International) New APT Duqu 2.0 hits high-value victims, including Kaspersky Lab. Security researchers from Kaspersky Lab discovered that the Duqu advanced persistent threat (APT) group had used a new platform dubbed Duqu 2.0 to compromise the lab’s systems along with about 100 other victims between 2014 – 2015, most of whom were related to P5 + 1 talks over Iran’s nuclear program. The APT group seeks to gain access to intellectual property by attacking systems using modules residing entirely in-memory via Windows zero-day vulnerabilities to inject a backdoor and a larger espionage platform with extensive capabilities.

27. June 10, SC Magazine – (International) Stuxnet still a threat to critical infrastructure. Findings from Kleissner & Associates “Internet Attacks Against Nuclear Power Plants” report revealed that the Stuxnet malware was found on at least 153 devices worldwide in almost 5 years, at least 6 of which were running supervisory control and data acquisition (SCADA) development software. The researchers reiterated the threat posed by malware developed on behalf of foreign nation states. Source: http://www.scmagazineuk.com/stuxnet-still-a-threat-to-critical-infrastructure/article/419802/

28. June 10, SC Magazine – (International) U.S. National Vulnerability Database vulnerable to XSS attack. A security consultant discovered that the National Institute of Standards and Technology’s National Vulnerability Database (NVD) housing common vulnerabilities and exposures (CVE) flaws is vulnerable to a cross-site scripting (XSS) attack by replacing the document object mode (DOM) with a phishing page to collect personal identifiable information (PII) and card information. NVD officials reported that the agency is working to address the issue. Source: http://www.scmagazineuk.com/us-national-vulnerability-database-vulnerable-to-xss-attack/article/419789/

29. June 10, Securityweek – (International) Weak remote access practices contributed to nearly all PoS breaches: Trustwave. Trustwave released a report revealing that 40 percent of the 574 breaches the company investigated from 2014 were in point-of-sale (PoS) systems and that 94 percent of the incidents were a result of weak remote security and passwords. The retail sector comprised 43 percent of the PoS breach investigations, among other findings. Source: http://www.securityweek.com/weak-remote-access-practices-contributed-nearly-all-pos-breaches-trustwave

30. June 10, Threatpost – (International) Microsoft brings HSTS to Windows 7 and 8.1. Microsoft released patches introducing Hypertext Transfer Protocol (HTTP) Strict Transport Security (HSTS) to users running Internet Explorer 11 on Windows 7 and 8.1, in an effort to increase security against man-in-the-middle (MitM) Web sessions and attacks using invalid digital certificates. The protocol forces HTTP sessions to be sent over HTTP Secure (HTTPS) connections according to a list of preloaded sites supporting it. Source: https://threatpost.com/microsoft-brings-hsts-to-windows-7-and-8-1/113258

Communications Sector

See item 25 above in the Information Technology Sector