Complete DHS Report for
August 13, 2015
Daily Report
Top Stories
· Texas officials reported that valves at
the Shell Oil facility in Deer Park, Texas, accidentally released 326,166
pounds of butadiene August 9. – Houston Chronicle
3. August 11,
Houston Chronicle – (Texas) Shell Oil accidentally spills hundreds of thousands
of pounds of toxic gas in Deer Park. The Texas Commission on Environmental
Quality (TCEQ) reported that valves at the Shell Oil facility in Deer Park,
Texas, accidentally released 326,166 pounds of butadiene August 9. Officials
are investigating the incident and continue to monitor the air quality. Source:
http://www.chron.com/news/houston-texas/houston/article/Shell-Oil-accidentally-spills-hundreds-of-6438343.php
· The U.S. Federal Aviation
Administration commissioned a 2012 study, which was released August 10,
revealing the dangers of chronic fatigue affecting air traffic controllers
nationwide, potentially endangering fliers. – CNN
10. August 11,
CNN – (National) Report: Air traffic controllers pinned errors on
fatigue. The U.S. Federal Aviation Administration commissioned a 2012 study
conducted by the U.S. National Aeronautics and Space Administration, which was
released August 10, revealing the dangers of chronic fatigue affecting air
traffic controllers
nationwide, potentially endangering fliers. The administration stated that it
has made efforts to minimize fatigue in recent years, including ensuring 9-hour
breaks between shifts and restricting back-to-back “midnight shifts.” Source: http://www.cnn.com/2015/08/10/us/air-traffic-controller-fatigue/
· GlaxoSmithKline announced August 12
that it temporarily closed its factory in Zebulon, North Carolina, after
testing at a cooling tower found bacteria that causes Legionnaires’ disease. – Reuters
15. August 12,
Reuters – (North Carolina) GSK shuts U.S. plant due to bacteria, no
supply disruption seen. GlaxoSmithKline announced August 12 that it
temporarily closed its factory in Zebulon, North Carolina, after testing at a
cooling tower found bacteria that causes Legionnaires’ disease. The company
reported that there will be no disruption in production and that the factory
will reopen once the cooling towers are cleaned and retested.Source: http://www.reuters.com/article/2015/08/12/us-usa-gsk-legionnaires-idUSKCN0QG2E120150812
· Federal authorities announced August 11
that at least 100 commercial truck drivers paid up to $5,000 each to California
Department of Motor Vehicles (DMV) employees for illegal licenses. – FoxNews.com;
Associated Press
16. August 12,
FoxNews.com; Associated Press – (California) California DMV
employees allegedly traded cash for licenses. Federal authorities announced
August 11 that at least 100 commercial truck drivers from 3 truck-driving
schools paid up to $5,000 each to California Department of Motor Vehicles (DMV)
employees for illegal licenses. One DMV employee and a trucking school owner
have pleaded guilty, while two other DMV workers and two additional truck
school operators have been charged.
Source: http://www.foxnews.com/us/2015/08/12/california-dmv-employees-allegedly-traded-cash-for-licenses/
Financial Services Sector
7. August 12,
U.S. Securities and Exchange Commission – (National) SEC charges ITG
with operating secret trading desk and misusing dark pool subscriber trading
information. The U.S. Securities and Exchange Commission announced August
12 that ITG Inc., and affiliate AlterNet Securities agreed to pay $20.3 million
to resolve allegations that they operated “Project Omega” an undisclosed
propriety trading desk for over a year, and misused dark pool subscriber
trading information. Source: http://www.sec.gov/news/pressrelease/2015-164.html
8. August 11,
Investment News – (National) FTC investigation finds glitch to blame in Morgan
Stanley data beach. The U.S. Federal Trade Commission announced that a
December 2014 data breach that compromised information of 350,000 Morgan
Stanley clients occurred as a result of improperly configured data security
controls, and not due to a failure on the company’s part to secure account
information. Source: http://www.investmentnews.com/article/20150811/FREE/150819982/ftc-investigation-finds-glitch-to-blame-in-morgan-stanley-data-breach
Information Technology Sector
26. August 12,
Securityweek – (International) Firefox 40 patches vulnerabilities, expands
malware protection. Mozilla released version 40 of its Firefox Web browser
patching about 20 issues and listing four critical advisories including, buffer
overflow, integer overflow, use-after-free, and memory safety vulnerabilities
which can result in exploitable crashes, among others.Source: http://www.securityweek.com/firefox-40-patches-vulnerabilities-expands-malware-protection
27. August 12,
The Register – (International) Blacklists miss 90% of malware blogged IP
love. RecordedFuture released findings from a report revealing that over 90
percent of 1,521 recorded malicious Internet Protocol (IP) addresses linked to
2 pieces of malware and 67,563 addresses associated with a malicious executable
are not identified by current popular Web blacklists, among other findings. http://www.theregister.co.uk/2015/08/12/two_shady_men_walk_into_a_bar_blacklist_report/
28. August 12,
Securityweek – (International) Microsoft, Adobe patch dozens of security
vulnerabilities. Microsoft released 14 security bulletins addressing about
60 vulnerabilities affecting Windows, Internet Explorer, .NET, Office, Lync,
Silverlight, and its Edge Web browser, including a privilege escalation
vulnerability affecting Windows’ Mount Manager that could be leveraged via a
Universal Serial Bus (USB) device, and a memory corruption flaw in Office. In a
separate release, Adobe addressed 35 use-after free, integer overflow, buffer
overflow, and type confusion vulnerabilities for its Flash Player that could be
exploited for arbitrary code execution. Source: http://www.securityweek.com/microsoft-adobe-patch-dozens-security-vulnerabilities
29. August 11,
Securityweek – (International) OpenSSH 7.0 fixes authentication
vulnerability, other security bugs. The OpenBSD Project released version
7.0 of its Secure Shell (SSH) OpenSSH project addressing four vulnerabilities,
including a keyboard-interactive authentication mechanism flaw that exposed
servers to brute-force attacks, a use-after-free flaw that could allow for
arbitrary code execution, and two vulnerabilities in the portable version of
OpenSSH. Source: http://www.securityweek.com/openssh-70-fixes-authentication-vulnerability-other-security-bugs
For another story, see item 5 below from the Critical Manufacturing Sector
5. August 12,
IDG News Service – (International) How texting a Corvette could stop it in its
tracks. Researchers from the University of California revealed that
security vulnerabilities in telematics control units (TCU) could be leveraged
to hack into a vehicle’s Controller Area Network (CAN) bus through a
demonstration in which they used a text message to remotely cause a vehicle to
brake, and activated its windshield wipers. Source: http://www.computerworld.com/article/2970113/security/how-texting-a-corvette-could-stop-it-in-its-tracks.html
Communications Sector
30. August 11,
WTVT 13 Tampa – (National) Company fined millions for illegal robocalls. The
U.S. Federal Communications Commission announced August 11 that Florida-based
Travel Club Marketing, Inc., and its owner will pay $2.96 million in fines in
response to 142 customer complaints that the company failed to obtain prior
consent before making 185 prerecorded marketing calls.Source: http://www.myfoxtampabay.com/story/29764499/company-fined-millions-for-illegal-robocalls