Thursday, August 13, 2015




Complete DHS Report for August 13, 2015

Daily Report                                            

Top Stories

 · Texas officials reported that valves at the Shell Oil facility in Deer Park, Texas, accidentally released 326,166 pounds of butadiene August 9. – Houston Chronicle

3. August 11, Houston Chronicle – (Texas) Shell Oil accidentally spills hundreds of thousands of pounds of toxic gas in Deer Park. The Texas Commission on Environmental Quality (TCEQ) reported that valves at the Shell Oil facility in Deer Park, Texas, accidentally released 326,166 pounds of butadiene August 9. Officials are investigating the incident and continue to monitor the air quality. Source: http://www.chron.com/news/houston-texas/houston/article/Shell-Oil-accidentally-spills-hundreds-of-6438343.php

 · The U.S. Federal Aviation Administration commissioned a 2012 study, which was released August 10, revealing the dangers of chronic fatigue affecting air traffic controllers nationwide, potentially endangering fliers. – CNN

10. August 11, CNN – (National) Report: Air traffic controllers pinned errors on fatigue. The U.S. Federal Aviation Administration commissioned a 2012 study conducted by the U.S. National Aeronautics and Space Administration, which was released August 10, revealing the dangers of chronic fatigue affecting air traffic controllers nationwide, potentially endangering fliers. The administration stated that it has made efforts to minimize fatigue in recent years, including ensuring 9-hour breaks between shifts and restricting back-to-back “midnight shifts.” Source: http://www.cnn.com/2015/08/10/us/air-traffic-controller-fatigue/

 · GlaxoSmithKline announced August 12 that it temporarily closed its factory in Zebulon, North Carolina, after testing at a cooling tower found bacteria that causes Legionnaires’ disease. – Reuters

15. August 12, Reuters – (North Carolina) GSK shuts U.S. plant due to bacteria, no supply disruption seen. GlaxoSmithKline announced August 12 that it temporarily closed its factory in Zebulon, North Carolina, after testing at a cooling tower found bacteria that causes Legionnaires’ disease. The company reported that there will be no disruption in production and that the factory will reopen once the cooling towers are cleaned and retested.Source: http://www.reuters.com/article/2015/08/12/us-usa-gsk-legionnaires-idUSKCN0QG2E120150812

 · Federal authorities announced August 11 that at least 100 commercial truck drivers paid up to $5,000 each to California Department of Motor Vehicles (DMV) employees for illegal licenses. – FoxNews.com; Associated Press

16. August 12, FoxNews.com; Associated Press – (California) California DMV employees allegedly traded cash for licenses. Federal authorities announced August 11 that at least 100 commercial truck drivers from 3 truck-driving schools paid up to $5,000 each to California Department of Motor Vehicles (DMV) employees for illegal licenses. One DMV employee and a trucking school owner have pleaded guilty, while two other DMV workers and two additional truck school operators have been charged.

Financial Services Sector

7. August 12, U.S. Securities and Exchange Commission – (National) SEC charges ITG with operating secret trading desk and misusing dark pool subscriber trading information. The U.S. Securities and Exchange Commission announced August 12 that ITG Inc., and affiliate AlterNet Securities agreed to pay $20.3 million to resolve allegations that they operated “Project Omega” an undisclosed propriety trading desk for over a year, and misused dark pool subscriber trading information. Source: http://www.sec.gov/news/pressrelease/2015-164.html

8. August 11, Investment News – (National) FTC investigation finds glitch to blame in Morgan Stanley data beach. The U.S. Federal Trade Commission announced that a December 2014 data breach that compromised information of 350,000 Morgan Stanley clients occurred as a result of improperly configured data security controls, and not due to a failure on the company’s part to secure account information. Source: http://www.investmentnews.com/article/20150811/FREE/150819982/ftc-investigation-finds-glitch-to-blame-in-morgan-stanley-data-breach

Information Technology Sector

26. August 12, Securityweek – (International) Firefox 40 patches vulnerabilities, expands malware protection. Mozilla released version 40 of its Firefox Web browser patching about 20 issues and listing four critical advisories including, buffer overflow, integer overflow, use-after-free, and memory safety vulnerabilities which can result in exploitable crashes, among others.Source: http://www.securityweek.com/firefox-40-patches-vulnerabilities-expands-malware-protection

27. August 12, The Register – (International) Blacklists miss 90% of malware blogged IP love. RecordedFuture released findings from a report revealing that over 90 percent of 1,521 recorded malicious Internet Protocol (IP) addresses linked to 2 pieces of malware and 67,563 addresses associated with a malicious executable are not identified by current popular Web blacklists, among other findings. http://www.theregister.co.uk/2015/08/12/two_shady_men_walk_into_a_bar_blacklist_report/

28. August 12, Securityweek – (International) Microsoft, Adobe patch dozens of security vulnerabilities. Microsoft released 14 security bulletins addressing about 60 vulnerabilities affecting Windows, Internet Explorer, .NET, Office, Lync, Silverlight, and its Edge Web browser, including a privilege escalation vulnerability affecting Windows’ Mount Manager that could be leveraged via a Universal Serial Bus (USB) device, and a memory corruption flaw in Office. In a separate release, Adobe addressed 35 use-after free, integer overflow, buffer overflow, and type confusion vulnerabilities for its Flash Player that could be exploited for arbitrary code execution. Source: http://www.securityweek.com/microsoft-adobe-patch-dozens-security-vulnerabilities

29. August 11, Securityweek – (International) OpenSSH 7.0 fixes authentication vulnerability, other security bugs. The OpenBSD Project released version 7.0 of its Secure Shell (SSH) OpenSSH project addressing four vulnerabilities, including a keyboard-interactive authentication mechanism flaw that exposed servers to brute-force attacks, a use-after-free flaw that could allow for arbitrary code execution, and two vulnerabilities in the portable version of OpenSSH. Source: http://www.securityweek.com/openssh-70-fixes-authentication-vulnerability-other-security-bugs

For another story, see item 5 below from the Critical Manufacturing Sector

5. August 12, IDG News Service – (International) How texting a Corvette could stop it in its tracks. Researchers from the University of California revealed that security vulnerabilities in telematics control units (TCU) could be leveraged to hack into a vehicle’s Controller Area Network (CAN) bus through a demonstration in which they used a text message to remotely cause a vehicle to brake, and activated its windshield wipers. Source: http://www.computerworld.com/article/2970113/security/how-texting-a-corvette-could-stop-it-in-its-tracks.html

Communications Sector

30. August 11, WTVT 13 Tampa – (National) Company fined millions for illegal robocalls. The U.S. Federal Communications Commission announced August 11 that Florida-based Travel Club Marketing, Inc., and its owner will pay $2.96 million in fines in response to 142 customer complaints that the company failed to obtain prior consent before making 185 prerecorded marketing calls.Source: http://www.myfoxtampabay.com/story/29764499/company-fined-millions-for-illegal-robocalls