Complete DHS Report for
October 21, 2015
Daily Report
Top Stories
• The North Dakota
Department of Health reported October 20 that Oasis Petroleum North America,
LLC was unable to regain control of a well after workers lost control October
17, causing tens of thousands of gallons of oil and saltwater to spill. – KXMC
13 Minot; Associated Press
1. October
20, KXMC 13 Minot; Associated Press – (North Dakota) Oil, brine
spill in ND after workers lose control of well. The North Dakota Department
of Health reported October 20 that Oasis Petroleum North America, LLC has been
unable to regain control of a well in Mountrail County after workers lost
control of the well October 17, causing tens of thousands of gallons of
saltwater and oil to spill. Crews were able to recover 73,920 gallons of oil
and 84,000 gallons of saltwater by October 18, and are continuing efforts to
remove the fluids from the well site.
• Over 2,000 people
were evacuated October 19 from a Smithfield Packing Plant in North Carolina
after part of the ceiling fell into the building. – WECT 6 Wilmington
12. October
20, WECT 6 Wilmington – (North Carolina) Smithfield Packing plant
evacuated after part of ceiling collapses. A Bladen County official reported
October 19 that over 2,000 people were evacuated from the Smithfield Packing
Plant after part of the ceiling fell from its Tar Heel, North Carolina
facility, causing the plant to stop its production for an indeterminate amount
of time. No injuries were reported and Smithfield Foods is working to fix the
roof.
Source: http://wncn.com/2015/10/19/smithfield-packing-plant-evacuated-after-part-of-ceiling-collapses/
• Colorado-based
Good Food Concepts issued a voluntary recall for about 12,566 pounds of beef,
pork, and poultry products October 18 due to misbranding and production without
thorough analysis and control. – U.S. Department of Agriculture
14. October
18, U.S. Department of Agriculture – (Colorado; New Mexico) Good
Food concepts recalls beef, pork, and poultry products produced without a fully
implemented HACCP plan, and misbranded. Colorado Springs-based Good Food Concepts
issued a voluntary recall for approximately 12,566 pounds of beef, pork, and poultry
products October 18 after a food safety assessment revealed the products were
produced without a fully implemented Hazard Analysis and Critical Control Points
plan and were misbranded to include undeclared sodium nitrite. The items were
produced from October 16, 2014 – October 16, 2015 and shipped to retail
locations in Colorado and New Mexico. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2015/recall-127-2015-release
• U.S. officials
announced October 19 that Millennium Health agreed to pay $256 million to
resolve allegations that the company billed health care programs for
unnecessary urine and drug testing, among other charges. – U.S. Department
of Justice
16. October
19, U.S. Department of Justice – (National) Millennium Health
agrees to pay $256 million to resolve allegations of unnecessary drug and
genetic testing and illegal remuneration to physicians. The U.S. Department
of Justice announced October 19 that Millennium Health agreed to pay $256
million in a settlement resolving alleged violations of the False Claims Act
after officials reportedly found that the company falsely billed Medicare,
Medicaid, and other Federal health care programs for medically unnecessary
urine drug and genetic testing, in addition to providing physicians with free
items for referring laboratory testing to the company between 2008 and 2015.
The company also entered into a corporate integrity agreement (CIA) with the
U.S. Department of Health and Human Services-Office of Inspector General as
part of the settlement terms.
Financial Services Sector
4. October
20, Cranston Patch – (Rhode Island) “Ponytail Bandit” pleads guilty to bank
robbery spree. The suspect believed to be the “Ponytail Bandit” pleaded
guilty October 16 to charges connected to 4 Providence and Cranston Citizen’s
and Sovereign bank branch robberies in February 2013. Source: http://patch.com/rhode-island/cranston/ponytail-bandit-pleads-guilty-bank-robbery-spree-0
5. October
19, Reuters – (National) UBS to pay $17.5 mln in SEC settlement over fund’s
strategy change. U.S. Securities and Exchange Commission officials
announced October 19 that UBS AG agreed to pay $17.5 million to settle
allegations that UBS Willow Management, a joint venture between UBS Fund
Advisor and Bond Street Capital, failed to notify investors of a shift to
investing in credit default swaps in 2008 – 2009, leading to significant losses
that eventually led to the UBS Willow Fund LLC’s liquidation in 2012. Source: http://www.reuters.com/article/2015/10/19/ubs-ag-sec-settlement-idUSL1N12J1PG20151019
Information Technology Sector
19. October
20, Securityweek – (International) Vulnerabilities found in HP ArcSight
products. HP began releasing security updates addressing vulnerabilities in
HP’s ArcSight products, including an authentication bypass flaw in the ArcSight
Logger interface in which a remote authenticated user without permissions could
conduct searches through the Simple Object Access Protocol (SOAP) interface,
improper restriction of excessive authentication attempts which could allow
brute force attacks on the SOAP interface, and an insufficient
compartmentalization vulnerability which could allow a user to escalate
privileges to root. Source: http://www.securityweek.com/vulnerabilities-found-hp-arcsight-products
20. October
20, Softpedia – (International) Malware disguises as Google Chrome browser
clone. Security researchers from PCRisk and Malwarebytes discovered a new
Web browser designed to mimic Google Chrome called eFast, which delivers adware
and malware and hijacks file and Uniform Resource Locator (URL) associations on
infected systems. The application is based on the Chromium open source browser.
Source: http://news.softpedia.com/news/malware-disguises-as-a-google-chrome-browser-clone-494906.shtml
21. October
20, Help Net Security – (International) 250+ iOS apps offered on
Apple’s App Store found slurping user data. Security researchers from
SourceDNA and Purdue University discovered that over 250 Apple App Store
applications are built on a software development kit (SDK) that uses private
application program interfaces (APIs) to gather user and device information,
despite Apple disallowing the practice. Apple has removed an unspecified number
of apps and Youmi, the China-based mobile advertising company that created the
SDK is working with the company to resolve the issue. Source: http://www.net-security.org/secworld.php?id=19001
22. October
20, Help Net Security – (International) A slew of LTE 4G
vulnerabilities endanger Android users and mobile carriers. Researchers
from Carnegie Mellon University’s Computer Emergency Response Team Coordination
Center reported that carriers and users of Long-Term Evolution (LTE 4G) devices
are vulnerable to issues that may result in loss of privacy, data spoofing,
incorrect billing, and denial-of-service (DoS) attacks due to LTE networks’
reliance on packet switching and the Internet Protocol (IP) schema versus
circuit switching used in previous generations. Source: http://www.net-security.org/secworld.php?id=19000
23. October
20, Help Net Security – (International) 1 in 4 organizations have
experienced an APT. ISACA released findings from a study surveying over 660
cybersecurity professionals revealing that about 28 percent of those surveyed
have experienced an attack from an advanced persistent threat (APT), that
mobile device security continues to be an issue, and that most organizations
tend to focus on technical controls instead of education and training when most
APT attacks tend to employ social engineering, among other findings. Source: http://www.net-security.org/secworld.php?id=18998
24. October
20, The Register – (International) Sites cling to a million flawed, fading SHA-1
certificates: Netcraft. Security researchers from Netcraft reported that
over a million organizations are still using Secure Hash Algorithm 1 (SHA-1)
certificates, that 120,000 were issued this year, and that another 250,000
surveyed are scheduled to live past 2017, despite documented weaknesses in the
algorithm’s security. Source: http://www.theregister.co.uk/2015/10/20/sites_cling_to_a_million_flawed_fading_sha1_certificates_netcraft/
25. October
19, SC Magazine – (International) Flaws in LibreSSL could open Web servers to
attack. Security researchers from Qualys discovered memory leak and buffer
overflow vulnerabilities in all versions of LibreSSL which could allow
attackers to create a denial-of-service (DoS) condition or execute arbitrary
code. LibreSSL is a fork of the Open Secure Sockets Layer (SSL) library
intended as a replacement after the Heartbleed vulnerability was discovered in
Open SSL’s code, and the vulnerabilities were reportedly addressed in
subsequent updates. Source: http://www.scmagazineuk.com/flaws-in-libressl-could-open-web-servers-to-attack/article/447976/
Communications Sector
See item 22 above in the Information Technology
Sector