Complete DHS Report for
October 22, 2015
Daily Report
Top Stories
•
Crews plugged an Oasis Petroleum North America LLC-owned well in North Dakota
October 20 and recovered about 483,000 gallons of spilled crude oil and
saltwater from the well site. – Associated Press
1. October
21, Associated Press – (North Dakota) Workers cap out-of-control North Dakota oil
well. Crews plugged an Oasis Petroleum North America LLC-owned well near
White Earth in North Dakota October 20 and recovered about 483,000 gallons of
crude oil and saltwater from the well site that began leaking the weekend of
October 17. The cause of the spill is under investigation but regulators
believe that the breach may have been caused by hydraulic fracturing operations
at a nearby well that was being drilled. Source: http://www.wahpetondailynews.com/workers-cap-out-of-control-north-dakota-oil-well/article_88ab25f2-7769-11e5-856e-cfe75a28bc44.html
•
Five former employees were charged in Tennessee October 20 for their alleged
involvement in a scheme that defrauded FedEx of more than $1.7 million. – U.S.
Attorney’s Office, Western District of Tennessee
7. October
20, U.S. Attorney’s Office, Western District of Tennessee –
(National) Former FedEx hub employees indicted in million-dollar shipping
theft scheme. Five former FedEx employees were charged in Memphis October
20 for their alleged involvement in a scheme that defrauded FedEx of more than
$1.7 million from 2013 – 2014 through interstate shipping of stolen wireless
mobile devices from Verizon and AT&T. Source: https://www.fbi.gov/memphis/press-releases/2015/former-fedex-hub-employees-indicted-in-million-dollar-shipping-theft-scheme
•
Fire officials reported October 18 that the Sun-Re Cheese Co., in Pennsylvania
halted production indefinitely after an accidental fire caused at least $3
million in damages. – Sunbury Daily Times
12. October
20, Sunbury Daily Item – (Pennsylvania) Factory fire damage
estimated at $3 million. Fire officials reported October 18 that the Sun-Re
Cheese Co., halted production indefinitely at its Sunbury facility after a
36-inch exhaust fan prompted an accidental fire, causing at least $3 million in
damages. No injuries were reported. Source: http://www.dailyitem.com/news/factory-fire-damage-estimated-at-million/article_ddaeb2a0-7762-11e5-829e-d308e129bb06.html
•
An October 20 liquid bleach spill at a YMCA in Santee, California, caused 81
students and adults to be transported to area hospitals for treatment following
complaints of a chemical smell and burning sensation in their eyes. – San
Diego Union-Tribune
18. October
20, San Diego Union-Tribune – (California) Liquid bleach
spill near Santee school. An October 20 liquid bleach spill at the Cameron
Family YMCA in Santee, California, caused 81 students and adults to be
transported to area hospitals for treatment following complaints of a chemical
smell and burning sensation in their eyes. A HAZMAT crew investigated and cleared
the scene once they determined that there was no public health risk. Source: http://www.sandiegouniontribune.com/news/2015/oct/20/possible-chemical-spill-at-santee-school/
Financial Services Sector
Nothing
to report
Information Technology Sector
21. October
21, Securityweek – (International) Flaws in Apple productivity apps expose users
to attacks. Apple recently released updates addressing input validation
vulnerabilities related to how malicious documents are parsed in Keynote,
Pages, Numbers, and iWork for iOS 2.6 which could have allowed an Extensible
Markup Language (XML) External Entity (XXE) attack potentially leading to
disclosure of data, denial-of-service (DoS), or other impacts, as well as
memory corruption issues that could lead to unexpected termination of
applications or arbitrary code execution.Source: http://www.securityweek.com/flaws-apple-productivity-apps-expose-users-attacks
22. October
21, Threatpost – (International) Oracle quarterly security update patches 154
vulnerabilities. Oracle released a quarterly patch addressing 154 security
issues in 54 products, including 24 vulnerabilities in Java SE, 16 remotely
exploitable bugs in Fusion Middleware, and 7 in Oracle Database, among others.
Eighty-four of the patches address vulnerabilities that may be remotely
exploitable without authentication. Source: https://threatpost.com/oracle-quarterly-security-update-patches-154-vulnerabilities/115120/
23. October
21, The Register – (International) ‘10-second’ hack jogs Fitbits into
malware-spreading mode. Security researchers from Fortinet discovered a
vulnerability in Fitbit devices in which attackers within a close proximity
could use Bluetooth to deliver fully persistent malware within 10 seconds,
which could then infect a computer once the device is synchronized. Source: http://www.theregister.co.uk/2015/10/21/fitbit_hack/
24. October
21, Softpedia – (International) Western Digital My Passport hard drives come
with a slew of security holes. Security researchers published findings on
the International Association for Cryptologic Research Web site revealing that
attackers could use brute force attacks to bypass built-in encryption and
password-based authentication in Western Digital My Passport hard drives, and
that attackers could use all Western Digital devices’ firmware update
mechanisms to install malicious code via “evil maid” and “badUSB” attacks. Source:
http://news.softpedia.com/news/western-digital-my-passport-hard-drives-come-with-a-slew-of-security-holes-494990.shtml
25. October
21, Softpedia – (International) Firefox FindMyDevice service lets hackers
wipe or lock phones, change PINs. Researchers discovered a flaw in
Mozilla’s “Find My Device” service for devices running the Firefox operating
system (OS) in which a hacker could remotely lock device screens, make devices
ring, and wipe all device data via clickjacking-enabled cross-site request
forgery (CSRF) attacks. The attack requires the user to be logged in to the
service with their Firefox account. Source: http://news.softpedia.com/news/firefox-findmydevice-service-lets-hackers-wipe-or-lock-phones-change-pins-495003.shtml
Communications Sector
26. October
20, U.S. Federal Communications Commission – (Alaska) FCC fines
Alaskan company over $600,000 for cell tower. General Communications Inc.,
the parent company of The Alaska Wireless Network, agreed to pay $620,500 in a
settlement reached with the U.S. Federal Communications Commission (FCC)
October 20 resolving allegations that the company failed to register 118
cellular communication facilities through the FCC’s Antenna Structure
Registration system and failed to properly light 3 facilities to comply with
flight safety rules. Source: https://www.fcc.gov/document/fcc-fines-gci-over-600000-cell-tower-violations-0?contrast
For additional stories, see items 21 and 25 above in the Information
Technology Sector