Thursday, November 19, 2015

Complete DHS Report for November 19, 2015

Daily Report                                            

Top Stories

 • A severe storm November 17 in the Northwest left 3 people dead, caused power outages for more than 366,000 people, and closed several highways, among other disasters. – Associated Press

1. November 18, Associated Press – (National) 3 killed, thousands without power in Northwest windstorm. A severe storm November 17 that moved across Oregon, Idaho, Washington, and Colorado in the Northwest left at least 3 people dead, knocked out power for more than 366,000 customers, closed several interstates and highways, prompted the cancellation of ferry trips, flooded area rivers, and closed school campuses. Source:

 • A 5-alarm fire November 17 at the Lubrizol Corporation site in Pennsylvania prompted an evacuation of more than 70 area homes, injured 8 people, and left HAZMAT crews onsite for several hours containing the incident. – WPXI 11 Pittsburgh

2. November 18, WPXI 11 Pittsburgh – (Pennsylvania) 5-alarm blaze destroys industrial building, prompts evacuation in Leetsdale. The Lubrizol Corporation owned- Oilfield Chemistry site sustained extensive damage November 17 following a 5-alarm fire at its Leetsdale facility that injured 8 people, prompted an evacuation of more than 70 surrounding homes, and left HAZMAT crews and multiple fire departments onsite for several hours containing the incident after two chemicals were released in the air. An investigation is ongoing to determine the cause of the fire. Source:

 • Company executives from the Dallas-based USPlabs were charged with 11 counts of wire fraud, mail fraud, and conspiracy November 17 for unlawful sale of dietary supplements. – USA Today

9. November 18, USA Today – (National) USPlabs charged in money laundering, wire fraud case. Company executives from the Dallas-based USPlabs, a dietary supplement company, were charged with 11 counts of wire fraud, mail fraud, and conspiracy November 17 for allegations that the company modified product packaging, labeling, and certificates of analysis to mislead customers about the efficacy of the products, many of which were made using undeclared, synthetic ingredients from China. Source:

 • Washington College in Maryland was evacuated November 17 and classes were cancelled November 18, while police searched for a student reportedly armed with a rifle. – Baltimore Sun

15. November 17, Baltimore Sun – (Maryland) Washington College shut down as police look for student facing gun charges. Students from Washington College in Maryland were evacuated November 17 and classes were cancelled November 18, a third consecutive day in a row while police search for a student reportedly armed with a rifle, who is facing criminal charges for allegedly showing a pistol to a classmate at the Eastern Shore school. The student’s parents alerted authorities after he left home with a rifle November 16. Source:

Financial Services Sector

3. November 17, Fort Myers News-Press – (Florida) Fort Myers man faces 120 years in prison for bank fraud. A Fort Myers man pleaded guilty November 17 to four counts of bank fraud after orchestrating a nearly $1.6 million check-kiting scheme in 2011 by profiting from fraudulent checks and auto loans procured through Coral Auto Sales, his used car business. An FBI investigation also revealed that the suspect tried to destroy 20 banker’s boxes of incriminating evidence from his home. Source:

4. November 17, Associated Press – (National) Woman admits to role in nationwide credit card theft scheme. A California woman pleaded guilty in Federal court November 17 for her role in a nationwide credit card fraud scheme to steal 94,000 credit and debit cards by replacing point-of-sale systems with counterfeit devices equipped with wireless technology at 80 Michaels stores in 19 states with the intention to steal bank accounts and collect consumers’ personal identification number (PIN). Source:

5. November 17, Minneapolis Star Tribune– (Minnesota) Minnesota couple plead guilty to huge tax scam. A Minnesota couple pleaded guilty November 16 to a $1.8 million tax fraud scheme in which the pair used their tax filing and immigration service, American Group, to file fraudulent tax returns on behalf of 1,000 people in Minnesota and Florida. Source:

For another story, see item 9 above in Top Stories

Information Technology Sector

17. November 18, The Register – (International) Blackhole’s back: Hated exploit kit returns from the dead. Researchers from Malwarebytes discovered that the previously extinct Blackhole Exploit Kit has resurfaced after finding an active drive-by download campaign via compromised Web sites with the same Adobe Java platform and PDF exploits as the Blackhole Exploit Kit, which can still compromise vulnerable computers despite its old exploits. Source:

18. November 18, Securityweek – (International) Security flaws in LastPass exposed user passwords. LastPass security team released patches addressing a series of bugs and design flaws, discovered by two researchers from Salesforce, that could have been used to exploit user passwords through an attack against LastPass via various vectors including a special disable one-time password (dOTP) that can be used for authentication to access the encrypted vault key and decrypt it, and bypass IP restrictions and two-factor authentication (2FA), as well as using custom_js to inject and execute JavaScript code on login pages of Web sites. Source:

19. November 17, Securityweek – (International) Adobe issues security fixes for ColdFusion, LiveCycleDS, Premiere Clip. Adobe released a series of updates addressing security vulnerabilities in several of its products including ColdFusion, which resolved two input validation issues that may be used in reflected cross-site scripting (XSS) attacks; LiveCycleDS, which resolved a server-side request forgery vulnerability; and Premiere Clip products, which patched an input validation issue in a mobile application that allows Apple iOS users to create or edit videos on mobile devices. Source:

Communications Sector

Nothing to report