Monday, February 29, 2016



Complete DHS Report for February 29, 2016

Daily Report                                            

Top Stories

• The New Jersey State Department of Environmental Protection and IMTT reported February 25 that crews recovered 95,000 gallons of mixture from the excavation area, and another 62,000 gallons from the combined sewer system in Halecky-IMTT Park in Bayonne. – Jersey Journal

1. February 25, Jersey Journal – (New Jersey) Oil leak in Bayonne park stopped, permanent repairs to follow, DEP says. The New Jersey State Department of Environmental Protection and IMTT reported February 25 that crews recovered 95,000 gallons of mixture from the excavation area, and another 62,000 gallons from the combined sewer system after stopping a leak in Halecky-IMTT Park in Bayonne following a pipeline rupture that was reported February 22. Source:   http://www.nj.com/hudson/index.ssf/2016/02/oil_leak_in_bayonne_park_stopped_permanent_repairs.html#incart_river_index

• An employee at Excel Industries opened fire at the Hesston, Kansas industrial facility February 25 killing 3 people and injuring 14 before authorities shot and killed the gunman.. – ABC News

3. February 26, ABC News – (Kansas) Kansas gunman issued restraining order at scene of deadly shooting before killings, cops say. An employee at Excel Industries opened fire at the Hesston, Kansas industrial facility February 25, killing 3 people and injuring 14 before authorities shot and killed the gunman. Authorities reported the man opened fire at two other locations prior to the factory shooting and are investigating the shooter’s motive. Source: http://abcnews.go.com/US/kansas-shooter-issued-restraining-order-killings-cops/story?id=37214171

• Baltimore City officials announced February 25 that at least 200,000 gallons of wastewater containing some raw sewage flowed into the Chesapeake Bay from cracked pipes and manholes during severe storms February 24. – Baltimore Sun

12. February 25, Baltimore Sun – (Maryland) 200,000 gallons of wastewater flowed into bay during Wednesday’s storms. The Baltimore City Department of Public Works announced February 25 that at least 200,000 gallons of wastewater containing some raw sewage flowed into the Chesapeake Bay from cracked pipes and manholes during severe storms February 24. An additional 50,000 gallons of wastewater that was in the process of treatment at the Patapsco Wastewater Treatment Facility overflowed into the Patapsco River due to a surge of water and power outage. Source: http://www.baltimoresun.com/news/maryland/bs-md-ci-sewer-overflows-20160225-story.html

• Palo Alto Networks released updates for its PAN-OS that fixed several vulnerabilities including a high severity flaw that can allow a remote, unauthenticated attacker to execute arbitrary operating system commands. – SecurityWeek See item 20 below in the Information Technology Sector

Financial Services Sector

5. February 24, U.S. Attorney’s Office, Northern District of Illinois – (Illinois) Chicago real estate developer convicted on Federal fraud charges on swindling banks and the city out of millions of dollars in loans. The former president of Joseph Freed & Associates LLC, (JFA) was found guilty February 24 of Federal fraud charges relating to a $105 million line of credit he received for city and suburban properties, including a former Goldblatt’s Department Store and the Streets of Woodfield Mall after he signed false affidavits to obtain millions of dollars in Tax Increment Financing (TIF) from the city of Chicago in 2009 and 2010, and stole $7 million from his business partner, Kimco Realty Corp. and recorded the money as loans. Source: http://www.justice.gov/usao-ndil/pr/chicago-real-estate-developer-convicted-federal-fraud-charges-swindling-banks-and-city

Information Technology Sector

17. February 26, SecurityWeek – (International) Over 60 vulnerabilities patched in Apple TV. Apple released Apple TV version 7.2.1 which patched security holes in over 20 different components of the TV including Webkit, the kernel, the third-party app sandbox, Office Viewer, and Cloudkit, among other libraries, and patched vulnerabilities that can be exploited for information disclosure, execution of unsigned code, arbitrary code execution, application crashes, and modifications to protected parts of the filesystem.

18. February 25, SecurityWeek – (International) Breach detection time improves, destructive attacks rise: FireEye. FireEye-owned Mandiant released a report titled, M-Trends which stated that current organizations were improving their breach detection rates after an investigation on real-life incidences revealed that the median detection rate improved from 205 days in 2014 to 146 days in 2015. The report also stated that disruptive attacks were a legitimate threat and gave insight into how organizations can prepare for and deal with such attacks. Source: http://www.securityweek.com/breach-detection-time-improves-destructive-attacks-rise-fireeye

19. February 25, SecurityWeek – (International) Cisco patches command injection flaw in ACE appliance. Cisco released patches for its Application Control Engine (ACE) 4710 appliances after the company found that the product’s Device Manager graphical user interface (GUI) had an insufficient user input validation flaw that could be exploited by a remote, authenticated attacker to execute command-line interface commands with administrator privileges by sending specially crafted Hypertext Transfer Protocol (HTTP) POST requests with commands injected into the value of the POST parameter. Attackers could exploit the flaw to bypass role-based access control (RBAC) restrictions. Source: http://www.securityweek.com/cisco-patches-command-injection-flaw-ace-appliance

20. February 25, SecurityWeek – (International) Palo Alto Networks fixes PAN-OS vulnerabilities. Palo Alto Networks released updates for its PAN-OS, the operating system (OS) for its enterprise security platform, which fixed several vulnerabilities including a high severity flaw that can allow a remote, unauthenticated attacker, with access to the device to execute arbitrary OS commands, and a critical buffer overflow flaw in the GlobalProtect portal that can be exploited to cause a denial-of-service (DoS) condition, crash a device, and potentially cause a remote code execution.

Communications Sector

Nothing to report

Friday, February 26, 2016



Complete DHS Report for February 26, 2016

Daily Report                                            

Top Stories

• A severe storm system that moved across southern and eastern States February 23 – February 24 caused 52 tornadoes, left 7 people dead and injured 20 others, knocked out power to more than 100,000 customers, and cancelled schools, among other actions. – CNN

1. February 25, CNN – (National) Seven dead after tornadoes, powerful storms hit the U.S. East Coast, South. A severe storm system that moved across southern and eastern States February 23 – February 24 caused 52 tornadoes, left 7 people dead and injured 20 others, knocked out power to more than 100,000 customers, cancelled schools, prompted several States to declare states of emergency, and forced the cancellation of over 2,800 flights nationwide. Source: http://www.cnn.com/2016/02/25/us/severe-weather-threat-for-southeast/index.html

• Honda Motor Co. Ltd., issued a nationwide recall February 9 for 42,129 of its Honda Civic sedans due to a potentially missing piston wrist pin circlip or an incorrectly installed piston wrist pin circlip which could cause the engine to seize. – Autoblog

4. February 24, Autoblog – (National) Honda recalls 2016 Civic 2.0-liter engine for piston issue. The National Highway Traffic Safety Administration announced February 9 that Honda Motor Co. Ltd., issued a recall for 42,129 of its model year 2016 Honda Civic sedans with the 2.0-liter 4-cylinder engine sold in the U.S. due to a potentially missing piston wrist pin circlip or an incorrectly installed piston wrist pin circlip which could cause the engine to seize, resulting in engine damage and increasing the risk of fire during a crash. Honda Motor Co. Ltd., received one report of an engine fire. Source: http://www.autoblog.com/2016/02/24/2016-honda-civic-sedan-2-liter-recall-official/

• New York officials reported February 24 that three people were charged for their roles in an $8 million fraud scheme by diverting 30 Federal grant money from several Federal agencies and using the money for personal expenses. – Elmira Star-Gazette See item 6 below in the Financial Services Sector

• Officials are investigating a theft incident at York Hospital in York County, Maine after the personal information of hundreds of employees and four campuses were stolen by cyber criminals February 22. – Portland Press Herald  

9. February 25, Portland Press Herald – (Maine) York Hospital reports data breach affecting its employees. A spokesperson for York Hospital in York County, Maine, stated February 24 that the personal information, including Social Security numbers, of hundreds of employees and four campuses in the county was stolen by cyber criminals February 22, and that the theft remains under investigation. The hospital asserted that no patient information was compromised in the breach. Source: http://www.pressherald.com/2016/02/24/york-hospital-reports-data-breach-affecting-its-employees/

Financial Services Sector

6. February 24, Elmira Star-Gazette – (National) Former Horseheads residents face fraud charges. The U.S. Attorney’s Office in Rochester, New York announced February 24 that 2 Virginia residents and a Washington man were charged for their roles in an $8 million fraud scheme where the group allegedly diverted 30 Federal grant money from several Federal agencies including the U.S. Department of Energy, and the U.S. Department of Transportation, among other agencies, into their personal bank accounts in Horseheads and Elmira, New York and used the money for personal expenses. The trio allegedly fabricated letters of support and investment, provided false information on research grant proposals and reports on business entities, facilities, and employees, and provided falsified reports on how Federal funds were expended. Source: http://www.stargazette.com/story/news/local/2016/02/24/former-horseheads-residents-face-fraud-charges/80877220/

Information Technology Sector

16. February 25, SecurityWeek – (International) OpenSSL preparing patches for high severity flaws. The OpenSSL Project reported it will release versions 1.0.2g and 1.0.1s for its OpenSSL product early March 2016 to patch several vulnerabilities including a high severity flaw that could allow attackers to obtain the key needed to decrypt traffic if the targeted application uses the Diffie-Hellman (DH) key exchange. Source: http://www.securityweek.com/openssl-preparing-patches-high-severity-flaws

17. February 25, SecurityWeek – (International) Critical Drupal updates patch several vulnerabilities. Drupal released versions 6.38, 7.43, and 8.0.4 that patches ten vulnerabilities including a bypass issue, denial-of-service (DDoS) vulnerability, and an open redirect vulnerability, among other flaws. Source: http://www.securityweek.com/critical-drupal-updates-patch-several-vulnerabilities

18. February 24, Softpedia – (International) Attackers can hijack wireless mice and keyboards to install malware. Security researchers from Bastille discovered that wireless mouse and keyboard USB dongles, sold by Dell, HP, Lenovo, and Microsoft, among other companies, were susceptible to a remote attack called, Mousejack after finding that the USB dongles did not have unique pairings between a computer and its device, allowing attackers to use similar devices with the victim’s dongle and take control of a victim’s computer and carry out malicious actions. Source: http://news.softpedia.com/news/attackers-can-hijack-wireless-mice-and-keyboards-to-install-malware-500925.shtml

19. February 24, SecurityWeek – (International) Sony hackers linked to many espionage, destruction campaigns. Novetta, Kaspersky Lab, AlientVault, and Symantec security firms released a report February 24 detailing that the activities of the threat group dubbed, the Lazarus Group was allegedly linked to numerous attacks including a 2014 attack on Sony Pictures Entertainment, the Dark Seoul and Operation Tory campaigns, and attacks on government, media, military, aerospace, manufacturing, and financial organizations located in South Korea and the U.S. Researchers found that the attacks and the Lazarus Group shared similar code between malicious tools and similarities in the attackers’ modus operandi. Source: http://www.securityweek.com/sony-hackers-linked-many-espionage-destruction-campaigns

Communications Sector

Nothing to report