Complete DHS Report for April 15, 2016
Daily Report
Top Stories
• Four cars on a BNSF Railway train derailed April 13 in Lafayette
Parish, Louisiana, prompting the evacuation of 100 – 110 households after a
tanker that contained phosphoric acid was knocked off the tracks. – Baton
Rouge Advocate
4. April 13,
Baton Rouge Advocate – (Louisiana) More than 100 homes evacuated following train
derailment in Scott; evacuation order lifted at 8:15 p.m. Four cars on a
BNSF Railway train derailed April 13 near Pecan Grove and Walker roads in
Lafayette Parish, Louisiana, prompting the evacuation of 100 – 110 households,
the G&R Mobile Park, and Little Blessings & Preschool II after a tanker
that contained phosphoric acid was knocked off the tracks. No injuries were
reported and the tanker did not rupture. Source: http://theadvocate.com/news/15477762-32/train-derailment-in-scott-forces-evacuation-as-hazmat-crews-work-scene
• Bomb threats made via robocalls prompted a search of at least 21
schools in Bergen and Passaic counties April 13. – Bergen County Record
9. April 13,
Bergen County Record – (New Jersey) At least 21 north Jersey schools receive bomb
threats. Bomb threats made via robocalls prompted a search of at least 21
schools in Bergen and Passaic counties April 13. Police spent several hours
searching the campuses for suspicious items before they were deemed safe. Source:
http://www.northjersey.com/news/at-least-21-north-jersey-schools-receive-bomb-threats-1.1543624
• Google released patches addressing several vulnerabilities in
its account recovery process after a researcher named “Ramzes” found that
attackers could change a user’s password and hijack a user’s account by
executing arbitrary code in the context of a help article. – SecurityWeek See item 13 below in
the Information Technology Sector
• White House officials announced April 13 that a new non-partisan
commission will help gather input from subject matter experts (SMEs) for the
Federal government and the private sector to strengthen cybersecurity
awareness, protect privacy, and ensure public safety and economic and national
security. – SecurityWeek See item 14 below in
the Information Technology Sector
Financial Services Sector
1. April 14,
KMOV 4 St. Louis – (Missouri) Same man may be behind several skimming devices at
local ATMs. Police authorities were searching April 13 for a man suspected
of installing multiple skimming devices on ATMs in Glendale, Maryland Heights,
Webster Groves, and St. Louis City in Missouri after security camera footage showed
the suspect installing and removing a device at a Royal Banks of Missouri in
Glendale. Authorities stated the suspect stole credit card information from 6
customer cards and made over $4,000 in fraudulent purchases using the cards.
Source: http://www.kmov.com/story/31718770/same-man-may-be-behind-several-skimming-devices-at-local-atms
2. April 13,
Reuters – (National) Fund manager falsely promised tech investments,
bought Maserati: U.S. The U.S. District Court for the Southern District of
New York charged 2 executives from Florida-based Elm Tree Investment Advisors
LLC April 13 for bilking investors out of $17 million from June 2013 – December
2014 as part of a fraudulent technology investment scheme by falsely assuring
investors that the pair had close ties to elite venture capital firms and
claiming that they would invest the funds in companies like GoDaddy Inc.,
Twitter Inc., and Uber Technologies Inc., at opportune times. Officials stated
that the executives used the investor’s funds for personal expenses, repaid
previous investors in a Ponzi-like scheme, and lost nearly $4 million through
trading. Source: http://www.reuters.com/article/us-usa-crime-elmtree-idUSKCN0XA2FE
Information Technology Sector
13. April 14,
SecurityWeek – (International) Google patches serious account recovery vulnerability. Google released patches
addressing several vulnerabilities in its account recovery process after a
researcher named “Ramzes” found that attackers could change a user’s password
and hijack a user’s account by executing arbitrary code in the context of a help
article by specifying a page, which attackers controlled, in an sanitized
Universal Resource Language (URL) parameter that could have been exploited when
a user activated the account recovery process on google.com.Source: http://www.securityweek.com/google-patches-serious-account-recovery-vulnerabilities
14. April 14,
SecurityWeek – (International) White House announces commission on enhancing
national cybersecurity. White House officials announced April 13 that a new
non-partisan commission, the Commission on Enhancing National Cybersecurity
will help gather input from subject matter experts (SMEs) for the Federal
government and the private sector to strengthen cybersecurity awareness, to
protect privacy, and to ensure public safety and economic and national
security, as well as encourage the public to better control their digital
security by recommending actionable steps each party can implement. The
commission is expected to report its findings to the White House by December
2016. Source: http://www.securityweek.com/white-house-announces-commission-enhancing-national-cybersecurity
15. April 13,
SecurityWeek – (International) SAP patches XSS, DoS vulnerabilities. SAP
released patches for several of its various products including five cross-site
scripting (XSS) issues, four denial of service (DoS) vulnerabilities, three
missing authorization check flaws, and one remote code execution (RCE)
vulnerability, among other patched flaws. Customers were advised to apply new
updates to their systems to patch the vulnerabilities and prevent business
risks in their SAP systems.
Communications Sector
Nothing to report
No comments:
Post a Comment