Wednesday, November 30, 2016



Complete DHS Report for November 30, 2016

Daily Report                                            

Top Stories

• More than 100 people in Corcoran, California, were evacuated for about 5 hours November 28 after an ammonia truck overturned and released over 2,700 gallons of ammonia. – Fresno Bee

3. November 28, Fresno Bee – (California) 110 evacuated in Corcoran when ammonia truck overturns. More than 100 people in Corcoran, California, were evacuated for about 5 hours November 28 after an ammonia truck overturned in the area of Whitley and Otis avenues and released over 2,700 gallons of ammonia, forcing the evacuation of a nearby Amtrak station and closing the roadway for several hours. HAZMAT crews responded to the incident and six people were hospitalized for minor irritation or difficulty breathing caused by the chemical fumes. Source: http://www.fresnobee.com/news/local/article117540603.html

• Salem, Oregon city officials released over 22 million gallons of diluted raw sewage into the Willamette River November 24 – November 25 after heavy rain inundated the city’s sewer system. – Salem Statesman Journal

12. November 28, Salem Statesman Journal – (Oregon) Salem dumps 22 million gallons of raw sewage in the Willamette. Salem, Oregon city officials released over 22 million gallons of diluted raw sewage into the Willamette River November 24 – November 25 after heavy rain inundated the city’s sewer system. Officials posted signs at the river warning the public to avoid the water until November 28 when follow-up sampling revealed normal bacteria levels in the water. Source: http://www.statesmanjournal.com/story/tech/science/environment/2016/11/28/salem-sends-22-million-gallons-raw-sewage-into-willamette/94548612/

• A Waterbury, Connecticut man pleaded guilty November 28 for his role in a $3.2 million fraudulent U.S. Department of Agriculture Supplemental Nutrition Assistance Program scheme. – U.S. Attorney’s Office, District of Connecticut

20. November 28, U.S. Attorney’s Office, District of Connecticut – (Connecticut) Waterbury grocery store worker pleads guilty to illegal use of food stamp benefits. A Waterbury, Connecticut man pleaded guilty November 28 for his role in a $3.2 million fraudulent U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) scheme operated through the Waterbury-based business where he worked, WB Trade Fair Grocery, from November 2014 – June 2016. The man and co-conspirators illicitly allowed SNAP recipients to redeem their food stamp benefits for cash and other ineligible items.

• Eleven Ohio State University students were transported to the hospital November 28 after a student crashed his vehicle into pedestrians on the Columbus campus and began stabbing bystanders before being fatally shot by a university police officer. – USA Today; Cincinnati Enquirer

21. November 28, USA Today; Cincinnati Enquirer – (Ohio) Eleven hurt, suspect killed in ‘terrifying’ Ohio State attack. Eleven Ohio State University students were transported to the hospital November 28 after a student crashed his vehicle into pedestrians on the Columbus campus and began stabbing bystanders before being fatally shot by a university police officer. Classes were canceled for the remainder of the day and the attack remains under investigation. Source: http://www.usatoday.com/story/news/nation/2016/11/28/ohio-state-reports-active-shooter-columbus-campus/94540050/

Financial Services Sector

Nothing to report

Information Technology Sector

26. November 29, Help Net Security – (International) McAfee Labs predicts 14 security developments for 2017. Intel Security released its McAfee Labs 2017 Threats Predictions Report, which identifies 14 security threat trends for 2017 including a predicted increase of undetectable Internet of Things (IoT) attacks on smart homes, an increase in targeted attacks against hardware and firmware, and an increase in the sophisticated and proliferation of social engineering attacks due to machine learning, among other trends.

Communications Sector

Nothing to report

Tuesday, November 29, 2016



Complete DHS Report for November 29, 2016

Daily Report                                            

Top Stories

• More than 9,000 gallons of fuel spilled from an overturned tanker truck in Cape Coral, Florida, November 27 and caught fire, prompting officials to evacuate all residents within a half-mile radius of the spill for several hours. – WBBH 20 Fort Myers

1. November 28, WBBH 20 Fort Myers – (Florida) Leaking fuel tanker catches fire in Cape, causes evacuations. More than 9,000 gallons of fuel spilled from an overturned tanker truck on Del Prado Boulevard in Cape Coral, Florida, November 27 and caught fire, prompting officials to evacuate all residents within a half-mile radius of the spill for several hours. A portion of the road was shut down for several hours while officials worked to clean up the gasoline and contain the fire. Source: http://www.nbc-2.com/story/33800101/evacuations-begin-as-leaking-fuel-tanker-catches-fire-in-cape

• Officials reported November 26 that roughly 3,200 gallons of sewage overflowed from a manhole on Kuhio Highway in Hanamaulu, Hawaii, into Hanamaulu Stream. – Lihue Garden Island

12. November 27, Lihue Garden Island – (Hawaii) Lanes closed after crash, sewage spill. Officials from the Kauai County Public Works Department, Wastewater Division reported November 26 that roughly 3,200 gallons of sewage overflowed from a manhole on Kuhio Highway in Hanamaulu, Hawaii, into Hanamaulu Stream due to a partially-blocked sewer line that crosses the stream along the highway. Officials advised the public to avoid the water until further notice. Source: http://thegardenisland.com/news/local/lanes-closed-after-crash-sewage-spill/article_930bb5c7-c192-5f36-b511-bde4418906f7.html

• Officials from the Berkshire Medical Center in Massachusetts reported November 23 that the personal information of 1,745 cardiology patients may have been exposed after the records were discovered on thumb drives recovered from a former employee of Ambucor Health Solutions. – Berkshire Eagle

13. November 24, Berkshire Eagle – (Massachusetts) Hundreds of BMC patients’ info found on vendor’s thumb drives. Officials from the Berkshire Medical Center in Pittsfield, Massachusetts, reported November 23 that the personal information of 1,745 cardiology patients may have been exposed after the records were discovered on thumb drives recovered from a former employee of Ambucor Health Solutions, an outside service vendor. The thumb drive did not include patients’ Social Security numbers, Medicare, insurance, or financial information, and officials stated there is no evidence the information was misused. Source: http://www.berkshireeagle.com/stories/hundreds-of-bmc-patients-info-found-on-vendors-thumb-drives,490304

• Fire crews from 25 States reached more than 50 percent containment November 26 of almost all of the major wildfires burning in western North Carolina. – WSOC 9 Charlotte

14. November 28, WSOC 9 Charlotte – (North Carolina) Rain to bring some relief to NC wildfires. Fire crews from 25 States reached more than 50 percent containment November 26 of almost all of the major wildfires burning in western North Carolina, including 77 percent containment of the 9,036-acre Boteler Fire and 90 percent containment of the 7,145-acre Party Rock Fire. Burn bans remain in effect for 47 counties across North Carolina. Source: http://www.wsoctv.com/news/north-carolina/firefighters-make-progress-on-north-carolina-wildfires_/470603987

Financial Services Sector

See item 23 below from the Commercial Facilities Sector

23. November 24, Softpedia – (New York) Hackers hijack Madison Square Garden payment systems, credit card data at risk. The Madison Square Garden Company reported November 24 that it detected an attack on its payment system that may have exposed the credit card information of all of its customers between November 9, 2015 and October 24, 2016, including card numbers, verification codes, cardholder names, and expiration dates. The firm stated the attack took place outside of its network and did not leverage accessories attached to the Point-of-Sale (PoS) systems, and the hack remains under investigation. Source: http://news.softpedia.com/news/hackers-hijack-madison-square-garden-payment-systems-credit-card-data-at-risk-510472.shtml

Information Technology Sector

16. November 28, SecurityWeek – (International) cURL security audit reveals several vulnerabilities. The developer of cURL released version 7.51.0 to resolve a total of 11 vulnerabilities following a security audit by Cure53, which revealed the open source tool was plagued with 23 issues and 9 security flaws including 4 high severity issues that could lead to remote code execution. Source: http://www.securityweek.com/curl-security-audit-reveals-several-vulnerabilities

17. November 25, SecurityWeek – (International) Cerber 5.0 ransomware uses new IP ranges. Check Point security researchers discovered that version 5.0 of the Cerber ransomware was released and now uses new Internet Protocol (IP) ranges for the command and control (C&C) communication, skips 640 bytes when encrypting a file, targets files that feature the secret extension, and no longer encrypts files smaller than 2,560 bytes, among other new features. Check Point also found that the ransomware leverages spam email campaigns and the Rig-V exploit kit for distribution, and as with previous versions, Cerber 5.0 randomly generates encrypted file extensions using four alphabetic numbers. Source: http://www.securityweek.com/cerber-50-ransomware-uses-new-ip-ranges

18. November 25, SecurityWeek – (International) Flaws in Uber’s UberCENTRAL tool exposed user data. A security researcher discovered several issues in Uber Technologies Inc.’s UberCENTRAL service including a flaw that allows attackers to enumerate users’ universally unique identifiers (UUIDs) by sending requests with possible email addresses, and an issue that can be exploited to obtain full names, phone numbers, and email addresses of customers, among other flaws. Uber released patches for the flaws.

Communications Sector

19. November 25, Roseburg News-Review – (Oregon) Telephone and internet outage affecting thousands on coast, possible 911 outages. Approximately 15,000 Charter Communications customers from Florence to Coos Bay, Oregon, were without telephone and Internet service for roughly 9 hours November 25. Officials reported during the outage, customers may not have been able to dial 9-1-1 from a landline, but emergency services were reachable via cell phone. Source: http://www.nrtoday.com/news/local/north_county/reedsport/telephone-and-internet-outage-affecting-thousands-on-coast-possible-outages/article_ab5b8a6a-66d6-5510-9d60-f927ac38a821.html