Wednesday, March 9, 2016



Complete DHS Report for March 9, 2016

Daily Report                                            

Top Stories

• Oklahoma officials announced March 7 that about 18,000 barrels of wastewater injection fluid were unaccounted for following a spill at a Special Energy Corporation site in Grant County. – Enid News & Eagle (See item 1)

1.     March 7, Enid News & Eagle – (Oklahoma) Wastewater spills thousands of barrels in Grant County. The Oklahoma Corporation Commission announced March 7 that about 18,000 barrels of wastewater injection fluid remained unaccounted for following a spill at a Special Energy Corporation site in Grant County the week of February 29 due to a malfunctioning underground valve. Officials reported that an unknown amount of the wastewater leaked into Polecat Creek and that the incident remains under investigation. Source: http://www.enidnews.com/news/wastewater-spills-thousands-of-barrels-in-grant-county/article_0c702e34-e4aa-11e5-9479-4f4a3ba1caba.html

• State Route 28 near Quincy, Washington was shut down for nearly 12 hours March 6 due to an overturned semi-truck that leaked approximately 2,000 gallons of gasoline. – Grant County iFiber One News

10. March 7, Grant County iFiber One News – (Washington) Tanker rolls on state Route 28 Sunday, spills fuel. State Route 28 near Quincy, Washington was shut down for nearly 12 hours March 6 while crews worked to clear the wreckage from an overturned semi-truck that leaked approximately 2,000 gallons of gasoline. Source: http://www.ifiberone.com/news/tanker-rolls-on-state-route-sunday-spills-fuel/article_44042c66-e49a-11e5-b652-77b1a6978022.html

• Federal authorities issued a public health alert March 7 informing the public of a Maxi Canada, Inc., recall for about 103,752 pounds of its Yummy brand Chicken Breast Nuggets due to contamination with metal pieces. – U.S. Department of Agriculture

12. March 8, U.S. Department of Agriculture – (International) FSIS issues public health alert for imported chicken product foreign matter contamination. The Food Safety and Inspection Service (FSIS) issued a public health alert March 7 to notify the public of a Maxi Canada, Inc., recall for approximately 103,752 pounds of its Yummy brand Chicken Breast Nuggets products sold in the U.S. due to contamination with metal pieces after the Quebec, Canada-based company received a consumer complaint of a foreign object in the product. The products were imported into the U.S. from July 2015 – March 2016. Source: http://www.fsis.usda.gov/wps/portal/fsis/newsroom/news-releases-statements-transcripts/news-release-archives-by-year/archive/2016/pha-030716

• Vulnerability Lab reported that Apple’s iOS versions 9.0, 9.1, and 9.2.1 contained several connected passcode bypass vulnerabilities affecting various iPhone and iPad products that allowed an attacker to access a device and compromise sensitive user data, emails, and phone settings. – SecurityWeek See item 20 below in the Information Technology Sector

Financial Services Sector

4. March 7, U.S. Securities and Exchange Commission – (Rhode Island) SEC charges Rhode Island agency and Wells Fargo with fraud in 38 Studios bond offering. The U.S. Securities and Exchange Commission charged Rhode Island Economic Development Corporation (RIEDC), two former executives, Wells Fargo Securities, and a former lead banker March 7 for defrauding investors in a $75 million municipal bond offering to finance 38 Studios, a startup video game company, after RIEDC allegedly loaned the startup only $50 million in bond proceeds and used the remaining proceeds to pay related bond offering expenses and establish other funds. RIEDC and Wells Fargo reportedly failed to disclose to investors that 38 Studios faced a funding shortage and could not produce the video game, causing the company to default on the loan, and failed to disclose that Wells Fargo had a side deal with 38 Studios which enabled the firm to receive additional compensation. Source: https://www.sec.gov/news/pressrelease/2016-37.html

Information Technology Sector

17. March 8, Help Net Security – (International) Google plugs 19 holes in newest Android security update. Google released 19 security issues for its Android Open Source Project (AOSP) after its company’s security researchers found two remote code execution (RCE) vulnerabilities in Mediaserver that can be leveraged via a specially crafted file, as well as discovering a critical vulnerability in the Qualcomm performance component that can be leveraged to allow elevation of privileges flaw, enabling a local malicious application to execute arbitrary code in the kernel, among other vulnerabilities. Source: https://www.helpnetsecurity.com/2016/03/08/android-security-update/

18. March 8, SecurityWeek – (International) Facebook password reset flaw earns researchers $15,000. An independent researcher from India discovered a brute-force vulnerability in Facebook’s beta.facebook.com domain that could allow an attacker to change user account passwords by easily finding the six-digit code sent to customers requesting a password reset via email or text message. Facebook patched the vulnerability February 23. Source: http://www.securityweek.com/facebook-password-reset-flaw-earns-researcher-15000

19. March 7, Softpedia – (International) Intel fixes McAfee bug that allowed attackers to disable antivirus protection. Intel Security released version SB10151 for its McAfee Enterprise antivirus program after a security researcher from Mediaservice found attackers could bypass the administration password and unlock the safe registry keys in the McAfee VirusScan Enterprise engine due to the feature’s improper implementation. Source: http://news.softpedia.com/news/intel-fixes-mcafee-bug-that-allowed-attackers-to-disable-antivirus-protection-501441.shtml

20. March 7, SecurityWeek – (International) Multiple passcode bypass vulnerabilities discovered in iOS 9. Researchers from Vulnerability Lab reported that Apple’s iOS versions 9.0, 9.1, and 9.2.1 contain several connected passcode bypass vulnerabilities and affects iPhone 5, 5s, 6, and 6s, as well as iPad mini, iPad 1 and iPad 2 products. The vulnerability can allow an attacker to access a device and compromise sensitive user data, including address books, photos, short message service (SMS), multimedia messaging service (MMS), emails, and phone settings, among other data. Source: http://www.securityweek.com/multiple-passcode-bypass-vulnerabilities-discovered-ios-9

For another story, see item 4 above in the Financial Services Sector

Communications Sector

Nothing to report