Monday, March 14, 2016



Complete DHS Report for March 14, 2016

Daily Report                                            

Top Stories

•Iowa regulators approved the permit for the Bakken pipeline that will stretch 346 miles from North Dakota to Illinois, giving the Dakota Access LLC authority to use eminent domain for land. – Associated Press

1. March 10, Associated Press – (National) Iowa regulators approve Bakken pipeline permit. The Iowa Utilities Board and the Iowa Department of Natural Resources approved March 10 a pipeline permit for the Dakota Access pipeline, called Bakken pipeline that will stretch 346 miles from the Bakken oil fields in North Dakota to Illinois, crossing through 18 Iowa counties. The approval also gives the Dakota Access LLC authority to use eminent domain for land, and the pipeline still requires final approval from the U.S. Army Corps of Engineers. Source: http://abcnews.go.com/US/wireStory/iowa-regulators-approve-bakken-pipeline-permit-37554182

•The U.S. Securities and Exchange commission charged Aequitas Management LLC March10 for defrauding over 1,500 investors nationwide after the firm did not disclose its insolvency to investors. – U.S. Security and Exchange Commission See item 3 below in the Financial Services Sector

•Nestle USA Inc., issued a recall March 10 for its Digiorno Pizzeria! Tuscan-Style Chicken Pizza products and its Stouffer’s Chicken Lasagna products due to contamination with glass pieces after receiving multiple complaints of extraneous material were found in the products. – U.S. Department of Agriculture

7. March 11, U.S. Department of Agriculture – (National) Nestle USA Inc. recalls chicken pizza and chicken lasagna products due to possible foreign matter contamination. Nestle USA Inc., issued a recall March 10 for approximately 267,024 pounds of its Digiorno Pizzeria! Tuscan-Style Chicken Pizza products sold in 19.03-ounce packages and its Stouffer’s Chicken Lasagna products sold in 96-ounce boxes due to contamination with glass pieces after the firm received multiple consumer complaints of extraneous material found in the products. No adverse reactions have been reported and the products were distributed to retail locations nationwide. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-024-2016-release

•Adobe released an emergency out-of-band update fixing a zero-day vulnerability after a Kaspersky researcher found the flaw could allow an attacker to take control of vulnerable systems in limited, targeted occurrences. – SecurityWeek See item 23 below in the Information Technology Sector

Financial Services Sector

3. March 10, U.S. Securities and Exchange Commission – (National) SEC charges Oregon-based investment group and executives with defrauding investors. The U.S. Securities and Exchange commission charged Aequitas Management LLC, 3 executives, and 4 affiliates March 10 for defrauding over 1,500 investors nationwide after the firm did not disclose its insolvency to investors and continued to raise more than $350 million from January 2014 – January 2016 by issuing promissory notes with high rates of return. The firm used investor funds to repay earlier investors, for personal expenses, to pay business expenses, and for student loan receivables of for-profit education provider Corinthian Colleges. Source: https://www.sec.gov/news/pressrelease/2016-49.html

Information Technology Sector

18. March 11, SecurityWeek – (International) Three high severity DoS flaws patched in BIND. The Internet Systems Consortium (ISC) released updates for several of its DNS software BIND product fixing three high severity denial-of-service (DoS) vulnerabilities that could allow remote attackers to crash the BIND name server (named) process by sending a specially crafted query. Source: http://www.securityweek.com/three-high-severity-dos-flaws-patched-bind

19. March 11, SecurityWeek – (International)”Libotr” library flaw exposes popular IM apps. A security researcher from X41 D-Sec firm discovered a serious vulnerability in the “libotr” library that could allow a remote attacker to execute arbitrary code by sending large messages that trigger a heap buffer overflow in libotr, as well as execute denial-of-service (DDoS) attacks. X41 D-Sec firm released a proof-of-concept intended to crash the Off-The-Record (OTR) plugin in Pidgin on x86_64 Linux systems. Source: http://www.securityweek.com/libotr-library-flaw-exposes-popular-im-apps

20. March 10, SecurityWeek – (International) Firefox 45 patches 22 critical vulnerabilities. Mozilla released Firefox 45 which patched 40 vulnerabilities in the Web browser components, including a heap-based buffer overflow flaw, and 14 flaws in its Graphite 2 library that could allow an attacker to execute arbitrary code execution and denial-of-service (DoS) attacks, among other patched vulnerabilities. Source: http://www.securityweek.com/firefox-45-patches-22-critical-vulnerabilities

21. March 10, SecurityWeek – (International) SAP patches 28 vulnerabilities across multiple products. SAP released several security updates for its various products patching 28 vulnerabilities including 6 cross-site scripting (XSS) and information disclosure flaws, 5 authentication by-pass flaws, 3 XML external entity flaws, and 2 implementation flaws, among other vulnerabilities. Source: http://www.securityweek.com/sap-patches-28-vulnerabilities-across-multiple-products

22. March 10, SecurityWeek – (International) CryptoWall, Locky dominate ransomware landscape: Report. Researchers from Fortinet released a report stating that the Locky ransomware was the second largest ransomware landscape and accounted for 16.47 percent of a total 18.6 million attacks collected. The ransomware is distributed internationally but has been primarily targeting U.S. users by sending malicious documents attached to spam emails. Source: http://www.securityweek.com/cryptowall-locky-dominate-ransomware-landscape-report

23. March 10, SecurityWeek – (International) Adobe patches flash zero-day under attack. Adobe released an emergency out-of-band update fixing a zero-day vulnerability after a security researcher from Kaspersky Lab found the flaw could allow an attacker to take control of vulnerable systems in limited, targeted occurrences. Source: http://www.securityweek.com/adobe-patches-flash-zero-day-under-attack

Communications Sector

Nothing to report