Complete DHS Report for March 14, 2016
Daily Report
Top Stories
•Iowa regulators approved the permit for the Bakken pipeline that
will stretch 346 miles from North Dakota to Illinois, giving the Dakota Access
LLC authority to use eminent domain for land. – Associated Press
1. March 10,
Associated Press – (National) Iowa regulators approve Bakken pipeline permit. The
Iowa Utilities Board and the Iowa Department of Natural Resources approved
March 10 a pipeline permit for the Dakota Access pipeline, called Bakken
pipeline that will stretch 346 miles from the Bakken oil fields in North Dakota
to Illinois, crossing through 18 Iowa counties. The approval also gives the
Dakota Access LLC authority to use eminent domain for land, and the pipeline
still requires final approval from the U.S. Army Corps of Engineers. Source: http://abcnews.go.com/US/wireStory/iowa-regulators-approve-bakken-pipeline-permit-37554182
•The U.S. Securities and Exchange commission charged Aequitas
Management LLC March10 for defrauding over 1,500 investors nationwide after the
firm did not disclose its insolvency to investors. – U.S. Security and
Exchange Commission See item 3 below in
the Financial Services Sector
•Nestle USA Inc., issued a recall March 10 for its Digiorno
Pizzeria! Tuscan-Style Chicken Pizza products and its Stouffer’s Chicken Lasagna
products due to contamination with glass pieces after receiving multiple
complaints of extraneous material were found in the products. – U.S.
Department of Agriculture
7. March 11,
U.S. Department of Agriculture – (National) Nestle USA Inc.
recalls chicken pizza and chicken lasagna products due to possible foreign
matter contamination. Nestle USA Inc., issued a recall March 10 for
approximately 267,024 pounds of its Digiorno Pizzeria! Tuscan-Style Chicken
Pizza products sold in 19.03-ounce packages and its Stouffer’s Chicken Lasagna
products sold in 96-ounce boxes due to contamination with glass pieces after
the firm received multiple consumer complaints of extraneous material found in
the products. No adverse reactions have been reported and the products were
distributed to retail locations nationwide. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-024-2016-release
•Adobe released an emergency out-of-band update fixing a zero-day
vulnerability after a Kaspersky researcher found the flaw could allow an
attacker to take control of vulnerable systems in limited, targeted
occurrences. – SecurityWeek See item 23 below in
the Information Technology Sector
Financial Services Sector
3. March 10,
U.S. Securities and Exchange Commission – (National) SEC charges
Oregon-based investment group and executives with defrauding investors. The
U.S. Securities and Exchange commission charged Aequitas Management LLC, 3
executives, and 4 affiliates March 10 for defrauding over 1,500 investors
nationwide after the firm did not disclose its insolvency to investors and
continued to raise more than $350 million from January 2014 – January 2016 by
issuing promissory notes with high rates of return. The firm used investor
funds to repay earlier investors, for personal expenses, to pay business
expenses, and for student loan receivables of for-profit education provider
Corinthian Colleges. Source: https://www.sec.gov/news/pressrelease/2016-49.html
Information Technology Sector
18. March 11,
SecurityWeek – (International) Three high severity DoS flaws patched in
BIND. The Internet Systems Consortium (ISC) released updates for several of
its DNS software BIND product fixing three high severity denial-of-service
(DoS) vulnerabilities that could allow remote attackers to crash the BIND name
server (named) process by sending a specially crafted query. Source: http://www.securityweek.com/three-high-severity-dos-flaws-patched-bind
19. March 11,
SecurityWeek – (International)”Libotr” library flaw exposes popular IM apps.
A security researcher from X41 D-Sec firm discovered a serious
vulnerability in the “libotr” library that could allow a remote attacker to
execute arbitrary code by sending large messages that trigger a heap buffer
overflow in libotr, as well as execute denial-of-service (DDoS) attacks. X41
D-Sec firm released a proof-of-concept intended to crash the Off-The-Record (OTR)
plugin in Pidgin on x86_64 Linux systems. Source: http://www.securityweek.com/libotr-library-flaw-exposes-popular-im-apps
20. March 10,
SecurityWeek – (International) Firefox 45 patches 22 critical
vulnerabilities. Mozilla released Firefox 45 which patched 40
vulnerabilities in the Web browser components, including a heap-based buffer
overflow flaw, and 14 flaws in its Graphite 2 library that could allow an
attacker to execute arbitrary code execution and denial-of-service (DoS)
attacks, among other patched vulnerabilities. Source: http://www.securityweek.com/firefox-45-patches-22-critical-vulnerabilities
21. March 10,
SecurityWeek – (International) SAP patches 28 vulnerabilities across
multiple products. SAP released several security updates for its various
products patching 28 vulnerabilities including 6 cross-site scripting (XSS) and
information disclosure flaws, 5 authentication by-pass flaws, 3 XML external
entity flaws, and 2 implementation flaws, among other vulnerabilities. Source: http://www.securityweek.com/sap-patches-28-vulnerabilities-across-multiple-products
22. March 10,
SecurityWeek – (International) CryptoWall, Locky dominate ransomware
landscape: Report. Researchers from Fortinet released a report stating that
the Locky ransomware was the second largest ransomware landscape and accounted
for 16.47 percent of a total 18.6 million attacks collected. The ransomware is
distributed internationally but has been primarily targeting U.S. users by
sending malicious documents attached to spam emails. Source: http://www.securityweek.com/cryptowall-locky-dominate-ransomware-landscape-report
23. March 10,
SecurityWeek – (International) Adobe patches flash zero-day under attack. Adobe
released an emergency out-of-band update fixing a zero-day vulnerability after
a security researcher from Kaspersky Lab found the flaw could allow an attacker
to take control of vulnerable systems in limited, targeted occurrences. Source:
http://www.securityweek.com/adobe-patches-flash-zero-day-under-attack
Communications Sector
Nothing to report