Complete DHS Report for April 22, 2016
Daily Report
Top Stories
• Federal officials announced April 20 that a group of 66
companies agreed to spend an estimated $70 million to clean up contaminated
groundwater, install wells, and operate a groundwater treatment system at the
Omega Chemical Corporation Superfund Site in Whittier, California. – U.S.
Department of Justice
9. April 20,
U.S. Department of Justice – (California) Department of Justice and EPA
announce $78 million superfund settlement to clean up groundwater contamination
at southern California superfund site. The U.S. Department of Justice and
the U.S. Environmental Protection Agency (EPA) announced April 20 that a group
of 66 companies agreed to spend an estimated $70 million to clean up
contaminated groundwater, install wells, and operate a groundwater treatment
system at the Omega Chemical Corporation Superfund Site in Whittier,
California. The parties will also reimburse the EPA $8 million and the
California Department of Toxic Substances Control $70,000 for past cleanup
actions at the former Omega Chemical Corporation facility that contaminated
soil and groundwater with high levels of trichloroethylene, perchloroethylene,
Freons, and other contaminants. Source: https://www.justice.gov/opa/pr/department-justice-and-epa-announce-78-million-superfund-settlement-clean-groundwater
• Two Michigan State regulators and one Flint employee were
charged April 20 with tampering with evidence, misconduct, and several other
felonies related to the city’s lead-tainted water crisis. – Associated Press
10. April 20,
Associated Press – (Michigan) 3 charged with several crimes in Flint water
crisis. Michigan officials announced that the district engineer and the
supervisor of the Michigan State Department of Environmental Quality, as well
as Flint’s utilities administrator were charged April 20 with tampering with
evidence, misconduct, and several other felony and misdemeanor counts related
to the city’s lead-tainted water crisis.
• Crews worked April 20 to complete emergency repairs on a broken
sewer line in Memphis that released about 1 million gallons of wastewater per
day into the Loosahatchie River. – Associated Press
11. April 20,
Associated Press – (Tennessee) 3rd sewage line breaks in Memphis, spills waste
into river. Crews worked April 20 to complete emergency repairs on a broken
sewer line in Memphis that began releasing approximately 1 million gallons of
wastewater per day into the Loosahatchie River which flows into the Mississippi
River, after a break was discovered April 17 in a 42-inch sewer line that
ruptured when nearby soil eroded and gave way due to heavy rains. Source: http://abcnews.go.com/US/wireStory/3rd-sewage-line-breaks-memphis-spills-waste-river-38541914
• A German researcher
discovered a vulnerability in Signaling System Seven that could allow an
attacker to keep track of a device’s location or eavesdrop on conversations by
utilizing the individual’s phone number. – SecurityWeek See item 19 below in
the Communications Sector
Financial Services Sector
4. April 20,
WKRN 2 Nashville – (National) Man arrested in Tenn. accused of skimming 1,800
credit cards. Officials reported April 20 that a man was arrested and
charged with criminal simulation April 7 after police found thousands of
merchandise in the culprits’ vehicle along with the stolen identity of 150
people during a traffic stop violation. Investigators reported that the man
stole the credit card data of 1,800 people across several States by secretly
installing a skimming device on gas pump stations. Source: http://wkrn.com/2016/04/20/man-arrested-in-tenn-accused-of-skimming-1800-credit-cards/
5. April 20,
SecurityWeek – (International) “FIN6” cybergang steals millions of cards
from PoS systems. FireEye reported that the cybercriminal group, dubbed
“FIN6” which has been targeting thousands of retail and hospitality
Point-of-Sale (PoS) systems was increasing its revenue by stealing millions of
credit card information and selling the information on an underground market,
as well as possessing valid credentials for each of the target’s companies’
networks. Researchers were unsure how each attacker compromises a system due to
the lack of forensic evidence.
Information Technology Sector
17. April 21,
SecurityWeek – (International) Cisco patches severe flaws in Wireless LAN
controller. Cisco released software updates for its Wireless LAN Controller
(WLC) products which patch several critical flaws and high severity
denial-of-service (DoS) vulnerabilities including an issue related to the
Hypertext Transfer Protocol (HTTP) Universal Resource Language (URL)
redirection feature of WLC software that can allow an unauthenticated attacker
to remotely trigger a buffer overflow and cause affected devices to enter a DoS
condition.
18. April 20,
SecurityWeek – (International) New tool aims to generically detect Mac OS X
ransomware. Security researcher from Synack developed a tool, named
“RansomWhere?” that will detect and block all types of file-encrypting
ransomware on Apple Mac OS X systems with the aim to constantly monitor file
systems for the creation of encrypted files by suspicious processes. The tool
was developed after researchers received several reports of ransomware
targeting Mac OS X users within the past year.
Communications Sector
19. April 20,
SecurityWeek – (International) Vulnerability in mobile networks allows easy
phone tracking. A German researcher discovered a vulnerability in Signaling
System Seven or Signalling System Number 7 (SS7), a telephony signaling
protocol developed in 1975 and used in global cellular networks to exchange
billing information, short message service (SMS), roaming, and other services,
that could allow an attacker to keep track of the device’s location or
eavesdrop on conversation and SMS messages through the utilization of the
individual’s phone number. The vulnerability has not been patched by wireless
carriers who were first notified of the issue in 2014.